xref: /openbmc/linux/net/wireless/nl80211.c (revision 110e6f26) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  * Copyright 2013-2014  Intel Mobile Communications GmbH
6  * Copyright 2015-2016	Intel Deutschland GmbH
7  */
8 
9 #include <linux/if.h>
10 #include <linux/module.h>
11 #include <linux/err.h>
12 #include <linux/slab.h>
13 #include <linux/list.h>
14 #include <linux/if_ether.h>
15 #include <linux/ieee80211.h>
16 #include <linux/nl80211.h>
17 #include <linux/rtnetlink.h>
18 #include <linux/netlink.h>
19 #include <linux/etherdevice.h>
20 #include <net/net_namespace.h>
21 #include <net/genetlink.h>
22 #include <net/cfg80211.h>
23 #include <net/sock.h>
24 #include <net/inet_connection_sock.h>
25 #include "core.h"
26 #include "nl80211.h"
27 #include "reg.h"
28 #include "rdev-ops.h"
29 
30 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
31 				   struct genl_info *info,
32 				   struct cfg80211_crypto_settings *settings,
33 				   int cipher_limit);
34 
35 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 			    struct genl_info *info);
37 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
38 			      struct genl_info *info);
39 
40 /* the netlink family */
41 static struct genl_family nl80211_fam = {
42 	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
43 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
44 	.hdrsize = 0,			/* no private header */
45 	.version = 1,			/* no particular meaning now */
46 	.maxattr = NL80211_ATTR_MAX,
47 	.netnsok = true,
48 	.pre_doit = nl80211_pre_doit,
49 	.post_doit = nl80211_post_doit,
50 };
51 
52 /* multicast groups */
53 enum nl80211_multicast_groups {
54 	NL80211_MCGRP_CONFIG,
55 	NL80211_MCGRP_SCAN,
56 	NL80211_MCGRP_REGULATORY,
57 	NL80211_MCGRP_MLME,
58 	NL80211_MCGRP_VENDOR,
59 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
60 };
61 
62 static const struct genl_multicast_group nl80211_mcgrps[] = {
63 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
64 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
65 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
66 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
67 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
68 #ifdef CONFIG_NL80211_TESTMODE
69 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
70 #endif
71 };
72 
73 /* returns ERR_PTR values */
74 static struct wireless_dev *
75 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
76 {
77 	struct cfg80211_registered_device *rdev;
78 	struct wireless_dev *result = NULL;
79 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
80 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
81 	u64 wdev_id;
82 	int wiphy_idx = -1;
83 	int ifidx = -1;
84 
85 	ASSERT_RTNL();
86 
87 	if (!have_ifidx && !have_wdev_id)
88 		return ERR_PTR(-EINVAL);
89 
90 	if (have_ifidx)
91 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
92 	if (have_wdev_id) {
93 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
94 		wiphy_idx = wdev_id >> 32;
95 	}
96 
97 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
98 		struct wireless_dev *wdev;
99 
100 		if (wiphy_net(&rdev->wiphy) != netns)
101 			continue;
102 
103 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
104 			continue;
105 
106 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
107 			if (have_ifidx && wdev->netdev &&
108 			    wdev->netdev->ifindex == ifidx) {
109 				result = wdev;
110 				break;
111 			}
112 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
113 				result = wdev;
114 				break;
115 			}
116 		}
117 
118 		if (result)
119 			break;
120 	}
121 
122 	if (result)
123 		return result;
124 	return ERR_PTR(-ENODEV);
125 }
126 
127 static struct cfg80211_registered_device *
128 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
129 {
130 	struct cfg80211_registered_device *rdev = NULL, *tmp;
131 	struct net_device *netdev;
132 
133 	ASSERT_RTNL();
134 
135 	if (!attrs[NL80211_ATTR_WIPHY] &&
136 	    !attrs[NL80211_ATTR_IFINDEX] &&
137 	    !attrs[NL80211_ATTR_WDEV])
138 		return ERR_PTR(-EINVAL);
139 
140 	if (attrs[NL80211_ATTR_WIPHY])
141 		rdev = cfg80211_rdev_by_wiphy_idx(
142 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
143 
144 	if (attrs[NL80211_ATTR_WDEV]) {
145 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
146 		struct wireless_dev *wdev;
147 		bool found = false;
148 
149 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
150 		if (tmp) {
151 			/* make sure wdev exists */
152 			list_for_each_entry(wdev, &tmp->wdev_list, list) {
153 				if (wdev->identifier != (u32)wdev_id)
154 					continue;
155 				found = true;
156 				break;
157 			}
158 
159 			if (!found)
160 				tmp = NULL;
161 
162 			if (rdev && tmp != rdev)
163 				return ERR_PTR(-EINVAL);
164 			rdev = tmp;
165 		}
166 	}
167 
168 	if (attrs[NL80211_ATTR_IFINDEX]) {
169 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
170 		netdev = __dev_get_by_index(netns, ifindex);
171 		if (netdev) {
172 			if (netdev->ieee80211_ptr)
173 				tmp = wiphy_to_rdev(
174 					netdev->ieee80211_ptr->wiphy);
175 			else
176 				tmp = NULL;
177 
178 			/* not wireless device -- return error */
179 			if (!tmp)
180 				return ERR_PTR(-EINVAL);
181 
182 			/* mismatch -- return error */
183 			if (rdev && tmp != rdev)
184 				return ERR_PTR(-EINVAL);
185 
186 			rdev = tmp;
187 		}
188 	}
189 
190 	if (!rdev)
191 		return ERR_PTR(-ENODEV);
192 
193 	if (netns != wiphy_net(&rdev->wiphy))
194 		return ERR_PTR(-ENODEV);
195 
196 	return rdev;
197 }
198 
199 /*
200  * This function returns a pointer to the driver
201  * that the genl_info item that is passed refers to.
202  *
203  * The result of this can be a PTR_ERR and hence must
204  * be checked with IS_ERR() for errors.
205  */
206 static struct cfg80211_registered_device *
207 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
208 {
209 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
210 }
211 
212 /* policy for the attributes */
213 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
214 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
215 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
216 				      .len = 20-1 },
217 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
218 
219 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
220 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
221 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
222 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
223 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
224 
225 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
226 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
227 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
228 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
229 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
230 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
231 
232 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
233 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
234 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
235 
236 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
237 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
238 
239 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
240 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
241 				    .len = WLAN_MAX_KEY_LEN },
242 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
243 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
244 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
245 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
246 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
247 
248 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
249 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
250 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
251 				       .len = IEEE80211_MAX_DATA_LEN },
252 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
253 				       .len = IEEE80211_MAX_DATA_LEN },
254 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
255 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
256 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
257 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
258 					       .len = NL80211_MAX_SUPP_RATES },
259 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
260 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
261 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
262 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
263 				   .len = IEEE80211_MAX_MESH_ID_LEN },
264 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
265 
266 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
267 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
268 
269 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
270 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
271 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
272 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
273 					   .len = NL80211_MAX_SUPP_RATES },
274 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
275 
276 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
277 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
278 
279 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
280 
281 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
282 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
283 			      .len = IEEE80211_MAX_DATA_LEN },
284 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
285 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
286 
287 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
288 				.len = IEEE80211_MAX_SSID_LEN },
289 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
290 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
291 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
292 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
293 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
294 	[NL80211_ATTR_STA_FLAGS2] = {
295 		.len = sizeof(struct nl80211_sta_flag_update),
296 	},
297 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
298 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
299 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
300 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
301 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
302 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
303 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
304 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
305 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
306 				 .len = WLAN_PMKID_LEN },
307 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
308 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
309 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
310 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
311 				 .len = IEEE80211_MAX_DATA_LEN },
312 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
313 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
314 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
315 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
316 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
317 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
318 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
319 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
320 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
321 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
322 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
323 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
324 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
325 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
326 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
327 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
328 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
329 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
330 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
331 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
332 					 .len = IEEE80211_MAX_DATA_LEN },
333 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
334 					 .len = IEEE80211_MAX_DATA_LEN },
335 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
336 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
337 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
338 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
339 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
340 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
341 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
342 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
343 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
344 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
345 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
346 				      .len = IEEE80211_MAX_DATA_LEN },
347 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
348 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
349 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
350 		.len = NL80211_HT_CAPABILITY_LEN
351 	},
352 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
353 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
354 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
355 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
356 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
357 	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
358 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
359 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
360 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
361 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
362 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
363 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
364 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
365 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
366 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
367 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
368 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
369 		.len = NL80211_VHT_CAPABILITY_LEN,
370 	},
371 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
372 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
373 				  .len = IEEE80211_MAX_DATA_LEN },
374 	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
375 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
376 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
377 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
378 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
379 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
380 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
381 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
382 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
383 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
384 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
385 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
386 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
387 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
388 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
389 	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
390 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
391 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
392 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
393 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
394 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
395 	[NL80211_ATTR_TSID] = { .type = NLA_U8 },
396 	[NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
397 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
398 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
399 	[NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
400 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
401 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
402 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
403 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
404 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
405 };
406 
407 /* policy for the key attributes */
408 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
409 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
410 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
411 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
412 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
413 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
414 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
415 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
416 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
417 };
418 
419 /* policy for the key default flags */
420 static const struct nla_policy
421 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
422 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
423 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
424 };
425 
426 /* policy for WoWLAN attributes */
427 static const struct nla_policy
428 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
429 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
430 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
431 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
432 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
433 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
434 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
435 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
436 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
437 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
438 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
439 };
440 
441 static const struct nla_policy
442 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
443 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
444 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
445 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
446 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
447 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
448 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
449 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
450 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
451 	},
452 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
453 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
454 	},
455 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
456 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
457 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
458 };
459 
460 /* policy for coalesce rule attributes */
461 static const struct nla_policy
462 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
463 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
464 	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
465 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
466 };
467 
468 /* policy for GTK rekey offload attributes */
469 static const struct nla_policy
470 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
471 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
472 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
473 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
474 };
475 
476 static const struct nla_policy
477 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
478 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
479 						 .len = IEEE80211_MAX_SSID_LEN },
480 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
481 };
482 
483 static const struct nla_policy
484 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
485 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
486 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
487 };
488 
489 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
490 				     struct netlink_callback *cb,
491 				     struct cfg80211_registered_device **rdev,
492 				     struct wireless_dev **wdev)
493 {
494 	int err;
495 
496 	rtnl_lock();
497 
498 	if (!cb->args[0]) {
499 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
500 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
501 				  nl80211_policy);
502 		if (err)
503 			goto out_unlock;
504 
505 		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
506 						   nl80211_fam.attrbuf);
507 		if (IS_ERR(*wdev)) {
508 			err = PTR_ERR(*wdev);
509 			goto out_unlock;
510 		}
511 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
512 		/* 0 is the first index - add 1 to parse only once */
513 		cb->args[0] = (*rdev)->wiphy_idx + 1;
514 		cb->args[1] = (*wdev)->identifier;
515 	} else {
516 		/* subtract the 1 again here */
517 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
518 		struct wireless_dev *tmp;
519 
520 		if (!wiphy) {
521 			err = -ENODEV;
522 			goto out_unlock;
523 		}
524 		*rdev = wiphy_to_rdev(wiphy);
525 		*wdev = NULL;
526 
527 		list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
528 			if (tmp->identifier == cb->args[1]) {
529 				*wdev = tmp;
530 				break;
531 			}
532 		}
533 
534 		if (!*wdev) {
535 			err = -ENODEV;
536 			goto out_unlock;
537 		}
538 	}
539 
540 	return 0;
541  out_unlock:
542 	rtnl_unlock();
543 	return err;
544 }
545 
546 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
547 {
548 	rtnl_unlock();
549 }
550 
551 /* IE validation */
552 static bool is_valid_ie_attr(const struct nlattr *attr)
553 {
554 	const u8 *pos;
555 	int len;
556 
557 	if (!attr)
558 		return true;
559 
560 	pos = nla_data(attr);
561 	len = nla_len(attr);
562 
563 	while (len) {
564 		u8 elemlen;
565 
566 		if (len < 2)
567 			return false;
568 		len -= 2;
569 
570 		elemlen = pos[1];
571 		if (elemlen > len)
572 			return false;
573 
574 		len -= elemlen;
575 		pos += 2 + elemlen;
576 	}
577 
578 	return true;
579 }
580 
581 /* message building helper */
582 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
583 				   int flags, u8 cmd)
584 {
585 	/* since there is no private header just add the generic one */
586 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
587 }
588 
589 static int nl80211_msg_put_channel(struct sk_buff *msg,
590 				   struct ieee80211_channel *chan,
591 				   bool large)
592 {
593 	/* Some channels must be completely excluded from the
594 	 * list to protect old user-space tools from breaking
595 	 */
596 	if (!large && chan->flags &
597 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
598 		return 0;
599 
600 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
601 			chan->center_freq))
602 		goto nla_put_failure;
603 
604 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
605 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
606 		goto nla_put_failure;
607 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
608 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
609 			goto nla_put_failure;
610 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
611 			goto nla_put_failure;
612 	}
613 	if (chan->flags & IEEE80211_CHAN_RADAR) {
614 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
615 			goto nla_put_failure;
616 		if (large) {
617 			u32 time;
618 
619 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
620 
621 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
622 					chan->dfs_state))
623 				goto nla_put_failure;
624 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
625 					time))
626 				goto nla_put_failure;
627 			if (nla_put_u32(msg,
628 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
629 					chan->dfs_cac_ms))
630 				goto nla_put_failure;
631 		}
632 	}
633 
634 	if (large) {
635 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
636 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
637 			goto nla_put_failure;
638 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
639 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
640 			goto nla_put_failure;
641 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
642 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
643 			goto nla_put_failure;
644 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
645 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
646 			goto nla_put_failure;
647 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
648 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
649 			goto nla_put_failure;
650 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
651 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
652 			goto nla_put_failure;
653 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
654 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
655 			goto nla_put_failure;
656 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
657 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
658 			goto nla_put_failure;
659 	}
660 
661 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
662 			DBM_TO_MBM(chan->max_power)))
663 		goto nla_put_failure;
664 
665 	return 0;
666 
667  nla_put_failure:
668 	return -ENOBUFS;
669 }
670 
671 /* netlink command implementations */
672 
673 struct key_parse {
674 	struct key_params p;
675 	int idx;
676 	int type;
677 	bool def, defmgmt;
678 	bool def_uni, def_multi;
679 };
680 
681 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
682 {
683 	struct nlattr *tb[NL80211_KEY_MAX + 1];
684 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
685 				   nl80211_key_policy);
686 	if (err)
687 		return err;
688 
689 	k->def = !!tb[NL80211_KEY_DEFAULT];
690 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
691 
692 	if (k->def) {
693 		k->def_uni = true;
694 		k->def_multi = true;
695 	}
696 	if (k->defmgmt)
697 		k->def_multi = true;
698 
699 	if (tb[NL80211_KEY_IDX])
700 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
701 
702 	if (tb[NL80211_KEY_DATA]) {
703 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
704 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
705 	}
706 
707 	if (tb[NL80211_KEY_SEQ]) {
708 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
709 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
710 	}
711 
712 	if (tb[NL80211_KEY_CIPHER])
713 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
714 
715 	if (tb[NL80211_KEY_TYPE]) {
716 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
717 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
718 			return -EINVAL;
719 	}
720 
721 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
722 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
723 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
724 				       tb[NL80211_KEY_DEFAULT_TYPES],
725 				       nl80211_key_default_policy);
726 		if (err)
727 			return err;
728 
729 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
730 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
731 	}
732 
733 	return 0;
734 }
735 
736 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
737 {
738 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
739 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
740 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
741 	}
742 
743 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
744 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
745 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
746 	}
747 
748 	if (info->attrs[NL80211_ATTR_KEY_IDX])
749 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
750 
751 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
752 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
753 
754 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
755 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
756 
757 	if (k->def) {
758 		k->def_uni = true;
759 		k->def_multi = true;
760 	}
761 	if (k->defmgmt)
762 		k->def_multi = true;
763 
764 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
765 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
766 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
767 			return -EINVAL;
768 	}
769 
770 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
771 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
772 		int err = nla_parse_nested(
773 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
774 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
775 				nl80211_key_default_policy);
776 		if (err)
777 			return err;
778 
779 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
780 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
781 	}
782 
783 	return 0;
784 }
785 
786 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
787 {
788 	int err;
789 
790 	memset(k, 0, sizeof(*k));
791 	k->idx = -1;
792 	k->type = -1;
793 
794 	if (info->attrs[NL80211_ATTR_KEY])
795 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
796 	else
797 		err = nl80211_parse_key_old(info, k);
798 
799 	if (err)
800 		return err;
801 
802 	if (k->def && k->defmgmt)
803 		return -EINVAL;
804 
805 	if (k->defmgmt) {
806 		if (k->def_uni || !k->def_multi)
807 			return -EINVAL;
808 	}
809 
810 	if (k->idx != -1) {
811 		if (k->defmgmt) {
812 			if (k->idx < 4 || k->idx > 5)
813 				return -EINVAL;
814 		} else if (k->def) {
815 			if (k->idx < 0 || k->idx > 3)
816 				return -EINVAL;
817 		} else {
818 			if (k->idx < 0 || k->idx > 5)
819 				return -EINVAL;
820 		}
821 	}
822 
823 	return 0;
824 }
825 
826 static struct cfg80211_cached_keys *
827 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
828 		       struct nlattr *keys, bool *no_ht)
829 {
830 	struct key_parse parse;
831 	struct nlattr *key;
832 	struct cfg80211_cached_keys *result;
833 	int rem, err, def = 0;
834 
835 	result = kzalloc(sizeof(*result), GFP_KERNEL);
836 	if (!result)
837 		return ERR_PTR(-ENOMEM);
838 
839 	result->def = -1;
840 	result->defmgmt = -1;
841 
842 	nla_for_each_nested(key, keys, rem) {
843 		memset(&parse, 0, sizeof(parse));
844 		parse.idx = -1;
845 
846 		err = nl80211_parse_key_new(key, &parse);
847 		if (err)
848 			goto error;
849 		err = -EINVAL;
850 		if (!parse.p.key)
851 			goto error;
852 		if (parse.idx < 0 || parse.idx > 4)
853 			goto error;
854 		if (parse.def) {
855 			if (def)
856 				goto error;
857 			def = 1;
858 			result->def = parse.idx;
859 			if (!parse.def_uni || !parse.def_multi)
860 				goto error;
861 		} else if (parse.defmgmt)
862 			goto error;
863 		err = cfg80211_validate_key_settings(rdev, &parse.p,
864 						     parse.idx, false, NULL);
865 		if (err)
866 			goto error;
867 		result->params[parse.idx].cipher = parse.p.cipher;
868 		result->params[parse.idx].key_len = parse.p.key_len;
869 		result->params[parse.idx].key = result->data[parse.idx];
870 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
871 
872 		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
873 		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
874 			if (no_ht)
875 				*no_ht = true;
876 		}
877 	}
878 
879 	return result;
880  error:
881 	kfree(result);
882 	return ERR_PTR(err);
883 }
884 
885 static int nl80211_key_allowed(struct wireless_dev *wdev)
886 {
887 	ASSERT_WDEV_LOCK(wdev);
888 
889 	switch (wdev->iftype) {
890 	case NL80211_IFTYPE_AP:
891 	case NL80211_IFTYPE_AP_VLAN:
892 	case NL80211_IFTYPE_P2P_GO:
893 	case NL80211_IFTYPE_MESH_POINT:
894 		break;
895 	case NL80211_IFTYPE_ADHOC:
896 	case NL80211_IFTYPE_STATION:
897 	case NL80211_IFTYPE_P2P_CLIENT:
898 		if (!wdev->current_bss)
899 			return -ENOLINK;
900 		break;
901 	case NL80211_IFTYPE_UNSPECIFIED:
902 	case NL80211_IFTYPE_OCB:
903 	case NL80211_IFTYPE_MONITOR:
904 	case NL80211_IFTYPE_P2P_DEVICE:
905 	case NL80211_IFTYPE_WDS:
906 	case NUM_NL80211_IFTYPES:
907 		return -EINVAL;
908 	}
909 
910 	return 0;
911 }
912 
913 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
914 							struct nlattr *tb)
915 {
916 	struct ieee80211_channel *chan;
917 
918 	if (tb == NULL)
919 		return NULL;
920 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
921 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
922 		return NULL;
923 	return chan;
924 }
925 
926 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
927 {
928 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
929 	int i;
930 
931 	if (!nl_modes)
932 		goto nla_put_failure;
933 
934 	i = 0;
935 	while (ifmodes) {
936 		if ((ifmodes & 1) && nla_put_flag(msg, i))
937 			goto nla_put_failure;
938 		ifmodes >>= 1;
939 		i++;
940 	}
941 
942 	nla_nest_end(msg, nl_modes);
943 	return 0;
944 
945 nla_put_failure:
946 	return -ENOBUFS;
947 }
948 
949 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
950 					  struct sk_buff *msg,
951 					  bool large)
952 {
953 	struct nlattr *nl_combis;
954 	int i, j;
955 
956 	nl_combis = nla_nest_start(msg,
957 				NL80211_ATTR_INTERFACE_COMBINATIONS);
958 	if (!nl_combis)
959 		goto nla_put_failure;
960 
961 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
962 		const struct ieee80211_iface_combination *c;
963 		struct nlattr *nl_combi, *nl_limits;
964 
965 		c = &wiphy->iface_combinations[i];
966 
967 		nl_combi = nla_nest_start(msg, i + 1);
968 		if (!nl_combi)
969 			goto nla_put_failure;
970 
971 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
972 		if (!nl_limits)
973 			goto nla_put_failure;
974 
975 		for (j = 0; j < c->n_limits; j++) {
976 			struct nlattr *nl_limit;
977 
978 			nl_limit = nla_nest_start(msg, j + 1);
979 			if (!nl_limit)
980 				goto nla_put_failure;
981 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
982 					c->limits[j].max))
983 				goto nla_put_failure;
984 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
985 						c->limits[j].types))
986 				goto nla_put_failure;
987 			nla_nest_end(msg, nl_limit);
988 		}
989 
990 		nla_nest_end(msg, nl_limits);
991 
992 		if (c->beacon_int_infra_match &&
993 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
994 			goto nla_put_failure;
995 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
996 				c->num_different_channels) ||
997 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
998 				c->max_interfaces))
999 			goto nla_put_failure;
1000 		if (large &&
1001 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1002 				c->radar_detect_widths) ||
1003 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1004 				c->radar_detect_regions)))
1005 			goto nla_put_failure;
1006 
1007 		nla_nest_end(msg, nl_combi);
1008 	}
1009 
1010 	nla_nest_end(msg, nl_combis);
1011 
1012 	return 0;
1013 nla_put_failure:
1014 	return -ENOBUFS;
1015 }
1016 
1017 #ifdef CONFIG_PM
1018 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1019 					struct sk_buff *msg)
1020 {
1021 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1022 	struct nlattr *nl_tcp;
1023 
1024 	if (!tcp)
1025 		return 0;
1026 
1027 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1028 	if (!nl_tcp)
1029 		return -ENOBUFS;
1030 
1031 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1032 			tcp->data_payload_max))
1033 		return -ENOBUFS;
1034 
1035 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1036 			tcp->data_payload_max))
1037 		return -ENOBUFS;
1038 
1039 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1040 		return -ENOBUFS;
1041 
1042 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1043 				sizeof(*tcp->tok), tcp->tok))
1044 		return -ENOBUFS;
1045 
1046 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1047 			tcp->data_interval_max))
1048 		return -ENOBUFS;
1049 
1050 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1051 			tcp->wake_payload_max))
1052 		return -ENOBUFS;
1053 
1054 	nla_nest_end(msg, nl_tcp);
1055 	return 0;
1056 }
1057 
1058 static int nl80211_send_wowlan(struct sk_buff *msg,
1059 			       struct cfg80211_registered_device *rdev,
1060 			       bool large)
1061 {
1062 	struct nlattr *nl_wowlan;
1063 
1064 	if (!rdev->wiphy.wowlan)
1065 		return 0;
1066 
1067 	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1068 	if (!nl_wowlan)
1069 		return -ENOBUFS;
1070 
1071 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1072 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1073 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1074 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1075 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1076 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1077 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1078 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1079 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1080 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1081 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1082 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1083 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1084 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1085 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1086 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1087 		return -ENOBUFS;
1088 
1089 	if (rdev->wiphy.wowlan->n_patterns) {
1090 		struct nl80211_pattern_support pat = {
1091 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1092 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1093 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1094 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1095 		};
1096 
1097 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1098 			    sizeof(pat), &pat))
1099 			return -ENOBUFS;
1100 	}
1101 
1102 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1103 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1104 			rdev->wiphy.wowlan->max_nd_match_sets))
1105 		return -ENOBUFS;
1106 
1107 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1108 		return -ENOBUFS;
1109 
1110 	nla_nest_end(msg, nl_wowlan);
1111 
1112 	return 0;
1113 }
1114 #endif
1115 
1116 static int nl80211_send_coalesce(struct sk_buff *msg,
1117 				 struct cfg80211_registered_device *rdev)
1118 {
1119 	struct nl80211_coalesce_rule_support rule;
1120 
1121 	if (!rdev->wiphy.coalesce)
1122 		return 0;
1123 
1124 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1125 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1126 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1127 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1128 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1129 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1130 
1131 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1132 		return -ENOBUFS;
1133 
1134 	return 0;
1135 }
1136 
1137 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1138 				      struct ieee80211_supported_band *sband)
1139 {
1140 	struct nlattr *nl_rates, *nl_rate;
1141 	struct ieee80211_rate *rate;
1142 	int i;
1143 
1144 	/* add HT info */
1145 	if (sband->ht_cap.ht_supported &&
1146 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1147 		     sizeof(sband->ht_cap.mcs),
1148 		     &sband->ht_cap.mcs) ||
1149 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1150 			 sband->ht_cap.cap) ||
1151 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1152 			sband->ht_cap.ampdu_factor) ||
1153 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1154 			sband->ht_cap.ampdu_density)))
1155 		return -ENOBUFS;
1156 
1157 	/* add VHT info */
1158 	if (sband->vht_cap.vht_supported &&
1159 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1160 		     sizeof(sband->vht_cap.vht_mcs),
1161 		     &sband->vht_cap.vht_mcs) ||
1162 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1163 			 sband->vht_cap.cap)))
1164 		return -ENOBUFS;
1165 
1166 	/* add bitrates */
1167 	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1168 	if (!nl_rates)
1169 		return -ENOBUFS;
1170 
1171 	for (i = 0; i < sband->n_bitrates; i++) {
1172 		nl_rate = nla_nest_start(msg, i);
1173 		if (!nl_rate)
1174 			return -ENOBUFS;
1175 
1176 		rate = &sband->bitrates[i];
1177 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1178 				rate->bitrate))
1179 			return -ENOBUFS;
1180 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1181 		    nla_put_flag(msg,
1182 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1183 			return -ENOBUFS;
1184 
1185 		nla_nest_end(msg, nl_rate);
1186 	}
1187 
1188 	nla_nest_end(msg, nl_rates);
1189 
1190 	return 0;
1191 }
1192 
1193 static int
1194 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1195 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1196 {
1197 	u16 stypes;
1198 	struct nlattr *nl_ftypes, *nl_ifs;
1199 	enum nl80211_iftype ift;
1200 	int i;
1201 
1202 	if (!mgmt_stypes)
1203 		return 0;
1204 
1205 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1206 	if (!nl_ifs)
1207 		return -ENOBUFS;
1208 
1209 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1210 		nl_ftypes = nla_nest_start(msg, ift);
1211 		if (!nl_ftypes)
1212 			return -ENOBUFS;
1213 		i = 0;
1214 		stypes = mgmt_stypes[ift].tx;
1215 		while (stypes) {
1216 			if ((stypes & 1) &&
1217 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1218 					(i << 4) | IEEE80211_FTYPE_MGMT))
1219 				return -ENOBUFS;
1220 			stypes >>= 1;
1221 			i++;
1222 		}
1223 		nla_nest_end(msg, nl_ftypes);
1224 	}
1225 
1226 	nla_nest_end(msg, nl_ifs);
1227 
1228 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1229 	if (!nl_ifs)
1230 		return -ENOBUFS;
1231 
1232 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1233 		nl_ftypes = nla_nest_start(msg, ift);
1234 		if (!nl_ftypes)
1235 			return -ENOBUFS;
1236 		i = 0;
1237 		stypes = mgmt_stypes[ift].rx;
1238 		while (stypes) {
1239 			if ((stypes & 1) &&
1240 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1241 					(i << 4) | IEEE80211_FTYPE_MGMT))
1242 				return -ENOBUFS;
1243 			stypes >>= 1;
1244 			i++;
1245 		}
1246 		nla_nest_end(msg, nl_ftypes);
1247 	}
1248 	nla_nest_end(msg, nl_ifs);
1249 
1250 	return 0;
1251 }
1252 
1253 struct nl80211_dump_wiphy_state {
1254 	s64 filter_wiphy;
1255 	long start;
1256 	long split_start, band_start, chan_start;
1257 	bool split;
1258 };
1259 
1260 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1261 			      enum nl80211_commands cmd,
1262 			      struct sk_buff *msg, u32 portid, u32 seq,
1263 			      int flags, struct nl80211_dump_wiphy_state *state)
1264 {
1265 	void *hdr;
1266 	struct nlattr *nl_bands, *nl_band;
1267 	struct nlattr *nl_freqs, *nl_freq;
1268 	struct nlattr *nl_cmds;
1269 	enum ieee80211_band band;
1270 	struct ieee80211_channel *chan;
1271 	int i;
1272 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1273 				rdev->wiphy.mgmt_stypes;
1274 	u32 features;
1275 
1276 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1277 	if (!hdr)
1278 		return -ENOBUFS;
1279 
1280 	if (WARN_ON(!state))
1281 		return -EINVAL;
1282 
1283 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1284 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1285 			   wiphy_name(&rdev->wiphy)) ||
1286 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1287 			cfg80211_rdev_list_generation))
1288 		goto nla_put_failure;
1289 
1290 	if (cmd != NL80211_CMD_NEW_WIPHY)
1291 		goto finish;
1292 
1293 	switch (state->split_start) {
1294 	case 0:
1295 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1296 			       rdev->wiphy.retry_short) ||
1297 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1298 			       rdev->wiphy.retry_long) ||
1299 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1300 				rdev->wiphy.frag_threshold) ||
1301 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1302 				rdev->wiphy.rts_threshold) ||
1303 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1304 			       rdev->wiphy.coverage_class) ||
1305 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1306 			       rdev->wiphy.max_scan_ssids) ||
1307 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1308 			       rdev->wiphy.max_sched_scan_ssids) ||
1309 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1310 				rdev->wiphy.max_scan_ie_len) ||
1311 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1312 				rdev->wiphy.max_sched_scan_ie_len) ||
1313 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1314 			       rdev->wiphy.max_match_sets) ||
1315 		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1316 				rdev->wiphy.max_sched_scan_plans) ||
1317 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1318 				rdev->wiphy.max_sched_scan_plan_interval) ||
1319 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1320 				rdev->wiphy.max_sched_scan_plan_iterations))
1321 			goto nla_put_failure;
1322 
1323 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1324 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1325 			goto nla_put_failure;
1326 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1327 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1328 			goto nla_put_failure;
1329 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1330 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1331 			goto nla_put_failure;
1332 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1333 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1334 			goto nla_put_failure;
1335 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1336 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1337 			goto nla_put_failure;
1338 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1339 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1340 			goto nla_put_failure;
1341 		state->split_start++;
1342 		if (state->split)
1343 			break;
1344 	case 1:
1345 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1346 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1347 			    rdev->wiphy.cipher_suites))
1348 			goto nla_put_failure;
1349 
1350 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1351 			       rdev->wiphy.max_num_pmkids))
1352 			goto nla_put_failure;
1353 
1354 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1355 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1356 			goto nla_put_failure;
1357 
1358 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1359 				rdev->wiphy.available_antennas_tx) ||
1360 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1361 				rdev->wiphy.available_antennas_rx))
1362 			goto nla_put_failure;
1363 
1364 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1365 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1366 				rdev->wiphy.probe_resp_offload))
1367 			goto nla_put_failure;
1368 
1369 		if ((rdev->wiphy.available_antennas_tx ||
1370 		     rdev->wiphy.available_antennas_rx) &&
1371 		    rdev->ops->get_antenna) {
1372 			u32 tx_ant = 0, rx_ant = 0;
1373 			int res;
1374 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1375 			if (!res) {
1376 				if (nla_put_u32(msg,
1377 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1378 						tx_ant) ||
1379 				    nla_put_u32(msg,
1380 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1381 						rx_ant))
1382 					goto nla_put_failure;
1383 			}
1384 		}
1385 
1386 		state->split_start++;
1387 		if (state->split)
1388 			break;
1389 	case 2:
1390 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1391 					rdev->wiphy.interface_modes))
1392 				goto nla_put_failure;
1393 		state->split_start++;
1394 		if (state->split)
1395 			break;
1396 	case 3:
1397 		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1398 		if (!nl_bands)
1399 			goto nla_put_failure;
1400 
1401 		for (band = state->band_start;
1402 		     band < IEEE80211_NUM_BANDS; band++) {
1403 			struct ieee80211_supported_band *sband;
1404 
1405 			sband = rdev->wiphy.bands[band];
1406 
1407 			if (!sband)
1408 				continue;
1409 
1410 			nl_band = nla_nest_start(msg, band);
1411 			if (!nl_band)
1412 				goto nla_put_failure;
1413 
1414 			switch (state->chan_start) {
1415 			case 0:
1416 				if (nl80211_send_band_rateinfo(msg, sband))
1417 					goto nla_put_failure;
1418 				state->chan_start++;
1419 				if (state->split)
1420 					break;
1421 			default:
1422 				/* add frequencies */
1423 				nl_freqs = nla_nest_start(
1424 					msg, NL80211_BAND_ATTR_FREQS);
1425 				if (!nl_freqs)
1426 					goto nla_put_failure;
1427 
1428 				for (i = state->chan_start - 1;
1429 				     i < sband->n_channels;
1430 				     i++) {
1431 					nl_freq = nla_nest_start(msg, i);
1432 					if (!nl_freq)
1433 						goto nla_put_failure;
1434 
1435 					chan = &sband->channels[i];
1436 
1437 					if (nl80211_msg_put_channel(
1438 							msg, chan,
1439 							state->split))
1440 						goto nla_put_failure;
1441 
1442 					nla_nest_end(msg, nl_freq);
1443 					if (state->split)
1444 						break;
1445 				}
1446 				if (i < sband->n_channels)
1447 					state->chan_start = i + 2;
1448 				else
1449 					state->chan_start = 0;
1450 				nla_nest_end(msg, nl_freqs);
1451 			}
1452 
1453 			nla_nest_end(msg, nl_band);
1454 
1455 			if (state->split) {
1456 				/* start again here */
1457 				if (state->chan_start)
1458 					band--;
1459 				break;
1460 			}
1461 		}
1462 		nla_nest_end(msg, nl_bands);
1463 
1464 		if (band < IEEE80211_NUM_BANDS)
1465 			state->band_start = band + 1;
1466 		else
1467 			state->band_start = 0;
1468 
1469 		/* if bands & channels are done, continue outside */
1470 		if (state->band_start == 0 && state->chan_start == 0)
1471 			state->split_start++;
1472 		if (state->split)
1473 			break;
1474 	case 4:
1475 		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1476 		if (!nl_cmds)
1477 			goto nla_put_failure;
1478 
1479 		i = 0;
1480 #define CMD(op, n)							\
1481 		 do {							\
1482 			if (rdev->ops->op) {				\
1483 				i++;					\
1484 				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1485 					goto nla_put_failure;		\
1486 			}						\
1487 		} while (0)
1488 
1489 		CMD(add_virtual_intf, NEW_INTERFACE);
1490 		CMD(change_virtual_intf, SET_INTERFACE);
1491 		CMD(add_key, NEW_KEY);
1492 		CMD(start_ap, START_AP);
1493 		CMD(add_station, NEW_STATION);
1494 		CMD(add_mpath, NEW_MPATH);
1495 		CMD(update_mesh_config, SET_MESH_CONFIG);
1496 		CMD(change_bss, SET_BSS);
1497 		CMD(auth, AUTHENTICATE);
1498 		CMD(assoc, ASSOCIATE);
1499 		CMD(deauth, DEAUTHENTICATE);
1500 		CMD(disassoc, DISASSOCIATE);
1501 		CMD(join_ibss, JOIN_IBSS);
1502 		CMD(join_mesh, JOIN_MESH);
1503 		CMD(set_pmksa, SET_PMKSA);
1504 		CMD(del_pmksa, DEL_PMKSA);
1505 		CMD(flush_pmksa, FLUSH_PMKSA);
1506 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1507 			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1508 		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1509 		CMD(mgmt_tx, FRAME);
1510 		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1511 		if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1512 			i++;
1513 			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1514 				goto nla_put_failure;
1515 		}
1516 		if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1517 		    rdev->ops->join_mesh) {
1518 			i++;
1519 			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1520 				goto nla_put_failure;
1521 		}
1522 		CMD(set_wds_peer, SET_WDS_PEER);
1523 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1524 			CMD(tdls_mgmt, TDLS_MGMT);
1525 			CMD(tdls_oper, TDLS_OPER);
1526 		}
1527 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1528 			CMD(sched_scan_start, START_SCHED_SCAN);
1529 		CMD(probe_client, PROBE_CLIENT);
1530 		CMD(set_noack_map, SET_NOACK_MAP);
1531 		if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1532 			i++;
1533 			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1534 				goto nla_put_failure;
1535 		}
1536 		CMD(start_p2p_device, START_P2P_DEVICE);
1537 		CMD(set_mcast_rate, SET_MCAST_RATE);
1538 #ifdef CONFIG_NL80211_TESTMODE
1539 		CMD(testmode_cmd, TESTMODE);
1540 #endif
1541 		if (state->split) {
1542 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1543 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1544 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1545 				CMD(channel_switch, CHANNEL_SWITCH);
1546 			CMD(set_qos_map, SET_QOS_MAP);
1547 			if (rdev->wiphy.features &
1548 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1549 				CMD(add_tx_ts, ADD_TX_TS);
1550 		}
1551 		/* add into the if now */
1552 #undef CMD
1553 
1554 		if (rdev->ops->connect || rdev->ops->auth) {
1555 			i++;
1556 			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1557 				goto nla_put_failure;
1558 		}
1559 
1560 		if (rdev->ops->disconnect || rdev->ops->deauth) {
1561 			i++;
1562 			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1563 				goto nla_put_failure;
1564 		}
1565 
1566 		nla_nest_end(msg, nl_cmds);
1567 		state->split_start++;
1568 		if (state->split)
1569 			break;
1570 	case 5:
1571 		if (rdev->ops->remain_on_channel &&
1572 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1573 		    nla_put_u32(msg,
1574 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1575 				rdev->wiphy.max_remain_on_channel_duration))
1576 			goto nla_put_failure;
1577 
1578 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1579 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1580 			goto nla_put_failure;
1581 
1582 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1583 			goto nla_put_failure;
1584 		state->split_start++;
1585 		if (state->split)
1586 			break;
1587 	case 6:
1588 #ifdef CONFIG_PM
1589 		if (nl80211_send_wowlan(msg, rdev, state->split))
1590 			goto nla_put_failure;
1591 		state->split_start++;
1592 		if (state->split)
1593 			break;
1594 #else
1595 		state->split_start++;
1596 #endif
1597 	case 7:
1598 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1599 					rdev->wiphy.software_iftypes))
1600 			goto nla_put_failure;
1601 
1602 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1603 						   state->split))
1604 			goto nla_put_failure;
1605 
1606 		state->split_start++;
1607 		if (state->split)
1608 			break;
1609 	case 8:
1610 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1611 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1612 				rdev->wiphy.ap_sme_capa))
1613 			goto nla_put_failure;
1614 
1615 		features = rdev->wiphy.features;
1616 		/*
1617 		 * We can only add the per-channel limit information if the
1618 		 * dump is split, otherwise it makes it too big. Therefore
1619 		 * only advertise it in that case.
1620 		 */
1621 		if (state->split)
1622 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1623 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1624 			goto nla_put_failure;
1625 
1626 		if (rdev->wiphy.ht_capa_mod_mask &&
1627 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1628 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
1629 			    rdev->wiphy.ht_capa_mod_mask))
1630 			goto nla_put_failure;
1631 
1632 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1633 		    rdev->wiphy.max_acl_mac_addrs &&
1634 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1635 				rdev->wiphy.max_acl_mac_addrs))
1636 			goto nla_put_failure;
1637 
1638 		/*
1639 		 * Any information below this point is only available to
1640 		 * applications that can deal with it being split. This
1641 		 * helps ensure that newly added capabilities don't break
1642 		 * older tools by overrunning their buffers.
1643 		 *
1644 		 * We still increment split_start so that in the split
1645 		 * case we'll continue with more data in the next round,
1646 		 * but break unconditionally so unsplit data stops here.
1647 		 */
1648 		state->split_start++;
1649 		break;
1650 	case 9:
1651 		if (rdev->wiphy.extended_capabilities &&
1652 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1653 			     rdev->wiphy.extended_capabilities_len,
1654 			     rdev->wiphy.extended_capabilities) ||
1655 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1656 			     rdev->wiphy.extended_capabilities_len,
1657 			     rdev->wiphy.extended_capabilities_mask)))
1658 			goto nla_put_failure;
1659 
1660 		if (rdev->wiphy.vht_capa_mod_mask &&
1661 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1662 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
1663 			    rdev->wiphy.vht_capa_mod_mask))
1664 			goto nla_put_failure;
1665 
1666 		state->split_start++;
1667 		break;
1668 	case 10:
1669 		if (nl80211_send_coalesce(msg, rdev))
1670 			goto nla_put_failure;
1671 
1672 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1673 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1674 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1675 			goto nla_put_failure;
1676 
1677 		if (rdev->wiphy.max_ap_assoc_sta &&
1678 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1679 				rdev->wiphy.max_ap_assoc_sta))
1680 			goto nla_put_failure;
1681 
1682 		state->split_start++;
1683 		break;
1684 	case 11:
1685 		if (rdev->wiphy.n_vendor_commands) {
1686 			const struct nl80211_vendor_cmd_info *info;
1687 			struct nlattr *nested;
1688 
1689 			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1690 			if (!nested)
1691 				goto nla_put_failure;
1692 
1693 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1694 				info = &rdev->wiphy.vendor_commands[i].info;
1695 				if (nla_put(msg, i + 1, sizeof(*info), info))
1696 					goto nla_put_failure;
1697 			}
1698 			nla_nest_end(msg, nested);
1699 		}
1700 
1701 		if (rdev->wiphy.n_vendor_events) {
1702 			const struct nl80211_vendor_cmd_info *info;
1703 			struct nlattr *nested;
1704 
1705 			nested = nla_nest_start(msg,
1706 						NL80211_ATTR_VENDOR_EVENTS);
1707 			if (!nested)
1708 				goto nla_put_failure;
1709 
1710 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1711 				info = &rdev->wiphy.vendor_events[i];
1712 				if (nla_put(msg, i + 1, sizeof(*info), info))
1713 					goto nla_put_failure;
1714 			}
1715 			nla_nest_end(msg, nested);
1716 		}
1717 		state->split_start++;
1718 		break;
1719 	case 12:
1720 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1721 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1722 			       rdev->wiphy.max_num_csa_counters))
1723 			goto nla_put_failure;
1724 
1725 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1726 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1727 			goto nla_put_failure;
1728 
1729 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1730 			    sizeof(rdev->wiphy.ext_features),
1731 			    rdev->wiphy.ext_features))
1732 			goto nla_put_failure;
1733 
1734 		/* done */
1735 		state->split_start = 0;
1736 		break;
1737 	}
1738  finish:
1739 	genlmsg_end(msg, hdr);
1740 	return 0;
1741 
1742  nla_put_failure:
1743 	genlmsg_cancel(msg, hdr);
1744 	return -EMSGSIZE;
1745 }
1746 
1747 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1748 				    struct netlink_callback *cb,
1749 				    struct nl80211_dump_wiphy_state *state)
1750 {
1751 	struct nlattr **tb = nl80211_fam.attrbuf;
1752 	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1753 			      tb, nl80211_fam.maxattr, nl80211_policy);
1754 	/* ignore parse errors for backward compatibility */
1755 	if (ret)
1756 		return 0;
1757 
1758 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1759 	if (tb[NL80211_ATTR_WIPHY])
1760 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1761 	if (tb[NL80211_ATTR_WDEV])
1762 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1763 	if (tb[NL80211_ATTR_IFINDEX]) {
1764 		struct net_device *netdev;
1765 		struct cfg80211_registered_device *rdev;
1766 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1767 
1768 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1769 		if (!netdev)
1770 			return -ENODEV;
1771 		if (netdev->ieee80211_ptr) {
1772 			rdev = wiphy_to_rdev(
1773 				netdev->ieee80211_ptr->wiphy);
1774 			state->filter_wiphy = rdev->wiphy_idx;
1775 		}
1776 	}
1777 
1778 	return 0;
1779 }
1780 
1781 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1782 {
1783 	int idx = 0, ret;
1784 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1785 	struct cfg80211_registered_device *rdev;
1786 
1787 	rtnl_lock();
1788 	if (!state) {
1789 		state = kzalloc(sizeof(*state), GFP_KERNEL);
1790 		if (!state) {
1791 			rtnl_unlock();
1792 			return -ENOMEM;
1793 		}
1794 		state->filter_wiphy = -1;
1795 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1796 		if (ret) {
1797 			kfree(state);
1798 			rtnl_unlock();
1799 			return ret;
1800 		}
1801 		cb->args[0] = (long)state;
1802 	}
1803 
1804 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1805 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1806 			continue;
1807 		if (++idx <= state->start)
1808 			continue;
1809 		if (state->filter_wiphy != -1 &&
1810 		    state->filter_wiphy != rdev->wiphy_idx)
1811 			continue;
1812 		/* attempt to fit multiple wiphy data chunks into the skb */
1813 		do {
1814 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1815 						 skb,
1816 						 NETLINK_CB(cb->skb).portid,
1817 						 cb->nlh->nlmsg_seq,
1818 						 NLM_F_MULTI, state);
1819 			if (ret < 0) {
1820 				/*
1821 				 * If sending the wiphy data didn't fit (ENOBUFS
1822 				 * or EMSGSIZE returned), this SKB is still
1823 				 * empty (so it's not too big because another
1824 				 * wiphy dataset is already in the skb) and
1825 				 * we've not tried to adjust the dump allocation
1826 				 * yet ... then adjust the alloc size to be
1827 				 * bigger, and return 1 but with the empty skb.
1828 				 * This results in an empty message being RX'ed
1829 				 * in userspace, but that is ignored.
1830 				 *
1831 				 * We can then retry with the larger buffer.
1832 				 */
1833 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1834 				    !skb->len && !state->split &&
1835 				    cb->min_dump_alloc < 4096) {
1836 					cb->min_dump_alloc = 4096;
1837 					state->split_start = 0;
1838 					rtnl_unlock();
1839 					return 1;
1840 				}
1841 				idx--;
1842 				break;
1843 			}
1844 		} while (state->split_start > 0);
1845 		break;
1846 	}
1847 	rtnl_unlock();
1848 
1849 	state->start = idx;
1850 
1851 	return skb->len;
1852 }
1853 
1854 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1855 {
1856 	kfree((void *)cb->args[0]);
1857 	return 0;
1858 }
1859 
1860 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1861 {
1862 	struct sk_buff *msg;
1863 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1864 	struct nl80211_dump_wiphy_state state = {};
1865 
1866 	msg = nlmsg_new(4096, GFP_KERNEL);
1867 	if (!msg)
1868 		return -ENOMEM;
1869 
1870 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
1871 			       info->snd_portid, info->snd_seq, 0,
1872 			       &state) < 0) {
1873 		nlmsg_free(msg);
1874 		return -ENOBUFS;
1875 	}
1876 
1877 	return genlmsg_reply(msg, info);
1878 }
1879 
1880 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1881 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1882 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1883 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1884 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1885 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1886 };
1887 
1888 static int parse_txq_params(struct nlattr *tb[],
1889 			    struct ieee80211_txq_params *txq_params)
1890 {
1891 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1892 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1893 	    !tb[NL80211_TXQ_ATTR_AIFS])
1894 		return -EINVAL;
1895 
1896 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1897 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1898 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1899 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1900 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1901 
1902 	if (txq_params->ac >= NL80211_NUM_ACS)
1903 		return -EINVAL;
1904 
1905 	return 0;
1906 }
1907 
1908 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1909 {
1910 	/*
1911 	 * You can only set the channel explicitly for WDS interfaces,
1912 	 * all others have their channel managed via their respective
1913 	 * "establish a connection" command (connect, join, ...)
1914 	 *
1915 	 * For AP/GO and mesh mode, the channel can be set with the
1916 	 * channel userspace API, but is only stored and passed to the
1917 	 * low-level driver when the AP starts or the mesh is joined.
1918 	 * This is for backward compatibility, userspace can also give
1919 	 * the channel in the start-ap or join-mesh commands instead.
1920 	 *
1921 	 * Monitors are special as they are normally slaved to
1922 	 * whatever else is going on, so they have their own special
1923 	 * operation to set the monitor channel if possible.
1924 	 */
1925 	return !wdev ||
1926 		wdev->iftype == NL80211_IFTYPE_AP ||
1927 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1928 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1929 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1930 }
1931 
1932 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1933 				 struct genl_info *info,
1934 				 struct cfg80211_chan_def *chandef)
1935 {
1936 	u32 control_freq;
1937 
1938 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1939 		return -EINVAL;
1940 
1941 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1942 
1943 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1944 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1945 	chandef->center_freq1 = control_freq;
1946 	chandef->center_freq2 = 0;
1947 
1948 	/* Primary channel not allowed */
1949 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1950 		return -EINVAL;
1951 
1952 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1953 		enum nl80211_channel_type chantype;
1954 
1955 		chantype = nla_get_u32(
1956 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1957 
1958 		switch (chantype) {
1959 		case NL80211_CHAN_NO_HT:
1960 		case NL80211_CHAN_HT20:
1961 		case NL80211_CHAN_HT40PLUS:
1962 		case NL80211_CHAN_HT40MINUS:
1963 			cfg80211_chandef_create(chandef, chandef->chan,
1964 						chantype);
1965 			break;
1966 		default:
1967 			return -EINVAL;
1968 		}
1969 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1970 		chandef->width =
1971 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1972 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1973 			chandef->center_freq1 =
1974 				nla_get_u32(
1975 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1976 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1977 			chandef->center_freq2 =
1978 				nla_get_u32(
1979 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1980 	}
1981 
1982 	if (!cfg80211_chandef_valid(chandef))
1983 		return -EINVAL;
1984 
1985 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1986 				     IEEE80211_CHAN_DISABLED))
1987 		return -EINVAL;
1988 
1989 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1990 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
1991 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1992 		return -EINVAL;
1993 
1994 	return 0;
1995 }
1996 
1997 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1998 				 struct net_device *dev,
1999 				 struct genl_info *info)
2000 {
2001 	struct cfg80211_chan_def chandef;
2002 	int result;
2003 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2004 	struct wireless_dev *wdev = NULL;
2005 
2006 	if (dev)
2007 		wdev = dev->ieee80211_ptr;
2008 	if (!nl80211_can_set_dev_channel(wdev))
2009 		return -EOPNOTSUPP;
2010 	if (wdev)
2011 		iftype = wdev->iftype;
2012 
2013 	result = nl80211_parse_chandef(rdev, info, &chandef);
2014 	if (result)
2015 		return result;
2016 
2017 	switch (iftype) {
2018 	case NL80211_IFTYPE_AP:
2019 	case NL80211_IFTYPE_P2P_GO:
2020 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2021 						   iftype)) {
2022 			result = -EINVAL;
2023 			break;
2024 		}
2025 		if (wdev->beacon_interval) {
2026 			if (!dev || !rdev->ops->set_ap_chanwidth ||
2027 			    !(rdev->wiphy.features &
2028 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2029 				result = -EBUSY;
2030 				break;
2031 			}
2032 
2033 			/* Only allow dynamic channel width changes */
2034 			if (chandef.chan != wdev->preset_chandef.chan) {
2035 				result = -EBUSY;
2036 				break;
2037 			}
2038 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2039 			if (result)
2040 				break;
2041 		}
2042 		wdev->preset_chandef = chandef;
2043 		result = 0;
2044 		break;
2045 	case NL80211_IFTYPE_MESH_POINT:
2046 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2047 		break;
2048 	case NL80211_IFTYPE_MONITOR:
2049 		result = cfg80211_set_monitor_channel(rdev, &chandef);
2050 		break;
2051 	default:
2052 		result = -EINVAL;
2053 	}
2054 
2055 	return result;
2056 }
2057 
2058 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2059 {
2060 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2061 	struct net_device *netdev = info->user_ptr[1];
2062 
2063 	return __nl80211_set_channel(rdev, netdev, info);
2064 }
2065 
2066 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2067 {
2068 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2069 	struct net_device *dev = info->user_ptr[1];
2070 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2071 	const u8 *bssid;
2072 
2073 	if (!info->attrs[NL80211_ATTR_MAC])
2074 		return -EINVAL;
2075 
2076 	if (netif_running(dev))
2077 		return -EBUSY;
2078 
2079 	if (!rdev->ops->set_wds_peer)
2080 		return -EOPNOTSUPP;
2081 
2082 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2083 		return -EOPNOTSUPP;
2084 
2085 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2086 	return rdev_set_wds_peer(rdev, dev, bssid);
2087 }
2088 
2089 
2090 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2091 {
2092 	struct cfg80211_registered_device *rdev;
2093 	struct net_device *netdev = NULL;
2094 	struct wireless_dev *wdev;
2095 	int result = 0, rem_txq_params = 0;
2096 	struct nlattr *nl_txq_params;
2097 	u32 changed;
2098 	u8 retry_short = 0, retry_long = 0;
2099 	u32 frag_threshold = 0, rts_threshold = 0;
2100 	u8 coverage_class = 0;
2101 
2102 	ASSERT_RTNL();
2103 
2104 	/*
2105 	 * Try to find the wiphy and netdev. Normally this
2106 	 * function shouldn't need the netdev, but this is
2107 	 * done for backward compatibility -- previously
2108 	 * setting the channel was done per wiphy, but now
2109 	 * it is per netdev. Previous userland like hostapd
2110 	 * also passed a netdev to set_wiphy, so that it is
2111 	 * possible to let that go to the right netdev!
2112 	 */
2113 
2114 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2115 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2116 
2117 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2118 		if (netdev && netdev->ieee80211_ptr)
2119 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2120 		else
2121 			netdev = NULL;
2122 	}
2123 
2124 	if (!netdev) {
2125 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2126 						  info->attrs);
2127 		if (IS_ERR(rdev))
2128 			return PTR_ERR(rdev);
2129 		wdev = NULL;
2130 		netdev = NULL;
2131 		result = 0;
2132 	} else
2133 		wdev = netdev->ieee80211_ptr;
2134 
2135 	/*
2136 	 * end workaround code, by now the rdev is available
2137 	 * and locked, and wdev may or may not be NULL.
2138 	 */
2139 
2140 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2141 		result = cfg80211_dev_rename(
2142 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2143 
2144 	if (result)
2145 		return result;
2146 
2147 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2148 		struct ieee80211_txq_params txq_params;
2149 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2150 
2151 		if (!rdev->ops->set_txq_params)
2152 			return -EOPNOTSUPP;
2153 
2154 		if (!netdev)
2155 			return -EINVAL;
2156 
2157 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2158 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2159 			return -EINVAL;
2160 
2161 		if (!netif_running(netdev))
2162 			return -ENETDOWN;
2163 
2164 		nla_for_each_nested(nl_txq_params,
2165 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2166 				    rem_txq_params) {
2167 			result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2168 					   nla_data(nl_txq_params),
2169 					   nla_len(nl_txq_params),
2170 					   txq_params_policy);
2171 			if (result)
2172 				return result;
2173 			result = parse_txq_params(tb, &txq_params);
2174 			if (result)
2175 				return result;
2176 
2177 			result = rdev_set_txq_params(rdev, netdev,
2178 						     &txq_params);
2179 			if (result)
2180 				return result;
2181 		}
2182 	}
2183 
2184 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2185 		result = __nl80211_set_channel(
2186 			rdev,
2187 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2188 			info);
2189 		if (result)
2190 			return result;
2191 	}
2192 
2193 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2194 		struct wireless_dev *txp_wdev = wdev;
2195 		enum nl80211_tx_power_setting type;
2196 		int idx, mbm = 0;
2197 
2198 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2199 			txp_wdev = NULL;
2200 
2201 		if (!rdev->ops->set_tx_power)
2202 			return -EOPNOTSUPP;
2203 
2204 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2205 		type = nla_get_u32(info->attrs[idx]);
2206 
2207 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2208 		    (type != NL80211_TX_POWER_AUTOMATIC))
2209 			return -EINVAL;
2210 
2211 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2212 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2213 			mbm = nla_get_u32(info->attrs[idx]);
2214 		}
2215 
2216 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2217 		if (result)
2218 			return result;
2219 	}
2220 
2221 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2222 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2223 		u32 tx_ant, rx_ant;
2224 		if ((!rdev->wiphy.available_antennas_tx &&
2225 		     !rdev->wiphy.available_antennas_rx) ||
2226 		    !rdev->ops->set_antenna)
2227 			return -EOPNOTSUPP;
2228 
2229 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2230 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2231 
2232 		/* reject antenna configurations which don't match the
2233 		 * available antenna masks, except for the "all" mask */
2234 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2235 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2236 			return -EINVAL;
2237 
2238 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2239 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2240 
2241 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2242 		if (result)
2243 			return result;
2244 	}
2245 
2246 	changed = 0;
2247 
2248 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2249 		retry_short = nla_get_u8(
2250 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2251 		if (retry_short == 0)
2252 			return -EINVAL;
2253 
2254 		changed |= WIPHY_PARAM_RETRY_SHORT;
2255 	}
2256 
2257 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2258 		retry_long = nla_get_u8(
2259 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2260 		if (retry_long == 0)
2261 			return -EINVAL;
2262 
2263 		changed |= WIPHY_PARAM_RETRY_LONG;
2264 	}
2265 
2266 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2267 		frag_threshold = nla_get_u32(
2268 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2269 		if (frag_threshold < 256)
2270 			return -EINVAL;
2271 
2272 		if (frag_threshold != (u32) -1) {
2273 			/*
2274 			 * Fragments (apart from the last one) are required to
2275 			 * have even length. Make the fragmentation code
2276 			 * simpler by stripping LSB should someone try to use
2277 			 * odd threshold value.
2278 			 */
2279 			frag_threshold &= ~0x1;
2280 		}
2281 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2282 	}
2283 
2284 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2285 		rts_threshold = nla_get_u32(
2286 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2287 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2288 	}
2289 
2290 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2291 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2292 			return -EINVAL;
2293 
2294 		coverage_class = nla_get_u8(
2295 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2296 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2297 	}
2298 
2299 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2300 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2301 			return -EOPNOTSUPP;
2302 
2303 		changed |= WIPHY_PARAM_DYN_ACK;
2304 	}
2305 
2306 	if (changed) {
2307 		u8 old_retry_short, old_retry_long;
2308 		u32 old_frag_threshold, old_rts_threshold;
2309 		u8 old_coverage_class;
2310 
2311 		if (!rdev->ops->set_wiphy_params)
2312 			return -EOPNOTSUPP;
2313 
2314 		old_retry_short = rdev->wiphy.retry_short;
2315 		old_retry_long = rdev->wiphy.retry_long;
2316 		old_frag_threshold = rdev->wiphy.frag_threshold;
2317 		old_rts_threshold = rdev->wiphy.rts_threshold;
2318 		old_coverage_class = rdev->wiphy.coverage_class;
2319 
2320 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2321 			rdev->wiphy.retry_short = retry_short;
2322 		if (changed & WIPHY_PARAM_RETRY_LONG)
2323 			rdev->wiphy.retry_long = retry_long;
2324 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2325 			rdev->wiphy.frag_threshold = frag_threshold;
2326 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2327 			rdev->wiphy.rts_threshold = rts_threshold;
2328 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2329 			rdev->wiphy.coverage_class = coverage_class;
2330 
2331 		result = rdev_set_wiphy_params(rdev, changed);
2332 		if (result) {
2333 			rdev->wiphy.retry_short = old_retry_short;
2334 			rdev->wiphy.retry_long = old_retry_long;
2335 			rdev->wiphy.frag_threshold = old_frag_threshold;
2336 			rdev->wiphy.rts_threshold = old_rts_threshold;
2337 			rdev->wiphy.coverage_class = old_coverage_class;
2338 			return result;
2339 		}
2340 	}
2341 	return 0;
2342 }
2343 
2344 static inline u64 wdev_id(struct wireless_dev *wdev)
2345 {
2346 	return (u64)wdev->identifier |
2347 	       ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2348 }
2349 
2350 static int nl80211_send_chandef(struct sk_buff *msg,
2351 				const struct cfg80211_chan_def *chandef)
2352 {
2353 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2354 		return -EINVAL;
2355 
2356 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2357 			chandef->chan->center_freq))
2358 		return -ENOBUFS;
2359 	switch (chandef->width) {
2360 	case NL80211_CHAN_WIDTH_20_NOHT:
2361 	case NL80211_CHAN_WIDTH_20:
2362 	case NL80211_CHAN_WIDTH_40:
2363 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2364 				cfg80211_get_chandef_type(chandef)))
2365 			return -ENOBUFS;
2366 		break;
2367 	default:
2368 		break;
2369 	}
2370 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2371 		return -ENOBUFS;
2372 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2373 		return -ENOBUFS;
2374 	if (chandef->center_freq2 &&
2375 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2376 		return -ENOBUFS;
2377 	return 0;
2378 }
2379 
2380 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2381 			      struct cfg80211_registered_device *rdev,
2382 			      struct wireless_dev *wdev, bool removal)
2383 {
2384 	struct net_device *dev = wdev->netdev;
2385 	u8 cmd = NL80211_CMD_NEW_INTERFACE;
2386 	void *hdr;
2387 
2388 	if (removal)
2389 		cmd = NL80211_CMD_DEL_INTERFACE;
2390 
2391 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2392 	if (!hdr)
2393 		return -1;
2394 
2395 	if (dev &&
2396 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2397 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2398 		goto nla_put_failure;
2399 
2400 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2401 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2402 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2403 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2404 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2405 			rdev->devlist_generation ^
2406 			(cfg80211_rdev_list_generation << 2)))
2407 		goto nla_put_failure;
2408 
2409 	if (rdev->ops->get_channel) {
2410 		int ret;
2411 		struct cfg80211_chan_def chandef;
2412 
2413 		ret = rdev_get_channel(rdev, wdev, &chandef);
2414 		if (ret == 0) {
2415 			if (nl80211_send_chandef(msg, &chandef))
2416 				goto nla_put_failure;
2417 		}
2418 	}
2419 
2420 	if (rdev->ops->get_tx_power) {
2421 		int dbm, ret;
2422 
2423 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
2424 		if (ret == 0 &&
2425 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2426 				DBM_TO_MBM(dbm)))
2427 			goto nla_put_failure;
2428 	}
2429 
2430 	if (wdev->ssid_len) {
2431 		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2432 			goto nla_put_failure;
2433 	}
2434 
2435 	genlmsg_end(msg, hdr);
2436 	return 0;
2437 
2438  nla_put_failure:
2439 	genlmsg_cancel(msg, hdr);
2440 	return -EMSGSIZE;
2441 }
2442 
2443 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2444 {
2445 	int wp_idx = 0;
2446 	int if_idx = 0;
2447 	int wp_start = cb->args[0];
2448 	int if_start = cb->args[1];
2449 	struct cfg80211_registered_device *rdev;
2450 	struct wireless_dev *wdev;
2451 
2452 	rtnl_lock();
2453 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2454 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2455 			continue;
2456 		if (wp_idx < wp_start) {
2457 			wp_idx++;
2458 			continue;
2459 		}
2460 		if_idx = 0;
2461 
2462 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
2463 			if (if_idx < if_start) {
2464 				if_idx++;
2465 				continue;
2466 			}
2467 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2468 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2469 					       rdev, wdev, false) < 0) {
2470 				goto out;
2471 			}
2472 			if_idx++;
2473 		}
2474 
2475 		wp_idx++;
2476 	}
2477  out:
2478 	rtnl_unlock();
2479 
2480 	cb->args[0] = wp_idx;
2481 	cb->args[1] = if_idx;
2482 
2483 	return skb->len;
2484 }
2485 
2486 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2487 {
2488 	struct sk_buff *msg;
2489 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2490 	struct wireless_dev *wdev = info->user_ptr[1];
2491 
2492 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2493 	if (!msg)
2494 		return -ENOMEM;
2495 
2496 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2497 			       rdev, wdev, false) < 0) {
2498 		nlmsg_free(msg);
2499 		return -ENOBUFS;
2500 	}
2501 
2502 	return genlmsg_reply(msg, info);
2503 }
2504 
2505 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2506 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2507 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2508 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2509 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2510 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2511 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2512 };
2513 
2514 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2515 {
2516 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2517 	int flag;
2518 
2519 	*mntrflags = 0;
2520 
2521 	if (!nla)
2522 		return -EINVAL;
2523 
2524 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2525 			     nla, mntr_flags_policy))
2526 		return -EINVAL;
2527 
2528 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2529 		if (flags[flag])
2530 			*mntrflags |= (1<<flag);
2531 
2532 	return 0;
2533 }
2534 
2535 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2536 			       struct net_device *netdev, u8 use_4addr,
2537 			       enum nl80211_iftype iftype)
2538 {
2539 	if (!use_4addr) {
2540 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2541 			return -EBUSY;
2542 		return 0;
2543 	}
2544 
2545 	switch (iftype) {
2546 	case NL80211_IFTYPE_AP_VLAN:
2547 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2548 			return 0;
2549 		break;
2550 	case NL80211_IFTYPE_STATION:
2551 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2552 			return 0;
2553 		break;
2554 	default:
2555 		break;
2556 	}
2557 
2558 	return -EOPNOTSUPP;
2559 }
2560 
2561 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2562 {
2563 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2564 	struct vif_params params;
2565 	int err;
2566 	enum nl80211_iftype otype, ntype;
2567 	struct net_device *dev = info->user_ptr[1];
2568 	u32 _flags, *flags = NULL;
2569 	bool change = false;
2570 
2571 	memset(&params, 0, sizeof(params));
2572 
2573 	otype = ntype = dev->ieee80211_ptr->iftype;
2574 
2575 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2576 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2577 		if (otype != ntype)
2578 			change = true;
2579 		if (ntype > NL80211_IFTYPE_MAX)
2580 			return -EINVAL;
2581 	}
2582 
2583 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2584 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2585 
2586 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2587 			return -EINVAL;
2588 		if (netif_running(dev))
2589 			return -EBUSY;
2590 
2591 		wdev_lock(wdev);
2592 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2593 			     IEEE80211_MAX_MESH_ID_LEN);
2594 		wdev->mesh_id_up_len =
2595 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2596 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2597 		       wdev->mesh_id_up_len);
2598 		wdev_unlock(wdev);
2599 	}
2600 
2601 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2602 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2603 		change = true;
2604 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2605 		if (err)
2606 			return err;
2607 	} else {
2608 		params.use_4addr = -1;
2609 	}
2610 
2611 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2612 		if (ntype != NL80211_IFTYPE_MONITOR)
2613 			return -EINVAL;
2614 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2615 					  &_flags);
2616 		if (err)
2617 			return err;
2618 
2619 		flags = &_flags;
2620 		change = true;
2621 	}
2622 
2623 	if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2624 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2625 		return -EOPNOTSUPP;
2626 
2627 	if (change)
2628 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2629 	else
2630 		err = 0;
2631 
2632 	if (!err && params.use_4addr != -1)
2633 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2634 
2635 	return err;
2636 }
2637 
2638 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2639 {
2640 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2641 	struct vif_params params;
2642 	struct wireless_dev *wdev;
2643 	struct sk_buff *msg, *event;
2644 	int err;
2645 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2646 	u32 flags;
2647 
2648 	/* to avoid failing a new interface creation due to pending removal */
2649 	cfg80211_destroy_ifaces(rdev);
2650 
2651 	memset(&params, 0, sizeof(params));
2652 
2653 	if (!info->attrs[NL80211_ATTR_IFNAME])
2654 		return -EINVAL;
2655 
2656 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2657 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2658 		if (type > NL80211_IFTYPE_MAX)
2659 			return -EINVAL;
2660 	}
2661 
2662 	if (!rdev->ops->add_virtual_intf ||
2663 	    !(rdev->wiphy.interface_modes & (1 << type)))
2664 		return -EOPNOTSUPP;
2665 
2666 	if ((type == NL80211_IFTYPE_P2P_DEVICE ||
2667 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2668 	    info->attrs[NL80211_ATTR_MAC]) {
2669 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2670 			   ETH_ALEN);
2671 		if (!is_valid_ether_addr(params.macaddr))
2672 			return -EADDRNOTAVAIL;
2673 	}
2674 
2675 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2676 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2677 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2678 		if (err)
2679 			return err;
2680 	}
2681 
2682 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2683 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2684 				  &flags);
2685 
2686 	if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2687 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2688 		return -EOPNOTSUPP;
2689 
2690 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2691 	if (!msg)
2692 		return -ENOMEM;
2693 
2694 	wdev = rdev_add_virtual_intf(rdev,
2695 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2696 				NET_NAME_USER, type, err ? NULL : &flags,
2697 				&params);
2698 	if (WARN_ON(!wdev)) {
2699 		nlmsg_free(msg);
2700 		return -EPROTO;
2701 	} else if (IS_ERR(wdev)) {
2702 		nlmsg_free(msg);
2703 		return PTR_ERR(wdev);
2704 	}
2705 
2706 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2707 		wdev->owner_nlportid = info->snd_portid;
2708 
2709 	switch (type) {
2710 	case NL80211_IFTYPE_MESH_POINT:
2711 		if (!info->attrs[NL80211_ATTR_MESH_ID])
2712 			break;
2713 		wdev_lock(wdev);
2714 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2715 			     IEEE80211_MAX_MESH_ID_LEN);
2716 		wdev->mesh_id_up_len =
2717 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2718 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2719 		       wdev->mesh_id_up_len);
2720 		wdev_unlock(wdev);
2721 		break;
2722 	case NL80211_IFTYPE_P2P_DEVICE:
2723 		/*
2724 		 * P2P Device doesn't have a netdev, so doesn't go
2725 		 * through the netdev notifier and must be added here
2726 		 */
2727 		mutex_init(&wdev->mtx);
2728 		INIT_LIST_HEAD(&wdev->event_list);
2729 		spin_lock_init(&wdev->event_lock);
2730 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2731 		spin_lock_init(&wdev->mgmt_registrations_lock);
2732 
2733 		wdev->identifier = ++rdev->wdev_id;
2734 		list_add_rcu(&wdev->list, &rdev->wdev_list);
2735 		rdev->devlist_generation++;
2736 		break;
2737 	default:
2738 		break;
2739 	}
2740 
2741 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2742 			       rdev, wdev, false) < 0) {
2743 		nlmsg_free(msg);
2744 		return -ENOBUFS;
2745 	}
2746 
2747 	event = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2748 	if (event) {
2749 		if (nl80211_send_iface(event, 0, 0, 0,
2750 				       rdev, wdev, false) < 0) {
2751 			nlmsg_free(event);
2752 			goto out;
2753 		}
2754 
2755 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2756 					event, 0, NL80211_MCGRP_CONFIG,
2757 					GFP_KERNEL);
2758 	}
2759 
2760 out:
2761 	return genlmsg_reply(msg, info);
2762 }
2763 
2764 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2765 {
2766 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2767 	struct wireless_dev *wdev = info->user_ptr[1];
2768 	struct sk_buff *msg;
2769 	int status;
2770 
2771 	if (!rdev->ops->del_virtual_intf)
2772 		return -EOPNOTSUPP;
2773 
2774 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2775 	if (msg && nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, true) < 0) {
2776 		nlmsg_free(msg);
2777 		msg = NULL;
2778 	}
2779 
2780 	/*
2781 	 * If we remove a wireless device without a netdev then clear
2782 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2783 	 * to check if it needs to do dev_put(). Otherwise it crashes
2784 	 * since the wdev has been freed, unlike with a netdev where
2785 	 * we need the dev_put() for the netdev to really be freed.
2786 	 */
2787 	if (!wdev->netdev)
2788 		info->user_ptr[1] = NULL;
2789 
2790 	status = rdev_del_virtual_intf(rdev, wdev);
2791 	if (status >= 0 && msg)
2792 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2793 					msg, 0, NL80211_MCGRP_CONFIG,
2794 					GFP_KERNEL);
2795 	else
2796 		nlmsg_free(msg);
2797 
2798 	return status;
2799 }
2800 
2801 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2802 {
2803 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2804 	struct net_device *dev = info->user_ptr[1];
2805 	u16 noack_map;
2806 
2807 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2808 		return -EINVAL;
2809 
2810 	if (!rdev->ops->set_noack_map)
2811 		return -EOPNOTSUPP;
2812 
2813 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2814 
2815 	return rdev_set_noack_map(rdev, dev, noack_map);
2816 }
2817 
2818 struct get_key_cookie {
2819 	struct sk_buff *msg;
2820 	int error;
2821 	int idx;
2822 };
2823 
2824 static void get_key_callback(void *c, struct key_params *params)
2825 {
2826 	struct nlattr *key;
2827 	struct get_key_cookie *cookie = c;
2828 
2829 	if ((params->key &&
2830 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2831 		     params->key_len, params->key)) ||
2832 	    (params->seq &&
2833 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2834 		     params->seq_len, params->seq)) ||
2835 	    (params->cipher &&
2836 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2837 			 params->cipher)))
2838 		goto nla_put_failure;
2839 
2840 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2841 	if (!key)
2842 		goto nla_put_failure;
2843 
2844 	if ((params->key &&
2845 	     nla_put(cookie->msg, NL80211_KEY_DATA,
2846 		     params->key_len, params->key)) ||
2847 	    (params->seq &&
2848 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2849 		     params->seq_len, params->seq)) ||
2850 	    (params->cipher &&
2851 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2852 			 params->cipher)))
2853 		goto nla_put_failure;
2854 
2855 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2856 		goto nla_put_failure;
2857 
2858 	nla_nest_end(cookie->msg, key);
2859 
2860 	return;
2861  nla_put_failure:
2862 	cookie->error = 1;
2863 }
2864 
2865 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2866 {
2867 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2868 	int err;
2869 	struct net_device *dev = info->user_ptr[1];
2870 	u8 key_idx = 0;
2871 	const u8 *mac_addr = NULL;
2872 	bool pairwise;
2873 	struct get_key_cookie cookie = {
2874 		.error = 0,
2875 	};
2876 	void *hdr;
2877 	struct sk_buff *msg;
2878 
2879 	if (info->attrs[NL80211_ATTR_KEY_IDX])
2880 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2881 
2882 	if (key_idx > 5)
2883 		return -EINVAL;
2884 
2885 	if (info->attrs[NL80211_ATTR_MAC])
2886 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2887 
2888 	pairwise = !!mac_addr;
2889 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2890 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2891 		if (kt >= NUM_NL80211_KEYTYPES)
2892 			return -EINVAL;
2893 		if (kt != NL80211_KEYTYPE_GROUP &&
2894 		    kt != NL80211_KEYTYPE_PAIRWISE)
2895 			return -EINVAL;
2896 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2897 	}
2898 
2899 	if (!rdev->ops->get_key)
2900 		return -EOPNOTSUPP;
2901 
2902 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2903 		return -ENOENT;
2904 
2905 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2906 	if (!msg)
2907 		return -ENOMEM;
2908 
2909 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2910 			     NL80211_CMD_NEW_KEY);
2911 	if (!hdr)
2912 		goto nla_put_failure;
2913 
2914 	cookie.msg = msg;
2915 	cookie.idx = key_idx;
2916 
2917 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2918 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2919 		goto nla_put_failure;
2920 	if (mac_addr &&
2921 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2922 		goto nla_put_failure;
2923 
2924 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2925 			   get_key_callback);
2926 
2927 	if (err)
2928 		goto free_msg;
2929 
2930 	if (cookie.error)
2931 		goto nla_put_failure;
2932 
2933 	genlmsg_end(msg, hdr);
2934 	return genlmsg_reply(msg, info);
2935 
2936  nla_put_failure:
2937 	err = -ENOBUFS;
2938  free_msg:
2939 	nlmsg_free(msg);
2940 	return err;
2941 }
2942 
2943 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2944 {
2945 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2946 	struct key_parse key;
2947 	int err;
2948 	struct net_device *dev = info->user_ptr[1];
2949 
2950 	err = nl80211_parse_key(info, &key);
2951 	if (err)
2952 		return err;
2953 
2954 	if (key.idx < 0)
2955 		return -EINVAL;
2956 
2957 	/* only support setting default key */
2958 	if (!key.def && !key.defmgmt)
2959 		return -EINVAL;
2960 
2961 	wdev_lock(dev->ieee80211_ptr);
2962 
2963 	if (key.def) {
2964 		if (!rdev->ops->set_default_key) {
2965 			err = -EOPNOTSUPP;
2966 			goto out;
2967 		}
2968 
2969 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2970 		if (err)
2971 			goto out;
2972 
2973 		err = rdev_set_default_key(rdev, dev, key.idx,
2974 						 key.def_uni, key.def_multi);
2975 
2976 		if (err)
2977 			goto out;
2978 
2979 #ifdef CONFIG_CFG80211_WEXT
2980 		dev->ieee80211_ptr->wext.default_key = key.idx;
2981 #endif
2982 	} else {
2983 		if (key.def_uni || !key.def_multi) {
2984 			err = -EINVAL;
2985 			goto out;
2986 		}
2987 
2988 		if (!rdev->ops->set_default_mgmt_key) {
2989 			err = -EOPNOTSUPP;
2990 			goto out;
2991 		}
2992 
2993 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2994 		if (err)
2995 			goto out;
2996 
2997 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2998 		if (err)
2999 			goto out;
3000 
3001 #ifdef CONFIG_CFG80211_WEXT
3002 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3003 #endif
3004 	}
3005 
3006  out:
3007 	wdev_unlock(dev->ieee80211_ptr);
3008 
3009 	return err;
3010 }
3011 
3012 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3013 {
3014 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3015 	int err;
3016 	struct net_device *dev = info->user_ptr[1];
3017 	struct key_parse key;
3018 	const u8 *mac_addr = NULL;
3019 
3020 	err = nl80211_parse_key(info, &key);
3021 	if (err)
3022 		return err;
3023 
3024 	if (!key.p.key)
3025 		return -EINVAL;
3026 
3027 	if (info->attrs[NL80211_ATTR_MAC])
3028 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3029 
3030 	if (key.type == -1) {
3031 		if (mac_addr)
3032 			key.type = NL80211_KEYTYPE_PAIRWISE;
3033 		else
3034 			key.type = NL80211_KEYTYPE_GROUP;
3035 	}
3036 
3037 	/* for now */
3038 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3039 	    key.type != NL80211_KEYTYPE_GROUP)
3040 		return -EINVAL;
3041 
3042 	if (!rdev->ops->add_key)
3043 		return -EOPNOTSUPP;
3044 
3045 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3046 					   key.type == NL80211_KEYTYPE_PAIRWISE,
3047 					   mac_addr))
3048 		return -EINVAL;
3049 
3050 	wdev_lock(dev->ieee80211_ptr);
3051 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3052 	if (!err)
3053 		err = rdev_add_key(rdev, dev, key.idx,
3054 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3055 				    mac_addr, &key.p);
3056 	wdev_unlock(dev->ieee80211_ptr);
3057 
3058 	return err;
3059 }
3060 
3061 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3062 {
3063 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3064 	int err;
3065 	struct net_device *dev = info->user_ptr[1];
3066 	u8 *mac_addr = NULL;
3067 	struct key_parse key;
3068 
3069 	err = nl80211_parse_key(info, &key);
3070 	if (err)
3071 		return err;
3072 
3073 	if (info->attrs[NL80211_ATTR_MAC])
3074 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3075 
3076 	if (key.type == -1) {
3077 		if (mac_addr)
3078 			key.type = NL80211_KEYTYPE_PAIRWISE;
3079 		else
3080 			key.type = NL80211_KEYTYPE_GROUP;
3081 	}
3082 
3083 	/* for now */
3084 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3085 	    key.type != NL80211_KEYTYPE_GROUP)
3086 		return -EINVAL;
3087 
3088 	if (!rdev->ops->del_key)
3089 		return -EOPNOTSUPP;
3090 
3091 	wdev_lock(dev->ieee80211_ptr);
3092 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3093 
3094 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3095 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3096 		err = -ENOENT;
3097 
3098 	if (!err)
3099 		err = rdev_del_key(rdev, dev, key.idx,
3100 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3101 				   mac_addr);
3102 
3103 #ifdef CONFIG_CFG80211_WEXT
3104 	if (!err) {
3105 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3106 			dev->ieee80211_ptr->wext.default_key = -1;
3107 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3108 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3109 	}
3110 #endif
3111 	wdev_unlock(dev->ieee80211_ptr);
3112 
3113 	return err;
3114 }
3115 
3116 /* This function returns an error or the number of nested attributes */
3117 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3118 {
3119 	struct nlattr *attr;
3120 	int n_entries = 0, tmp;
3121 
3122 	nla_for_each_nested(attr, nl_attr, tmp) {
3123 		if (nla_len(attr) != ETH_ALEN)
3124 			return -EINVAL;
3125 
3126 		n_entries++;
3127 	}
3128 
3129 	return n_entries;
3130 }
3131 
3132 /*
3133  * This function parses ACL information and allocates memory for ACL data.
3134  * On successful return, the calling function is responsible to free the
3135  * ACL buffer returned by this function.
3136  */
3137 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3138 						struct genl_info *info)
3139 {
3140 	enum nl80211_acl_policy acl_policy;
3141 	struct nlattr *attr;
3142 	struct cfg80211_acl_data *acl;
3143 	int i = 0, n_entries, tmp;
3144 
3145 	if (!wiphy->max_acl_mac_addrs)
3146 		return ERR_PTR(-EOPNOTSUPP);
3147 
3148 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3149 		return ERR_PTR(-EINVAL);
3150 
3151 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3152 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3153 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3154 		return ERR_PTR(-EINVAL);
3155 
3156 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3157 		return ERR_PTR(-EINVAL);
3158 
3159 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3160 	if (n_entries < 0)
3161 		return ERR_PTR(n_entries);
3162 
3163 	if (n_entries > wiphy->max_acl_mac_addrs)
3164 		return ERR_PTR(-ENOTSUPP);
3165 
3166 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3167 		      GFP_KERNEL);
3168 	if (!acl)
3169 		return ERR_PTR(-ENOMEM);
3170 
3171 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3172 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3173 		i++;
3174 	}
3175 
3176 	acl->n_acl_entries = n_entries;
3177 	acl->acl_policy = acl_policy;
3178 
3179 	return acl;
3180 }
3181 
3182 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3183 {
3184 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3185 	struct net_device *dev = info->user_ptr[1];
3186 	struct cfg80211_acl_data *acl;
3187 	int err;
3188 
3189 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3190 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3191 		return -EOPNOTSUPP;
3192 
3193 	if (!dev->ieee80211_ptr->beacon_interval)
3194 		return -EINVAL;
3195 
3196 	acl = parse_acl_data(&rdev->wiphy, info);
3197 	if (IS_ERR(acl))
3198 		return PTR_ERR(acl);
3199 
3200 	err = rdev_set_mac_acl(rdev, dev, acl);
3201 
3202 	kfree(acl);
3203 
3204 	return err;
3205 }
3206 
3207 static int nl80211_parse_beacon(struct nlattr *attrs[],
3208 				struct cfg80211_beacon_data *bcn)
3209 {
3210 	bool haveinfo = false;
3211 
3212 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3213 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3214 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3215 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3216 		return -EINVAL;
3217 
3218 	memset(bcn, 0, sizeof(*bcn));
3219 
3220 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3221 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3222 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3223 		if (!bcn->head_len)
3224 			return -EINVAL;
3225 		haveinfo = true;
3226 	}
3227 
3228 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3229 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3230 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3231 		haveinfo = true;
3232 	}
3233 
3234 	if (!haveinfo)
3235 		return -EINVAL;
3236 
3237 	if (attrs[NL80211_ATTR_IE]) {
3238 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3239 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3240 	}
3241 
3242 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3243 		bcn->proberesp_ies =
3244 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3245 		bcn->proberesp_ies_len =
3246 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3247 	}
3248 
3249 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3250 		bcn->assocresp_ies =
3251 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3252 		bcn->assocresp_ies_len =
3253 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3254 	}
3255 
3256 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
3257 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3258 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3259 	}
3260 
3261 	return 0;
3262 }
3263 
3264 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3265 				   struct cfg80211_ap_settings *params)
3266 {
3267 	struct wireless_dev *wdev;
3268 	bool ret = false;
3269 
3270 	list_for_each_entry(wdev, &rdev->wdev_list, list) {
3271 		if (wdev->iftype != NL80211_IFTYPE_AP &&
3272 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
3273 			continue;
3274 
3275 		if (!wdev->preset_chandef.chan)
3276 			continue;
3277 
3278 		params->chandef = wdev->preset_chandef;
3279 		ret = true;
3280 		break;
3281 	}
3282 
3283 	return ret;
3284 }
3285 
3286 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3287 				    enum nl80211_auth_type auth_type,
3288 				    enum nl80211_commands cmd)
3289 {
3290 	if (auth_type > NL80211_AUTHTYPE_MAX)
3291 		return false;
3292 
3293 	switch (cmd) {
3294 	case NL80211_CMD_AUTHENTICATE:
3295 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3296 		    auth_type == NL80211_AUTHTYPE_SAE)
3297 			return false;
3298 		return true;
3299 	case NL80211_CMD_CONNECT:
3300 	case NL80211_CMD_START_AP:
3301 		/* SAE not supported yet */
3302 		if (auth_type == NL80211_AUTHTYPE_SAE)
3303 			return false;
3304 		return true;
3305 	default:
3306 		return false;
3307 	}
3308 }
3309 
3310 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3311 {
3312 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3313 	struct net_device *dev = info->user_ptr[1];
3314 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3315 	struct cfg80211_ap_settings params;
3316 	int err;
3317 
3318 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3319 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3320 		return -EOPNOTSUPP;
3321 
3322 	if (!rdev->ops->start_ap)
3323 		return -EOPNOTSUPP;
3324 
3325 	if (wdev->beacon_interval)
3326 		return -EALREADY;
3327 
3328 	memset(&params, 0, sizeof(params));
3329 
3330 	/* these are required for START_AP */
3331 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3332 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3333 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3334 		return -EINVAL;
3335 
3336 	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3337 	if (err)
3338 		return err;
3339 
3340 	params.beacon_interval =
3341 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3342 	params.dtim_period =
3343 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3344 
3345 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3346 	if (err)
3347 		return err;
3348 
3349 	/*
3350 	 * In theory, some of these attributes should be required here
3351 	 * but since they were not used when the command was originally
3352 	 * added, keep them optional for old user space programs to let
3353 	 * them continue to work with drivers that do not need the
3354 	 * additional information -- drivers must check!
3355 	 */
3356 	if (info->attrs[NL80211_ATTR_SSID]) {
3357 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3358 		params.ssid_len =
3359 			nla_len(info->attrs[NL80211_ATTR_SSID]);
3360 		if (params.ssid_len == 0 ||
3361 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
3362 			return -EINVAL;
3363 	}
3364 
3365 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3366 		params.hidden_ssid = nla_get_u32(
3367 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3368 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3369 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3370 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3371 			return -EINVAL;
3372 	}
3373 
3374 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3375 
3376 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3377 		params.auth_type = nla_get_u32(
3378 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3379 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
3380 					     NL80211_CMD_START_AP))
3381 			return -EINVAL;
3382 	} else
3383 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3384 
3385 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
3386 				      NL80211_MAX_NR_CIPHER_SUITES);
3387 	if (err)
3388 		return err;
3389 
3390 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3391 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3392 			return -EOPNOTSUPP;
3393 		params.inactivity_timeout = nla_get_u16(
3394 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3395 	}
3396 
3397 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3398 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3399 			return -EINVAL;
3400 		params.p2p_ctwindow =
3401 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3402 		if (params.p2p_ctwindow > 127)
3403 			return -EINVAL;
3404 		if (params.p2p_ctwindow != 0 &&
3405 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3406 			return -EINVAL;
3407 	}
3408 
3409 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3410 		u8 tmp;
3411 
3412 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3413 			return -EINVAL;
3414 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3415 		if (tmp > 1)
3416 			return -EINVAL;
3417 		params.p2p_opp_ps = tmp;
3418 		if (params.p2p_opp_ps != 0 &&
3419 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3420 			return -EINVAL;
3421 	}
3422 
3423 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3424 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
3425 		if (err)
3426 			return err;
3427 	} else if (wdev->preset_chandef.chan) {
3428 		params.chandef = wdev->preset_chandef;
3429 	} else if (!nl80211_get_ap_channel(rdev, &params))
3430 		return -EINVAL;
3431 
3432 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
3433 					   wdev->iftype))
3434 		return -EINVAL;
3435 
3436 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
3437 		params.smps_mode =
3438 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
3439 		switch (params.smps_mode) {
3440 		case NL80211_SMPS_OFF:
3441 			break;
3442 		case NL80211_SMPS_STATIC:
3443 			if (!(rdev->wiphy.features &
3444 			      NL80211_FEATURE_STATIC_SMPS))
3445 				return -EINVAL;
3446 			break;
3447 		case NL80211_SMPS_DYNAMIC:
3448 			if (!(rdev->wiphy.features &
3449 			      NL80211_FEATURE_DYNAMIC_SMPS))
3450 				return -EINVAL;
3451 			break;
3452 		default:
3453 			return -EINVAL;
3454 		}
3455 	} else {
3456 		params.smps_mode = NL80211_SMPS_OFF;
3457 	}
3458 
3459 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3460 		params.acl = parse_acl_data(&rdev->wiphy, info);
3461 		if (IS_ERR(params.acl))
3462 			return PTR_ERR(params.acl);
3463 	}
3464 
3465 	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
3466 	if (params.pbss && !rdev->wiphy.bands[IEEE80211_BAND_60GHZ])
3467 		return -EOPNOTSUPP;
3468 
3469 	wdev_lock(wdev);
3470 	err = rdev_start_ap(rdev, dev, &params);
3471 	if (!err) {
3472 		wdev->preset_chandef = params.chandef;
3473 		wdev->beacon_interval = params.beacon_interval;
3474 		wdev->chandef = params.chandef;
3475 		wdev->ssid_len = params.ssid_len;
3476 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3477 	}
3478 	wdev_unlock(wdev);
3479 
3480 	kfree(params.acl);
3481 
3482 	return err;
3483 }
3484 
3485 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3486 {
3487 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3488 	struct net_device *dev = info->user_ptr[1];
3489 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3490 	struct cfg80211_beacon_data params;
3491 	int err;
3492 
3493 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3494 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3495 		return -EOPNOTSUPP;
3496 
3497 	if (!rdev->ops->change_beacon)
3498 		return -EOPNOTSUPP;
3499 
3500 	if (!wdev->beacon_interval)
3501 		return -EINVAL;
3502 
3503 	err = nl80211_parse_beacon(info->attrs, &params);
3504 	if (err)
3505 		return err;
3506 
3507 	wdev_lock(wdev);
3508 	err = rdev_change_beacon(rdev, dev, &params);
3509 	wdev_unlock(wdev);
3510 
3511 	return err;
3512 }
3513 
3514 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3515 {
3516 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3517 	struct net_device *dev = info->user_ptr[1];
3518 
3519 	return cfg80211_stop_ap(rdev, dev, false);
3520 }
3521 
3522 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3523 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3524 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3525 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3526 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3527 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3528 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3529 };
3530 
3531 static int parse_station_flags(struct genl_info *info,
3532 			       enum nl80211_iftype iftype,
3533 			       struct station_parameters *params)
3534 {
3535 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3536 	struct nlattr *nla;
3537 	int flag;
3538 
3539 	/*
3540 	 * Try parsing the new attribute first so userspace
3541 	 * can specify both for older kernels.
3542 	 */
3543 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3544 	if (nla) {
3545 		struct nl80211_sta_flag_update *sta_flags;
3546 
3547 		sta_flags = nla_data(nla);
3548 		params->sta_flags_mask = sta_flags->mask;
3549 		params->sta_flags_set = sta_flags->set;
3550 		params->sta_flags_set &= params->sta_flags_mask;
3551 		if ((params->sta_flags_mask |
3552 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3553 			return -EINVAL;
3554 		return 0;
3555 	}
3556 
3557 	/* if present, parse the old attribute */
3558 
3559 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3560 	if (!nla)
3561 		return 0;
3562 
3563 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3564 			     nla, sta_flags_policy))
3565 		return -EINVAL;
3566 
3567 	/*
3568 	 * Only allow certain flags for interface types so that
3569 	 * other attributes are silently ignored. Remember that
3570 	 * this is backward compatibility code with old userspace
3571 	 * and shouldn't be hit in other cases anyway.
3572 	 */
3573 	switch (iftype) {
3574 	case NL80211_IFTYPE_AP:
3575 	case NL80211_IFTYPE_AP_VLAN:
3576 	case NL80211_IFTYPE_P2P_GO:
3577 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3578 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3579 					 BIT(NL80211_STA_FLAG_WME) |
3580 					 BIT(NL80211_STA_FLAG_MFP);
3581 		break;
3582 	case NL80211_IFTYPE_P2P_CLIENT:
3583 	case NL80211_IFTYPE_STATION:
3584 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3585 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3586 		break;
3587 	case NL80211_IFTYPE_MESH_POINT:
3588 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3589 					 BIT(NL80211_STA_FLAG_MFP) |
3590 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3591 	default:
3592 		return -EINVAL;
3593 	}
3594 
3595 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3596 		if (flags[flag]) {
3597 			params->sta_flags_set |= (1<<flag);
3598 
3599 			/* no longer support new API additions in old API */
3600 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3601 				return -EINVAL;
3602 		}
3603 	}
3604 
3605 	return 0;
3606 }
3607 
3608 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3609 				 int attr)
3610 {
3611 	struct nlattr *rate;
3612 	u32 bitrate;
3613 	u16 bitrate_compat;
3614 	enum nl80211_attrs rate_flg;
3615 
3616 	rate = nla_nest_start(msg, attr);
3617 	if (!rate)
3618 		return false;
3619 
3620 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3621 	bitrate = cfg80211_calculate_bitrate(info);
3622 	/* report 16-bit bitrate only if we can */
3623 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3624 	if (bitrate > 0 &&
3625 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3626 		return false;
3627 	if (bitrate_compat > 0 &&
3628 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3629 		return false;
3630 
3631 	switch (info->bw) {
3632 	case RATE_INFO_BW_5:
3633 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
3634 		break;
3635 	case RATE_INFO_BW_10:
3636 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
3637 		break;
3638 	default:
3639 		WARN_ON(1);
3640 		/* fall through */
3641 	case RATE_INFO_BW_20:
3642 		rate_flg = 0;
3643 		break;
3644 	case RATE_INFO_BW_40:
3645 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
3646 		break;
3647 	case RATE_INFO_BW_80:
3648 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
3649 		break;
3650 	case RATE_INFO_BW_160:
3651 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
3652 		break;
3653 	}
3654 
3655 	if (rate_flg && nla_put_flag(msg, rate_flg))
3656 		return false;
3657 
3658 	if (info->flags & RATE_INFO_FLAGS_MCS) {
3659 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3660 			return false;
3661 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3662 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3663 			return false;
3664 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3665 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3666 			return false;
3667 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3668 			return false;
3669 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3670 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3671 			return false;
3672 	}
3673 
3674 	nla_nest_end(msg, rate);
3675 	return true;
3676 }
3677 
3678 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3679 			       int id)
3680 {
3681 	void *attr;
3682 	int i = 0;
3683 
3684 	if (!mask)
3685 		return true;
3686 
3687 	attr = nla_nest_start(msg, id);
3688 	if (!attr)
3689 		return false;
3690 
3691 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3692 		if (!(mask & BIT(i)))
3693 			continue;
3694 
3695 		if (nla_put_u8(msg, i, signal[i]))
3696 			return false;
3697 	}
3698 
3699 	nla_nest_end(msg, attr);
3700 
3701 	return true;
3702 }
3703 
3704 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
3705 				u32 seq, int flags,
3706 				struct cfg80211_registered_device *rdev,
3707 				struct net_device *dev,
3708 				const u8 *mac_addr, struct station_info *sinfo)
3709 {
3710 	void *hdr;
3711 	struct nlattr *sinfoattr, *bss_param;
3712 
3713 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3714 	if (!hdr)
3715 		return -1;
3716 
3717 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3718 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3719 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3720 		goto nla_put_failure;
3721 
3722 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3723 	if (!sinfoattr)
3724 		goto nla_put_failure;
3725 
3726 #define PUT_SINFO(attr, memb, type) do {				\
3727 	if (sinfo->filled & BIT(NL80211_STA_INFO_ ## attr) &&		\
3728 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
3729 			     sinfo->memb))				\
3730 		goto nla_put_failure;					\
3731 	} while (0)
3732 
3733 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
3734 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
3735 
3736 	if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
3737 			     BIT(NL80211_STA_INFO_RX_BYTES64)) &&
3738 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3739 			(u32)sinfo->rx_bytes))
3740 		goto nla_put_failure;
3741 
3742 	if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
3743 			     BIT(NL80211_STA_INFO_TX_BYTES64)) &&
3744 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3745 			(u32)sinfo->tx_bytes))
3746 		goto nla_put_failure;
3747 
3748 	PUT_SINFO(RX_BYTES64, rx_bytes, u64);
3749 	PUT_SINFO(TX_BYTES64, tx_bytes, u64);
3750 	PUT_SINFO(LLID, llid, u16);
3751 	PUT_SINFO(PLID, plid, u16);
3752 	PUT_SINFO(PLINK_STATE, plink_state, u8);
3753 
3754 	switch (rdev->wiphy.signal_type) {
3755 	case CFG80211_SIGNAL_TYPE_MBM:
3756 		PUT_SINFO(SIGNAL, signal, u8);
3757 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
3758 		break;
3759 	default:
3760 		break;
3761 	}
3762 	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
3763 		if (!nl80211_put_signal(msg, sinfo->chains,
3764 					sinfo->chain_signal,
3765 					NL80211_STA_INFO_CHAIN_SIGNAL))
3766 			goto nla_put_failure;
3767 	}
3768 	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
3769 		if (!nl80211_put_signal(msg, sinfo->chains,
3770 					sinfo->chain_signal_avg,
3771 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3772 			goto nla_put_failure;
3773 	}
3774 	if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
3775 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3776 					  NL80211_STA_INFO_TX_BITRATE))
3777 			goto nla_put_failure;
3778 	}
3779 	if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
3780 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3781 					  NL80211_STA_INFO_RX_BITRATE))
3782 			goto nla_put_failure;
3783 	}
3784 
3785 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
3786 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
3787 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
3788 	PUT_SINFO(TX_FAILED, tx_failed, u32);
3789 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
3790 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
3791 	PUT_SINFO(LOCAL_PM, local_pm, u32);
3792 	PUT_SINFO(PEER_PM, peer_pm, u32);
3793 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
3794 
3795 	if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
3796 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3797 		if (!bss_param)
3798 			goto nla_put_failure;
3799 
3800 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3801 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3802 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3803 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3804 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3805 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3806 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3807 			       sinfo->bss_param.dtim_period) ||
3808 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3809 				sinfo->bss_param.beacon_interval))
3810 			goto nla_put_failure;
3811 
3812 		nla_nest_end(msg, bss_param);
3813 	}
3814 	if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
3815 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3816 		    sizeof(struct nl80211_sta_flag_update),
3817 		    &sinfo->sta_flags))
3818 		goto nla_put_failure;
3819 
3820 	PUT_SINFO(T_OFFSET, t_offset, u64);
3821 	PUT_SINFO(RX_DROP_MISC, rx_dropped_misc, u64);
3822 	PUT_SINFO(BEACON_RX, rx_beacon, u64);
3823 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
3824 
3825 #undef PUT_SINFO
3826 
3827 	if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
3828 		struct nlattr *tidsattr;
3829 		int tid;
3830 
3831 		tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
3832 		if (!tidsattr)
3833 			goto nla_put_failure;
3834 
3835 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
3836 			struct cfg80211_tid_stats *tidstats;
3837 			struct nlattr *tidattr;
3838 
3839 			tidstats = &sinfo->pertid[tid];
3840 
3841 			if (!tidstats->filled)
3842 				continue;
3843 
3844 			tidattr = nla_nest_start(msg, tid + 1);
3845 			if (!tidattr)
3846 				goto nla_put_failure;
3847 
3848 #define PUT_TIDVAL(attr, memb, type) do {				\
3849 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
3850 	    nla_put_ ## type(msg, NL80211_TID_STATS_ ## attr,		\
3851 			     tidstats->memb))				\
3852 		goto nla_put_failure;					\
3853 	} while (0)
3854 
3855 			PUT_TIDVAL(RX_MSDU, rx_msdu, u64);
3856 			PUT_TIDVAL(TX_MSDU, tx_msdu, u64);
3857 			PUT_TIDVAL(TX_MSDU_RETRIES, tx_msdu_retries, u64);
3858 			PUT_TIDVAL(TX_MSDU_FAILED, tx_msdu_failed, u64);
3859 
3860 #undef PUT_TIDVAL
3861 			nla_nest_end(msg, tidattr);
3862 		}
3863 
3864 		nla_nest_end(msg, tidsattr);
3865 	}
3866 
3867 	nla_nest_end(msg, sinfoattr);
3868 
3869 	if (sinfo->assoc_req_ies_len &&
3870 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3871 		    sinfo->assoc_req_ies))
3872 		goto nla_put_failure;
3873 
3874 	genlmsg_end(msg, hdr);
3875 	return 0;
3876 
3877  nla_put_failure:
3878 	genlmsg_cancel(msg, hdr);
3879 	return -EMSGSIZE;
3880 }
3881 
3882 static int nl80211_dump_station(struct sk_buff *skb,
3883 				struct netlink_callback *cb)
3884 {
3885 	struct station_info sinfo;
3886 	struct cfg80211_registered_device *rdev;
3887 	struct wireless_dev *wdev;
3888 	u8 mac_addr[ETH_ALEN];
3889 	int sta_idx = cb->args[2];
3890 	int err;
3891 
3892 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3893 	if (err)
3894 		return err;
3895 
3896 	if (!wdev->netdev) {
3897 		err = -EINVAL;
3898 		goto out_err;
3899 	}
3900 
3901 	if (!rdev->ops->dump_station) {
3902 		err = -EOPNOTSUPP;
3903 		goto out_err;
3904 	}
3905 
3906 	while (1) {
3907 		memset(&sinfo, 0, sizeof(sinfo));
3908 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
3909 					mac_addr, &sinfo);
3910 		if (err == -ENOENT)
3911 			break;
3912 		if (err)
3913 			goto out_err;
3914 
3915 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
3916 				NETLINK_CB(cb->skb).portid,
3917 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3918 				rdev, wdev->netdev, mac_addr,
3919 				&sinfo) < 0)
3920 			goto out;
3921 
3922 		sta_idx++;
3923 	}
3924 
3925 
3926  out:
3927 	cb->args[2] = sta_idx;
3928 	err = skb->len;
3929  out_err:
3930 	nl80211_finish_wdev_dump(rdev);
3931 
3932 	return err;
3933 }
3934 
3935 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3936 {
3937 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3938 	struct net_device *dev = info->user_ptr[1];
3939 	struct station_info sinfo;
3940 	struct sk_buff *msg;
3941 	u8 *mac_addr = NULL;
3942 	int err;
3943 
3944 	memset(&sinfo, 0, sizeof(sinfo));
3945 
3946 	if (!info->attrs[NL80211_ATTR_MAC])
3947 		return -EINVAL;
3948 
3949 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3950 
3951 	if (!rdev->ops->get_station)
3952 		return -EOPNOTSUPP;
3953 
3954 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3955 	if (err)
3956 		return err;
3957 
3958 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3959 	if (!msg)
3960 		return -ENOMEM;
3961 
3962 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
3963 				 info->snd_portid, info->snd_seq, 0,
3964 				 rdev, dev, mac_addr, &sinfo) < 0) {
3965 		nlmsg_free(msg);
3966 		return -ENOBUFS;
3967 	}
3968 
3969 	return genlmsg_reply(msg, info);
3970 }
3971 
3972 int cfg80211_check_station_change(struct wiphy *wiphy,
3973 				  struct station_parameters *params,
3974 				  enum cfg80211_station_type statype)
3975 {
3976 	if (params->listen_interval != -1 &&
3977 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
3978 		return -EINVAL;
3979 
3980 	if (params->aid &&
3981 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
3982 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
3983 		return -EINVAL;
3984 
3985 	/* When you run into this, adjust the code below for the new flag */
3986 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3987 
3988 	switch (statype) {
3989 	case CFG80211_STA_MESH_PEER_KERNEL:
3990 	case CFG80211_STA_MESH_PEER_USER:
3991 		/*
3992 		 * No ignoring the TDLS flag here -- the userspace mesh
3993 		 * code doesn't have the bug of including TDLS in the
3994 		 * mask everywhere.
3995 		 */
3996 		if (params->sta_flags_mask &
3997 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3998 				  BIT(NL80211_STA_FLAG_MFP) |
3999 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
4000 			return -EINVAL;
4001 		break;
4002 	case CFG80211_STA_TDLS_PEER_SETUP:
4003 	case CFG80211_STA_TDLS_PEER_ACTIVE:
4004 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4005 			return -EINVAL;
4006 		/* ignore since it can't change */
4007 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4008 		break;
4009 	default:
4010 		/* disallow mesh-specific things */
4011 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4012 			return -EINVAL;
4013 		if (params->local_pm)
4014 			return -EINVAL;
4015 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4016 			return -EINVAL;
4017 	}
4018 
4019 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4020 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
4021 		/* TDLS can't be set, ... */
4022 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
4023 			return -EINVAL;
4024 		/*
4025 		 * ... but don't bother the driver with it. This works around
4026 		 * a hostapd/wpa_supplicant issue -- it always includes the
4027 		 * TLDS_PEER flag in the mask even for AP mode.
4028 		 */
4029 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4030 	}
4031 
4032 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
4033 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4034 		/* reject other things that can't change */
4035 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4036 			return -EINVAL;
4037 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4038 			return -EINVAL;
4039 		if (params->supported_rates)
4040 			return -EINVAL;
4041 		if (params->ext_capab || params->ht_capa || params->vht_capa)
4042 			return -EINVAL;
4043 	}
4044 
4045 	if (statype != CFG80211_STA_AP_CLIENT &&
4046 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
4047 		if (params->vlan)
4048 			return -EINVAL;
4049 	}
4050 
4051 	switch (statype) {
4052 	case CFG80211_STA_AP_MLME_CLIENT:
4053 		/* Use this only for authorizing/unauthorizing a station */
4054 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4055 			return -EOPNOTSUPP;
4056 		break;
4057 	case CFG80211_STA_AP_CLIENT:
4058 	case CFG80211_STA_AP_CLIENT_UNASSOC:
4059 		/* accept only the listed bits */
4060 		if (params->sta_flags_mask &
4061 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4062 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4063 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
4064 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4065 				  BIT(NL80211_STA_FLAG_WME) |
4066 				  BIT(NL80211_STA_FLAG_MFP)))
4067 			return -EINVAL;
4068 
4069 		/* but authenticated/associated only if driver handles it */
4070 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4071 		    params->sta_flags_mask &
4072 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4073 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4074 			return -EINVAL;
4075 		break;
4076 	case CFG80211_STA_IBSS:
4077 	case CFG80211_STA_AP_STA:
4078 		/* reject any changes other than AUTHORIZED */
4079 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4080 			return -EINVAL;
4081 		break;
4082 	case CFG80211_STA_TDLS_PEER_SETUP:
4083 		/* reject any changes other than AUTHORIZED or WME */
4084 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4085 					       BIT(NL80211_STA_FLAG_WME)))
4086 			return -EINVAL;
4087 		/* force (at least) rates when authorizing */
4088 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4089 		    !params->supported_rates)
4090 			return -EINVAL;
4091 		break;
4092 	case CFG80211_STA_TDLS_PEER_ACTIVE:
4093 		/* reject any changes */
4094 		return -EINVAL;
4095 	case CFG80211_STA_MESH_PEER_KERNEL:
4096 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4097 			return -EINVAL;
4098 		break;
4099 	case CFG80211_STA_MESH_PEER_USER:
4100 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
4101 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
4102 			return -EINVAL;
4103 		break;
4104 	}
4105 
4106 	return 0;
4107 }
4108 EXPORT_SYMBOL(cfg80211_check_station_change);
4109 
4110 /*
4111  * Get vlan interface making sure it is running and on the right wiphy.
4112  */
4113 static struct net_device *get_vlan(struct genl_info *info,
4114 				   struct cfg80211_registered_device *rdev)
4115 {
4116 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4117 	struct net_device *v;
4118 	int ret;
4119 
4120 	if (!vlanattr)
4121 		return NULL;
4122 
4123 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4124 	if (!v)
4125 		return ERR_PTR(-ENODEV);
4126 
4127 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4128 		ret = -EINVAL;
4129 		goto error;
4130 	}
4131 
4132 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4133 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4134 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4135 		ret = -EINVAL;
4136 		goto error;
4137 	}
4138 
4139 	if (!netif_running(v)) {
4140 		ret = -ENETDOWN;
4141 		goto error;
4142 	}
4143 
4144 	return v;
4145  error:
4146 	dev_put(v);
4147 	return ERR_PTR(ret);
4148 }
4149 
4150 static const struct nla_policy
4151 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4152 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4153 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4154 };
4155 
4156 static int nl80211_parse_sta_wme(struct genl_info *info,
4157 				 struct station_parameters *params)
4158 {
4159 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4160 	struct nlattr *nla;
4161 	int err;
4162 
4163 	/* parse WME attributes if present */
4164 	if (!info->attrs[NL80211_ATTR_STA_WME])
4165 		return 0;
4166 
4167 	nla = info->attrs[NL80211_ATTR_STA_WME];
4168 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4169 			       nl80211_sta_wme_policy);
4170 	if (err)
4171 		return err;
4172 
4173 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4174 		params->uapsd_queues = nla_get_u8(
4175 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
4176 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4177 		return -EINVAL;
4178 
4179 	if (tb[NL80211_STA_WME_MAX_SP])
4180 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4181 
4182 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4183 		return -EINVAL;
4184 
4185 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4186 
4187 	return 0;
4188 }
4189 
4190 static int nl80211_parse_sta_channel_info(struct genl_info *info,
4191 				      struct station_parameters *params)
4192 {
4193 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4194 		params->supported_channels =
4195 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4196 		params->supported_channels_len =
4197 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4198 		/*
4199 		 * Need to include at least one (first channel, number of
4200 		 * channels) tuple for each subband, and must have proper
4201 		 * tuples for the rest of the data as well.
4202 		 */
4203 		if (params->supported_channels_len < 2)
4204 			return -EINVAL;
4205 		if (params->supported_channels_len % 2)
4206 			return -EINVAL;
4207 	}
4208 
4209 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4210 		params->supported_oper_classes =
4211 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4212 		params->supported_oper_classes_len =
4213 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4214 		/*
4215 		 * The value of the Length field of the Supported Operating
4216 		 * Classes element is between 2 and 253.
4217 		 */
4218 		if (params->supported_oper_classes_len < 2 ||
4219 		    params->supported_oper_classes_len > 253)
4220 			return -EINVAL;
4221 	}
4222 	return 0;
4223 }
4224 
4225 static int nl80211_set_station_tdls(struct genl_info *info,
4226 				    struct station_parameters *params)
4227 {
4228 	int err;
4229 	/* Dummy STA entry gets updated once the peer capabilities are known */
4230 	if (info->attrs[NL80211_ATTR_PEER_AID])
4231 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4232 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4233 		params->ht_capa =
4234 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4235 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4236 		params->vht_capa =
4237 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4238 
4239 	err = nl80211_parse_sta_channel_info(info, params);
4240 	if (err)
4241 		return err;
4242 
4243 	return nl80211_parse_sta_wme(info, params);
4244 }
4245 
4246 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4247 {
4248 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4249 	struct net_device *dev = info->user_ptr[1];
4250 	struct station_parameters params;
4251 	u8 *mac_addr;
4252 	int err;
4253 
4254 	memset(&params, 0, sizeof(params));
4255 
4256 	if (!rdev->ops->change_station)
4257 		return -EOPNOTSUPP;
4258 
4259 	/*
4260 	 * AID and listen_interval properties can be set only for unassociated
4261 	 * station. Include these parameters here and will check them in
4262 	 * cfg80211_check_station_change().
4263 	 */
4264 	if (info->attrs[NL80211_ATTR_STA_AID])
4265 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4266 
4267 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4268 		params.listen_interval =
4269 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4270 	else
4271 		params.listen_interval = -1;
4272 
4273 	if (!info->attrs[NL80211_ATTR_MAC])
4274 		return -EINVAL;
4275 
4276 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4277 
4278 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4279 		params.supported_rates =
4280 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4281 		params.supported_rates_len =
4282 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4283 	}
4284 
4285 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4286 		params.capability =
4287 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4288 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4289 	}
4290 
4291 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4292 		params.ext_capab =
4293 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4294 		params.ext_capab_len =
4295 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4296 	}
4297 
4298 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4299 		return -EINVAL;
4300 
4301 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4302 		params.plink_action =
4303 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4304 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4305 			return -EINVAL;
4306 	}
4307 
4308 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4309 		params.plink_state =
4310 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4311 		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4312 			return -EINVAL;
4313 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4314 	}
4315 
4316 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4317 		enum nl80211_mesh_power_mode pm = nla_get_u32(
4318 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4319 
4320 		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4321 		    pm > NL80211_MESH_POWER_MAX)
4322 			return -EINVAL;
4323 
4324 		params.local_pm = pm;
4325 	}
4326 
4327 	/* Include parameters for TDLS peer (will check later) */
4328 	err = nl80211_set_station_tdls(info, &params);
4329 	if (err)
4330 		return err;
4331 
4332 	params.vlan = get_vlan(info, rdev);
4333 	if (IS_ERR(params.vlan))
4334 		return PTR_ERR(params.vlan);
4335 
4336 	switch (dev->ieee80211_ptr->iftype) {
4337 	case NL80211_IFTYPE_AP:
4338 	case NL80211_IFTYPE_AP_VLAN:
4339 	case NL80211_IFTYPE_P2P_GO:
4340 	case NL80211_IFTYPE_P2P_CLIENT:
4341 	case NL80211_IFTYPE_STATION:
4342 	case NL80211_IFTYPE_ADHOC:
4343 	case NL80211_IFTYPE_MESH_POINT:
4344 		break;
4345 	default:
4346 		err = -EOPNOTSUPP;
4347 		goto out_put_vlan;
4348 	}
4349 
4350 	/* driver will call cfg80211_check_station_change() */
4351 	err = rdev_change_station(rdev, dev, mac_addr, &params);
4352 
4353  out_put_vlan:
4354 	if (params.vlan)
4355 		dev_put(params.vlan);
4356 
4357 	return err;
4358 }
4359 
4360 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4361 {
4362 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4363 	int err;
4364 	struct net_device *dev = info->user_ptr[1];
4365 	struct station_parameters params;
4366 	u8 *mac_addr = NULL;
4367 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4368 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
4369 
4370 	memset(&params, 0, sizeof(params));
4371 
4372 	if (!rdev->ops->add_station)
4373 		return -EOPNOTSUPP;
4374 
4375 	if (!info->attrs[NL80211_ATTR_MAC])
4376 		return -EINVAL;
4377 
4378 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4379 		return -EINVAL;
4380 
4381 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4382 		return -EINVAL;
4383 
4384 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
4385 	    !info->attrs[NL80211_ATTR_PEER_AID])
4386 		return -EINVAL;
4387 
4388 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4389 	params.supported_rates =
4390 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4391 	params.supported_rates_len =
4392 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4393 	params.listen_interval =
4394 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4395 
4396 	if (info->attrs[NL80211_ATTR_PEER_AID])
4397 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4398 	else
4399 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4400 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
4401 		return -EINVAL;
4402 
4403 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4404 		params.capability =
4405 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4406 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4407 	}
4408 
4409 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4410 		params.ext_capab =
4411 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4412 		params.ext_capab_len =
4413 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4414 	}
4415 
4416 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4417 		params.ht_capa =
4418 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4419 
4420 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4421 		params.vht_capa =
4422 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4423 
4424 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4425 		params.opmode_notif_used = true;
4426 		params.opmode_notif =
4427 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4428 	}
4429 
4430 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4431 		params.plink_action =
4432 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4433 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4434 			return -EINVAL;
4435 	}
4436 
4437 	err = nl80211_parse_sta_channel_info(info, &params);
4438 	if (err)
4439 		return err;
4440 
4441 	err = nl80211_parse_sta_wme(info, &params);
4442 	if (err)
4443 		return err;
4444 
4445 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4446 		return -EINVAL;
4447 
4448 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
4449 	 * as userspace might just pass through the capabilities from the IEs
4450 	 * directly, rather than enforcing this restriction and returning an
4451 	 * error in this case.
4452 	 */
4453 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
4454 		params.ht_capa = NULL;
4455 		params.vht_capa = NULL;
4456 	}
4457 
4458 	/* When you run into this, adjust the code below for the new flag */
4459 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4460 
4461 	switch (dev->ieee80211_ptr->iftype) {
4462 	case NL80211_IFTYPE_AP:
4463 	case NL80211_IFTYPE_AP_VLAN:
4464 	case NL80211_IFTYPE_P2P_GO:
4465 		/* ignore WME attributes if iface/sta is not capable */
4466 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4467 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4468 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4469 
4470 		/* TDLS peers cannot be added */
4471 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4472 		    info->attrs[NL80211_ATTR_PEER_AID])
4473 			return -EINVAL;
4474 		/* but don't bother the driver with it */
4475 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4476 
4477 		/* allow authenticated/associated only if driver handles it */
4478 		if (!(rdev->wiphy.features &
4479 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4480 		    params.sta_flags_mask & auth_assoc)
4481 			return -EINVAL;
4482 
4483 		/* Older userspace, or userspace wanting to be compatible with
4484 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
4485 		 * and assoc flags in the mask, but assumes the station will be
4486 		 * added as associated anyway since this was the required driver
4487 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
4488 		 * introduced.
4489 		 * In order to not bother drivers with this quirk in the API
4490 		 * set the flags in both the mask and set for new stations in
4491 		 * this case.
4492 		 */
4493 		if (!(params.sta_flags_mask & auth_assoc)) {
4494 			params.sta_flags_mask |= auth_assoc;
4495 			params.sta_flags_set |= auth_assoc;
4496 		}
4497 
4498 		/* must be last in here for error handling */
4499 		params.vlan = get_vlan(info, rdev);
4500 		if (IS_ERR(params.vlan))
4501 			return PTR_ERR(params.vlan);
4502 		break;
4503 	case NL80211_IFTYPE_MESH_POINT:
4504 		/* ignore uAPSD data */
4505 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4506 
4507 		/* associated is disallowed */
4508 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4509 			return -EINVAL;
4510 		/* TDLS peers cannot be added */
4511 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4512 		    info->attrs[NL80211_ATTR_PEER_AID])
4513 			return -EINVAL;
4514 		break;
4515 	case NL80211_IFTYPE_STATION:
4516 	case NL80211_IFTYPE_P2P_CLIENT:
4517 		/* ignore uAPSD data */
4518 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4519 
4520 		/* these are disallowed */
4521 		if (params.sta_flags_mask &
4522 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4523 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4524 			return -EINVAL;
4525 		/* Only TDLS peers can be added */
4526 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4527 			return -EINVAL;
4528 		/* Can only add if TDLS ... */
4529 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4530 			return -EOPNOTSUPP;
4531 		/* ... with external setup is supported */
4532 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4533 			return -EOPNOTSUPP;
4534 		/*
4535 		 * Older wpa_supplicant versions always mark the TDLS peer
4536 		 * as authorized, but it shouldn't yet be.
4537 		 */
4538 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4539 		break;
4540 	default:
4541 		return -EOPNOTSUPP;
4542 	}
4543 
4544 	/* be aware of params.vlan when changing code here */
4545 
4546 	err = rdev_add_station(rdev, dev, mac_addr, &params);
4547 
4548 	if (params.vlan)
4549 		dev_put(params.vlan);
4550 	return err;
4551 }
4552 
4553 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4554 {
4555 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4556 	struct net_device *dev = info->user_ptr[1];
4557 	struct station_del_parameters params;
4558 
4559 	memset(&params, 0, sizeof(params));
4560 
4561 	if (info->attrs[NL80211_ATTR_MAC])
4562 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
4563 
4564 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4565 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4566 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4567 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4568 		return -EINVAL;
4569 
4570 	if (!rdev->ops->del_station)
4571 		return -EOPNOTSUPP;
4572 
4573 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
4574 		params.subtype =
4575 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
4576 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
4577 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
4578 			return -EINVAL;
4579 	} else {
4580 		/* Default to Deauthentication frame */
4581 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
4582 	}
4583 
4584 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
4585 		params.reason_code =
4586 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4587 		if (params.reason_code == 0)
4588 			return -EINVAL; /* 0 is reserved */
4589 	} else {
4590 		/* Default to reason code 2 */
4591 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
4592 	}
4593 
4594 	return rdev_del_station(rdev, dev, &params);
4595 }
4596 
4597 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4598 				int flags, struct net_device *dev,
4599 				u8 *dst, u8 *next_hop,
4600 				struct mpath_info *pinfo)
4601 {
4602 	void *hdr;
4603 	struct nlattr *pinfoattr;
4604 
4605 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
4606 	if (!hdr)
4607 		return -1;
4608 
4609 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4610 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4611 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4612 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4613 		goto nla_put_failure;
4614 
4615 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4616 	if (!pinfoattr)
4617 		goto nla_put_failure;
4618 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4619 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4620 			pinfo->frame_qlen))
4621 		goto nla_put_failure;
4622 	if (((pinfo->filled & MPATH_INFO_SN) &&
4623 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4624 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
4625 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4626 			 pinfo->metric)) ||
4627 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4628 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4629 			 pinfo->exptime)) ||
4630 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
4631 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4632 			pinfo->flags)) ||
4633 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4634 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4635 			 pinfo->discovery_timeout)) ||
4636 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4637 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4638 			pinfo->discovery_retries)))
4639 		goto nla_put_failure;
4640 
4641 	nla_nest_end(msg, pinfoattr);
4642 
4643 	genlmsg_end(msg, hdr);
4644 	return 0;
4645 
4646  nla_put_failure:
4647 	genlmsg_cancel(msg, hdr);
4648 	return -EMSGSIZE;
4649 }
4650 
4651 static int nl80211_dump_mpath(struct sk_buff *skb,
4652 			      struct netlink_callback *cb)
4653 {
4654 	struct mpath_info pinfo;
4655 	struct cfg80211_registered_device *rdev;
4656 	struct wireless_dev *wdev;
4657 	u8 dst[ETH_ALEN];
4658 	u8 next_hop[ETH_ALEN];
4659 	int path_idx = cb->args[2];
4660 	int err;
4661 
4662 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4663 	if (err)
4664 		return err;
4665 
4666 	if (!rdev->ops->dump_mpath) {
4667 		err = -EOPNOTSUPP;
4668 		goto out_err;
4669 	}
4670 
4671 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4672 		err = -EOPNOTSUPP;
4673 		goto out_err;
4674 	}
4675 
4676 	while (1) {
4677 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4678 				      next_hop, &pinfo);
4679 		if (err == -ENOENT)
4680 			break;
4681 		if (err)
4682 			goto out_err;
4683 
4684 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4685 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4686 				       wdev->netdev, dst, next_hop,
4687 				       &pinfo) < 0)
4688 			goto out;
4689 
4690 		path_idx++;
4691 	}
4692 
4693 
4694  out:
4695 	cb->args[2] = path_idx;
4696 	err = skb->len;
4697  out_err:
4698 	nl80211_finish_wdev_dump(rdev);
4699 	return err;
4700 }
4701 
4702 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4703 {
4704 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4705 	int err;
4706 	struct net_device *dev = info->user_ptr[1];
4707 	struct mpath_info pinfo;
4708 	struct sk_buff *msg;
4709 	u8 *dst = NULL;
4710 	u8 next_hop[ETH_ALEN];
4711 
4712 	memset(&pinfo, 0, sizeof(pinfo));
4713 
4714 	if (!info->attrs[NL80211_ATTR_MAC])
4715 		return -EINVAL;
4716 
4717 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4718 
4719 	if (!rdev->ops->get_mpath)
4720 		return -EOPNOTSUPP;
4721 
4722 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4723 		return -EOPNOTSUPP;
4724 
4725 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4726 	if (err)
4727 		return err;
4728 
4729 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4730 	if (!msg)
4731 		return -ENOMEM;
4732 
4733 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4734 				 dev, dst, next_hop, &pinfo) < 0) {
4735 		nlmsg_free(msg);
4736 		return -ENOBUFS;
4737 	}
4738 
4739 	return genlmsg_reply(msg, info);
4740 }
4741 
4742 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4743 {
4744 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4745 	struct net_device *dev = info->user_ptr[1];
4746 	u8 *dst = NULL;
4747 	u8 *next_hop = NULL;
4748 
4749 	if (!info->attrs[NL80211_ATTR_MAC])
4750 		return -EINVAL;
4751 
4752 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4753 		return -EINVAL;
4754 
4755 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4756 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4757 
4758 	if (!rdev->ops->change_mpath)
4759 		return -EOPNOTSUPP;
4760 
4761 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4762 		return -EOPNOTSUPP;
4763 
4764 	return rdev_change_mpath(rdev, dev, dst, next_hop);
4765 }
4766 
4767 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4768 {
4769 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4770 	struct net_device *dev = info->user_ptr[1];
4771 	u8 *dst = NULL;
4772 	u8 *next_hop = NULL;
4773 
4774 	if (!info->attrs[NL80211_ATTR_MAC])
4775 		return -EINVAL;
4776 
4777 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4778 		return -EINVAL;
4779 
4780 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4781 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4782 
4783 	if (!rdev->ops->add_mpath)
4784 		return -EOPNOTSUPP;
4785 
4786 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4787 		return -EOPNOTSUPP;
4788 
4789 	return rdev_add_mpath(rdev, dev, dst, next_hop);
4790 }
4791 
4792 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4793 {
4794 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4795 	struct net_device *dev = info->user_ptr[1];
4796 	u8 *dst = NULL;
4797 
4798 	if (info->attrs[NL80211_ATTR_MAC])
4799 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4800 
4801 	if (!rdev->ops->del_mpath)
4802 		return -EOPNOTSUPP;
4803 
4804 	return rdev_del_mpath(rdev, dev, dst);
4805 }
4806 
4807 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
4808 {
4809 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4810 	int err;
4811 	struct net_device *dev = info->user_ptr[1];
4812 	struct mpath_info pinfo;
4813 	struct sk_buff *msg;
4814 	u8 *dst = NULL;
4815 	u8 mpp[ETH_ALEN];
4816 
4817 	memset(&pinfo, 0, sizeof(pinfo));
4818 
4819 	if (!info->attrs[NL80211_ATTR_MAC])
4820 		return -EINVAL;
4821 
4822 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4823 
4824 	if (!rdev->ops->get_mpp)
4825 		return -EOPNOTSUPP;
4826 
4827 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4828 		return -EOPNOTSUPP;
4829 
4830 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
4831 	if (err)
4832 		return err;
4833 
4834 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4835 	if (!msg)
4836 		return -ENOMEM;
4837 
4838 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4839 			       dev, dst, mpp, &pinfo) < 0) {
4840 		nlmsg_free(msg);
4841 		return -ENOBUFS;
4842 	}
4843 
4844 	return genlmsg_reply(msg, info);
4845 }
4846 
4847 static int nl80211_dump_mpp(struct sk_buff *skb,
4848 			    struct netlink_callback *cb)
4849 {
4850 	struct mpath_info pinfo;
4851 	struct cfg80211_registered_device *rdev;
4852 	struct wireless_dev *wdev;
4853 	u8 dst[ETH_ALEN];
4854 	u8 mpp[ETH_ALEN];
4855 	int path_idx = cb->args[2];
4856 	int err;
4857 
4858 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4859 	if (err)
4860 		return err;
4861 
4862 	if (!rdev->ops->dump_mpp) {
4863 		err = -EOPNOTSUPP;
4864 		goto out_err;
4865 	}
4866 
4867 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4868 		err = -EOPNOTSUPP;
4869 		goto out_err;
4870 	}
4871 
4872 	while (1) {
4873 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
4874 				    mpp, &pinfo);
4875 		if (err == -ENOENT)
4876 			break;
4877 		if (err)
4878 			goto out_err;
4879 
4880 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4881 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4882 				       wdev->netdev, dst, mpp,
4883 				       &pinfo) < 0)
4884 			goto out;
4885 
4886 		path_idx++;
4887 	}
4888 
4889  out:
4890 	cb->args[2] = path_idx;
4891 	err = skb->len;
4892  out_err:
4893 	nl80211_finish_wdev_dump(rdev);
4894 	return err;
4895 }
4896 
4897 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4898 {
4899 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4900 	struct net_device *dev = info->user_ptr[1];
4901 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4902 	struct bss_parameters params;
4903 	int err;
4904 
4905 	memset(&params, 0, sizeof(params));
4906 	/* default to not changing parameters */
4907 	params.use_cts_prot = -1;
4908 	params.use_short_preamble = -1;
4909 	params.use_short_slot_time = -1;
4910 	params.ap_isolate = -1;
4911 	params.ht_opmode = -1;
4912 	params.p2p_ctwindow = -1;
4913 	params.p2p_opp_ps = -1;
4914 
4915 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4916 		params.use_cts_prot =
4917 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4918 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4919 		params.use_short_preamble =
4920 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4921 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4922 		params.use_short_slot_time =
4923 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4924 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4925 		params.basic_rates =
4926 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4927 		params.basic_rates_len =
4928 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4929 	}
4930 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4931 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4932 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4933 		params.ht_opmode =
4934 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4935 
4936 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4937 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4938 			return -EINVAL;
4939 		params.p2p_ctwindow =
4940 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4941 		if (params.p2p_ctwindow < 0)
4942 			return -EINVAL;
4943 		if (params.p2p_ctwindow != 0 &&
4944 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4945 			return -EINVAL;
4946 	}
4947 
4948 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4949 		u8 tmp;
4950 
4951 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4952 			return -EINVAL;
4953 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4954 		if (tmp > 1)
4955 			return -EINVAL;
4956 		params.p2p_opp_ps = tmp;
4957 		if (params.p2p_opp_ps &&
4958 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4959 			return -EINVAL;
4960 	}
4961 
4962 	if (!rdev->ops->change_bss)
4963 		return -EOPNOTSUPP;
4964 
4965 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4966 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4967 		return -EOPNOTSUPP;
4968 
4969 	wdev_lock(wdev);
4970 	err = rdev_change_bss(rdev, dev, &params);
4971 	wdev_unlock(wdev);
4972 
4973 	return err;
4974 }
4975 
4976 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4977 {
4978 	char *data = NULL;
4979 	bool is_indoor;
4980 	enum nl80211_user_reg_hint_type user_reg_hint_type;
4981 	u32 owner_nlportid;
4982 
4983 
4984 	/*
4985 	 * You should only get this when cfg80211 hasn't yet initialized
4986 	 * completely when built-in to the kernel right between the time
4987 	 * window between nl80211_init() and regulatory_init(), if that is
4988 	 * even possible.
4989 	 */
4990 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4991 		return -EINPROGRESS;
4992 
4993 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4994 		user_reg_hint_type =
4995 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4996 	else
4997 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4998 
4999 	switch (user_reg_hint_type) {
5000 	case NL80211_USER_REG_HINT_USER:
5001 	case NL80211_USER_REG_HINT_CELL_BASE:
5002 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5003 			return -EINVAL;
5004 
5005 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5006 		return regulatory_hint_user(data, user_reg_hint_type);
5007 	case NL80211_USER_REG_HINT_INDOOR:
5008 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5009 			owner_nlportid = info->snd_portid;
5010 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5011 		} else {
5012 			owner_nlportid = 0;
5013 			is_indoor = true;
5014 		}
5015 
5016 		return regulatory_hint_indoor(is_indoor, owner_nlportid);
5017 	default:
5018 		return -EINVAL;
5019 	}
5020 }
5021 
5022 static int nl80211_get_mesh_config(struct sk_buff *skb,
5023 				   struct genl_info *info)
5024 {
5025 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5026 	struct net_device *dev = info->user_ptr[1];
5027 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5028 	struct mesh_config cur_params;
5029 	int err = 0;
5030 	void *hdr;
5031 	struct nlattr *pinfoattr;
5032 	struct sk_buff *msg;
5033 
5034 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5035 		return -EOPNOTSUPP;
5036 
5037 	if (!rdev->ops->get_mesh_config)
5038 		return -EOPNOTSUPP;
5039 
5040 	wdev_lock(wdev);
5041 	/* If not connected, get default parameters */
5042 	if (!wdev->mesh_id_len)
5043 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5044 	else
5045 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
5046 	wdev_unlock(wdev);
5047 
5048 	if (err)
5049 		return err;
5050 
5051 	/* Draw up a netlink message to send back */
5052 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5053 	if (!msg)
5054 		return -ENOMEM;
5055 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5056 			     NL80211_CMD_GET_MESH_CONFIG);
5057 	if (!hdr)
5058 		goto out;
5059 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5060 	if (!pinfoattr)
5061 		goto nla_put_failure;
5062 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5063 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5064 			cur_params.dot11MeshRetryTimeout) ||
5065 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5066 			cur_params.dot11MeshConfirmTimeout) ||
5067 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5068 			cur_params.dot11MeshHoldingTimeout) ||
5069 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5070 			cur_params.dot11MeshMaxPeerLinks) ||
5071 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5072 		       cur_params.dot11MeshMaxRetries) ||
5073 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
5074 		       cur_params.dot11MeshTTL) ||
5075 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5076 		       cur_params.element_ttl) ||
5077 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5078 		       cur_params.auto_open_plinks) ||
5079 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5080 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5081 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5082 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
5083 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5084 			cur_params.path_refresh_time) ||
5085 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5086 			cur_params.min_discovery_timeout) ||
5087 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5088 			cur_params.dot11MeshHWMPactivePathTimeout) ||
5089 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5090 			cur_params.dot11MeshHWMPpreqMinInterval) ||
5091 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5092 			cur_params.dot11MeshHWMPperrMinInterval) ||
5093 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5094 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5095 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5096 		       cur_params.dot11MeshHWMPRootMode) ||
5097 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5098 			cur_params.dot11MeshHWMPRannInterval) ||
5099 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5100 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
5101 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5102 		       cur_params.dot11MeshForwarding) ||
5103 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5104 			cur_params.rssi_threshold) ||
5105 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5106 			cur_params.ht_opmode) ||
5107 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5108 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5109 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5110 			cur_params.dot11MeshHWMProotInterval) ||
5111 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5112 			cur_params.dot11MeshHWMPconfirmationInterval) ||
5113 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5114 			cur_params.power_mode) ||
5115 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5116 			cur_params.dot11MeshAwakeWindowDuration) ||
5117 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5118 			cur_params.plink_timeout))
5119 		goto nla_put_failure;
5120 	nla_nest_end(msg, pinfoattr);
5121 	genlmsg_end(msg, hdr);
5122 	return genlmsg_reply(msg, info);
5123 
5124  nla_put_failure:
5125 	genlmsg_cancel(msg, hdr);
5126  out:
5127 	nlmsg_free(msg);
5128 	return -ENOBUFS;
5129 }
5130 
5131 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5132 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5133 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5134 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5135 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5136 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5137 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5138 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5139 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5140 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5141 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5142 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5143 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5144 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5145 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5146 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5147 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5148 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5149 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5150 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5151 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5152 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5153 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5154 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5155 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5156 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5157 	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5158 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5159 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5160 };
5161 
5162 static const struct nla_policy
5163 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5164 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5165 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5166 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5167 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5168 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5169 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5170 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5171 				    .len = IEEE80211_MAX_DATA_LEN },
5172 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5173 };
5174 
5175 static int nl80211_parse_mesh_config(struct genl_info *info,
5176 				     struct mesh_config *cfg,
5177 				     u32 *mask_out)
5178 {
5179 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5180 	u32 mask = 0;
5181 
5182 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5183 do {									    \
5184 	if (tb[attr]) {							    \
5185 		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
5186 			return -EINVAL;					    \
5187 		cfg->param = fn(tb[attr]);				    \
5188 		mask |= (1 << (attr - 1));				    \
5189 	}								    \
5190 } while (0)
5191 
5192 
5193 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5194 		return -EINVAL;
5195 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5196 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
5197 			     nl80211_meshconf_params_policy))
5198 		return -EINVAL;
5199 
5200 	/* This makes sure that there aren't more than 32 mesh config
5201 	 * parameters (otherwise our bitfield scheme would not work.) */
5202 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5203 
5204 	/* Fill in the params struct */
5205 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5206 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5207 				  nla_get_u16);
5208 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5209 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5210 				  nla_get_u16);
5211 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5212 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5213 				  nla_get_u16);
5214 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5215 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5216 				  nla_get_u16);
5217 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5218 				  mask, NL80211_MESHCONF_MAX_RETRIES,
5219 				  nla_get_u8);
5220 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5221 				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
5222 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5223 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
5224 				  nla_get_u8);
5225 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5226 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5227 				  nla_get_u8);
5228 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5229 				  1, 255, mask,
5230 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5231 				  nla_get_u32);
5232 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5233 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5234 				  nla_get_u8);
5235 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5236 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5237 				  nla_get_u32);
5238 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5239 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5240 				  nla_get_u16);
5241 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
5242 				  1, 65535, mask,
5243 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5244 				  nla_get_u32);
5245 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5246 				  1, 65535, mask,
5247 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5248 				  nla_get_u16);
5249 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
5250 				  1, 65535, mask,
5251 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5252 				  nla_get_u16);
5253 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5254 				  dot11MeshHWMPnetDiameterTraversalTime,
5255 				  1, 65535, mask,
5256 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5257 				  nla_get_u16);
5258 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
5259 				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
5260 				  nla_get_u8);
5261 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
5262 				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5263 				  nla_get_u16);
5264 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5265 				  dot11MeshGateAnnouncementProtocol, 0, 1,
5266 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5267 				  nla_get_u8);
5268 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5269 				  mask, NL80211_MESHCONF_FORWARDING,
5270 				  nla_get_u8);
5271 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5272 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5273 				  nla_get_s32);
5274 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
5275 				  mask, NL80211_MESHCONF_HT_OPMODE,
5276 				  nla_get_u16);
5277 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5278 				  1, 65535, mask,
5279 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5280 				  nla_get_u32);
5281 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5282 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5283 				  nla_get_u16);
5284 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5285 				  dot11MeshHWMPconfirmationInterval,
5286 				  1, 65535, mask,
5287 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5288 				  nla_get_u16);
5289 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
5290 				  NL80211_MESH_POWER_ACTIVE,
5291 				  NL80211_MESH_POWER_MAX,
5292 				  mask, NL80211_MESHCONF_POWER_MODE,
5293 				  nla_get_u32);
5294 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
5295 				  0, 65535, mask,
5296 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
5297 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
5298 				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
5299 				  nla_get_u32);
5300 	if (mask_out)
5301 		*mask_out = mask;
5302 
5303 	return 0;
5304 
5305 #undef FILL_IN_MESH_PARAM_IF_SET
5306 }
5307 
5308 static int nl80211_parse_mesh_setup(struct genl_info *info,
5309 				     struct mesh_setup *setup)
5310 {
5311 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5312 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
5313 
5314 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
5315 		return -EINVAL;
5316 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
5317 			     info->attrs[NL80211_ATTR_MESH_SETUP],
5318 			     nl80211_mesh_setup_params_policy))
5319 		return -EINVAL;
5320 
5321 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5322 		setup->sync_method =
5323 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5324 		 IEEE80211_SYNC_METHOD_VENDOR :
5325 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5326 
5327 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5328 		setup->path_sel_proto =
5329 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5330 		 IEEE80211_PATH_PROTOCOL_VENDOR :
5331 		 IEEE80211_PATH_PROTOCOL_HWMP;
5332 
5333 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5334 		setup->path_metric =
5335 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5336 		 IEEE80211_PATH_METRIC_VENDOR :
5337 		 IEEE80211_PATH_METRIC_AIRTIME;
5338 
5339 
5340 	if (tb[NL80211_MESH_SETUP_IE]) {
5341 		struct nlattr *ieattr =
5342 			tb[NL80211_MESH_SETUP_IE];
5343 		if (!is_valid_ie_attr(ieattr))
5344 			return -EINVAL;
5345 		setup->ie = nla_data(ieattr);
5346 		setup->ie_len = nla_len(ieattr);
5347 	}
5348 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5349 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5350 		return -EINVAL;
5351 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5352 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5353 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5354 	if (setup->is_secure)
5355 		setup->user_mpm = true;
5356 
5357 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5358 		if (!setup->user_mpm)
5359 			return -EINVAL;
5360 		setup->auth_id =
5361 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5362 	}
5363 
5364 	return 0;
5365 }
5366 
5367 static int nl80211_update_mesh_config(struct sk_buff *skb,
5368 				      struct genl_info *info)
5369 {
5370 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5371 	struct net_device *dev = info->user_ptr[1];
5372 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5373 	struct mesh_config cfg;
5374 	u32 mask;
5375 	int err;
5376 
5377 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5378 		return -EOPNOTSUPP;
5379 
5380 	if (!rdev->ops->update_mesh_config)
5381 		return -EOPNOTSUPP;
5382 
5383 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
5384 	if (err)
5385 		return err;
5386 
5387 	wdev_lock(wdev);
5388 	if (!wdev->mesh_id_len)
5389 		err = -ENOLINK;
5390 
5391 	if (!err)
5392 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5393 
5394 	wdev_unlock(wdev);
5395 
5396 	return err;
5397 }
5398 
5399 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
5400 			      struct sk_buff *msg)
5401 {
5402 	struct nlattr *nl_reg_rules;
5403 	unsigned int i;
5404 
5405 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5406 	    (regdom->dfs_region &&
5407 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5408 		goto nla_put_failure;
5409 
5410 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5411 	if (!nl_reg_rules)
5412 		goto nla_put_failure;
5413 
5414 	for (i = 0; i < regdom->n_reg_rules; i++) {
5415 		struct nlattr *nl_reg_rule;
5416 		const struct ieee80211_reg_rule *reg_rule;
5417 		const struct ieee80211_freq_range *freq_range;
5418 		const struct ieee80211_power_rule *power_rule;
5419 		unsigned int max_bandwidth_khz;
5420 
5421 		reg_rule = &regdom->reg_rules[i];
5422 		freq_range = &reg_rule->freq_range;
5423 		power_rule = &reg_rule->power_rule;
5424 
5425 		nl_reg_rule = nla_nest_start(msg, i);
5426 		if (!nl_reg_rule)
5427 			goto nla_put_failure;
5428 
5429 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
5430 		if (!max_bandwidth_khz)
5431 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5432 								  reg_rule);
5433 
5434 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5435 				reg_rule->flags) ||
5436 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5437 				freq_range->start_freq_khz) ||
5438 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5439 				freq_range->end_freq_khz) ||
5440 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5441 				max_bandwidth_khz) ||
5442 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5443 				power_rule->max_antenna_gain) ||
5444 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5445 				power_rule->max_eirp) ||
5446 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5447 				reg_rule->dfs_cac_ms))
5448 			goto nla_put_failure;
5449 
5450 		nla_nest_end(msg, nl_reg_rule);
5451 	}
5452 
5453 	nla_nest_end(msg, nl_reg_rules);
5454 	return 0;
5455 
5456 nla_put_failure:
5457 	return -EMSGSIZE;
5458 }
5459 
5460 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
5461 {
5462 	const struct ieee80211_regdomain *regdom = NULL;
5463 	struct cfg80211_registered_device *rdev;
5464 	struct wiphy *wiphy = NULL;
5465 	struct sk_buff *msg;
5466 	void *hdr;
5467 
5468 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5469 	if (!msg)
5470 		return -ENOBUFS;
5471 
5472 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5473 			     NL80211_CMD_GET_REG);
5474 	if (!hdr)
5475 		goto put_failure;
5476 
5477 	if (info->attrs[NL80211_ATTR_WIPHY]) {
5478 		bool self_managed;
5479 
5480 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
5481 		if (IS_ERR(rdev)) {
5482 			nlmsg_free(msg);
5483 			return PTR_ERR(rdev);
5484 		}
5485 
5486 		wiphy = &rdev->wiphy;
5487 		self_managed = wiphy->regulatory_flags &
5488 			       REGULATORY_WIPHY_SELF_MANAGED;
5489 		regdom = get_wiphy_regdom(wiphy);
5490 
5491 		/* a self-managed-reg device must have a private regdom */
5492 		if (WARN_ON(!regdom && self_managed)) {
5493 			nlmsg_free(msg);
5494 			return -EINVAL;
5495 		}
5496 
5497 		if (regdom &&
5498 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5499 			goto nla_put_failure;
5500 	}
5501 
5502 	if (!wiphy && reg_last_request_cell_base() &&
5503 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5504 			NL80211_USER_REG_HINT_CELL_BASE))
5505 		goto nla_put_failure;
5506 
5507 	rcu_read_lock();
5508 
5509 	if (!regdom)
5510 		regdom = rcu_dereference(cfg80211_regdomain);
5511 
5512 	if (nl80211_put_regdom(regdom, msg))
5513 		goto nla_put_failure_rcu;
5514 
5515 	rcu_read_unlock();
5516 
5517 	genlmsg_end(msg, hdr);
5518 	return genlmsg_reply(msg, info);
5519 
5520 nla_put_failure_rcu:
5521 	rcu_read_unlock();
5522 nla_put_failure:
5523 	genlmsg_cancel(msg, hdr);
5524 put_failure:
5525 	nlmsg_free(msg);
5526 	return -EMSGSIZE;
5527 }
5528 
5529 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
5530 			       u32 seq, int flags, struct wiphy *wiphy,
5531 			       const struct ieee80211_regdomain *regdom)
5532 {
5533 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5534 				   NL80211_CMD_GET_REG);
5535 
5536 	if (!hdr)
5537 		return -1;
5538 
5539 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5540 
5541 	if (nl80211_put_regdom(regdom, msg))
5542 		goto nla_put_failure;
5543 
5544 	if (!wiphy && reg_last_request_cell_base() &&
5545 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5546 			NL80211_USER_REG_HINT_CELL_BASE))
5547 		goto nla_put_failure;
5548 
5549 	if (wiphy &&
5550 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5551 		goto nla_put_failure;
5552 
5553 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
5554 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
5555 		goto nla_put_failure;
5556 
5557 	genlmsg_end(msg, hdr);
5558 	return 0;
5559 
5560 nla_put_failure:
5561 	genlmsg_cancel(msg, hdr);
5562 	return -EMSGSIZE;
5563 }
5564 
5565 static int nl80211_get_reg_dump(struct sk_buff *skb,
5566 				struct netlink_callback *cb)
5567 {
5568 	const struct ieee80211_regdomain *regdom = NULL;
5569 	struct cfg80211_registered_device *rdev;
5570 	int err, reg_idx, start = cb->args[2];
5571 
5572 	rtnl_lock();
5573 
5574 	if (cfg80211_regdomain && start == 0) {
5575 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5576 					  NLM_F_MULTI, NULL,
5577 					  rtnl_dereference(cfg80211_regdomain));
5578 		if (err < 0)
5579 			goto out_err;
5580 	}
5581 
5582 	/* the global regdom is idx 0 */
5583 	reg_idx = 1;
5584 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
5585 		regdom = get_wiphy_regdom(&rdev->wiphy);
5586 		if (!regdom)
5587 			continue;
5588 
5589 		if (++reg_idx <= start)
5590 			continue;
5591 
5592 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5593 					  NLM_F_MULTI, &rdev->wiphy, regdom);
5594 		if (err < 0) {
5595 			reg_idx--;
5596 			break;
5597 		}
5598 	}
5599 
5600 	cb->args[2] = reg_idx;
5601 	err = skb->len;
5602 out_err:
5603 	rtnl_unlock();
5604 	return err;
5605 }
5606 
5607 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
5608 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
5609 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
5610 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
5611 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
5612 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
5613 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
5614 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
5615 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
5616 };
5617 
5618 static int parse_reg_rule(struct nlattr *tb[],
5619 	struct ieee80211_reg_rule *reg_rule)
5620 {
5621 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
5622 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
5623 
5624 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
5625 		return -EINVAL;
5626 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
5627 		return -EINVAL;
5628 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
5629 		return -EINVAL;
5630 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
5631 		return -EINVAL;
5632 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
5633 		return -EINVAL;
5634 
5635 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
5636 
5637 	freq_range->start_freq_khz =
5638 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
5639 	freq_range->end_freq_khz =
5640 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
5641 	freq_range->max_bandwidth_khz =
5642 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
5643 
5644 	power_rule->max_eirp =
5645 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
5646 
5647 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
5648 		power_rule->max_antenna_gain =
5649 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
5650 
5651 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
5652 		reg_rule->dfs_cac_ms =
5653 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
5654 
5655 	return 0;
5656 }
5657 
5658 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5659 {
5660 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5661 	struct nlattr *nl_reg_rule;
5662 	char *alpha2;
5663 	int rem_reg_rules, r;
5664 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
5665 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5666 	struct ieee80211_regdomain *rd;
5667 
5668 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5669 		return -EINVAL;
5670 
5671 	if (!info->attrs[NL80211_ATTR_REG_RULES])
5672 		return -EINVAL;
5673 
5674 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5675 
5676 	if (info->attrs[NL80211_ATTR_DFS_REGION])
5677 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5678 
5679 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5680 			    rem_reg_rules) {
5681 		num_rules++;
5682 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5683 			return -EINVAL;
5684 	}
5685 
5686 	if (!reg_is_valid_request(alpha2))
5687 		return -EINVAL;
5688 
5689 	size_of_regd = sizeof(struct ieee80211_regdomain) +
5690 		       num_rules * sizeof(struct ieee80211_reg_rule);
5691 
5692 	rd = kzalloc(size_of_regd, GFP_KERNEL);
5693 	if (!rd)
5694 		return -ENOMEM;
5695 
5696 	rd->n_reg_rules = num_rules;
5697 	rd->alpha2[0] = alpha2[0];
5698 	rd->alpha2[1] = alpha2[1];
5699 
5700 	/*
5701 	 * Disable DFS master mode if the DFS region was
5702 	 * not supported or known on this kernel.
5703 	 */
5704 	if (reg_supported_dfs_region(dfs_region))
5705 		rd->dfs_region = dfs_region;
5706 
5707 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5708 			    rem_reg_rules) {
5709 		r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5710 			      nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5711 			      reg_rule_policy);
5712 		if (r)
5713 			goto bad_reg;
5714 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5715 		if (r)
5716 			goto bad_reg;
5717 
5718 		rule_idx++;
5719 
5720 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5721 			r = -EINVAL;
5722 			goto bad_reg;
5723 		}
5724 	}
5725 
5726 	r = set_regdom(rd, REGD_SOURCE_CRDA);
5727 	/* set_regdom took ownership */
5728 	rd = NULL;
5729 
5730  bad_reg:
5731 	kfree(rd);
5732 	return r;
5733 }
5734 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
5735 
5736 static int validate_scan_freqs(struct nlattr *freqs)
5737 {
5738 	struct nlattr *attr1, *attr2;
5739 	int n_channels = 0, tmp1, tmp2;
5740 
5741 	nla_for_each_nested(attr1, freqs, tmp1) {
5742 		n_channels++;
5743 		/*
5744 		 * Some hardware has a limited channel list for
5745 		 * scanning, and it is pretty much nonsensical
5746 		 * to scan for a channel twice, so disallow that
5747 		 * and don't require drivers to check that the
5748 		 * channel list they get isn't longer than what
5749 		 * they can scan, as long as they can scan all
5750 		 * the channels they registered at once.
5751 		 */
5752 		nla_for_each_nested(attr2, freqs, tmp2)
5753 			if (attr1 != attr2 &&
5754 			    nla_get_u32(attr1) == nla_get_u32(attr2))
5755 				return 0;
5756 	}
5757 
5758 	return n_channels;
5759 }
5760 
5761 static int nl80211_parse_random_mac(struct nlattr **attrs,
5762 				    u8 *mac_addr, u8 *mac_addr_mask)
5763 {
5764 	int i;
5765 
5766 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
5767 		eth_zero_addr(mac_addr);
5768 		eth_zero_addr(mac_addr_mask);
5769 		mac_addr[0] = 0x2;
5770 		mac_addr_mask[0] = 0x3;
5771 
5772 		return 0;
5773 	}
5774 
5775 	/* need both or none */
5776 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
5777 		return -EINVAL;
5778 
5779 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
5780 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
5781 
5782 	/* don't allow or configure an mcast address */
5783 	if (!is_multicast_ether_addr(mac_addr_mask) ||
5784 	    is_multicast_ether_addr(mac_addr))
5785 		return -EINVAL;
5786 
5787 	/*
5788 	 * allow users to pass a MAC address that has bits set outside
5789 	 * of the mask, but don't bother drivers with having to deal
5790 	 * with such bits
5791 	 */
5792 	for (i = 0; i < ETH_ALEN; i++)
5793 		mac_addr[i] &= mac_addr_mask[i];
5794 
5795 	return 0;
5796 }
5797 
5798 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5799 {
5800 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5801 	struct wireless_dev *wdev = info->user_ptr[1];
5802 	struct cfg80211_scan_request *request;
5803 	struct nlattr *attr;
5804 	struct wiphy *wiphy;
5805 	int err, tmp, n_ssids = 0, n_channels, i;
5806 	size_t ie_len;
5807 
5808 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5809 		return -EINVAL;
5810 
5811 	wiphy = &rdev->wiphy;
5812 
5813 	if (!rdev->ops->scan)
5814 		return -EOPNOTSUPP;
5815 
5816 	if (rdev->scan_req || rdev->scan_msg) {
5817 		err = -EBUSY;
5818 		goto unlock;
5819 	}
5820 
5821 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5822 		n_channels = validate_scan_freqs(
5823 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5824 		if (!n_channels) {
5825 			err = -EINVAL;
5826 			goto unlock;
5827 		}
5828 	} else {
5829 		n_channels = ieee80211_get_num_supported_channels(wiphy);
5830 	}
5831 
5832 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5833 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5834 			n_ssids++;
5835 
5836 	if (n_ssids > wiphy->max_scan_ssids) {
5837 		err = -EINVAL;
5838 		goto unlock;
5839 	}
5840 
5841 	if (info->attrs[NL80211_ATTR_IE])
5842 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5843 	else
5844 		ie_len = 0;
5845 
5846 	if (ie_len > wiphy->max_scan_ie_len) {
5847 		err = -EINVAL;
5848 		goto unlock;
5849 	}
5850 
5851 	request = kzalloc(sizeof(*request)
5852 			+ sizeof(*request->ssids) * n_ssids
5853 			+ sizeof(*request->channels) * n_channels
5854 			+ ie_len, GFP_KERNEL);
5855 	if (!request) {
5856 		err = -ENOMEM;
5857 		goto unlock;
5858 	}
5859 
5860 	if (n_ssids)
5861 		request->ssids = (void *)&request->channels[n_channels];
5862 	request->n_ssids = n_ssids;
5863 	if (ie_len) {
5864 		if (n_ssids)
5865 			request->ie = (void *)(request->ssids + n_ssids);
5866 		else
5867 			request->ie = (void *)(request->channels + n_channels);
5868 	}
5869 
5870 	i = 0;
5871 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5872 		/* user specified, bail out if channel not found */
5873 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5874 			struct ieee80211_channel *chan;
5875 
5876 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5877 
5878 			if (!chan) {
5879 				err = -EINVAL;
5880 				goto out_free;
5881 			}
5882 
5883 			/* ignore disabled channels */
5884 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5885 				continue;
5886 
5887 			request->channels[i] = chan;
5888 			i++;
5889 		}
5890 	} else {
5891 		enum ieee80211_band band;
5892 
5893 		/* all channels */
5894 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5895 			int j;
5896 			if (!wiphy->bands[band])
5897 				continue;
5898 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5899 				struct ieee80211_channel *chan;
5900 
5901 				chan = &wiphy->bands[band]->channels[j];
5902 
5903 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5904 					continue;
5905 
5906 				request->channels[i] = chan;
5907 				i++;
5908 			}
5909 		}
5910 	}
5911 
5912 	if (!i) {
5913 		err = -EINVAL;
5914 		goto out_free;
5915 	}
5916 
5917 	request->n_channels = i;
5918 
5919 	i = 0;
5920 	if (n_ssids) {
5921 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5922 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5923 				err = -EINVAL;
5924 				goto out_free;
5925 			}
5926 			request->ssids[i].ssid_len = nla_len(attr);
5927 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5928 			i++;
5929 		}
5930 	}
5931 
5932 	if (info->attrs[NL80211_ATTR_IE]) {
5933 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5934 		memcpy((void *)request->ie,
5935 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5936 		       request->ie_len);
5937 	}
5938 
5939 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5940 		if (wiphy->bands[i])
5941 			request->rates[i] =
5942 				(1 << wiphy->bands[i]->n_bitrates) - 1;
5943 
5944 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5945 		nla_for_each_nested(attr,
5946 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5947 				    tmp) {
5948 			enum ieee80211_band band = nla_type(attr);
5949 
5950 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5951 				err = -EINVAL;
5952 				goto out_free;
5953 			}
5954 
5955 			if (!wiphy->bands[band])
5956 				continue;
5957 
5958 			err = ieee80211_get_ratemask(wiphy->bands[band],
5959 						     nla_data(attr),
5960 						     nla_len(attr),
5961 						     &request->rates[band]);
5962 			if (err)
5963 				goto out_free;
5964 		}
5965 	}
5966 
5967 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5968 		request->flags = nla_get_u32(
5969 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5970 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5971 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5972 			err = -EOPNOTSUPP;
5973 			goto out_free;
5974 		}
5975 
5976 		if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
5977 			if (!(wiphy->features &
5978 					NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
5979 				err = -EOPNOTSUPP;
5980 				goto out_free;
5981 			}
5982 
5983 			if (wdev->current_bss) {
5984 				err = -EOPNOTSUPP;
5985 				goto out_free;
5986 			}
5987 
5988 			err = nl80211_parse_random_mac(info->attrs,
5989 						       request->mac_addr,
5990 						       request->mac_addr_mask);
5991 			if (err)
5992 				goto out_free;
5993 		}
5994 	}
5995 
5996 	request->no_cck =
5997 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5998 
5999 	request->wdev = wdev;
6000 	request->wiphy = &rdev->wiphy;
6001 	request->scan_start = jiffies;
6002 
6003 	rdev->scan_req = request;
6004 	err = rdev_scan(rdev, request);
6005 
6006 	if (!err) {
6007 		nl80211_send_scan_start(rdev, wdev);
6008 		if (wdev->netdev)
6009 			dev_hold(wdev->netdev);
6010 	} else {
6011  out_free:
6012 		rdev->scan_req = NULL;
6013 		kfree(request);
6014 	}
6015 
6016  unlock:
6017 	return err;
6018 }
6019 
6020 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
6021 {
6022 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6023 	struct wireless_dev *wdev = info->user_ptr[1];
6024 
6025 	if (!rdev->ops->abort_scan)
6026 		return -EOPNOTSUPP;
6027 
6028 	if (rdev->scan_msg)
6029 		return 0;
6030 
6031 	if (!rdev->scan_req)
6032 		return -ENOENT;
6033 
6034 	rdev_abort_scan(rdev, wdev);
6035 	return 0;
6036 }
6037 
6038 static int
6039 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
6040 			       struct cfg80211_sched_scan_request *request,
6041 			       struct nlattr **attrs)
6042 {
6043 	int tmp, err, i = 0;
6044 	struct nlattr *attr;
6045 
6046 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6047 		u32 interval;
6048 
6049 		/*
6050 		 * If scan plans are not specified,
6051 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL must be specified. In this
6052 		 * case one scan plan will be set with the specified scan
6053 		 * interval and infinite number of iterations.
6054 		 */
6055 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6056 			return -EINVAL;
6057 
6058 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
6059 		if (!interval)
6060 			return -EINVAL;
6061 
6062 		request->scan_plans[0].interval =
6063 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
6064 		if (!request->scan_plans[0].interval)
6065 			return -EINVAL;
6066 
6067 		if (request->scan_plans[0].interval >
6068 		    wiphy->max_sched_scan_plan_interval)
6069 			request->scan_plans[0].interval =
6070 				wiphy->max_sched_scan_plan_interval;
6071 
6072 		return 0;
6073 	}
6074 
6075 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
6076 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
6077 
6078 		if (WARN_ON(i >= n_plans))
6079 			return -EINVAL;
6080 
6081 		err = nla_parse(plan, NL80211_SCHED_SCAN_PLAN_MAX,
6082 				nla_data(attr), nla_len(attr),
6083 				nl80211_plan_policy);
6084 		if (err)
6085 			return err;
6086 
6087 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
6088 			return -EINVAL;
6089 
6090 		request->scan_plans[i].interval =
6091 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
6092 		if (!request->scan_plans[i].interval ||
6093 		    request->scan_plans[i].interval >
6094 		    wiphy->max_sched_scan_plan_interval)
6095 			return -EINVAL;
6096 
6097 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
6098 			request->scan_plans[i].iterations =
6099 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
6100 			if (!request->scan_plans[i].iterations ||
6101 			    (request->scan_plans[i].iterations >
6102 			     wiphy->max_sched_scan_plan_iterations))
6103 				return -EINVAL;
6104 		} else if (i < n_plans - 1) {
6105 			/*
6106 			 * All scan plans but the last one must specify
6107 			 * a finite number of iterations
6108 			 */
6109 			return -EINVAL;
6110 		}
6111 
6112 		i++;
6113 	}
6114 
6115 	/*
6116 	 * The last scan plan must not specify the number of
6117 	 * iterations, it is supposed to run infinitely
6118 	 */
6119 	if (request->scan_plans[n_plans - 1].iterations)
6120 		return  -EINVAL;
6121 
6122 	return 0;
6123 }
6124 
6125 static struct cfg80211_sched_scan_request *
6126 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
6127 			 struct nlattr **attrs)
6128 {
6129 	struct cfg80211_sched_scan_request *request;
6130 	struct nlattr *attr;
6131 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
6132 	enum ieee80211_band band;
6133 	size_t ie_len;
6134 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
6135 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
6136 
6137 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
6138 		return ERR_PTR(-EINVAL);
6139 
6140 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6141 		n_channels = validate_scan_freqs(
6142 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
6143 		if (!n_channels)
6144 			return ERR_PTR(-EINVAL);
6145 	} else {
6146 		n_channels = ieee80211_get_num_supported_channels(wiphy);
6147 	}
6148 
6149 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
6150 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6151 				    tmp)
6152 			n_ssids++;
6153 
6154 	if (n_ssids > wiphy->max_sched_scan_ssids)
6155 		return ERR_PTR(-EINVAL);
6156 
6157 	/*
6158 	 * First, count the number of 'real' matchsets. Due to an issue with
6159 	 * the old implementation, matchsets containing only the RSSI attribute
6160 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
6161 	 * RSSI for all matchsets, rather than their own matchset for reporting
6162 	 * all APs with a strong RSSI. This is needed to be compatible with
6163 	 * older userspace that treated a matchset with only the RSSI as the
6164 	 * global RSSI for all other matchsets - if there are other matchsets.
6165 	 */
6166 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6167 		nla_for_each_nested(attr,
6168 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6169 				    tmp) {
6170 			struct nlattr *rssi;
6171 
6172 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6173 					nla_data(attr), nla_len(attr),
6174 					nl80211_match_policy);
6175 			if (err)
6176 				return ERR_PTR(err);
6177 			/* add other standalone attributes here */
6178 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
6179 				n_match_sets++;
6180 				continue;
6181 			}
6182 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6183 			if (rssi)
6184 				default_match_rssi = nla_get_s32(rssi);
6185 		}
6186 	}
6187 
6188 	/* However, if there's no other matchset, add the RSSI one */
6189 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
6190 		n_match_sets = 1;
6191 
6192 	if (n_match_sets > wiphy->max_match_sets)
6193 		return ERR_PTR(-EINVAL);
6194 
6195 	if (attrs[NL80211_ATTR_IE])
6196 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
6197 	else
6198 		ie_len = 0;
6199 
6200 	if (ie_len > wiphy->max_sched_scan_ie_len)
6201 		return ERR_PTR(-EINVAL);
6202 
6203 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
6204 		/*
6205 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
6206 		 * each scan plan already specifies its own interval
6207 		 */
6208 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6209 			return ERR_PTR(-EINVAL);
6210 
6211 		nla_for_each_nested(attr,
6212 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
6213 			n_plans++;
6214 	} else {
6215 		/*
6216 		 * The scan interval attribute is kept for backward
6217 		 * compatibility. If no scan plans are specified and sched scan
6218 		 * interval is specified, one scan plan will be set with this
6219 		 * scan interval and infinite number of iterations.
6220 		 */
6221 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
6222 			return ERR_PTR(-EINVAL);
6223 
6224 		n_plans = 1;
6225 	}
6226 
6227 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
6228 		return ERR_PTR(-EINVAL);
6229 
6230 	request = kzalloc(sizeof(*request)
6231 			+ sizeof(*request->ssids) * n_ssids
6232 			+ sizeof(*request->match_sets) * n_match_sets
6233 			+ sizeof(*request->scan_plans) * n_plans
6234 			+ sizeof(*request->channels) * n_channels
6235 			+ ie_len, GFP_KERNEL);
6236 	if (!request)
6237 		return ERR_PTR(-ENOMEM);
6238 
6239 	if (n_ssids)
6240 		request->ssids = (void *)&request->channels[n_channels];
6241 	request->n_ssids = n_ssids;
6242 	if (ie_len) {
6243 		if (n_ssids)
6244 			request->ie = (void *)(request->ssids + n_ssids);
6245 		else
6246 			request->ie = (void *)(request->channels + n_channels);
6247 	}
6248 
6249 	if (n_match_sets) {
6250 		if (request->ie)
6251 			request->match_sets = (void *)(request->ie + ie_len);
6252 		else if (n_ssids)
6253 			request->match_sets =
6254 				(void *)(request->ssids + n_ssids);
6255 		else
6256 			request->match_sets =
6257 				(void *)(request->channels + n_channels);
6258 	}
6259 	request->n_match_sets = n_match_sets;
6260 
6261 	if (n_match_sets)
6262 		request->scan_plans = (void *)(request->match_sets +
6263 					       n_match_sets);
6264 	else if (request->ie)
6265 		request->scan_plans = (void *)(request->ie + ie_len);
6266 	else if (n_ssids)
6267 		request->scan_plans = (void *)(request->ssids + n_ssids);
6268 	else
6269 		request->scan_plans = (void *)(request->channels + n_channels);
6270 
6271 	request->n_scan_plans = n_plans;
6272 
6273 	i = 0;
6274 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6275 		/* user specified, bail out if channel not found */
6276 		nla_for_each_nested(attr,
6277 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
6278 				    tmp) {
6279 			struct ieee80211_channel *chan;
6280 
6281 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6282 
6283 			if (!chan) {
6284 				err = -EINVAL;
6285 				goto out_free;
6286 			}
6287 
6288 			/* ignore disabled channels */
6289 			if (chan->flags & IEEE80211_CHAN_DISABLED)
6290 				continue;
6291 
6292 			request->channels[i] = chan;
6293 			i++;
6294 		}
6295 	} else {
6296 		/* all channels */
6297 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6298 			int j;
6299 			if (!wiphy->bands[band])
6300 				continue;
6301 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6302 				struct ieee80211_channel *chan;
6303 
6304 				chan = &wiphy->bands[band]->channels[j];
6305 
6306 				if (chan->flags & IEEE80211_CHAN_DISABLED)
6307 					continue;
6308 
6309 				request->channels[i] = chan;
6310 				i++;
6311 			}
6312 		}
6313 	}
6314 
6315 	if (!i) {
6316 		err = -EINVAL;
6317 		goto out_free;
6318 	}
6319 
6320 	request->n_channels = i;
6321 
6322 	i = 0;
6323 	if (n_ssids) {
6324 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6325 				    tmp) {
6326 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6327 				err = -EINVAL;
6328 				goto out_free;
6329 			}
6330 			request->ssids[i].ssid_len = nla_len(attr);
6331 			memcpy(request->ssids[i].ssid, nla_data(attr),
6332 			       nla_len(attr));
6333 			i++;
6334 		}
6335 	}
6336 
6337 	i = 0;
6338 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6339 		nla_for_each_nested(attr,
6340 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6341 				    tmp) {
6342 			struct nlattr *ssid, *rssi;
6343 
6344 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6345 					nla_data(attr), nla_len(attr),
6346 					nl80211_match_policy);
6347 			if (err)
6348 				goto out_free;
6349 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
6350 			if (ssid) {
6351 				if (WARN_ON(i >= n_match_sets)) {
6352 					/* this indicates a programming error,
6353 					 * the loop above should have verified
6354 					 * things properly
6355 					 */
6356 					err = -EINVAL;
6357 					goto out_free;
6358 				}
6359 
6360 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
6361 					err = -EINVAL;
6362 					goto out_free;
6363 				}
6364 				memcpy(request->match_sets[i].ssid.ssid,
6365 				       nla_data(ssid), nla_len(ssid));
6366 				request->match_sets[i].ssid.ssid_len =
6367 					nla_len(ssid);
6368 				/* special attribute - old implemenation w/a */
6369 				request->match_sets[i].rssi_thold =
6370 					default_match_rssi;
6371 				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6372 				if (rssi)
6373 					request->match_sets[i].rssi_thold =
6374 						nla_get_s32(rssi);
6375 			}
6376 			i++;
6377 		}
6378 
6379 		/* there was no other matchset, so the RSSI one is alone */
6380 		if (i == 0 && n_match_sets)
6381 			request->match_sets[0].rssi_thold = default_match_rssi;
6382 
6383 		request->min_rssi_thold = INT_MAX;
6384 		for (i = 0; i < n_match_sets; i++)
6385 			request->min_rssi_thold =
6386 				min(request->match_sets[i].rssi_thold,
6387 				    request->min_rssi_thold);
6388 	} else {
6389 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
6390 	}
6391 
6392 	if (ie_len) {
6393 		request->ie_len = ie_len;
6394 		memcpy((void *)request->ie,
6395 		       nla_data(attrs[NL80211_ATTR_IE]),
6396 		       request->ie_len);
6397 	}
6398 
6399 	if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
6400 		request->flags = nla_get_u32(
6401 			attrs[NL80211_ATTR_SCAN_FLAGS]);
6402 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6403 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6404 			err = -EOPNOTSUPP;
6405 			goto out_free;
6406 		}
6407 
6408 		if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6409 			u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
6410 
6411 			if (!wdev) /* must be net-detect */
6412 				flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
6413 
6414 			if (!(wiphy->features & flg)) {
6415 				err = -EOPNOTSUPP;
6416 				goto out_free;
6417 			}
6418 
6419 			if (wdev && wdev->current_bss) {
6420 				err = -EOPNOTSUPP;
6421 				goto out_free;
6422 			}
6423 
6424 			err = nl80211_parse_random_mac(attrs, request->mac_addr,
6425 						       request->mac_addr_mask);
6426 			if (err)
6427 				goto out_free;
6428 		}
6429 	}
6430 
6431 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
6432 		request->delay =
6433 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
6434 
6435 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
6436 	if (err)
6437 		goto out_free;
6438 
6439 	request->scan_start = jiffies;
6440 
6441 	return request;
6442 
6443 out_free:
6444 	kfree(request);
6445 	return ERR_PTR(err);
6446 }
6447 
6448 static int nl80211_start_sched_scan(struct sk_buff *skb,
6449 				    struct genl_info *info)
6450 {
6451 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6452 	struct net_device *dev = info->user_ptr[1];
6453 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6454 	struct cfg80211_sched_scan_request *sched_scan_req;
6455 	int err;
6456 
6457 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6458 	    !rdev->ops->sched_scan_start)
6459 		return -EOPNOTSUPP;
6460 
6461 	if (rdev->sched_scan_req)
6462 		return -EINPROGRESS;
6463 
6464 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
6465 						  info->attrs);
6466 
6467 	err = PTR_ERR_OR_ZERO(sched_scan_req);
6468 	if (err)
6469 		goto out_err;
6470 
6471 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
6472 	if (err)
6473 		goto out_free;
6474 
6475 	sched_scan_req->dev = dev;
6476 	sched_scan_req->wiphy = &rdev->wiphy;
6477 
6478 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6479 		sched_scan_req->owner_nlportid = info->snd_portid;
6480 
6481 	rcu_assign_pointer(rdev->sched_scan_req, sched_scan_req);
6482 
6483 	nl80211_send_sched_scan(rdev, dev,
6484 				NL80211_CMD_START_SCHED_SCAN);
6485 	return 0;
6486 
6487 out_free:
6488 	kfree(sched_scan_req);
6489 out_err:
6490 	return err;
6491 }
6492 
6493 static int nl80211_stop_sched_scan(struct sk_buff *skb,
6494 				   struct genl_info *info)
6495 {
6496 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6497 
6498 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6499 	    !rdev->ops->sched_scan_stop)
6500 		return -EOPNOTSUPP;
6501 
6502 	return __cfg80211_stop_sched_scan(rdev, false);
6503 }
6504 
6505 static int nl80211_start_radar_detection(struct sk_buff *skb,
6506 					 struct genl_info *info)
6507 {
6508 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6509 	struct net_device *dev = info->user_ptr[1];
6510 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6511 	struct cfg80211_chan_def chandef;
6512 	enum nl80211_dfs_regions dfs_region;
6513 	unsigned int cac_time_ms;
6514 	int err;
6515 
6516 	dfs_region = reg_get_dfs_region(wdev->wiphy);
6517 	if (dfs_region == NL80211_DFS_UNSET)
6518 		return -EINVAL;
6519 
6520 	err = nl80211_parse_chandef(rdev, info, &chandef);
6521 	if (err)
6522 		return err;
6523 
6524 	if (netif_carrier_ok(dev))
6525 		return -EBUSY;
6526 
6527 	if (wdev->cac_started)
6528 		return -EBUSY;
6529 
6530 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
6531 					    wdev->iftype);
6532 	if (err < 0)
6533 		return err;
6534 
6535 	if (err == 0)
6536 		return -EINVAL;
6537 
6538 	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
6539 		return -EINVAL;
6540 
6541 	if (!rdev->ops->start_radar_detection)
6542 		return -EOPNOTSUPP;
6543 
6544 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
6545 	if (WARN_ON(!cac_time_ms))
6546 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
6547 
6548 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
6549 	if (!err) {
6550 		wdev->chandef = chandef;
6551 		wdev->cac_started = true;
6552 		wdev->cac_start_time = jiffies;
6553 		wdev->cac_time_ms = cac_time_ms;
6554 	}
6555 	return err;
6556 }
6557 
6558 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
6559 {
6560 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6561 	struct net_device *dev = info->user_ptr[1];
6562 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6563 	struct cfg80211_csa_settings params;
6564 	/* csa_attrs is defined static to avoid waste of stack size - this
6565 	 * function is called under RTNL lock, so this should not be a problem.
6566 	 */
6567 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
6568 	int err;
6569 	bool need_new_beacon = false;
6570 	int len, i;
6571 	u32 cs_count;
6572 
6573 	if (!rdev->ops->channel_switch ||
6574 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
6575 		return -EOPNOTSUPP;
6576 
6577 	switch (dev->ieee80211_ptr->iftype) {
6578 	case NL80211_IFTYPE_AP:
6579 	case NL80211_IFTYPE_P2P_GO:
6580 		need_new_beacon = true;
6581 
6582 		/* useless if AP is not running */
6583 		if (!wdev->beacon_interval)
6584 			return -ENOTCONN;
6585 		break;
6586 	case NL80211_IFTYPE_ADHOC:
6587 		if (!wdev->ssid_len)
6588 			return -ENOTCONN;
6589 		break;
6590 	case NL80211_IFTYPE_MESH_POINT:
6591 		if (!wdev->mesh_id_len)
6592 			return -ENOTCONN;
6593 		break;
6594 	default:
6595 		return -EOPNOTSUPP;
6596 	}
6597 
6598 	memset(&params, 0, sizeof(params));
6599 
6600 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
6601 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
6602 		return -EINVAL;
6603 
6604 	/* only important for AP, IBSS and mesh create IEs internally */
6605 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
6606 		return -EINVAL;
6607 
6608 	/* Even though the attribute is u32, the specification says
6609 	 * u8, so let's make sure we don't overflow.
6610 	 */
6611 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
6612 	if (cs_count > 255)
6613 		return -EINVAL;
6614 
6615 	params.count = cs_count;
6616 
6617 	if (!need_new_beacon)
6618 		goto skip_beacons;
6619 
6620 	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
6621 	if (err)
6622 		return err;
6623 
6624 	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
6625 			       info->attrs[NL80211_ATTR_CSA_IES],
6626 			       nl80211_policy);
6627 	if (err)
6628 		return err;
6629 
6630 	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
6631 	if (err)
6632 		return err;
6633 
6634 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
6635 		return -EINVAL;
6636 
6637 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6638 	if (!len || (len % sizeof(u16)))
6639 		return -EINVAL;
6640 
6641 	params.n_counter_offsets_beacon = len / sizeof(u16);
6642 	if (rdev->wiphy.max_num_csa_counters &&
6643 	    (params.n_counter_offsets_beacon >
6644 	     rdev->wiphy.max_num_csa_counters))
6645 		return -EINVAL;
6646 
6647 	params.counter_offsets_beacon =
6648 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6649 
6650 	/* sanity checks - counters should fit and be the same */
6651 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
6652 		u16 offset = params.counter_offsets_beacon[i];
6653 
6654 		if (offset >= params.beacon_csa.tail_len)
6655 			return -EINVAL;
6656 
6657 		if (params.beacon_csa.tail[offset] != params.count)
6658 			return -EINVAL;
6659 	}
6660 
6661 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
6662 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6663 		if (!len || (len % sizeof(u16)))
6664 			return -EINVAL;
6665 
6666 		params.n_counter_offsets_presp = len / sizeof(u16);
6667 		if (rdev->wiphy.max_num_csa_counters &&
6668 		    (params.n_counter_offsets_beacon >
6669 		     rdev->wiphy.max_num_csa_counters))
6670 			return -EINVAL;
6671 
6672 		params.counter_offsets_presp =
6673 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6674 
6675 		/* sanity checks - counters should fit and be the same */
6676 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
6677 			u16 offset = params.counter_offsets_presp[i];
6678 
6679 			if (offset >= params.beacon_csa.probe_resp_len)
6680 				return -EINVAL;
6681 
6682 			if (params.beacon_csa.probe_resp[offset] !=
6683 			    params.count)
6684 				return -EINVAL;
6685 		}
6686 	}
6687 
6688 skip_beacons:
6689 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
6690 	if (err)
6691 		return err;
6692 
6693 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
6694 					   wdev->iftype))
6695 		return -EINVAL;
6696 
6697 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
6698 					    &params.chandef,
6699 					    wdev->iftype);
6700 	if (err < 0)
6701 		return err;
6702 
6703 	if (err > 0)
6704 		params.radar_required = true;
6705 
6706 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
6707 		params.block_tx = true;
6708 
6709 	wdev_lock(wdev);
6710 	err = rdev_channel_switch(rdev, dev, &params);
6711 	wdev_unlock(wdev);
6712 
6713 	return err;
6714 }
6715 
6716 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
6717 			    u32 seq, int flags,
6718 			    struct cfg80211_registered_device *rdev,
6719 			    struct wireless_dev *wdev,
6720 			    struct cfg80211_internal_bss *intbss)
6721 {
6722 	struct cfg80211_bss *res = &intbss->pub;
6723 	const struct cfg80211_bss_ies *ies;
6724 	void *hdr;
6725 	struct nlattr *bss;
6726 
6727 	ASSERT_WDEV_LOCK(wdev);
6728 
6729 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6730 			     NL80211_CMD_NEW_SCAN_RESULTS);
6731 	if (!hdr)
6732 		return -1;
6733 
6734 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6735 
6736 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
6737 		goto nla_put_failure;
6738 	if (wdev->netdev &&
6739 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
6740 		goto nla_put_failure;
6741 	if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
6742 		goto nla_put_failure;
6743 
6744 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
6745 	if (!bss)
6746 		goto nla_put_failure;
6747 	if ((!is_zero_ether_addr(res->bssid) &&
6748 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6749 		goto nla_put_failure;
6750 
6751 	rcu_read_lock();
6752 	/* indicate whether we have probe response data or not */
6753 	if (rcu_access_pointer(res->proberesp_ies) &&
6754 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
6755 		goto fail_unlock_rcu;
6756 
6757 	/* this pointer prefers to be pointed to probe response data
6758 	 * but is always valid
6759 	 */
6760 	ies = rcu_dereference(res->ies);
6761 	if (ies) {
6762 		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6763 			goto fail_unlock_rcu;
6764 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
6765 					ies->len, ies->data))
6766 			goto fail_unlock_rcu;
6767 	}
6768 
6769 	/* and this pointer is always (unless driver didn't know) beacon data */
6770 	ies = rcu_dereference(res->beacon_ies);
6771 	if (ies && ies->from_beacon) {
6772 		if (nla_put_u64(msg, NL80211_BSS_BEACON_TSF, ies->tsf))
6773 			goto fail_unlock_rcu;
6774 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
6775 					ies->len, ies->data))
6776 			goto fail_unlock_rcu;
6777 	}
6778 	rcu_read_unlock();
6779 
6780 	if (res->beacon_interval &&
6781 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
6782 		goto nla_put_failure;
6783 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
6784 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6785 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6786 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6787 			jiffies_to_msecs(jiffies - intbss->ts)))
6788 		goto nla_put_failure;
6789 
6790 	if (intbss->ts_boottime &&
6791 	    nla_put_u64(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
6792 			intbss->ts_boottime))
6793 		goto nla_put_failure;
6794 
6795 	switch (rdev->wiphy.signal_type) {
6796 	case CFG80211_SIGNAL_TYPE_MBM:
6797 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6798 			goto nla_put_failure;
6799 		break;
6800 	case CFG80211_SIGNAL_TYPE_UNSPEC:
6801 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6802 			goto nla_put_failure;
6803 		break;
6804 	default:
6805 		break;
6806 	}
6807 
6808 	switch (wdev->iftype) {
6809 	case NL80211_IFTYPE_P2P_CLIENT:
6810 	case NL80211_IFTYPE_STATION:
6811 		if (intbss == wdev->current_bss &&
6812 		    nla_put_u32(msg, NL80211_BSS_STATUS,
6813 				NL80211_BSS_STATUS_ASSOCIATED))
6814 			goto nla_put_failure;
6815 		break;
6816 	case NL80211_IFTYPE_ADHOC:
6817 		if (intbss == wdev->current_bss &&
6818 		    nla_put_u32(msg, NL80211_BSS_STATUS,
6819 				NL80211_BSS_STATUS_IBSS_JOINED))
6820 			goto nla_put_failure;
6821 		break;
6822 	default:
6823 		break;
6824 	}
6825 
6826 	nla_nest_end(msg, bss);
6827 
6828 	genlmsg_end(msg, hdr);
6829 	return 0;
6830 
6831  fail_unlock_rcu:
6832 	rcu_read_unlock();
6833  nla_put_failure:
6834 	genlmsg_cancel(msg, hdr);
6835 	return -EMSGSIZE;
6836 }
6837 
6838 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6839 {
6840 	struct cfg80211_registered_device *rdev;
6841 	struct cfg80211_internal_bss *scan;
6842 	struct wireless_dev *wdev;
6843 	int start = cb->args[2], idx = 0;
6844 	int err;
6845 
6846 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6847 	if (err)
6848 		return err;
6849 
6850 	wdev_lock(wdev);
6851 	spin_lock_bh(&rdev->bss_lock);
6852 	cfg80211_bss_expire(rdev);
6853 
6854 	cb->seq = rdev->bss_generation;
6855 
6856 	list_for_each_entry(scan, &rdev->bss_list, list) {
6857 		if (++idx <= start)
6858 			continue;
6859 		if (nl80211_send_bss(skb, cb,
6860 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6861 				rdev, wdev, scan) < 0) {
6862 			idx--;
6863 			break;
6864 		}
6865 	}
6866 
6867 	spin_unlock_bh(&rdev->bss_lock);
6868 	wdev_unlock(wdev);
6869 
6870 	cb->args[2] = idx;
6871 	nl80211_finish_wdev_dump(rdev);
6872 
6873 	return skb->len;
6874 }
6875 
6876 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6877 			       int flags, struct net_device *dev,
6878 			       bool allow_radio_stats,
6879 			       struct survey_info *survey)
6880 {
6881 	void *hdr;
6882 	struct nlattr *infoattr;
6883 
6884 	/* skip radio stats if userspace didn't request them */
6885 	if (!survey->channel && !allow_radio_stats)
6886 		return 0;
6887 
6888 	hdr = nl80211hdr_put(msg, portid, seq, flags,
6889 			     NL80211_CMD_NEW_SURVEY_RESULTS);
6890 	if (!hdr)
6891 		return -ENOMEM;
6892 
6893 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6894 		goto nla_put_failure;
6895 
6896 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6897 	if (!infoattr)
6898 		goto nla_put_failure;
6899 
6900 	if (survey->channel &&
6901 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6902 			survey->channel->center_freq))
6903 		goto nla_put_failure;
6904 
6905 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6906 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6907 		goto nla_put_failure;
6908 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
6909 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6910 		goto nla_put_failure;
6911 	if ((survey->filled & SURVEY_INFO_TIME) &&
6912 	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME,
6913 			survey->time))
6914 		goto nla_put_failure;
6915 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
6916 	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_BUSY,
6917 			survey->time_busy))
6918 		goto nla_put_failure;
6919 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
6920 	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
6921 			survey->time_ext_busy))
6922 		goto nla_put_failure;
6923 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
6924 	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_RX,
6925 			survey->time_rx))
6926 		goto nla_put_failure;
6927 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
6928 	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_TX,
6929 			survey->time_tx))
6930 		goto nla_put_failure;
6931 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
6932 	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_SCAN,
6933 			survey->time_scan))
6934 		goto nla_put_failure;
6935 
6936 	nla_nest_end(msg, infoattr);
6937 
6938 	genlmsg_end(msg, hdr);
6939 	return 0;
6940 
6941  nla_put_failure:
6942 	genlmsg_cancel(msg, hdr);
6943 	return -EMSGSIZE;
6944 }
6945 
6946 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
6947 {
6948 	struct survey_info survey;
6949 	struct cfg80211_registered_device *rdev;
6950 	struct wireless_dev *wdev;
6951 	int survey_idx = cb->args[2];
6952 	int res;
6953 	bool radio_stats;
6954 
6955 	res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6956 	if (res)
6957 		return res;
6958 
6959 	/* prepare_wdev_dump parsed the attributes */
6960 	radio_stats = nl80211_fam.attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
6961 
6962 	if (!wdev->netdev) {
6963 		res = -EINVAL;
6964 		goto out_err;
6965 	}
6966 
6967 	if (!rdev->ops->dump_survey) {
6968 		res = -EOPNOTSUPP;
6969 		goto out_err;
6970 	}
6971 
6972 	while (1) {
6973 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6974 		if (res == -ENOENT)
6975 			break;
6976 		if (res)
6977 			goto out_err;
6978 
6979 		/* don't send disabled channels, but do send non-channel data */
6980 		if (survey.channel &&
6981 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
6982 			survey_idx++;
6983 			continue;
6984 		}
6985 
6986 		if (nl80211_send_survey(skb,
6987 				NETLINK_CB(cb->skb).portid,
6988 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6989 				wdev->netdev, radio_stats, &survey) < 0)
6990 			goto out;
6991 		survey_idx++;
6992 	}
6993 
6994  out:
6995 	cb->args[2] = survey_idx;
6996 	res = skb->len;
6997  out_err:
6998 	nl80211_finish_wdev_dump(rdev);
6999 	return res;
7000 }
7001 
7002 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
7003 {
7004 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
7005 				  NL80211_WPA_VERSION_2));
7006 }
7007 
7008 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
7009 {
7010 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7011 	struct net_device *dev = info->user_ptr[1];
7012 	struct ieee80211_channel *chan;
7013 	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
7014 	int err, ssid_len, ie_len = 0, sae_data_len = 0;
7015 	enum nl80211_auth_type auth_type;
7016 	struct key_parse key;
7017 	bool local_state_change;
7018 
7019 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7020 		return -EINVAL;
7021 
7022 	if (!info->attrs[NL80211_ATTR_MAC])
7023 		return -EINVAL;
7024 
7025 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
7026 		return -EINVAL;
7027 
7028 	if (!info->attrs[NL80211_ATTR_SSID])
7029 		return -EINVAL;
7030 
7031 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7032 		return -EINVAL;
7033 
7034 	err = nl80211_parse_key(info, &key);
7035 	if (err)
7036 		return err;
7037 
7038 	if (key.idx >= 0) {
7039 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
7040 			return -EINVAL;
7041 		if (!key.p.key || !key.p.key_len)
7042 			return -EINVAL;
7043 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
7044 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
7045 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
7046 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
7047 			return -EINVAL;
7048 		if (key.idx > 4)
7049 			return -EINVAL;
7050 	} else {
7051 		key.p.key_len = 0;
7052 		key.p.key = NULL;
7053 	}
7054 
7055 	if (key.idx >= 0) {
7056 		int i;
7057 		bool ok = false;
7058 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
7059 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
7060 				ok = true;
7061 				break;
7062 			}
7063 		}
7064 		if (!ok)
7065 			return -EINVAL;
7066 	}
7067 
7068 	if (!rdev->ops->auth)
7069 		return -EOPNOTSUPP;
7070 
7071 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7072 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7073 		return -EOPNOTSUPP;
7074 
7075 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7076 	chan = nl80211_get_valid_chan(&rdev->wiphy,
7077 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7078 	if (!chan)
7079 		return -EINVAL;
7080 
7081 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7082 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7083 
7084 	if (info->attrs[NL80211_ATTR_IE]) {
7085 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7086 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7087 	}
7088 
7089 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7090 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
7091 		return -EINVAL;
7092 
7093 	if (auth_type == NL80211_AUTHTYPE_SAE &&
7094 	    !info->attrs[NL80211_ATTR_SAE_DATA])
7095 		return -EINVAL;
7096 
7097 	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
7098 		if (auth_type != NL80211_AUTHTYPE_SAE)
7099 			return -EINVAL;
7100 		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
7101 		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
7102 		/* need to include at least Auth Transaction and Status Code */
7103 		if (sae_data_len < 4)
7104 			return -EINVAL;
7105 	}
7106 
7107 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7108 
7109 	/*
7110 	 * Since we no longer track auth state, ignore
7111 	 * requests to only change local state.
7112 	 */
7113 	if (local_state_change)
7114 		return 0;
7115 
7116 	wdev_lock(dev->ieee80211_ptr);
7117 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
7118 				 ssid, ssid_len, ie, ie_len,
7119 				 key.p.key, key.p.key_len, key.idx,
7120 				 sae_data, sae_data_len);
7121 	wdev_unlock(dev->ieee80211_ptr);
7122 	return err;
7123 }
7124 
7125 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
7126 				   struct genl_info *info,
7127 				   struct cfg80211_crypto_settings *settings,
7128 				   int cipher_limit)
7129 {
7130 	memset(settings, 0, sizeof(*settings));
7131 
7132 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
7133 
7134 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
7135 		u16 proto;
7136 		proto = nla_get_u16(
7137 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
7138 		settings->control_port_ethertype = cpu_to_be16(proto);
7139 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
7140 		    proto != ETH_P_PAE)
7141 			return -EINVAL;
7142 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
7143 			settings->control_port_no_encrypt = true;
7144 	} else
7145 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
7146 
7147 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
7148 		void *data;
7149 		int len, i;
7150 
7151 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7152 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
7153 		settings->n_ciphers_pairwise = len / sizeof(u32);
7154 
7155 		if (len % sizeof(u32))
7156 			return -EINVAL;
7157 
7158 		if (settings->n_ciphers_pairwise > cipher_limit)
7159 			return -EINVAL;
7160 
7161 		memcpy(settings->ciphers_pairwise, data, len);
7162 
7163 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
7164 			if (!cfg80211_supported_cipher_suite(
7165 					&rdev->wiphy,
7166 					settings->ciphers_pairwise[i]))
7167 				return -EINVAL;
7168 	}
7169 
7170 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
7171 		settings->cipher_group =
7172 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
7173 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
7174 						     settings->cipher_group))
7175 			return -EINVAL;
7176 	}
7177 
7178 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
7179 		settings->wpa_versions =
7180 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
7181 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
7182 			return -EINVAL;
7183 	}
7184 
7185 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
7186 		void *data;
7187 		int len;
7188 
7189 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
7190 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
7191 		settings->n_akm_suites = len / sizeof(u32);
7192 
7193 		if (len % sizeof(u32))
7194 			return -EINVAL;
7195 
7196 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
7197 			return -EINVAL;
7198 
7199 		memcpy(settings->akm_suites, data, len);
7200 	}
7201 
7202 	return 0;
7203 }
7204 
7205 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
7206 {
7207 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7208 	struct net_device *dev = info->user_ptr[1];
7209 	struct ieee80211_channel *chan;
7210 	struct cfg80211_assoc_request req = {};
7211 	const u8 *bssid, *ssid;
7212 	int err, ssid_len = 0;
7213 
7214 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7215 		return -EINVAL;
7216 
7217 	if (!info->attrs[NL80211_ATTR_MAC] ||
7218 	    !info->attrs[NL80211_ATTR_SSID] ||
7219 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
7220 		return -EINVAL;
7221 
7222 	if (!rdev->ops->assoc)
7223 		return -EOPNOTSUPP;
7224 
7225 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7226 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7227 		return -EOPNOTSUPP;
7228 
7229 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7230 
7231 	chan = nl80211_get_valid_chan(&rdev->wiphy,
7232 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7233 	if (!chan)
7234 		return -EINVAL;
7235 
7236 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7237 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7238 
7239 	if (info->attrs[NL80211_ATTR_IE]) {
7240 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7241 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7242 	}
7243 
7244 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7245 		enum nl80211_mfp mfp =
7246 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7247 		if (mfp == NL80211_MFP_REQUIRED)
7248 			req.use_mfp = true;
7249 		else if (mfp != NL80211_MFP_NO)
7250 			return -EINVAL;
7251 	}
7252 
7253 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
7254 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
7255 
7256 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7257 		req.flags |= ASSOC_REQ_DISABLE_HT;
7258 
7259 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7260 		memcpy(&req.ht_capa_mask,
7261 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7262 		       sizeof(req.ht_capa_mask));
7263 
7264 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7265 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7266 			return -EINVAL;
7267 		memcpy(&req.ht_capa,
7268 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7269 		       sizeof(req.ht_capa));
7270 	}
7271 
7272 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7273 		req.flags |= ASSOC_REQ_DISABLE_VHT;
7274 
7275 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7276 		memcpy(&req.vht_capa_mask,
7277 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7278 		       sizeof(req.vht_capa_mask));
7279 
7280 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7281 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7282 			return -EINVAL;
7283 		memcpy(&req.vht_capa,
7284 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7285 		       sizeof(req.vht_capa));
7286 	}
7287 
7288 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7289 		if (!((rdev->wiphy.features &
7290 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
7291 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
7292 		    !wiphy_ext_feature_isset(&rdev->wiphy,
7293 					     NL80211_EXT_FEATURE_RRM))
7294 			return -EINVAL;
7295 		req.flags |= ASSOC_REQ_USE_RRM;
7296 	}
7297 
7298 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
7299 	if (!err) {
7300 		wdev_lock(dev->ieee80211_ptr);
7301 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
7302 					  ssid, ssid_len, &req);
7303 		wdev_unlock(dev->ieee80211_ptr);
7304 	}
7305 
7306 	return err;
7307 }
7308 
7309 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
7310 {
7311 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7312 	struct net_device *dev = info->user_ptr[1];
7313 	const u8 *ie = NULL, *bssid;
7314 	int ie_len = 0, err;
7315 	u16 reason_code;
7316 	bool local_state_change;
7317 
7318 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7319 		return -EINVAL;
7320 
7321 	if (!info->attrs[NL80211_ATTR_MAC])
7322 		return -EINVAL;
7323 
7324 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7325 		return -EINVAL;
7326 
7327 	if (!rdev->ops->deauth)
7328 		return -EOPNOTSUPP;
7329 
7330 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7331 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7332 		return -EOPNOTSUPP;
7333 
7334 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7335 
7336 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7337 	if (reason_code == 0) {
7338 		/* Reason Code 0 is reserved */
7339 		return -EINVAL;
7340 	}
7341 
7342 	if (info->attrs[NL80211_ATTR_IE]) {
7343 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7344 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7345 	}
7346 
7347 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7348 
7349 	wdev_lock(dev->ieee80211_ptr);
7350 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
7351 				   local_state_change);
7352 	wdev_unlock(dev->ieee80211_ptr);
7353 	return err;
7354 }
7355 
7356 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
7357 {
7358 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7359 	struct net_device *dev = info->user_ptr[1];
7360 	const u8 *ie = NULL, *bssid;
7361 	int ie_len = 0, err;
7362 	u16 reason_code;
7363 	bool local_state_change;
7364 
7365 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7366 		return -EINVAL;
7367 
7368 	if (!info->attrs[NL80211_ATTR_MAC])
7369 		return -EINVAL;
7370 
7371 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7372 		return -EINVAL;
7373 
7374 	if (!rdev->ops->disassoc)
7375 		return -EOPNOTSUPP;
7376 
7377 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7378 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7379 		return -EOPNOTSUPP;
7380 
7381 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7382 
7383 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7384 	if (reason_code == 0) {
7385 		/* Reason Code 0 is reserved */
7386 		return -EINVAL;
7387 	}
7388 
7389 	if (info->attrs[NL80211_ATTR_IE]) {
7390 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7391 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7392 	}
7393 
7394 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7395 
7396 	wdev_lock(dev->ieee80211_ptr);
7397 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
7398 				     local_state_change);
7399 	wdev_unlock(dev->ieee80211_ptr);
7400 	return err;
7401 }
7402 
7403 static bool
7404 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
7405 			 int mcast_rate[IEEE80211_NUM_BANDS],
7406 			 int rateval)
7407 {
7408 	struct wiphy *wiphy = &rdev->wiphy;
7409 	bool found = false;
7410 	int band, i;
7411 
7412 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
7413 		struct ieee80211_supported_band *sband;
7414 
7415 		sband = wiphy->bands[band];
7416 		if (!sband)
7417 			continue;
7418 
7419 		for (i = 0; i < sband->n_bitrates; i++) {
7420 			if (sband->bitrates[i].bitrate == rateval) {
7421 				mcast_rate[band] = i + 1;
7422 				found = true;
7423 				break;
7424 			}
7425 		}
7426 	}
7427 
7428 	return found;
7429 }
7430 
7431 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
7432 {
7433 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7434 	struct net_device *dev = info->user_ptr[1];
7435 	struct cfg80211_ibss_params ibss;
7436 	struct wiphy *wiphy;
7437 	struct cfg80211_cached_keys *connkeys = NULL;
7438 	int err;
7439 
7440 	memset(&ibss, 0, sizeof(ibss));
7441 
7442 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7443 		return -EINVAL;
7444 
7445 	if (!info->attrs[NL80211_ATTR_SSID] ||
7446 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7447 		return -EINVAL;
7448 
7449 	ibss.beacon_interval = 100;
7450 
7451 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7452 		ibss.beacon_interval =
7453 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7454 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
7455 			return -EINVAL;
7456 	}
7457 
7458 	if (!rdev->ops->join_ibss)
7459 		return -EOPNOTSUPP;
7460 
7461 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7462 		return -EOPNOTSUPP;
7463 
7464 	wiphy = &rdev->wiphy;
7465 
7466 	if (info->attrs[NL80211_ATTR_MAC]) {
7467 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7468 
7469 		if (!is_valid_ether_addr(ibss.bssid))
7470 			return -EINVAL;
7471 	}
7472 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7473 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7474 
7475 	if (info->attrs[NL80211_ATTR_IE]) {
7476 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7477 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7478 	}
7479 
7480 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
7481 	if (err)
7482 		return err;
7483 
7484 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
7485 				     NL80211_IFTYPE_ADHOC))
7486 		return -EINVAL;
7487 
7488 	switch (ibss.chandef.width) {
7489 	case NL80211_CHAN_WIDTH_5:
7490 	case NL80211_CHAN_WIDTH_10:
7491 	case NL80211_CHAN_WIDTH_20_NOHT:
7492 		break;
7493 	case NL80211_CHAN_WIDTH_20:
7494 	case NL80211_CHAN_WIDTH_40:
7495 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7496 			return -EINVAL;
7497 		break;
7498 	case NL80211_CHAN_WIDTH_80:
7499 	case NL80211_CHAN_WIDTH_80P80:
7500 	case NL80211_CHAN_WIDTH_160:
7501 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7502 			return -EINVAL;
7503 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7504 					     NL80211_EXT_FEATURE_VHT_IBSS))
7505 			return -EINVAL;
7506 		break;
7507 	default:
7508 		return -EINVAL;
7509 	}
7510 
7511 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
7512 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
7513 
7514 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7515 		u8 *rates =
7516 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7517 		int n_rates =
7518 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7519 		struct ieee80211_supported_band *sband =
7520 			wiphy->bands[ibss.chandef.chan->band];
7521 
7522 		err = ieee80211_get_ratemask(sband, rates, n_rates,
7523 					     &ibss.basic_rates);
7524 		if (err)
7525 			return err;
7526 	}
7527 
7528 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7529 		memcpy(&ibss.ht_capa_mask,
7530 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7531 		       sizeof(ibss.ht_capa_mask));
7532 
7533 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7534 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7535 			return -EINVAL;
7536 		memcpy(&ibss.ht_capa,
7537 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7538 		       sizeof(ibss.ht_capa));
7539 	}
7540 
7541 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7542 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
7543 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7544 		return -EINVAL;
7545 
7546 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7547 		bool no_ht = false;
7548 
7549 		connkeys = nl80211_parse_connkeys(rdev,
7550 					  info->attrs[NL80211_ATTR_KEYS],
7551 					  &no_ht);
7552 		if (IS_ERR(connkeys))
7553 			return PTR_ERR(connkeys);
7554 
7555 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
7556 		    no_ht) {
7557 			kzfree(connkeys);
7558 			return -EINVAL;
7559 		}
7560 	}
7561 
7562 	ibss.control_port =
7563 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
7564 
7565 	ibss.userspace_handles_dfs =
7566 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
7567 
7568 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
7569 	if (err)
7570 		kzfree(connkeys);
7571 	return err;
7572 }
7573 
7574 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
7575 {
7576 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7577 	struct net_device *dev = info->user_ptr[1];
7578 
7579 	if (!rdev->ops->leave_ibss)
7580 		return -EOPNOTSUPP;
7581 
7582 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7583 		return -EOPNOTSUPP;
7584 
7585 	return cfg80211_leave_ibss(rdev, dev, false);
7586 }
7587 
7588 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
7589 {
7590 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7591 	struct net_device *dev = info->user_ptr[1];
7592 	int mcast_rate[IEEE80211_NUM_BANDS];
7593 	u32 nla_rate;
7594 	int err;
7595 
7596 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
7597 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
7598 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
7599 		return -EOPNOTSUPP;
7600 
7601 	if (!rdev->ops->set_mcast_rate)
7602 		return -EOPNOTSUPP;
7603 
7604 	memset(mcast_rate, 0, sizeof(mcast_rate));
7605 
7606 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
7607 		return -EINVAL;
7608 
7609 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
7610 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
7611 		return -EINVAL;
7612 
7613 	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
7614 
7615 	return err;
7616 }
7617 
7618 static struct sk_buff *
7619 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
7620 			    struct wireless_dev *wdev, int approxlen,
7621 			    u32 portid, u32 seq, enum nl80211_commands cmd,
7622 			    enum nl80211_attrs attr,
7623 			    const struct nl80211_vendor_cmd_info *info,
7624 			    gfp_t gfp)
7625 {
7626 	struct sk_buff *skb;
7627 	void *hdr;
7628 	struct nlattr *data;
7629 
7630 	skb = nlmsg_new(approxlen + 100, gfp);
7631 	if (!skb)
7632 		return NULL;
7633 
7634 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
7635 	if (!hdr) {
7636 		kfree_skb(skb);
7637 		return NULL;
7638 	}
7639 
7640 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
7641 		goto nla_put_failure;
7642 
7643 	if (info) {
7644 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
7645 				info->vendor_id))
7646 			goto nla_put_failure;
7647 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
7648 				info->subcmd))
7649 			goto nla_put_failure;
7650 	}
7651 
7652 	if (wdev) {
7653 		if (nla_put_u64(skb, NL80211_ATTR_WDEV,
7654 				wdev_id(wdev)))
7655 			goto nla_put_failure;
7656 		if (wdev->netdev &&
7657 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
7658 				wdev->netdev->ifindex))
7659 			goto nla_put_failure;
7660 	}
7661 
7662 	data = nla_nest_start(skb, attr);
7663 
7664 	((void **)skb->cb)[0] = rdev;
7665 	((void **)skb->cb)[1] = hdr;
7666 	((void **)skb->cb)[2] = data;
7667 
7668 	return skb;
7669 
7670  nla_put_failure:
7671 	kfree_skb(skb);
7672 	return NULL;
7673 }
7674 
7675 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
7676 					   struct wireless_dev *wdev,
7677 					   enum nl80211_commands cmd,
7678 					   enum nl80211_attrs attr,
7679 					   int vendor_event_idx,
7680 					   int approxlen, gfp_t gfp)
7681 {
7682 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
7683 	const struct nl80211_vendor_cmd_info *info;
7684 
7685 	switch (cmd) {
7686 	case NL80211_CMD_TESTMODE:
7687 		if (WARN_ON(vendor_event_idx != -1))
7688 			return NULL;
7689 		info = NULL;
7690 		break;
7691 	case NL80211_CMD_VENDOR:
7692 		if (WARN_ON(vendor_event_idx < 0 ||
7693 			    vendor_event_idx >= wiphy->n_vendor_events))
7694 			return NULL;
7695 		info = &wiphy->vendor_events[vendor_event_idx];
7696 		break;
7697 	default:
7698 		WARN_ON(1);
7699 		return NULL;
7700 	}
7701 
7702 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
7703 					   cmd, attr, info, gfp);
7704 }
7705 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
7706 
7707 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
7708 {
7709 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
7710 	void *hdr = ((void **)skb->cb)[1];
7711 	struct nlattr *data = ((void **)skb->cb)[2];
7712 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
7713 
7714 	/* clear CB data for netlink core to own from now on */
7715 	memset(skb->cb, 0, sizeof(skb->cb));
7716 
7717 	nla_nest_end(skb, data);
7718 	genlmsg_end(skb, hdr);
7719 
7720 	if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
7721 		mcgrp = NL80211_MCGRP_VENDOR;
7722 
7723 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
7724 				mcgrp, gfp);
7725 }
7726 EXPORT_SYMBOL(__cfg80211_send_event_skb);
7727 
7728 #ifdef CONFIG_NL80211_TESTMODE
7729 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
7730 {
7731 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7732 	struct wireless_dev *wdev =
7733 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
7734 	int err;
7735 
7736 	if (!rdev->ops->testmode_cmd)
7737 		return -EOPNOTSUPP;
7738 
7739 	if (IS_ERR(wdev)) {
7740 		err = PTR_ERR(wdev);
7741 		if (err != -EINVAL)
7742 			return err;
7743 		wdev = NULL;
7744 	} else if (wdev->wiphy != &rdev->wiphy) {
7745 		return -EINVAL;
7746 	}
7747 
7748 	if (!info->attrs[NL80211_ATTR_TESTDATA])
7749 		return -EINVAL;
7750 
7751 	rdev->cur_cmd_info = info;
7752 	err = rdev_testmode_cmd(rdev, wdev,
7753 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
7754 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
7755 	rdev->cur_cmd_info = NULL;
7756 
7757 	return err;
7758 }
7759 
7760 static int nl80211_testmode_dump(struct sk_buff *skb,
7761 				 struct netlink_callback *cb)
7762 {
7763 	struct cfg80211_registered_device *rdev;
7764 	int err;
7765 	long phy_idx;
7766 	void *data = NULL;
7767 	int data_len = 0;
7768 
7769 	rtnl_lock();
7770 
7771 	if (cb->args[0]) {
7772 		/*
7773 		 * 0 is a valid index, but not valid for args[0],
7774 		 * so we need to offset by 1.
7775 		 */
7776 		phy_idx = cb->args[0] - 1;
7777 	} else {
7778 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
7779 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
7780 				  nl80211_policy);
7781 		if (err)
7782 			goto out_err;
7783 
7784 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
7785 						  nl80211_fam.attrbuf);
7786 		if (IS_ERR(rdev)) {
7787 			err = PTR_ERR(rdev);
7788 			goto out_err;
7789 		}
7790 		phy_idx = rdev->wiphy_idx;
7791 		rdev = NULL;
7792 
7793 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
7794 			cb->args[1] =
7795 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
7796 	}
7797 
7798 	if (cb->args[1]) {
7799 		data = nla_data((void *)cb->args[1]);
7800 		data_len = nla_len((void *)cb->args[1]);
7801 	}
7802 
7803 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
7804 	if (!rdev) {
7805 		err = -ENOENT;
7806 		goto out_err;
7807 	}
7808 
7809 	if (!rdev->ops->testmode_dump) {
7810 		err = -EOPNOTSUPP;
7811 		goto out_err;
7812 	}
7813 
7814 	while (1) {
7815 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
7816 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
7817 					   NL80211_CMD_TESTMODE);
7818 		struct nlattr *tmdata;
7819 
7820 		if (!hdr)
7821 			break;
7822 
7823 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
7824 			genlmsg_cancel(skb, hdr);
7825 			break;
7826 		}
7827 
7828 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
7829 		if (!tmdata) {
7830 			genlmsg_cancel(skb, hdr);
7831 			break;
7832 		}
7833 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7834 		nla_nest_end(skb, tmdata);
7835 
7836 		if (err == -ENOBUFS || err == -ENOENT) {
7837 			genlmsg_cancel(skb, hdr);
7838 			break;
7839 		} else if (err) {
7840 			genlmsg_cancel(skb, hdr);
7841 			goto out_err;
7842 		}
7843 
7844 		genlmsg_end(skb, hdr);
7845 	}
7846 
7847 	err = skb->len;
7848 	/* see above */
7849 	cb->args[0] = phy_idx + 1;
7850  out_err:
7851 	rtnl_unlock();
7852 	return err;
7853 }
7854 #endif
7855 
7856 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7857 {
7858 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7859 	struct net_device *dev = info->user_ptr[1];
7860 	struct cfg80211_connect_params connect;
7861 	struct wiphy *wiphy;
7862 	struct cfg80211_cached_keys *connkeys = NULL;
7863 	int err;
7864 
7865 	memset(&connect, 0, sizeof(connect));
7866 
7867 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7868 		return -EINVAL;
7869 
7870 	if (!info->attrs[NL80211_ATTR_SSID] ||
7871 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7872 		return -EINVAL;
7873 
7874 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7875 		connect.auth_type =
7876 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7877 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7878 					     NL80211_CMD_CONNECT))
7879 			return -EINVAL;
7880 	} else
7881 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7882 
7883 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7884 
7885 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7886 				      NL80211_MAX_NR_CIPHER_SUITES);
7887 	if (err)
7888 		return err;
7889 
7890 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7891 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7892 		return -EOPNOTSUPP;
7893 
7894 	wiphy = &rdev->wiphy;
7895 
7896 	connect.bg_scan_period = -1;
7897 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7898 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7899 		connect.bg_scan_period =
7900 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7901 	}
7902 
7903 	if (info->attrs[NL80211_ATTR_MAC])
7904 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7905 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
7906 		connect.bssid_hint =
7907 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7908 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7909 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7910 
7911 	if (info->attrs[NL80211_ATTR_IE]) {
7912 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7913 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7914 	}
7915 
7916 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7917 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7918 		if (connect.mfp != NL80211_MFP_REQUIRED &&
7919 		    connect.mfp != NL80211_MFP_NO)
7920 			return -EINVAL;
7921 	} else {
7922 		connect.mfp = NL80211_MFP_NO;
7923 	}
7924 
7925 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7926 		connect.channel = nl80211_get_valid_chan(
7927 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7928 		if (!connect.channel)
7929 			return -EINVAL;
7930 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7931 		connect.channel_hint = nl80211_get_valid_chan(
7932 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7933 		if (!connect.channel_hint)
7934 			return -EINVAL;
7935 	}
7936 
7937 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7938 		connkeys = nl80211_parse_connkeys(rdev,
7939 					  info->attrs[NL80211_ATTR_KEYS], NULL);
7940 		if (IS_ERR(connkeys))
7941 			return PTR_ERR(connkeys);
7942 	}
7943 
7944 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7945 		connect.flags |= ASSOC_REQ_DISABLE_HT;
7946 
7947 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7948 		memcpy(&connect.ht_capa_mask,
7949 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7950 		       sizeof(connect.ht_capa_mask));
7951 
7952 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7953 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7954 			kzfree(connkeys);
7955 			return -EINVAL;
7956 		}
7957 		memcpy(&connect.ht_capa,
7958 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7959 		       sizeof(connect.ht_capa));
7960 	}
7961 
7962 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7963 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
7964 
7965 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7966 		memcpy(&connect.vht_capa_mask,
7967 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7968 		       sizeof(connect.vht_capa_mask));
7969 
7970 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7971 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7972 			kzfree(connkeys);
7973 			return -EINVAL;
7974 		}
7975 		memcpy(&connect.vht_capa,
7976 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7977 		       sizeof(connect.vht_capa));
7978 	}
7979 
7980 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7981 		if (!((rdev->wiphy.features &
7982 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
7983 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
7984 		    !wiphy_ext_feature_isset(&rdev->wiphy,
7985 					     NL80211_EXT_FEATURE_RRM)) {
7986 			kzfree(connkeys);
7987 			return -EINVAL;
7988 		}
7989 		connect.flags |= ASSOC_REQ_USE_RRM;
7990 	}
7991 
7992 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
7993 	if (connect.pbss && !rdev->wiphy.bands[IEEE80211_BAND_60GHZ]) {
7994 		kzfree(connkeys);
7995 		return -EOPNOTSUPP;
7996 	}
7997 
7998 	wdev_lock(dev->ieee80211_ptr);
7999 	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
8000 	wdev_unlock(dev->ieee80211_ptr);
8001 	if (err)
8002 		kzfree(connkeys);
8003 	return err;
8004 }
8005 
8006 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
8007 {
8008 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8009 	struct net_device *dev = info->user_ptr[1];
8010 	u16 reason;
8011 	int ret;
8012 
8013 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
8014 		reason = WLAN_REASON_DEAUTH_LEAVING;
8015 	else
8016 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8017 
8018 	if (reason == 0)
8019 		return -EINVAL;
8020 
8021 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8022 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8023 		return -EOPNOTSUPP;
8024 
8025 	wdev_lock(dev->ieee80211_ptr);
8026 	ret = cfg80211_disconnect(rdev, dev, reason, true);
8027 	wdev_unlock(dev->ieee80211_ptr);
8028 	return ret;
8029 }
8030 
8031 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
8032 {
8033 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8034 	struct net *net;
8035 	int err;
8036 
8037 	if (info->attrs[NL80211_ATTR_PID]) {
8038 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
8039 
8040 		net = get_net_ns_by_pid(pid);
8041 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
8042 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
8043 
8044 		net = get_net_ns_by_fd(fd);
8045 	} else {
8046 		return -EINVAL;
8047 	}
8048 
8049 	if (IS_ERR(net))
8050 		return PTR_ERR(net);
8051 
8052 	err = 0;
8053 
8054 	/* check if anything to do */
8055 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
8056 		err = cfg80211_switch_netns(rdev, net);
8057 
8058 	put_net(net);
8059 	return err;
8060 }
8061 
8062 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
8063 {
8064 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8065 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
8066 			struct cfg80211_pmksa *pmksa) = NULL;
8067 	struct net_device *dev = info->user_ptr[1];
8068 	struct cfg80211_pmksa pmksa;
8069 
8070 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
8071 
8072 	if (!info->attrs[NL80211_ATTR_MAC])
8073 		return -EINVAL;
8074 
8075 	if (!info->attrs[NL80211_ATTR_PMKID])
8076 		return -EINVAL;
8077 
8078 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
8079 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8080 
8081 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8082 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8083 		return -EOPNOTSUPP;
8084 
8085 	switch (info->genlhdr->cmd) {
8086 	case NL80211_CMD_SET_PMKSA:
8087 		rdev_ops = rdev->ops->set_pmksa;
8088 		break;
8089 	case NL80211_CMD_DEL_PMKSA:
8090 		rdev_ops = rdev->ops->del_pmksa;
8091 		break;
8092 	default:
8093 		WARN_ON(1);
8094 		break;
8095 	}
8096 
8097 	if (!rdev_ops)
8098 		return -EOPNOTSUPP;
8099 
8100 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
8101 }
8102 
8103 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
8104 {
8105 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8106 	struct net_device *dev = info->user_ptr[1];
8107 
8108 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8109 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8110 		return -EOPNOTSUPP;
8111 
8112 	if (!rdev->ops->flush_pmksa)
8113 		return -EOPNOTSUPP;
8114 
8115 	return rdev_flush_pmksa(rdev, dev);
8116 }
8117 
8118 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
8119 {
8120 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8121 	struct net_device *dev = info->user_ptr[1];
8122 	u8 action_code, dialog_token;
8123 	u32 peer_capability = 0;
8124 	u16 status_code;
8125 	u8 *peer;
8126 	bool initiator;
8127 
8128 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8129 	    !rdev->ops->tdls_mgmt)
8130 		return -EOPNOTSUPP;
8131 
8132 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
8133 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
8134 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
8135 	    !info->attrs[NL80211_ATTR_IE] ||
8136 	    !info->attrs[NL80211_ATTR_MAC])
8137 		return -EINVAL;
8138 
8139 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8140 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
8141 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
8142 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
8143 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
8144 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
8145 		peer_capability =
8146 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
8147 
8148 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
8149 			      dialog_token, status_code, peer_capability,
8150 			      initiator,
8151 			      nla_data(info->attrs[NL80211_ATTR_IE]),
8152 			      nla_len(info->attrs[NL80211_ATTR_IE]));
8153 }
8154 
8155 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
8156 {
8157 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8158 	struct net_device *dev = info->user_ptr[1];
8159 	enum nl80211_tdls_operation operation;
8160 	u8 *peer;
8161 
8162 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
8163 	    !rdev->ops->tdls_oper)
8164 		return -EOPNOTSUPP;
8165 
8166 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
8167 	    !info->attrs[NL80211_ATTR_MAC])
8168 		return -EINVAL;
8169 
8170 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
8171 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
8172 
8173 	return rdev_tdls_oper(rdev, dev, peer, operation);
8174 }
8175 
8176 static int nl80211_remain_on_channel(struct sk_buff *skb,
8177 				     struct genl_info *info)
8178 {
8179 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8180 	struct wireless_dev *wdev = info->user_ptr[1];
8181 	struct cfg80211_chan_def chandef;
8182 	struct sk_buff *msg;
8183 	void *hdr;
8184 	u64 cookie;
8185 	u32 duration;
8186 	int err;
8187 
8188 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8189 	    !info->attrs[NL80211_ATTR_DURATION])
8190 		return -EINVAL;
8191 
8192 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8193 
8194 	if (!rdev->ops->remain_on_channel ||
8195 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
8196 		return -EOPNOTSUPP;
8197 
8198 	/*
8199 	 * We should be on that channel for at least a minimum amount of
8200 	 * time (10ms) but no longer than the driver supports.
8201 	 */
8202 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8203 	    duration > rdev->wiphy.max_remain_on_channel_duration)
8204 		return -EINVAL;
8205 
8206 	err = nl80211_parse_chandef(rdev, info, &chandef);
8207 	if (err)
8208 		return err;
8209 
8210 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8211 	if (!msg)
8212 		return -ENOMEM;
8213 
8214 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8215 			     NL80211_CMD_REMAIN_ON_CHANNEL);
8216 	if (!hdr) {
8217 		err = -ENOBUFS;
8218 		goto free_msg;
8219 	}
8220 
8221 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
8222 				     duration, &cookie);
8223 
8224 	if (err)
8225 		goto free_msg;
8226 
8227 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8228 		goto nla_put_failure;
8229 
8230 	genlmsg_end(msg, hdr);
8231 
8232 	return genlmsg_reply(msg, info);
8233 
8234  nla_put_failure:
8235 	err = -ENOBUFS;
8236  free_msg:
8237 	nlmsg_free(msg);
8238 	return err;
8239 }
8240 
8241 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
8242 					    struct genl_info *info)
8243 {
8244 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8245 	struct wireless_dev *wdev = info->user_ptr[1];
8246 	u64 cookie;
8247 
8248 	if (!info->attrs[NL80211_ATTR_COOKIE])
8249 		return -EINVAL;
8250 
8251 	if (!rdev->ops->cancel_remain_on_channel)
8252 		return -EOPNOTSUPP;
8253 
8254 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8255 
8256 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
8257 }
8258 
8259 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
8260 			   u8 *rates, u8 rates_len)
8261 {
8262 	u8 i;
8263 	u32 mask = 0;
8264 
8265 	for (i = 0; i < rates_len; i++) {
8266 		int rate = (rates[i] & 0x7f) * 5;
8267 		int ridx;
8268 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
8269 			struct ieee80211_rate *srate =
8270 				&sband->bitrates[ridx];
8271 			if (rate == srate->bitrate) {
8272 				mask |= 1 << ridx;
8273 				break;
8274 			}
8275 		}
8276 		if (ridx == sband->n_bitrates)
8277 			return 0; /* rate not found */
8278 	}
8279 
8280 	return mask;
8281 }
8282 
8283 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
8284 			       u8 *rates, u8 rates_len,
8285 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
8286 {
8287 	u8 i;
8288 
8289 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
8290 
8291 	for (i = 0; i < rates_len; i++) {
8292 		int ridx, rbit;
8293 
8294 		ridx = rates[i] / 8;
8295 		rbit = BIT(rates[i] % 8);
8296 
8297 		/* check validity */
8298 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
8299 			return false;
8300 
8301 		/* check availability */
8302 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
8303 			mcs[ridx] |= rbit;
8304 		else
8305 			return false;
8306 	}
8307 
8308 	return true;
8309 }
8310 
8311 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
8312 {
8313 	u16 mcs_mask = 0;
8314 
8315 	switch (vht_mcs_map) {
8316 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
8317 		break;
8318 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
8319 		mcs_mask = 0x00FF;
8320 		break;
8321 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
8322 		mcs_mask = 0x01FF;
8323 		break;
8324 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
8325 		mcs_mask = 0x03FF;
8326 		break;
8327 	default:
8328 		break;
8329 	}
8330 
8331 	return mcs_mask;
8332 }
8333 
8334 static void vht_build_mcs_mask(u16 vht_mcs_map,
8335 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
8336 {
8337 	u8 nss;
8338 
8339 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
8340 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
8341 		vht_mcs_map >>= 2;
8342 	}
8343 }
8344 
8345 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
8346 			     struct nl80211_txrate_vht *txrate,
8347 			     u16 mcs[NL80211_VHT_NSS_MAX])
8348 {
8349 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8350 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
8351 	u8 i;
8352 
8353 	if (!sband->vht_cap.vht_supported)
8354 		return false;
8355 
8356 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
8357 
8358 	/* Build vht_mcs_mask from VHT capabilities */
8359 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
8360 
8361 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8362 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
8363 			mcs[i] = txrate->mcs[i];
8364 		else
8365 			return false;
8366 	}
8367 
8368 	return true;
8369 }
8370 
8371 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
8372 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
8373 				    .len = NL80211_MAX_SUPP_RATES },
8374 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
8375 				.len = NL80211_MAX_SUPP_HT_RATES },
8376 	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
8377 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
8378 };
8379 
8380 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
8381 				       struct genl_info *info)
8382 {
8383 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
8384 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8385 	struct cfg80211_bitrate_mask mask;
8386 	int rem, i;
8387 	struct net_device *dev = info->user_ptr[1];
8388 	struct nlattr *tx_rates;
8389 	struct ieee80211_supported_band *sband;
8390 	u16 vht_tx_mcs_map;
8391 
8392 	if (!rdev->ops->set_bitrate_mask)
8393 		return -EOPNOTSUPP;
8394 
8395 	memset(&mask, 0, sizeof(mask));
8396 	/* Default to all rates enabled */
8397 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
8398 		sband = rdev->wiphy.bands[i];
8399 
8400 		if (!sband)
8401 			continue;
8402 
8403 		mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
8404 		memcpy(mask.control[i].ht_mcs,
8405 		       sband->ht_cap.mcs.rx_mask,
8406 		       sizeof(mask.control[i].ht_mcs));
8407 
8408 		if (!sband->vht_cap.vht_supported)
8409 			continue;
8410 
8411 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8412 		vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
8413 	}
8414 
8415 	/* if no rates are given set it back to the defaults */
8416 	if (!info->attrs[NL80211_ATTR_TX_RATES])
8417 		goto out;
8418 
8419 	/*
8420 	 * The nested attribute uses enum nl80211_band as the index. This maps
8421 	 * directly to the enum ieee80211_band values used in cfg80211.
8422 	 */
8423 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
8424 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
8425 		enum ieee80211_band band = nla_type(tx_rates);
8426 		int err;
8427 
8428 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
8429 			return -EINVAL;
8430 		sband = rdev->wiphy.bands[band];
8431 		if (sband == NULL)
8432 			return -EINVAL;
8433 		err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
8434 				nla_len(tx_rates), nl80211_txattr_policy);
8435 		if (err)
8436 			return err;
8437 		if (tb[NL80211_TXRATE_LEGACY]) {
8438 			mask.control[band].legacy = rateset_to_mask(
8439 				sband,
8440 				nla_data(tb[NL80211_TXRATE_LEGACY]),
8441 				nla_len(tb[NL80211_TXRATE_LEGACY]));
8442 			if ((mask.control[band].legacy == 0) &&
8443 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
8444 				return -EINVAL;
8445 		}
8446 		if (tb[NL80211_TXRATE_HT]) {
8447 			if (!ht_rateset_to_mask(
8448 					sband,
8449 					nla_data(tb[NL80211_TXRATE_HT]),
8450 					nla_len(tb[NL80211_TXRATE_HT]),
8451 					mask.control[band].ht_mcs))
8452 				return -EINVAL;
8453 		}
8454 		if (tb[NL80211_TXRATE_VHT]) {
8455 			if (!vht_set_mcs_mask(
8456 					sband,
8457 					nla_data(tb[NL80211_TXRATE_VHT]),
8458 					mask.control[band].vht_mcs))
8459 				return -EINVAL;
8460 		}
8461 		if (tb[NL80211_TXRATE_GI]) {
8462 			mask.control[band].gi =
8463 				nla_get_u8(tb[NL80211_TXRATE_GI]);
8464 			if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
8465 				return -EINVAL;
8466 		}
8467 
8468 		if (mask.control[band].legacy == 0) {
8469 			/* don't allow empty legacy rates if HT or VHT
8470 			 * are not even supported.
8471 			 */
8472 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
8473 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
8474 				return -EINVAL;
8475 
8476 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
8477 				if (mask.control[band].ht_mcs[i])
8478 					goto out;
8479 
8480 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
8481 				if (mask.control[band].vht_mcs[i])
8482 					goto out;
8483 
8484 			/* legacy and mcs rates may not be both empty */
8485 			return -EINVAL;
8486 		}
8487 	}
8488 
8489 out:
8490 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
8491 }
8492 
8493 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
8494 {
8495 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8496 	struct wireless_dev *wdev = info->user_ptr[1];
8497 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
8498 
8499 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
8500 		return -EINVAL;
8501 
8502 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
8503 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
8504 
8505 	switch (wdev->iftype) {
8506 	case NL80211_IFTYPE_STATION:
8507 	case NL80211_IFTYPE_ADHOC:
8508 	case NL80211_IFTYPE_P2P_CLIENT:
8509 	case NL80211_IFTYPE_AP:
8510 	case NL80211_IFTYPE_AP_VLAN:
8511 	case NL80211_IFTYPE_MESH_POINT:
8512 	case NL80211_IFTYPE_P2P_GO:
8513 	case NL80211_IFTYPE_P2P_DEVICE:
8514 		break;
8515 	default:
8516 		return -EOPNOTSUPP;
8517 	}
8518 
8519 	/* not much point in registering if we can't reply */
8520 	if (!rdev->ops->mgmt_tx)
8521 		return -EOPNOTSUPP;
8522 
8523 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
8524 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
8525 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
8526 }
8527 
8528 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
8529 {
8530 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8531 	struct wireless_dev *wdev = info->user_ptr[1];
8532 	struct cfg80211_chan_def chandef;
8533 	int err;
8534 	void *hdr = NULL;
8535 	u64 cookie;
8536 	struct sk_buff *msg = NULL;
8537 	struct cfg80211_mgmt_tx_params params = {
8538 		.dont_wait_for_ack =
8539 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
8540 	};
8541 
8542 	if (!info->attrs[NL80211_ATTR_FRAME])
8543 		return -EINVAL;
8544 
8545 	if (!rdev->ops->mgmt_tx)
8546 		return -EOPNOTSUPP;
8547 
8548 	switch (wdev->iftype) {
8549 	case NL80211_IFTYPE_P2P_DEVICE:
8550 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8551 			return -EINVAL;
8552 	case NL80211_IFTYPE_STATION:
8553 	case NL80211_IFTYPE_ADHOC:
8554 	case NL80211_IFTYPE_P2P_CLIENT:
8555 	case NL80211_IFTYPE_AP:
8556 	case NL80211_IFTYPE_AP_VLAN:
8557 	case NL80211_IFTYPE_MESH_POINT:
8558 	case NL80211_IFTYPE_P2P_GO:
8559 		break;
8560 	default:
8561 		return -EOPNOTSUPP;
8562 	}
8563 
8564 	if (info->attrs[NL80211_ATTR_DURATION]) {
8565 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8566 			return -EINVAL;
8567 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8568 
8569 		/*
8570 		 * We should wait on the channel for at least a minimum amount
8571 		 * of time (10ms) but no longer than the driver supports.
8572 		 */
8573 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8574 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
8575 			return -EINVAL;
8576 
8577 	}
8578 
8579 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
8580 
8581 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8582 		return -EINVAL;
8583 
8584 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8585 
8586 	/* get the channel if any has been specified, otherwise pass NULL to
8587 	 * the driver. The latter will use the current one
8588 	 */
8589 	chandef.chan = NULL;
8590 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8591 		err = nl80211_parse_chandef(rdev, info, &chandef);
8592 		if (err)
8593 			return err;
8594 	}
8595 
8596 	if (!chandef.chan && params.offchan)
8597 		return -EINVAL;
8598 
8599 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
8600 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
8601 
8602 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
8603 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8604 		int i;
8605 
8606 		if (len % sizeof(u16))
8607 			return -EINVAL;
8608 
8609 		params.n_csa_offsets = len / sizeof(u16);
8610 		params.csa_offsets =
8611 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8612 
8613 		/* check that all the offsets fit the frame */
8614 		for (i = 0; i < params.n_csa_offsets; i++) {
8615 			if (params.csa_offsets[i] >= params.len)
8616 				return -EINVAL;
8617 		}
8618 	}
8619 
8620 	if (!params.dont_wait_for_ack) {
8621 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8622 		if (!msg)
8623 			return -ENOMEM;
8624 
8625 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8626 				     NL80211_CMD_FRAME);
8627 		if (!hdr) {
8628 			err = -ENOBUFS;
8629 			goto free_msg;
8630 		}
8631 	}
8632 
8633 	params.chan = chandef.chan;
8634 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
8635 	if (err)
8636 		goto free_msg;
8637 
8638 	if (msg) {
8639 		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8640 			goto nla_put_failure;
8641 
8642 		genlmsg_end(msg, hdr);
8643 		return genlmsg_reply(msg, info);
8644 	}
8645 
8646 	return 0;
8647 
8648  nla_put_failure:
8649 	err = -ENOBUFS;
8650  free_msg:
8651 	nlmsg_free(msg);
8652 	return err;
8653 }
8654 
8655 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
8656 {
8657 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8658 	struct wireless_dev *wdev = info->user_ptr[1];
8659 	u64 cookie;
8660 
8661 	if (!info->attrs[NL80211_ATTR_COOKIE])
8662 		return -EINVAL;
8663 
8664 	if (!rdev->ops->mgmt_tx_cancel_wait)
8665 		return -EOPNOTSUPP;
8666 
8667 	switch (wdev->iftype) {
8668 	case NL80211_IFTYPE_STATION:
8669 	case NL80211_IFTYPE_ADHOC:
8670 	case NL80211_IFTYPE_P2P_CLIENT:
8671 	case NL80211_IFTYPE_AP:
8672 	case NL80211_IFTYPE_AP_VLAN:
8673 	case NL80211_IFTYPE_P2P_GO:
8674 	case NL80211_IFTYPE_P2P_DEVICE:
8675 		break;
8676 	default:
8677 		return -EOPNOTSUPP;
8678 	}
8679 
8680 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8681 
8682 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
8683 }
8684 
8685 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
8686 {
8687 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8688 	struct wireless_dev *wdev;
8689 	struct net_device *dev = info->user_ptr[1];
8690 	u8 ps_state;
8691 	bool state;
8692 	int err;
8693 
8694 	if (!info->attrs[NL80211_ATTR_PS_STATE])
8695 		return -EINVAL;
8696 
8697 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
8698 
8699 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
8700 		return -EINVAL;
8701 
8702 	wdev = dev->ieee80211_ptr;
8703 
8704 	if (!rdev->ops->set_power_mgmt)
8705 		return -EOPNOTSUPP;
8706 
8707 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
8708 
8709 	if (state == wdev->ps)
8710 		return 0;
8711 
8712 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
8713 	if (!err)
8714 		wdev->ps = state;
8715 	return err;
8716 }
8717 
8718 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
8719 {
8720 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8721 	enum nl80211_ps_state ps_state;
8722 	struct wireless_dev *wdev;
8723 	struct net_device *dev = info->user_ptr[1];
8724 	struct sk_buff *msg;
8725 	void *hdr;
8726 	int err;
8727 
8728 	wdev = dev->ieee80211_ptr;
8729 
8730 	if (!rdev->ops->set_power_mgmt)
8731 		return -EOPNOTSUPP;
8732 
8733 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8734 	if (!msg)
8735 		return -ENOMEM;
8736 
8737 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8738 			     NL80211_CMD_GET_POWER_SAVE);
8739 	if (!hdr) {
8740 		err = -ENOBUFS;
8741 		goto free_msg;
8742 	}
8743 
8744 	if (wdev->ps)
8745 		ps_state = NL80211_PS_ENABLED;
8746 	else
8747 		ps_state = NL80211_PS_DISABLED;
8748 
8749 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
8750 		goto nla_put_failure;
8751 
8752 	genlmsg_end(msg, hdr);
8753 	return genlmsg_reply(msg, info);
8754 
8755  nla_put_failure:
8756 	err = -ENOBUFS;
8757  free_msg:
8758 	nlmsg_free(msg);
8759 	return err;
8760 }
8761 
8762 static const struct nla_policy
8763 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
8764 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
8765 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
8766 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
8767 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
8768 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
8769 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
8770 };
8771 
8772 static int nl80211_set_cqm_txe(struct genl_info *info,
8773 			       u32 rate, u32 pkts, u32 intvl)
8774 {
8775 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8776 	struct net_device *dev = info->user_ptr[1];
8777 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8778 
8779 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
8780 		return -EINVAL;
8781 
8782 	if (!rdev->ops->set_cqm_txe_config)
8783 		return -EOPNOTSUPP;
8784 
8785 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8786 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8787 		return -EOPNOTSUPP;
8788 
8789 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
8790 }
8791 
8792 static int nl80211_set_cqm_rssi(struct genl_info *info,
8793 				s32 threshold, u32 hysteresis)
8794 {
8795 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8796 	struct net_device *dev = info->user_ptr[1];
8797 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8798 
8799 	if (threshold > 0)
8800 		return -EINVAL;
8801 
8802 	/* disabling - hysteresis should also be zero then */
8803 	if (threshold == 0)
8804 		hysteresis = 0;
8805 
8806 	if (!rdev->ops->set_cqm_rssi_config)
8807 		return -EOPNOTSUPP;
8808 
8809 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8810 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8811 		return -EOPNOTSUPP;
8812 
8813 	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
8814 }
8815 
8816 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
8817 {
8818 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
8819 	struct nlattr *cqm;
8820 	int err;
8821 
8822 	cqm = info->attrs[NL80211_ATTR_CQM];
8823 	if (!cqm)
8824 		return -EINVAL;
8825 
8826 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
8827 			       nl80211_attr_cqm_policy);
8828 	if (err)
8829 		return err;
8830 
8831 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
8832 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
8833 		s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
8834 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
8835 
8836 		return nl80211_set_cqm_rssi(info, threshold, hysteresis);
8837 	}
8838 
8839 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
8840 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
8841 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
8842 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
8843 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
8844 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
8845 
8846 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
8847 	}
8848 
8849 	return -EINVAL;
8850 }
8851 
8852 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
8853 {
8854 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8855 	struct net_device *dev = info->user_ptr[1];
8856 	struct ocb_setup setup = {};
8857 	int err;
8858 
8859 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8860 	if (err)
8861 		return err;
8862 
8863 	return cfg80211_join_ocb(rdev, dev, &setup);
8864 }
8865 
8866 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
8867 {
8868 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8869 	struct net_device *dev = info->user_ptr[1];
8870 
8871 	return cfg80211_leave_ocb(rdev, dev);
8872 }
8873 
8874 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
8875 {
8876 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8877 	struct net_device *dev = info->user_ptr[1];
8878 	struct mesh_config cfg;
8879 	struct mesh_setup setup;
8880 	int err;
8881 
8882 	/* start with default */
8883 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8884 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
8885 
8886 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8887 		/* and parse parameters if given */
8888 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
8889 		if (err)
8890 			return err;
8891 	}
8892 
8893 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
8894 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
8895 		return -EINVAL;
8896 
8897 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
8898 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
8899 
8900 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8901 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
8902 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8903 			return -EINVAL;
8904 
8905 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8906 		setup.beacon_interval =
8907 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8908 		if (setup.beacon_interval < 10 ||
8909 		    setup.beacon_interval > 10000)
8910 			return -EINVAL;
8911 	}
8912 
8913 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8914 		setup.dtim_period =
8915 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8916 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
8917 			return -EINVAL;
8918 	}
8919 
8920 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8921 		/* parse additional setup parameters if given */
8922 		err = nl80211_parse_mesh_setup(info, &setup);
8923 		if (err)
8924 			return err;
8925 	}
8926 
8927 	if (setup.user_mpm)
8928 		cfg.auto_open_plinks = false;
8929 
8930 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8931 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8932 		if (err)
8933 			return err;
8934 	} else {
8935 		/* cfg80211_join_mesh() will sort it out */
8936 		setup.chandef.chan = NULL;
8937 	}
8938 
8939 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8940 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8941 		int n_rates =
8942 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8943 		struct ieee80211_supported_band *sband;
8944 
8945 		if (!setup.chandef.chan)
8946 			return -EINVAL;
8947 
8948 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
8949 
8950 		err = ieee80211_get_ratemask(sband, rates, n_rates,
8951 					     &setup.basic_rates);
8952 		if (err)
8953 			return err;
8954 	}
8955 
8956 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8957 }
8958 
8959 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8960 {
8961 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8962 	struct net_device *dev = info->user_ptr[1];
8963 
8964 	return cfg80211_leave_mesh(rdev, dev);
8965 }
8966 
8967 #ifdef CONFIG_PM
8968 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8969 					struct cfg80211_registered_device *rdev)
8970 {
8971 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8972 	struct nlattr *nl_pats, *nl_pat;
8973 	int i, pat_len;
8974 
8975 	if (!wowlan->n_patterns)
8976 		return 0;
8977 
8978 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8979 	if (!nl_pats)
8980 		return -ENOBUFS;
8981 
8982 	for (i = 0; i < wowlan->n_patterns; i++) {
8983 		nl_pat = nla_nest_start(msg, i + 1);
8984 		if (!nl_pat)
8985 			return -ENOBUFS;
8986 		pat_len = wowlan->patterns[i].pattern_len;
8987 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8988 			    wowlan->patterns[i].mask) ||
8989 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8990 			    wowlan->patterns[i].pattern) ||
8991 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8992 				wowlan->patterns[i].pkt_offset))
8993 			return -ENOBUFS;
8994 		nla_nest_end(msg, nl_pat);
8995 	}
8996 	nla_nest_end(msg, nl_pats);
8997 
8998 	return 0;
8999 }
9000 
9001 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
9002 				   struct cfg80211_wowlan_tcp *tcp)
9003 {
9004 	struct nlattr *nl_tcp;
9005 
9006 	if (!tcp)
9007 		return 0;
9008 
9009 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
9010 	if (!nl_tcp)
9011 		return -ENOBUFS;
9012 
9013 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
9014 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
9015 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
9016 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
9017 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
9018 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
9019 		    tcp->payload_len, tcp->payload) ||
9020 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
9021 			tcp->data_interval) ||
9022 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
9023 		    tcp->wake_len, tcp->wake_data) ||
9024 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
9025 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
9026 		return -ENOBUFS;
9027 
9028 	if (tcp->payload_seq.len &&
9029 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
9030 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
9031 		return -ENOBUFS;
9032 
9033 	if (tcp->payload_tok.len &&
9034 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
9035 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
9036 		    &tcp->payload_tok))
9037 		return -ENOBUFS;
9038 
9039 	nla_nest_end(msg, nl_tcp);
9040 
9041 	return 0;
9042 }
9043 
9044 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
9045 				  struct cfg80211_sched_scan_request *req)
9046 {
9047 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
9048 	int i;
9049 
9050 	if (!req)
9051 		return 0;
9052 
9053 	nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
9054 	if (!nd)
9055 		return -ENOBUFS;
9056 
9057 	if (req->n_scan_plans == 1 &&
9058 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
9059 			req->scan_plans[0].interval * 1000))
9060 		return -ENOBUFS;
9061 
9062 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
9063 		return -ENOBUFS;
9064 
9065 	freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
9066 	if (!freqs)
9067 		return -ENOBUFS;
9068 
9069 	for (i = 0; i < req->n_channels; i++)
9070 		nla_put_u32(msg, i, req->channels[i]->center_freq);
9071 
9072 	nla_nest_end(msg, freqs);
9073 
9074 	if (req->n_match_sets) {
9075 		matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
9076 		for (i = 0; i < req->n_match_sets; i++) {
9077 			match = nla_nest_start(msg, i);
9078 			nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
9079 				req->match_sets[i].ssid.ssid_len,
9080 				req->match_sets[i].ssid.ssid);
9081 			nla_nest_end(msg, match);
9082 		}
9083 		nla_nest_end(msg, matches);
9084 	}
9085 
9086 	scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
9087 	if (!scan_plans)
9088 		return -ENOBUFS;
9089 
9090 	for (i = 0; i < req->n_scan_plans; i++) {
9091 		scan_plan = nla_nest_start(msg, i + 1);
9092 		if (!scan_plan ||
9093 		    nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
9094 				req->scan_plans[i].interval) ||
9095 		    (req->scan_plans[i].iterations &&
9096 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
9097 				 req->scan_plans[i].iterations)))
9098 			return -ENOBUFS;
9099 		nla_nest_end(msg, scan_plan);
9100 	}
9101 	nla_nest_end(msg, scan_plans);
9102 
9103 	nla_nest_end(msg, nd);
9104 
9105 	return 0;
9106 }
9107 
9108 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
9109 {
9110 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9111 	struct sk_buff *msg;
9112 	void *hdr;
9113 	u32 size = NLMSG_DEFAULT_SIZE;
9114 
9115 	if (!rdev->wiphy.wowlan)
9116 		return -EOPNOTSUPP;
9117 
9118 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
9119 		/* adjust size to have room for all the data */
9120 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
9121 			rdev->wiphy.wowlan_config->tcp->payload_len +
9122 			rdev->wiphy.wowlan_config->tcp->wake_len +
9123 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
9124 	}
9125 
9126 	msg = nlmsg_new(size, GFP_KERNEL);
9127 	if (!msg)
9128 		return -ENOMEM;
9129 
9130 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9131 			     NL80211_CMD_GET_WOWLAN);
9132 	if (!hdr)
9133 		goto nla_put_failure;
9134 
9135 	if (rdev->wiphy.wowlan_config) {
9136 		struct nlattr *nl_wowlan;
9137 
9138 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
9139 		if (!nl_wowlan)
9140 			goto nla_put_failure;
9141 
9142 		if ((rdev->wiphy.wowlan_config->any &&
9143 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
9144 		    (rdev->wiphy.wowlan_config->disconnect &&
9145 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
9146 		    (rdev->wiphy.wowlan_config->magic_pkt &&
9147 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
9148 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
9149 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
9150 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
9151 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
9152 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
9153 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
9154 		    (rdev->wiphy.wowlan_config->rfkill_release &&
9155 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
9156 			goto nla_put_failure;
9157 
9158 		if (nl80211_send_wowlan_patterns(msg, rdev))
9159 			goto nla_put_failure;
9160 
9161 		if (nl80211_send_wowlan_tcp(msg,
9162 					    rdev->wiphy.wowlan_config->tcp))
9163 			goto nla_put_failure;
9164 
9165 		if (nl80211_send_wowlan_nd(
9166 			    msg,
9167 			    rdev->wiphy.wowlan_config->nd_config))
9168 			goto nla_put_failure;
9169 
9170 		nla_nest_end(msg, nl_wowlan);
9171 	}
9172 
9173 	genlmsg_end(msg, hdr);
9174 	return genlmsg_reply(msg, info);
9175 
9176 nla_put_failure:
9177 	nlmsg_free(msg);
9178 	return -ENOBUFS;
9179 }
9180 
9181 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
9182 				    struct nlattr *attr,
9183 				    struct cfg80211_wowlan *trig)
9184 {
9185 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
9186 	struct cfg80211_wowlan_tcp *cfg;
9187 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
9188 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
9189 	u32 size;
9190 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
9191 	int err, port;
9192 
9193 	if (!rdev->wiphy.wowlan->tcp)
9194 		return -EINVAL;
9195 
9196 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
9197 			nla_data(attr), nla_len(attr),
9198 			nl80211_wowlan_tcp_policy);
9199 	if (err)
9200 		return err;
9201 
9202 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
9203 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
9204 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
9205 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
9206 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
9207 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
9208 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
9209 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
9210 		return -EINVAL;
9211 
9212 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
9213 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
9214 		return -EINVAL;
9215 
9216 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
9217 			rdev->wiphy.wowlan->tcp->data_interval_max ||
9218 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
9219 		return -EINVAL;
9220 
9221 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
9222 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
9223 		return -EINVAL;
9224 
9225 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
9226 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
9227 		return -EINVAL;
9228 
9229 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
9230 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9231 
9232 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
9233 		tokens_size = tokln - sizeof(*tok);
9234 
9235 		if (!tok->len || tokens_size % tok->len)
9236 			return -EINVAL;
9237 		if (!rdev->wiphy.wowlan->tcp->tok)
9238 			return -EINVAL;
9239 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
9240 			return -EINVAL;
9241 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
9242 			return -EINVAL;
9243 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
9244 			return -EINVAL;
9245 		if (tok->offset + tok->len > data_size)
9246 			return -EINVAL;
9247 	}
9248 
9249 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
9250 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
9251 		if (!rdev->wiphy.wowlan->tcp->seq)
9252 			return -EINVAL;
9253 		if (seq->len == 0 || seq->len > 4)
9254 			return -EINVAL;
9255 		if (seq->len + seq->offset > data_size)
9256 			return -EINVAL;
9257 	}
9258 
9259 	size = sizeof(*cfg);
9260 	size += data_size;
9261 	size += wake_size + wake_mask_size;
9262 	size += tokens_size;
9263 
9264 	cfg = kzalloc(size, GFP_KERNEL);
9265 	if (!cfg)
9266 		return -ENOMEM;
9267 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
9268 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
9269 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
9270 	       ETH_ALEN);
9271 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
9272 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
9273 	else
9274 		port = 0;
9275 #ifdef CONFIG_INET
9276 	/* allocate a socket and port for it and use it */
9277 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
9278 			    IPPROTO_TCP, &cfg->sock, 1);
9279 	if (err) {
9280 		kfree(cfg);
9281 		return err;
9282 	}
9283 	if (inet_csk_get_port(cfg->sock->sk, port)) {
9284 		sock_release(cfg->sock);
9285 		kfree(cfg);
9286 		return -EADDRINUSE;
9287 	}
9288 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
9289 #else
9290 	if (!port) {
9291 		kfree(cfg);
9292 		return -EINVAL;
9293 	}
9294 	cfg->src_port = port;
9295 #endif
9296 
9297 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
9298 	cfg->payload_len = data_size;
9299 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
9300 	memcpy((void *)cfg->payload,
9301 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
9302 	       data_size);
9303 	if (seq)
9304 		cfg->payload_seq = *seq;
9305 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
9306 	cfg->wake_len = wake_size;
9307 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
9308 	memcpy((void *)cfg->wake_data,
9309 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
9310 	       wake_size);
9311 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
9312 			 data_size + wake_size;
9313 	memcpy((void *)cfg->wake_mask,
9314 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
9315 	       wake_mask_size);
9316 	if (tok) {
9317 		cfg->tokens_size = tokens_size;
9318 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
9319 	}
9320 
9321 	trig->tcp = cfg;
9322 
9323 	return 0;
9324 }
9325 
9326 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
9327 				   const struct wiphy_wowlan_support *wowlan,
9328 				   struct nlattr *attr,
9329 				   struct cfg80211_wowlan *trig)
9330 {
9331 	struct nlattr **tb;
9332 	int err;
9333 
9334 	tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
9335 	if (!tb)
9336 		return -ENOMEM;
9337 
9338 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
9339 		err = -EOPNOTSUPP;
9340 		goto out;
9341 	}
9342 
9343 	err = nla_parse(tb, NL80211_ATTR_MAX,
9344 			nla_data(attr), nla_len(attr),
9345 			nl80211_policy);
9346 	if (err)
9347 		goto out;
9348 
9349 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb);
9350 	err = PTR_ERR_OR_ZERO(trig->nd_config);
9351 	if (err)
9352 		trig->nd_config = NULL;
9353 
9354 out:
9355 	kfree(tb);
9356 	return err;
9357 }
9358 
9359 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
9360 {
9361 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9362 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
9363 	struct cfg80211_wowlan new_triggers = {};
9364 	struct cfg80211_wowlan *ntrig;
9365 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
9366 	int err, i;
9367 	bool prev_enabled = rdev->wiphy.wowlan_config;
9368 	bool regular = false;
9369 
9370 	if (!wowlan)
9371 		return -EOPNOTSUPP;
9372 
9373 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
9374 		cfg80211_rdev_free_wowlan(rdev);
9375 		rdev->wiphy.wowlan_config = NULL;
9376 		goto set_wakeup;
9377 	}
9378 
9379 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
9380 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9381 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9382 			nl80211_wowlan_policy);
9383 	if (err)
9384 		return err;
9385 
9386 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
9387 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
9388 			return -EINVAL;
9389 		new_triggers.any = true;
9390 	}
9391 
9392 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
9393 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
9394 			return -EINVAL;
9395 		new_triggers.disconnect = true;
9396 		regular = true;
9397 	}
9398 
9399 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
9400 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
9401 			return -EINVAL;
9402 		new_triggers.magic_pkt = true;
9403 		regular = true;
9404 	}
9405 
9406 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
9407 		return -EINVAL;
9408 
9409 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
9410 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
9411 			return -EINVAL;
9412 		new_triggers.gtk_rekey_failure = true;
9413 		regular = true;
9414 	}
9415 
9416 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
9417 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
9418 			return -EINVAL;
9419 		new_triggers.eap_identity_req = true;
9420 		regular = true;
9421 	}
9422 
9423 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
9424 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
9425 			return -EINVAL;
9426 		new_triggers.four_way_handshake = true;
9427 		regular = true;
9428 	}
9429 
9430 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
9431 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
9432 			return -EINVAL;
9433 		new_triggers.rfkill_release = true;
9434 		regular = true;
9435 	}
9436 
9437 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
9438 		struct nlattr *pat;
9439 		int n_patterns = 0;
9440 		int rem, pat_len, mask_len, pkt_offset;
9441 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9442 
9443 		regular = true;
9444 
9445 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9446 				    rem)
9447 			n_patterns++;
9448 		if (n_patterns > wowlan->n_patterns)
9449 			return -EINVAL;
9450 
9451 		new_triggers.patterns = kcalloc(n_patterns,
9452 						sizeof(new_triggers.patterns[0]),
9453 						GFP_KERNEL);
9454 		if (!new_triggers.patterns)
9455 			return -ENOMEM;
9456 
9457 		new_triggers.n_patterns = n_patterns;
9458 		i = 0;
9459 
9460 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9461 				    rem) {
9462 			u8 *mask_pat;
9463 
9464 			nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9465 				  nla_len(pat), NULL);
9466 			err = -EINVAL;
9467 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
9468 			    !pat_tb[NL80211_PKTPAT_PATTERN])
9469 				goto error;
9470 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9471 			mask_len = DIV_ROUND_UP(pat_len, 8);
9472 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9473 				goto error;
9474 			if (pat_len > wowlan->pattern_max_len ||
9475 			    pat_len < wowlan->pattern_min_len)
9476 				goto error;
9477 
9478 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
9479 				pkt_offset = 0;
9480 			else
9481 				pkt_offset = nla_get_u32(
9482 					pat_tb[NL80211_PKTPAT_OFFSET]);
9483 			if (pkt_offset > wowlan->max_pkt_offset)
9484 				goto error;
9485 			new_triggers.patterns[i].pkt_offset = pkt_offset;
9486 
9487 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9488 			if (!mask_pat) {
9489 				err = -ENOMEM;
9490 				goto error;
9491 			}
9492 			new_triggers.patterns[i].mask = mask_pat;
9493 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9494 			       mask_len);
9495 			mask_pat += mask_len;
9496 			new_triggers.patterns[i].pattern = mask_pat;
9497 			new_triggers.patterns[i].pattern_len = pat_len;
9498 			memcpy(mask_pat,
9499 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9500 			       pat_len);
9501 			i++;
9502 		}
9503 	}
9504 
9505 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
9506 		regular = true;
9507 		err = nl80211_parse_wowlan_tcp(
9508 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
9509 			&new_triggers);
9510 		if (err)
9511 			goto error;
9512 	}
9513 
9514 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
9515 		regular = true;
9516 		err = nl80211_parse_wowlan_nd(
9517 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
9518 			&new_triggers);
9519 		if (err)
9520 			goto error;
9521 	}
9522 
9523 	/* The 'any' trigger means the device continues operating more or less
9524 	 * as in its normal operation mode and wakes up the host on most of the
9525 	 * normal interrupts (like packet RX, ...)
9526 	 * It therefore makes little sense to combine with the more constrained
9527 	 * wakeup trigger modes.
9528 	 */
9529 	if (new_triggers.any && regular) {
9530 		err = -EINVAL;
9531 		goto error;
9532 	}
9533 
9534 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
9535 	if (!ntrig) {
9536 		err = -ENOMEM;
9537 		goto error;
9538 	}
9539 	cfg80211_rdev_free_wowlan(rdev);
9540 	rdev->wiphy.wowlan_config = ntrig;
9541 
9542  set_wakeup:
9543 	if (rdev->ops->set_wakeup &&
9544 	    prev_enabled != !!rdev->wiphy.wowlan_config)
9545 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
9546 
9547 	return 0;
9548  error:
9549 	for (i = 0; i < new_triggers.n_patterns; i++)
9550 		kfree(new_triggers.patterns[i].mask);
9551 	kfree(new_triggers.patterns);
9552 	if (new_triggers.tcp && new_triggers.tcp->sock)
9553 		sock_release(new_triggers.tcp->sock);
9554 	kfree(new_triggers.tcp);
9555 	kfree(new_triggers.nd_config);
9556 	return err;
9557 }
9558 #endif
9559 
9560 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
9561 				       struct cfg80211_registered_device *rdev)
9562 {
9563 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
9564 	int i, j, pat_len;
9565 	struct cfg80211_coalesce_rules *rule;
9566 
9567 	if (!rdev->coalesce->n_rules)
9568 		return 0;
9569 
9570 	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
9571 	if (!nl_rules)
9572 		return -ENOBUFS;
9573 
9574 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
9575 		nl_rule = nla_nest_start(msg, i + 1);
9576 		if (!nl_rule)
9577 			return -ENOBUFS;
9578 
9579 		rule = &rdev->coalesce->rules[i];
9580 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
9581 				rule->delay))
9582 			return -ENOBUFS;
9583 
9584 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
9585 				rule->condition))
9586 			return -ENOBUFS;
9587 
9588 		nl_pats = nla_nest_start(msg,
9589 				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
9590 		if (!nl_pats)
9591 			return -ENOBUFS;
9592 
9593 		for (j = 0; j < rule->n_patterns; j++) {
9594 			nl_pat = nla_nest_start(msg, j + 1);
9595 			if (!nl_pat)
9596 				return -ENOBUFS;
9597 			pat_len = rule->patterns[j].pattern_len;
9598 			if (nla_put(msg, NL80211_PKTPAT_MASK,
9599 				    DIV_ROUND_UP(pat_len, 8),
9600 				    rule->patterns[j].mask) ||
9601 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
9602 				    rule->patterns[j].pattern) ||
9603 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
9604 					rule->patterns[j].pkt_offset))
9605 				return -ENOBUFS;
9606 			nla_nest_end(msg, nl_pat);
9607 		}
9608 		nla_nest_end(msg, nl_pats);
9609 		nla_nest_end(msg, nl_rule);
9610 	}
9611 	nla_nest_end(msg, nl_rules);
9612 
9613 	return 0;
9614 }
9615 
9616 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
9617 {
9618 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9619 	struct sk_buff *msg;
9620 	void *hdr;
9621 
9622 	if (!rdev->wiphy.coalesce)
9623 		return -EOPNOTSUPP;
9624 
9625 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9626 	if (!msg)
9627 		return -ENOMEM;
9628 
9629 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9630 			     NL80211_CMD_GET_COALESCE);
9631 	if (!hdr)
9632 		goto nla_put_failure;
9633 
9634 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
9635 		goto nla_put_failure;
9636 
9637 	genlmsg_end(msg, hdr);
9638 	return genlmsg_reply(msg, info);
9639 
9640 nla_put_failure:
9641 	nlmsg_free(msg);
9642 	return -ENOBUFS;
9643 }
9644 
9645 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
9646 {
9647 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
9648 	int i, j;
9649 	struct cfg80211_coalesce_rules *rule;
9650 
9651 	if (!coalesce)
9652 		return;
9653 
9654 	for (i = 0; i < coalesce->n_rules; i++) {
9655 		rule = &coalesce->rules[i];
9656 		for (j = 0; j < rule->n_patterns; j++)
9657 			kfree(rule->patterns[j].mask);
9658 		kfree(rule->patterns);
9659 	}
9660 	kfree(coalesce->rules);
9661 	kfree(coalesce);
9662 	rdev->coalesce = NULL;
9663 }
9664 
9665 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
9666 				       struct nlattr *rule,
9667 				       struct cfg80211_coalesce_rules *new_rule)
9668 {
9669 	int err, i;
9670 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9671 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
9672 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
9673 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9674 
9675 	err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
9676 			nla_len(rule), nl80211_coalesce_policy);
9677 	if (err)
9678 		return err;
9679 
9680 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
9681 		new_rule->delay =
9682 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
9683 	if (new_rule->delay > coalesce->max_delay)
9684 		return -EINVAL;
9685 
9686 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
9687 		new_rule->condition =
9688 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
9689 	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
9690 	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
9691 		return -EINVAL;
9692 
9693 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
9694 		return -EINVAL;
9695 
9696 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9697 			    rem)
9698 		n_patterns++;
9699 	if (n_patterns > coalesce->n_patterns)
9700 		return -EINVAL;
9701 
9702 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
9703 				     GFP_KERNEL);
9704 	if (!new_rule->patterns)
9705 		return -ENOMEM;
9706 
9707 	new_rule->n_patterns = n_patterns;
9708 	i = 0;
9709 
9710 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9711 			    rem) {
9712 		u8 *mask_pat;
9713 
9714 		nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9715 			  nla_len(pat), NULL);
9716 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
9717 		    !pat_tb[NL80211_PKTPAT_PATTERN])
9718 			return -EINVAL;
9719 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9720 		mask_len = DIV_ROUND_UP(pat_len, 8);
9721 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9722 			return -EINVAL;
9723 		if (pat_len > coalesce->pattern_max_len ||
9724 		    pat_len < coalesce->pattern_min_len)
9725 			return -EINVAL;
9726 
9727 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
9728 			pkt_offset = 0;
9729 		else
9730 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
9731 		if (pkt_offset > coalesce->max_pkt_offset)
9732 			return -EINVAL;
9733 		new_rule->patterns[i].pkt_offset = pkt_offset;
9734 
9735 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9736 		if (!mask_pat)
9737 			return -ENOMEM;
9738 
9739 		new_rule->patterns[i].mask = mask_pat;
9740 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9741 		       mask_len);
9742 
9743 		mask_pat += mask_len;
9744 		new_rule->patterns[i].pattern = mask_pat;
9745 		new_rule->patterns[i].pattern_len = pat_len;
9746 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9747 		       pat_len);
9748 		i++;
9749 	}
9750 
9751 	return 0;
9752 }
9753 
9754 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
9755 {
9756 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9757 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9758 	struct cfg80211_coalesce new_coalesce = {};
9759 	struct cfg80211_coalesce *n_coalesce;
9760 	int err, rem_rule, n_rules = 0, i, j;
9761 	struct nlattr *rule;
9762 	struct cfg80211_coalesce_rules *tmp_rule;
9763 
9764 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
9765 		return -EOPNOTSUPP;
9766 
9767 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
9768 		cfg80211_rdev_free_coalesce(rdev);
9769 		rdev_set_coalesce(rdev, NULL);
9770 		return 0;
9771 	}
9772 
9773 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9774 			    rem_rule)
9775 		n_rules++;
9776 	if (n_rules > coalesce->n_rules)
9777 		return -EINVAL;
9778 
9779 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
9780 				     GFP_KERNEL);
9781 	if (!new_coalesce.rules)
9782 		return -ENOMEM;
9783 
9784 	new_coalesce.n_rules = n_rules;
9785 	i = 0;
9786 
9787 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9788 			    rem_rule) {
9789 		err = nl80211_parse_coalesce_rule(rdev, rule,
9790 						  &new_coalesce.rules[i]);
9791 		if (err)
9792 			goto error;
9793 
9794 		i++;
9795 	}
9796 
9797 	err = rdev_set_coalesce(rdev, &new_coalesce);
9798 	if (err)
9799 		goto error;
9800 
9801 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
9802 	if (!n_coalesce) {
9803 		err = -ENOMEM;
9804 		goto error;
9805 	}
9806 	cfg80211_rdev_free_coalesce(rdev);
9807 	rdev->coalesce = n_coalesce;
9808 
9809 	return 0;
9810 error:
9811 	for (i = 0; i < new_coalesce.n_rules; i++) {
9812 		tmp_rule = &new_coalesce.rules[i];
9813 		for (j = 0; j < tmp_rule->n_patterns; j++)
9814 			kfree(tmp_rule->patterns[j].mask);
9815 		kfree(tmp_rule->patterns);
9816 	}
9817 	kfree(new_coalesce.rules);
9818 
9819 	return err;
9820 }
9821 
9822 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
9823 {
9824 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9825 	struct net_device *dev = info->user_ptr[1];
9826 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9827 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
9828 	struct cfg80211_gtk_rekey_data rekey_data;
9829 	int err;
9830 
9831 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
9832 		return -EINVAL;
9833 
9834 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
9835 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
9836 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
9837 			nl80211_rekey_policy);
9838 	if (err)
9839 		return err;
9840 
9841 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
9842 		return -ERANGE;
9843 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
9844 		return -ERANGE;
9845 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
9846 		return -ERANGE;
9847 
9848 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
9849 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
9850 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
9851 
9852 	wdev_lock(wdev);
9853 	if (!wdev->current_bss) {
9854 		err = -ENOTCONN;
9855 		goto out;
9856 	}
9857 
9858 	if (!rdev->ops->set_rekey_data) {
9859 		err = -EOPNOTSUPP;
9860 		goto out;
9861 	}
9862 
9863 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
9864  out:
9865 	wdev_unlock(wdev);
9866 	return err;
9867 }
9868 
9869 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
9870 					     struct genl_info *info)
9871 {
9872 	struct net_device *dev = info->user_ptr[1];
9873 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9874 
9875 	if (wdev->iftype != NL80211_IFTYPE_AP &&
9876 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
9877 		return -EINVAL;
9878 
9879 	if (wdev->ap_unexpected_nlportid)
9880 		return -EBUSY;
9881 
9882 	wdev->ap_unexpected_nlportid = info->snd_portid;
9883 	return 0;
9884 }
9885 
9886 static int nl80211_probe_client(struct sk_buff *skb,
9887 				struct genl_info *info)
9888 {
9889 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9890 	struct net_device *dev = info->user_ptr[1];
9891 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9892 	struct sk_buff *msg;
9893 	void *hdr;
9894 	const u8 *addr;
9895 	u64 cookie;
9896 	int err;
9897 
9898 	if (wdev->iftype != NL80211_IFTYPE_AP &&
9899 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
9900 		return -EOPNOTSUPP;
9901 
9902 	if (!info->attrs[NL80211_ATTR_MAC])
9903 		return -EINVAL;
9904 
9905 	if (!rdev->ops->probe_client)
9906 		return -EOPNOTSUPP;
9907 
9908 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9909 	if (!msg)
9910 		return -ENOMEM;
9911 
9912 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9913 			     NL80211_CMD_PROBE_CLIENT);
9914 	if (!hdr) {
9915 		err = -ENOBUFS;
9916 		goto free_msg;
9917 	}
9918 
9919 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9920 
9921 	err = rdev_probe_client(rdev, dev, addr, &cookie);
9922 	if (err)
9923 		goto free_msg;
9924 
9925 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9926 		goto nla_put_failure;
9927 
9928 	genlmsg_end(msg, hdr);
9929 
9930 	return genlmsg_reply(msg, info);
9931 
9932  nla_put_failure:
9933 	err = -ENOBUFS;
9934  free_msg:
9935 	nlmsg_free(msg);
9936 	return err;
9937 }
9938 
9939 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
9940 {
9941 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9942 	struct cfg80211_beacon_registration *reg, *nreg;
9943 	int rv;
9944 
9945 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
9946 		return -EOPNOTSUPP;
9947 
9948 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
9949 	if (!nreg)
9950 		return -ENOMEM;
9951 
9952 	/* First, check if already registered. */
9953 	spin_lock_bh(&rdev->beacon_registrations_lock);
9954 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9955 		if (reg->nlportid == info->snd_portid) {
9956 			rv = -EALREADY;
9957 			goto out_err;
9958 		}
9959 	}
9960 	/* Add it to the list */
9961 	nreg->nlportid = info->snd_portid;
9962 	list_add(&nreg->list, &rdev->beacon_registrations);
9963 
9964 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9965 
9966 	return 0;
9967 out_err:
9968 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9969 	kfree(nreg);
9970 	return rv;
9971 }
9972 
9973 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
9974 {
9975 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9976 	struct wireless_dev *wdev = info->user_ptr[1];
9977 	int err;
9978 
9979 	if (!rdev->ops->start_p2p_device)
9980 		return -EOPNOTSUPP;
9981 
9982 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9983 		return -EOPNOTSUPP;
9984 
9985 	if (wdev->p2p_started)
9986 		return 0;
9987 
9988 	if (rfkill_blocked(rdev->rfkill))
9989 		return -ERFKILL;
9990 
9991 	err = rdev_start_p2p_device(rdev, wdev);
9992 	if (err)
9993 		return err;
9994 
9995 	wdev->p2p_started = true;
9996 	rdev->opencount++;
9997 
9998 	return 0;
9999 }
10000 
10001 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
10002 {
10003 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10004 	struct wireless_dev *wdev = info->user_ptr[1];
10005 
10006 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
10007 		return -EOPNOTSUPP;
10008 
10009 	if (!rdev->ops->stop_p2p_device)
10010 		return -EOPNOTSUPP;
10011 
10012 	cfg80211_stop_p2p_device(rdev, wdev);
10013 
10014 	return 0;
10015 }
10016 
10017 static int nl80211_get_protocol_features(struct sk_buff *skb,
10018 					 struct genl_info *info)
10019 {
10020 	void *hdr;
10021 	struct sk_buff *msg;
10022 
10023 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10024 	if (!msg)
10025 		return -ENOMEM;
10026 
10027 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10028 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
10029 	if (!hdr)
10030 		goto nla_put_failure;
10031 
10032 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
10033 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
10034 		goto nla_put_failure;
10035 
10036 	genlmsg_end(msg, hdr);
10037 	return genlmsg_reply(msg, info);
10038 
10039  nla_put_failure:
10040 	kfree_skb(msg);
10041 	return -ENOBUFS;
10042 }
10043 
10044 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
10045 {
10046 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10047 	struct cfg80211_update_ft_ies_params ft_params;
10048 	struct net_device *dev = info->user_ptr[1];
10049 
10050 	if (!rdev->ops->update_ft_ies)
10051 		return -EOPNOTSUPP;
10052 
10053 	if (!info->attrs[NL80211_ATTR_MDID] ||
10054 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
10055 		return -EINVAL;
10056 
10057 	memset(&ft_params, 0, sizeof(ft_params));
10058 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
10059 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10060 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10061 
10062 	return rdev_update_ft_ies(rdev, dev, &ft_params);
10063 }
10064 
10065 static int nl80211_crit_protocol_start(struct sk_buff *skb,
10066 				       struct genl_info *info)
10067 {
10068 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10069 	struct wireless_dev *wdev = info->user_ptr[1];
10070 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
10071 	u16 duration;
10072 	int ret;
10073 
10074 	if (!rdev->ops->crit_proto_start)
10075 		return -EOPNOTSUPP;
10076 
10077 	if (WARN_ON(!rdev->ops->crit_proto_stop))
10078 		return -EINVAL;
10079 
10080 	if (rdev->crit_proto_nlportid)
10081 		return -EBUSY;
10082 
10083 	/* determine protocol if provided */
10084 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
10085 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
10086 
10087 	if (proto >= NUM_NL80211_CRIT_PROTO)
10088 		return -EINVAL;
10089 
10090 	/* timeout must be provided */
10091 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
10092 		return -EINVAL;
10093 
10094 	duration =
10095 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
10096 
10097 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
10098 		return -ERANGE;
10099 
10100 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
10101 	if (!ret)
10102 		rdev->crit_proto_nlportid = info->snd_portid;
10103 
10104 	return ret;
10105 }
10106 
10107 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
10108 				      struct genl_info *info)
10109 {
10110 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10111 	struct wireless_dev *wdev = info->user_ptr[1];
10112 
10113 	if (!rdev->ops->crit_proto_stop)
10114 		return -EOPNOTSUPP;
10115 
10116 	if (rdev->crit_proto_nlportid) {
10117 		rdev->crit_proto_nlportid = 0;
10118 		rdev_crit_proto_stop(rdev, wdev);
10119 	}
10120 	return 0;
10121 }
10122 
10123 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
10124 {
10125 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10126 	struct wireless_dev *wdev =
10127 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
10128 	int i, err;
10129 	u32 vid, subcmd;
10130 
10131 	if (!rdev->wiphy.vendor_commands)
10132 		return -EOPNOTSUPP;
10133 
10134 	if (IS_ERR(wdev)) {
10135 		err = PTR_ERR(wdev);
10136 		if (err != -EINVAL)
10137 			return err;
10138 		wdev = NULL;
10139 	} else if (wdev->wiphy != &rdev->wiphy) {
10140 		return -EINVAL;
10141 	}
10142 
10143 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
10144 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
10145 		return -EINVAL;
10146 
10147 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
10148 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
10149 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
10150 		const struct wiphy_vendor_command *vcmd;
10151 		void *data = NULL;
10152 		int len = 0;
10153 
10154 		vcmd = &rdev->wiphy.vendor_commands[i];
10155 
10156 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10157 			continue;
10158 
10159 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10160 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10161 			if (!wdev)
10162 				return -EINVAL;
10163 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10164 			    !wdev->netdev)
10165 				return -EINVAL;
10166 
10167 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10168 				if (wdev->netdev &&
10169 				    !netif_running(wdev->netdev))
10170 					return -ENETDOWN;
10171 				if (!wdev->netdev && !wdev->p2p_started)
10172 					return -ENETDOWN;
10173 			}
10174 
10175 			if (!vcmd->doit)
10176 				return -EOPNOTSUPP;
10177 		} else {
10178 			wdev = NULL;
10179 		}
10180 
10181 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
10182 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10183 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
10184 		}
10185 
10186 		rdev->cur_cmd_info = info;
10187 		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
10188 							  data, len);
10189 		rdev->cur_cmd_info = NULL;
10190 		return err;
10191 	}
10192 
10193 	return -EOPNOTSUPP;
10194 }
10195 
10196 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
10197 				       struct netlink_callback *cb,
10198 				       struct cfg80211_registered_device **rdev,
10199 				       struct wireless_dev **wdev)
10200 {
10201 	u32 vid, subcmd;
10202 	unsigned int i;
10203 	int vcmd_idx = -1;
10204 	int err;
10205 	void *data = NULL;
10206 	unsigned int data_len = 0;
10207 
10208 	rtnl_lock();
10209 
10210 	if (cb->args[0]) {
10211 		/* subtract the 1 again here */
10212 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
10213 		struct wireless_dev *tmp;
10214 
10215 		if (!wiphy) {
10216 			err = -ENODEV;
10217 			goto out_unlock;
10218 		}
10219 		*rdev = wiphy_to_rdev(wiphy);
10220 		*wdev = NULL;
10221 
10222 		if (cb->args[1]) {
10223 			list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
10224 				if (tmp->identifier == cb->args[1] - 1) {
10225 					*wdev = tmp;
10226 					break;
10227 				}
10228 			}
10229 		}
10230 
10231 		/* keep rtnl locked in successful case */
10232 		return 0;
10233 	}
10234 
10235 	err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
10236 			  nl80211_fam.attrbuf, nl80211_fam.maxattr,
10237 			  nl80211_policy);
10238 	if (err)
10239 		goto out_unlock;
10240 
10241 	if (!nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID] ||
10242 	    !nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
10243 		err = -EINVAL;
10244 		goto out_unlock;
10245 	}
10246 
10247 	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
10248 					   nl80211_fam.attrbuf);
10249 	if (IS_ERR(*wdev))
10250 		*wdev = NULL;
10251 
10252 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
10253 					   nl80211_fam.attrbuf);
10254 	if (IS_ERR(*rdev)) {
10255 		err = PTR_ERR(*rdev);
10256 		goto out_unlock;
10257 	}
10258 
10259 	vid = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_ID]);
10260 	subcmd = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
10261 
10262 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
10263 		const struct wiphy_vendor_command *vcmd;
10264 
10265 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
10266 
10267 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
10268 			continue;
10269 
10270 		if (!vcmd->dumpit) {
10271 			err = -EOPNOTSUPP;
10272 			goto out_unlock;
10273 		}
10274 
10275 		vcmd_idx = i;
10276 		break;
10277 	}
10278 
10279 	if (vcmd_idx < 0) {
10280 		err = -EOPNOTSUPP;
10281 		goto out_unlock;
10282 	}
10283 
10284 	if (nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]) {
10285 		data = nla_data(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10286 		data_len = nla_len(nl80211_fam.attrbuf[NL80211_ATTR_VENDOR_DATA]);
10287 	}
10288 
10289 	/* 0 is the first index - add 1 to parse only once */
10290 	cb->args[0] = (*rdev)->wiphy_idx + 1;
10291 	/* add 1 to know if it was NULL */
10292 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
10293 	cb->args[2] = vcmd_idx;
10294 	cb->args[3] = (unsigned long)data;
10295 	cb->args[4] = data_len;
10296 
10297 	/* keep rtnl locked in successful case */
10298 	return 0;
10299  out_unlock:
10300 	rtnl_unlock();
10301 	return err;
10302 }
10303 
10304 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
10305 				   struct netlink_callback *cb)
10306 {
10307 	struct cfg80211_registered_device *rdev;
10308 	struct wireless_dev *wdev;
10309 	unsigned int vcmd_idx;
10310 	const struct wiphy_vendor_command *vcmd;
10311 	void *data;
10312 	int data_len;
10313 	int err;
10314 	struct nlattr *vendor_data;
10315 
10316 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
10317 	if (err)
10318 		return err;
10319 
10320 	vcmd_idx = cb->args[2];
10321 	data = (void *)cb->args[3];
10322 	data_len = cb->args[4];
10323 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
10324 
10325 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
10326 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
10327 		if (!wdev)
10328 			return -EINVAL;
10329 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
10330 		    !wdev->netdev)
10331 			return -EINVAL;
10332 
10333 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
10334 			if (wdev->netdev &&
10335 			    !netif_running(wdev->netdev))
10336 				return -ENETDOWN;
10337 			if (!wdev->netdev && !wdev->p2p_started)
10338 				return -ENETDOWN;
10339 		}
10340 	}
10341 
10342 	while (1) {
10343 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10344 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
10345 					   NL80211_CMD_VENDOR);
10346 		if (!hdr)
10347 			break;
10348 
10349 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10350 		    (wdev && nla_put_u64(skb, NL80211_ATTR_WDEV,
10351 					 wdev_id(wdev)))) {
10352 			genlmsg_cancel(skb, hdr);
10353 			break;
10354 		}
10355 
10356 		vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
10357 		if (!vendor_data) {
10358 			genlmsg_cancel(skb, hdr);
10359 			break;
10360 		}
10361 
10362 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
10363 				   (unsigned long *)&cb->args[5]);
10364 		nla_nest_end(skb, vendor_data);
10365 
10366 		if (err == -ENOBUFS || err == -ENOENT) {
10367 			genlmsg_cancel(skb, hdr);
10368 			break;
10369 		} else if (err) {
10370 			genlmsg_cancel(skb, hdr);
10371 			goto out;
10372 		}
10373 
10374 		genlmsg_end(skb, hdr);
10375 	}
10376 
10377 	err = skb->len;
10378  out:
10379 	rtnl_unlock();
10380 	return err;
10381 }
10382 
10383 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
10384 					   enum nl80211_commands cmd,
10385 					   enum nl80211_attrs attr,
10386 					   int approxlen)
10387 {
10388 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10389 
10390 	if (WARN_ON(!rdev->cur_cmd_info))
10391 		return NULL;
10392 
10393 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
10394 					   rdev->cur_cmd_info->snd_portid,
10395 					   rdev->cur_cmd_info->snd_seq,
10396 					   cmd, attr, NULL, GFP_KERNEL);
10397 }
10398 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
10399 
10400 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
10401 {
10402 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10403 	void *hdr = ((void **)skb->cb)[1];
10404 	struct nlattr *data = ((void **)skb->cb)[2];
10405 
10406 	/* clear CB data for netlink core to own from now on */
10407 	memset(skb->cb, 0, sizeof(skb->cb));
10408 
10409 	if (WARN_ON(!rdev->cur_cmd_info)) {
10410 		kfree_skb(skb);
10411 		return -EINVAL;
10412 	}
10413 
10414 	nla_nest_end(skb, data);
10415 	genlmsg_end(skb, hdr);
10416 	return genlmsg_reply(skb, rdev->cur_cmd_info);
10417 }
10418 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
10419 
10420 
10421 static int nl80211_set_qos_map(struct sk_buff *skb,
10422 			       struct genl_info *info)
10423 {
10424 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10425 	struct cfg80211_qos_map *qos_map = NULL;
10426 	struct net_device *dev = info->user_ptr[1];
10427 	u8 *pos, len, num_des, des_len, des;
10428 	int ret;
10429 
10430 	if (!rdev->ops->set_qos_map)
10431 		return -EOPNOTSUPP;
10432 
10433 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
10434 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
10435 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
10436 
10437 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
10438 		    len > IEEE80211_QOS_MAP_LEN_MAX)
10439 			return -EINVAL;
10440 
10441 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
10442 		if (!qos_map)
10443 			return -ENOMEM;
10444 
10445 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
10446 		if (num_des) {
10447 			des_len = num_des *
10448 				sizeof(struct cfg80211_dscp_exception);
10449 			memcpy(qos_map->dscp_exception, pos, des_len);
10450 			qos_map->num_des = num_des;
10451 			for (des = 0; des < num_des; des++) {
10452 				if (qos_map->dscp_exception[des].up > 7) {
10453 					kfree(qos_map);
10454 					return -EINVAL;
10455 				}
10456 			}
10457 			pos += des_len;
10458 		}
10459 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
10460 	}
10461 
10462 	wdev_lock(dev->ieee80211_ptr);
10463 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
10464 	if (!ret)
10465 		ret = rdev_set_qos_map(rdev, dev, qos_map);
10466 	wdev_unlock(dev->ieee80211_ptr);
10467 
10468 	kfree(qos_map);
10469 	return ret;
10470 }
10471 
10472 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
10473 {
10474 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10475 	struct net_device *dev = info->user_ptr[1];
10476 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10477 	const u8 *peer;
10478 	u8 tsid, up;
10479 	u16 admitted_time = 0;
10480 	int err;
10481 
10482 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
10483 		return -EOPNOTSUPP;
10484 
10485 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
10486 	    !info->attrs[NL80211_ATTR_USER_PRIO])
10487 		return -EINVAL;
10488 
10489 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10490 	if (tsid >= IEEE80211_NUM_TIDS)
10491 		return -EINVAL;
10492 
10493 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
10494 	if (up >= IEEE80211_NUM_UPS)
10495 		return -EINVAL;
10496 
10497 	/* WMM uses TIDs 0-7 even for TSPEC */
10498 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
10499 		/* TODO: handle 802.11 TSPEC/admission control
10500 		 * need more attributes for that (e.g. BA session requirement);
10501 		 * change the WMM adminssion test above to allow both then
10502 		 */
10503 		return -EINVAL;
10504 	}
10505 
10506 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10507 
10508 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
10509 		admitted_time =
10510 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
10511 		if (!admitted_time)
10512 			return -EINVAL;
10513 	}
10514 
10515 	wdev_lock(wdev);
10516 	switch (wdev->iftype) {
10517 	case NL80211_IFTYPE_STATION:
10518 	case NL80211_IFTYPE_P2P_CLIENT:
10519 		if (wdev->current_bss)
10520 			break;
10521 		err = -ENOTCONN;
10522 		goto out;
10523 	default:
10524 		err = -EOPNOTSUPP;
10525 		goto out;
10526 	}
10527 
10528 	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
10529 
10530  out:
10531 	wdev_unlock(wdev);
10532 	return err;
10533 }
10534 
10535 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
10536 {
10537 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10538 	struct net_device *dev = info->user_ptr[1];
10539 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10540 	const u8 *peer;
10541 	u8 tsid;
10542 	int err;
10543 
10544 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
10545 		return -EINVAL;
10546 
10547 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10548 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10549 
10550 	wdev_lock(wdev);
10551 	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
10552 	wdev_unlock(wdev);
10553 
10554 	return err;
10555 }
10556 
10557 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
10558 				       struct genl_info *info)
10559 {
10560 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10561 	struct net_device *dev = info->user_ptr[1];
10562 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10563 	struct cfg80211_chan_def chandef = {};
10564 	const u8 *addr;
10565 	u8 oper_class;
10566 	int err;
10567 
10568 	if (!rdev->ops->tdls_channel_switch ||
10569 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10570 		return -EOPNOTSUPP;
10571 
10572 	switch (dev->ieee80211_ptr->iftype) {
10573 	case NL80211_IFTYPE_STATION:
10574 	case NL80211_IFTYPE_P2P_CLIENT:
10575 		break;
10576 	default:
10577 		return -EOPNOTSUPP;
10578 	}
10579 
10580 	if (!info->attrs[NL80211_ATTR_MAC] ||
10581 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
10582 		return -EINVAL;
10583 
10584 	err = nl80211_parse_chandef(rdev, info, &chandef);
10585 	if (err)
10586 		return err;
10587 
10588 	/*
10589 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
10590 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
10591 	 * specification is not defined for them.
10592 	 */
10593 	if (chandef.chan->band == IEEE80211_BAND_2GHZ &&
10594 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
10595 	    chandef.width != NL80211_CHAN_WIDTH_20)
10596 		return -EINVAL;
10597 
10598 	/* we will be active on the TDLS link */
10599 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
10600 					   wdev->iftype))
10601 		return -EINVAL;
10602 
10603 	/* don't allow switching to DFS channels */
10604 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
10605 		return -EINVAL;
10606 
10607 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10608 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
10609 
10610 	wdev_lock(wdev);
10611 	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
10612 	wdev_unlock(wdev);
10613 
10614 	return err;
10615 }
10616 
10617 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
10618 					      struct genl_info *info)
10619 {
10620 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10621 	struct net_device *dev = info->user_ptr[1];
10622 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10623 	const u8 *addr;
10624 
10625 	if (!rdev->ops->tdls_channel_switch ||
10626 	    !rdev->ops->tdls_cancel_channel_switch ||
10627 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10628 		return -EOPNOTSUPP;
10629 
10630 	switch (dev->ieee80211_ptr->iftype) {
10631 	case NL80211_IFTYPE_STATION:
10632 	case NL80211_IFTYPE_P2P_CLIENT:
10633 		break;
10634 	default:
10635 		return -EOPNOTSUPP;
10636 	}
10637 
10638 	if (!info->attrs[NL80211_ATTR_MAC])
10639 		return -EINVAL;
10640 
10641 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10642 
10643 	wdev_lock(wdev);
10644 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
10645 	wdev_unlock(wdev);
10646 
10647 	return 0;
10648 }
10649 
10650 #define NL80211_FLAG_NEED_WIPHY		0x01
10651 #define NL80211_FLAG_NEED_NETDEV	0x02
10652 #define NL80211_FLAG_NEED_RTNL		0x04
10653 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
10654 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
10655 					 NL80211_FLAG_CHECK_NETDEV_UP)
10656 #define NL80211_FLAG_NEED_WDEV		0x10
10657 /* If a netdev is associated, it must be UP, P2P must be started */
10658 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
10659 					 NL80211_FLAG_CHECK_NETDEV_UP)
10660 #define NL80211_FLAG_CLEAR_SKB		0x20
10661 
10662 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
10663 			    struct genl_info *info)
10664 {
10665 	struct cfg80211_registered_device *rdev;
10666 	struct wireless_dev *wdev;
10667 	struct net_device *dev;
10668 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
10669 
10670 	if (rtnl)
10671 		rtnl_lock();
10672 
10673 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
10674 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
10675 		if (IS_ERR(rdev)) {
10676 			if (rtnl)
10677 				rtnl_unlock();
10678 			return PTR_ERR(rdev);
10679 		}
10680 		info->user_ptr[0] = rdev;
10681 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
10682 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10683 		ASSERT_RTNL();
10684 
10685 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
10686 						  info->attrs);
10687 		if (IS_ERR(wdev)) {
10688 			if (rtnl)
10689 				rtnl_unlock();
10690 			return PTR_ERR(wdev);
10691 		}
10692 
10693 		dev = wdev->netdev;
10694 		rdev = wiphy_to_rdev(wdev->wiphy);
10695 
10696 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
10697 			if (!dev) {
10698 				if (rtnl)
10699 					rtnl_unlock();
10700 				return -EINVAL;
10701 			}
10702 
10703 			info->user_ptr[1] = dev;
10704 		} else {
10705 			info->user_ptr[1] = wdev;
10706 		}
10707 
10708 		if (dev) {
10709 			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
10710 			    !netif_running(dev)) {
10711 				if (rtnl)
10712 					rtnl_unlock();
10713 				return -ENETDOWN;
10714 			}
10715 
10716 			dev_hold(dev);
10717 		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
10718 			if (!wdev->p2p_started) {
10719 				if (rtnl)
10720 					rtnl_unlock();
10721 				return -ENETDOWN;
10722 			}
10723 		}
10724 
10725 		info->user_ptr[0] = rdev;
10726 	}
10727 
10728 	return 0;
10729 }
10730 
10731 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
10732 			      struct genl_info *info)
10733 {
10734 	if (info->user_ptr[1]) {
10735 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10736 			struct wireless_dev *wdev = info->user_ptr[1];
10737 
10738 			if (wdev->netdev)
10739 				dev_put(wdev->netdev);
10740 		} else {
10741 			dev_put(info->user_ptr[1]);
10742 		}
10743 	}
10744 
10745 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
10746 		rtnl_unlock();
10747 
10748 	/* If needed, clear the netlink message payload from the SKB
10749 	 * as it might contain key data that shouldn't stick around on
10750 	 * the heap after the SKB is freed. The netlink message header
10751 	 * is still needed for further processing, so leave it intact.
10752 	 */
10753 	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
10754 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
10755 
10756 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
10757 	}
10758 }
10759 
10760 static const struct genl_ops nl80211_ops[] = {
10761 	{
10762 		.cmd = NL80211_CMD_GET_WIPHY,
10763 		.doit = nl80211_get_wiphy,
10764 		.dumpit = nl80211_dump_wiphy,
10765 		.done = nl80211_dump_wiphy_done,
10766 		.policy = nl80211_policy,
10767 		/* can be retrieved by unprivileged users */
10768 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10769 				  NL80211_FLAG_NEED_RTNL,
10770 	},
10771 	{
10772 		.cmd = NL80211_CMD_SET_WIPHY,
10773 		.doit = nl80211_set_wiphy,
10774 		.policy = nl80211_policy,
10775 		.flags = GENL_ADMIN_PERM,
10776 		.internal_flags = NL80211_FLAG_NEED_RTNL,
10777 	},
10778 	{
10779 		.cmd = NL80211_CMD_GET_INTERFACE,
10780 		.doit = nl80211_get_interface,
10781 		.dumpit = nl80211_dump_interface,
10782 		.policy = nl80211_policy,
10783 		/* can be retrieved by unprivileged users */
10784 		.internal_flags = NL80211_FLAG_NEED_WDEV |
10785 				  NL80211_FLAG_NEED_RTNL,
10786 	},
10787 	{
10788 		.cmd = NL80211_CMD_SET_INTERFACE,
10789 		.doit = nl80211_set_interface,
10790 		.policy = nl80211_policy,
10791 		.flags = GENL_ADMIN_PERM,
10792 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10793 				  NL80211_FLAG_NEED_RTNL,
10794 	},
10795 	{
10796 		.cmd = NL80211_CMD_NEW_INTERFACE,
10797 		.doit = nl80211_new_interface,
10798 		.policy = nl80211_policy,
10799 		.flags = GENL_ADMIN_PERM,
10800 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10801 				  NL80211_FLAG_NEED_RTNL,
10802 	},
10803 	{
10804 		.cmd = NL80211_CMD_DEL_INTERFACE,
10805 		.doit = nl80211_del_interface,
10806 		.policy = nl80211_policy,
10807 		.flags = GENL_ADMIN_PERM,
10808 		.internal_flags = NL80211_FLAG_NEED_WDEV |
10809 				  NL80211_FLAG_NEED_RTNL,
10810 	},
10811 	{
10812 		.cmd = NL80211_CMD_GET_KEY,
10813 		.doit = nl80211_get_key,
10814 		.policy = nl80211_policy,
10815 		.flags = GENL_ADMIN_PERM,
10816 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10817 				  NL80211_FLAG_NEED_RTNL,
10818 	},
10819 	{
10820 		.cmd = NL80211_CMD_SET_KEY,
10821 		.doit = nl80211_set_key,
10822 		.policy = nl80211_policy,
10823 		.flags = GENL_ADMIN_PERM,
10824 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10825 				  NL80211_FLAG_NEED_RTNL |
10826 				  NL80211_FLAG_CLEAR_SKB,
10827 	},
10828 	{
10829 		.cmd = NL80211_CMD_NEW_KEY,
10830 		.doit = nl80211_new_key,
10831 		.policy = nl80211_policy,
10832 		.flags = GENL_ADMIN_PERM,
10833 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10834 				  NL80211_FLAG_NEED_RTNL |
10835 				  NL80211_FLAG_CLEAR_SKB,
10836 	},
10837 	{
10838 		.cmd = NL80211_CMD_DEL_KEY,
10839 		.doit = nl80211_del_key,
10840 		.policy = nl80211_policy,
10841 		.flags = GENL_ADMIN_PERM,
10842 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10843 				  NL80211_FLAG_NEED_RTNL,
10844 	},
10845 	{
10846 		.cmd = NL80211_CMD_SET_BEACON,
10847 		.policy = nl80211_policy,
10848 		.flags = GENL_ADMIN_PERM,
10849 		.doit = nl80211_set_beacon,
10850 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10851 				  NL80211_FLAG_NEED_RTNL,
10852 	},
10853 	{
10854 		.cmd = NL80211_CMD_START_AP,
10855 		.policy = nl80211_policy,
10856 		.flags = GENL_ADMIN_PERM,
10857 		.doit = nl80211_start_ap,
10858 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10859 				  NL80211_FLAG_NEED_RTNL,
10860 	},
10861 	{
10862 		.cmd = NL80211_CMD_STOP_AP,
10863 		.policy = nl80211_policy,
10864 		.flags = GENL_ADMIN_PERM,
10865 		.doit = nl80211_stop_ap,
10866 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10867 				  NL80211_FLAG_NEED_RTNL,
10868 	},
10869 	{
10870 		.cmd = NL80211_CMD_GET_STATION,
10871 		.doit = nl80211_get_station,
10872 		.dumpit = nl80211_dump_station,
10873 		.policy = nl80211_policy,
10874 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10875 				  NL80211_FLAG_NEED_RTNL,
10876 	},
10877 	{
10878 		.cmd = NL80211_CMD_SET_STATION,
10879 		.doit = nl80211_set_station,
10880 		.policy = nl80211_policy,
10881 		.flags = GENL_ADMIN_PERM,
10882 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10883 				  NL80211_FLAG_NEED_RTNL,
10884 	},
10885 	{
10886 		.cmd = NL80211_CMD_NEW_STATION,
10887 		.doit = nl80211_new_station,
10888 		.policy = nl80211_policy,
10889 		.flags = GENL_ADMIN_PERM,
10890 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10891 				  NL80211_FLAG_NEED_RTNL,
10892 	},
10893 	{
10894 		.cmd = NL80211_CMD_DEL_STATION,
10895 		.doit = nl80211_del_station,
10896 		.policy = nl80211_policy,
10897 		.flags = GENL_ADMIN_PERM,
10898 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10899 				  NL80211_FLAG_NEED_RTNL,
10900 	},
10901 	{
10902 		.cmd = NL80211_CMD_GET_MPATH,
10903 		.doit = nl80211_get_mpath,
10904 		.dumpit = nl80211_dump_mpath,
10905 		.policy = nl80211_policy,
10906 		.flags = GENL_ADMIN_PERM,
10907 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10908 				  NL80211_FLAG_NEED_RTNL,
10909 	},
10910 	{
10911 		.cmd = NL80211_CMD_GET_MPP,
10912 		.doit = nl80211_get_mpp,
10913 		.dumpit = nl80211_dump_mpp,
10914 		.policy = nl80211_policy,
10915 		.flags = GENL_ADMIN_PERM,
10916 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10917 				  NL80211_FLAG_NEED_RTNL,
10918 	},
10919 	{
10920 		.cmd = NL80211_CMD_SET_MPATH,
10921 		.doit = nl80211_set_mpath,
10922 		.policy = nl80211_policy,
10923 		.flags = GENL_ADMIN_PERM,
10924 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10925 				  NL80211_FLAG_NEED_RTNL,
10926 	},
10927 	{
10928 		.cmd = NL80211_CMD_NEW_MPATH,
10929 		.doit = nl80211_new_mpath,
10930 		.policy = nl80211_policy,
10931 		.flags = GENL_ADMIN_PERM,
10932 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10933 				  NL80211_FLAG_NEED_RTNL,
10934 	},
10935 	{
10936 		.cmd = NL80211_CMD_DEL_MPATH,
10937 		.doit = nl80211_del_mpath,
10938 		.policy = nl80211_policy,
10939 		.flags = GENL_ADMIN_PERM,
10940 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10941 				  NL80211_FLAG_NEED_RTNL,
10942 	},
10943 	{
10944 		.cmd = NL80211_CMD_SET_BSS,
10945 		.doit = nl80211_set_bss,
10946 		.policy = nl80211_policy,
10947 		.flags = GENL_ADMIN_PERM,
10948 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10949 				  NL80211_FLAG_NEED_RTNL,
10950 	},
10951 	{
10952 		.cmd = NL80211_CMD_GET_REG,
10953 		.doit = nl80211_get_reg_do,
10954 		.dumpit = nl80211_get_reg_dump,
10955 		.policy = nl80211_policy,
10956 		.internal_flags = NL80211_FLAG_NEED_RTNL,
10957 		/* can be retrieved by unprivileged users */
10958 	},
10959 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
10960 	{
10961 		.cmd = NL80211_CMD_SET_REG,
10962 		.doit = nl80211_set_reg,
10963 		.policy = nl80211_policy,
10964 		.flags = GENL_ADMIN_PERM,
10965 		.internal_flags = NL80211_FLAG_NEED_RTNL,
10966 	},
10967 #endif
10968 	{
10969 		.cmd = NL80211_CMD_REQ_SET_REG,
10970 		.doit = nl80211_req_set_reg,
10971 		.policy = nl80211_policy,
10972 		.flags = GENL_ADMIN_PERM,
10973 	},
10974 	{
10975 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
10976 		.doit = nl80211_get_mesh_config,
10977 		.policy = nl80211_policy,
10978 		/* can be retrieved by unprivileged users */
10979 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10980 				  NL80211_FLAG_NEED_RTNL,
10981 	},
10982 	{
10983 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
10984 		.doit = nl80211_update_mesh_config,
10985 		.policy = nl80211_policy,
10986 		.flags = GENL_ADMIN_PERM,
10987 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10988 				  NL80211_FLAG_NEED_RTNL,
10989 	},
10990 	{
10991 		.cmd = NL80211_CMD_TRIGGER_SCAN,
10992 		.doit = nl80211_trigger_scan,
10993 		.policy = nl80211_policy,
10994 		.flags = GENL_ADMIN_PERM,
10995 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10996 				  NL80211_FLAG_NEED_RTNL,
10997 	},
10998 	{
10999 		.cmd = NL80211_CMD_ABORT_SCAN,
11000 		.doit = nl80211_abort_scan,
11001 		.policy = nl80211_policy,
11002 		.flags = GENL_ADMIN_PERM,
11003 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11004 				  NL80211_FLAG_NEED_RTNL,
11005 	},
11006 	{
11007 		.cmd = NL80211_CMD_GET_SCAN,
11008 		.policy = nl80211_policy,
11009 		.dumpit = nl80211_dump_scan,
11010 	},
11011 	{
11012 		.cmd = NL80211_CMD_START_SCHED_SCAN,
11013 		.doit = nl80211_start_sched_scan,
11014 		.policy = nl80211_policy,
11015 		.flags = GENL_ADMIN_PERM,
11016 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11017 				  NL80211_FLAG_NEED_RTNL,
11018 	},
11019 	{
11020 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
11021 		.doit = nl80211_stop_sched_scan,
11022 		.policy = nl80211_policy,
11023 		.flags = GENL_ADMIN_PERM,
11024 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11025 				  NL80211_FLAG_NEED_RTNL,
11026 	},
11027 	{
11028 		.cmd = NL80211_CMD_AUTHENTICATE,
11029 		.doit = nl80211_authenticate,
11030 		.policy = nl80211_policy,
11031 		.flags = GENL_ADMIN_PERM,
11032 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11033 				  NL80211_FLAG_NEED_RTNL |
11034 				  NL80211_FLAG_CLEAR_SKB,
11035 	},
11036 	{
11037 		.cmd = NL80211_CMD_ASSOCIATE,
11038 		.doit = nl80211_associate,
11039 		.policy = nl80211_policy,
11040 		.flags = GENL_ADMIN_PERM,
11041 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11042 				  NL80211_FLAG_NEED_RTNL,
11043 	},
11044 	{
11045 		.cmd = NL80211_CMD_DEAUTHENTICATE,
11046 		.doit = nl80211_deauthenticate,
11047 		.policy = nl80211_policy,
11048 		.flags = GENL_ADMIN_PERM,
11049 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11050 				  NL80211_FLAG_NEED_RTNL,
11051 	},
11052 	{
11053 		.cmd = NL80211_CMD_DISASSOCIATE,
11054 		.doit = nl80211_disassociate,
11055 		.policy = nl80211_policy,
11056 		.flags = GENL_ADMIN_PERM,
11057 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11058 				  NL80211_FLAG_NEED_RTNL,
11059 	},
11060 	{
11061 		.cmd = NL80211_CMD_JOIN_IBSS,
11062 		.doit = nl80211_join_ibss,
11063 		.policy = nl80211_policy,
11064 		.flags = GENL_ADMIN_PERM,
11065 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11066 				  NL80211_FLAG_NEED_RTNL,
11067 	},
11068 	{
11069 		.cmd = NL80211_CMD_LEAVE_IBSS,
11070 		.doit = nl80211_leave_ibss,
11071 		.policy = nl80211_policy,
11072 		.flags = GENL_ADMIN_PERM,
11073 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11074 				  NL80211_FLAG_NEED_RTNL,
11075 	},
11076 #ifdef CONFIG_NL80211_TESTMODE
11077 	{
11078 		.cmd = NL80211_CMD_TESTMODE,
11079 		.doit = nl80211_testmode_do,
11080 		.dumpit = nl80211_testmode_dump,
11081 		.policy = nl80211_policy,
11082 		.flags = GENL_ADMIN_PERM,
11083 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11084 				  NL80211_FLAG_NEED_RTNL,
11085 	},
11086 #endif
11087 	{
11088 		.cmd = NL80211_CMD_CONNECT,
11089 		.doit = nl80211_connect,
11090 		.policy = nl80211_policy,
11091 		.flags = GENL_ADMIN_PERM,
11092 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11093 				  NL80211_FLAG_NEED_RTNL,
11094 	},
11095 	{
11096 		.cmd = NL80211_CMD_DISCONNECT,
11097 		.doit = nl80211_disconnect,
11098 		.policy = nl80211_policy,
11099 		.flags = GENL_ADMIN_PERM,
11100 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11101 				  NL80211_FLAG_NEED_RTNL,
11102 	},
11103 	{
11104 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
11105 		.doit = nl80211_wiphy_netns,
11106 		.policy = nl80211_policy,
11107 		.flags = GENL_ADMIN_PERM,
11108 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11109 				  NL80211_FLAG_NEED_RTNL,
11110 	},
11111 	{
11112 		.cmd = NL80211_CMD_GET_SURVEY,
11113 		.policy = nl80211_policy,
11114 		.dumpit = nl80211_dump_survey,
11115 	},
11116 	{
11117 		.cmd = NL80211_CMD_SET_PMKSA,
11118 		.doit = nl80211_setdel_pmksa,
11119 		.policy = nl80211_policy,
11120 		.flags = GENL_ADMIN_PERM,
11121 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11122 				  NL80211_FLAG_NEED_RTNL,
11123 	},
11124 	{
11125 		.cmd = NL80211_CMD_DEL_PMKSA,
11126 		.doit = nl80211_setdel_pmksa,
11127 		.policy = nl80211_policy,
11128 		.flags = GENL_ADMIN_PERM,
11129 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11130 				  NL80211_FLAG_NEED_RTNL,
11131 	},
11132 	{
11133 		.cmd = NL80211_CMD_FLUSH_PMKSA,
11134 		.doit = nl80211_flush_pmksa,
11135 		.policy = nl80211_policy,
11136 		.flags = GENL_ADMIN_PERM,
11137 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11138 				  NL80211_FLAG_NEED_RTNL,
11139 	},
11140 	{
11141 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
11142 		.doit = nl80211_remain_on_channel,
11143 		.policy = nl80211_policy,
11144 		.flags = GENL_ADMIN_PERM,
11145 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11146 				  NL80211_FLAG_NEED_RTNL,
11147 	},
11148 	{
11149 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
11150 		.doit = nl80211_cancel_remain_on_channel,
11151 		.policy = nl80211_policy,
11152 		.flags = GENL_ADMIN_PERM,
11153 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11154 				  NL80211_FLAG_NEED_RTNL,
11155 	},
11156 	{
11157 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
11158 		.doit = nl80211_set_tx_bitrate_mask,
11159 		.policy = nl80211_policy,
11160 		.flags = GENL_ADMIN_PERM,
11161 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11162 				  NL80211_FLAG_NEED_RTNL,
11163 	},
11164 	{
11165 		.cmd = NL80211_CMD_REGISTER_FRAME,
11166 		.doit = nl80211_register_mgmt,
11167 		.policy = nl80211_policy,
11168 		.flags = GENL_ADMIN_PERM,
11169 		.internal_flags = NL80211_FLAG_NEED_WDEV |
11170 				  NL80211_FLAG_NEED_RTNL,
11171 	},
11172 	{
11173 		.cmd = NL80211_CMD_FRAME,
11174 		.doit = nl80211_tx_mgmt,
11175 		.policy = nl80211_policy,
11176 		.flags = GENL_ADMIN_PERM,
11177 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11178 				  NL80211_FLAG_NEED_RTNL,
11179 	},
11180 	{
11181 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
11182 		.doit = nl80211_tx_mgmt_cancel_wait,
11183 		.policy = nl80211_policy,
11184 		.flags = GENL_ADMIN_PERM,
11185 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11186 				  NL80211_FLAG_NEED_RTNL,
11187 	},
11188 	{
11189 		.cmd = NL80211_CMD_SET_POWER_SAVE,
11190 		.doit = nl80211_set_power_save,
11191 		.policy = nl80211_policy,
11192 		.flags = GENL_ADMIN_PERM,
11193 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11194 				  NL80211_FLAG_NEED_RTNL,
11195 	},
11196 	{
11197 		.cmd = NL80211_CMD_GET_POWER_SAVE,
11198 		.doit = nl80211_get_power_save,
11199 		.policy = nl80211_policy,
11200 		/* can be retrieved by unprivileged users */
11201 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11202 				  NL80211_FLAG_NEED_RTNL,
11203 	},
11204 	{
11205 		.cmd = NL80211_CMD_SET_CQM,
11206 		.doit = nl80211_set_cqm,
11207 		.policy = nl80211_policy,
11208 		.flags = GENL_ADMIN_PERM,
11209 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11210 				  NL80211_FLAG_NEED_RTNL,
11211 	},
11212 	{
11213 		.cmd = NL80211_CMD_SET_CHANNEL,
11214 		.doit = nl80211_set_channel,
11215 		.policy = nl80211_policy,
11216 		.flags = GENL_ADMIN_PERM,
11217 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11218 				  NL80211_FLAG_NEED_RTNL,
11219 	},
11220 	{
11221 		.cmd = NL80211_CMD_SET_WDS_PEER,
11222 		.doit = nl80211_set_wds_peer,
11223 		.policy = nl80211_policy,
11224 		.flags = GENL_ADMIN_PERM,
11225 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11226 				  NL80211_FLAG_NEED_RTNL,
11227 	},
11228 	{
11229 		.cmd = NL80211_CMD_JOIN_MESH,
11230 		.doit = nl80211_join_mesh,
11231 		.policy = nl80211_policy,
11232 		.flags = GENL_ADMIN_PERM,
11233 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11234 				  NL80211_FLAG_NEED_RTNL,
11235 	},
11236 	{
11237 		.cmd = NL80211_CMD_LEAVE_MESH,
11238 		.doit = nl80211_leave_mesh,
11239 		.policy = nl80211_policy,
11240 		.flags = GENL_ADMIN_PERM,
11241 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11242 				  NL80211_FLAG_NEED_RTNL,
11243 	},
11244 	{
11245 		.cmd = NL80211_CMD_JOIN_OCB,
11246 		.doit = nl80211_join_ocb,
11247 		.policy = nl80211_policy,
11248 		.flags = GENL_ADMIN_PERM,
11249 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11250 				  NL80211_FLAG_NEED_RTNL,
11251 	},
11252 	{
11253 		.cmd = NL80211_CMD_LEAVE_OCB,
11254 		.doit = nl80211_leave_ocb,
11255 		.policy = nl80211_policy,
11256 		.flags = GENL_ADMIN_PERM,
11257 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11258 				  NL80211_FLAG_NEED_RTNL,
11259 	},
11260 #ifdef CONFIG_PM
11261 	{
11262 		.cmd = NL80211_CMD_GET_WOWLAN,
11263 		.doit = nl80211_get_wowlan,
11264 		.policy = nl80211_policy,
11265 		/* can be retrieved by unprivileged users */
11266 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11267 				  NL80211_FLAG_NEED_RTNL,
11268 	},
11269 	{
11270 		.cmd = NL80211_CMD_SET_WOWLAN,
11271 		.doit = nl80211_set_wowlan,
11272 		.policy = nl80211_policy,
11273 		.flags = GENL_ADMIN_PERM,
11274 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11275 				  NL80211_FLAG_NEED_RTNL,
11276 	},
11277 #endif
11278 	{
11279 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
11280 		.doit = nl80211_set_rekey_data,
11281 		.policy = nl80211_policy,
11282 		.flags = GENL_ADMIN_PERM,
11283 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11284 				  NL80211_FLAG_NEED_RTNL |
11285 				  NL80211_FLAG_CLEAR_SKB,
11286 	},
11287 	{
11288 		.cmd = NL80211_CMD_TDLS_MGMT,
11289 		.doit = nl80211_tdls_mgmt,
11290 		.policy = nl80211_policy,
11291 		.flags = GENL_ADMIN_PERM,
11292 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11293 				  NL80211_FLAG_NEED_RTNL,
11294 	},
11295 	{
11296 		.cmd = NL80211_CMD_TDLS_OPER,
11297 		.doit = nl80211_tdls_oper,
11298 		.policy = nl80211_policy,
11299 		.flags = GENL_ADMIN_PERM,
11300 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11301 				  NL80211_FLAG_NEED_RTNL,
11302 	},
11303 	{
11304 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
11305 		.doit = nl80211_register_unexpected_frame,
11306 		.policy = nl80211_policy,
11307 		.flags = GENL_ADMIN_PERM,
11308 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11309 				  NL80211_FLAG_NEED_RTNL,
11310 	},
11311 	{
11312 		.cmd = NL80211_CMD_PROBE_CLIENT,
11313 		.doit = nl80211_probe_client,
11314 		.policy = nl80211_policy,
11315 		.flags = GENL_ADMIN_PERM,
11316 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11317 				  NL80211_FLAG_NEED_RTNL,
11318 	},
11319 	{
11320 		.cmd = NL80211_CMD_REGISTER_BEACONS,
11321 		.doit = nl80211_register_beacons,
11322 		.policy = nl80211_policy,
11323 		.flags = GENL_ADMIN_PERM,
11324 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11325 				  NL80211_FLAG_NEED_RTNL,
11326 	},
11327 	{
11328 		.cmd = NL80211_CMD_SET_NOACK_MAP,
11329 		.doit = nl80211_set_noack_map,
11330 		.policy = nl80211_policy,
11331 		.flags = GENL_ADMIN_PERM,
11332 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11333 				  NL80211_FLAG_NEED_RTNL,
11334 	},
11335 	{
11336 		.cmd = NL80211_CMD_START_P2P_DEVICE,
11337 		.doit = nl80211_start_p2p_device,
11338 		.policy = nl80211_policy,
11339 		.flags = GENL_ADMIN_PERM,
11340 		.internal_flags = NL80211_FLAG_NEED_WDEV |
11341 				  NL80211_FLAG_NEED_RTNL,
11342 	},
11343 	{
11344 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
11345 		.doit = nl80211_stop_p2p_device,
11346 		.policy = nl80211_policy,
11347 		.flags = GENL_ADMIN_PERM,
11348 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11349 				  NL80211_FLAG_NEED_RTNL,
11350 	},
11351 	{
11352 		.cmd = NL80211_CMD_SET_MCAST_RATE,
11353 		.doit = nl80211_set_mcast_rate,
11354 		.policy = nl80211_policy,
11355 		.flags = GENL_ADMIN_PERM,
11356 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11357 				  NL80211_FLAG_NEED_RTNL,
11358 	},
11359 	{
11360 		.cmd = NL80211_CMD_SET_MAC_ACL,
11361 		.doit = nl80211_set_mac_acl,
11362 		.policy = nl80211_policy,
11363 		.flags = GENL_ADMIN_PERM,
11364 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
11365 				  NL80211_FLAG_NEED_RTNL,
11366 	},
11367 	{
11368 		.cmd = NL80211_CMD_RADAR_DETECT,
11369 		.doit = nl80211_start_radar_detection,
11370 		.policy = nl80211_policy,
11371 		.flags = GENL_ADMIN_PERM,
11372 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11373 				  NL80211_FLAG_NEED_RTNL,
11374 	},
11375 	{
11376 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
11377 		.doit = nl80211_get_protocol_features,
11378 		.policy = nl80211_policy,
11379 	},
11380 	{
11381 		.cmd = NL80211_CMD_UPDATE_FT_IES,
11382 		.doit = nl80211_update_ft_ies,
11383 		.policy = nl80211_policy,
11384 		.flags = GENL_ADMIN_PERM,
11385 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11386 				  NL80211_FLAG_NEED_RTNL,
11387 	},
11388 	{
11389 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
11390 		.doit = nl80211_crit_protocol_start,
11391 		.policy = nl80211_policy,
11392 		.flags = GENL_ADMIN_PERM,
11393 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11394 				  NL80211_FLAG_NEED_RTNL,
11395 	},
11396 	{
11397 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
11398 		.doit = nl80211_crit_protocol_stop,
11399 		.policy = nl80211_policy,
11400 		.flags = GENL_ADMIN_PERM,
11401 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
11402 				  NL80211_FLAG_NEED_RTNL,
11403 	},
11404 	{
11405 		.cmd = NL80211_CMD_GET_COALESCE,
11406 		.doit = nl80211_get_coalesce,
11407 		.policy = nl80211_policy,
11408 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11409 				  NL80211_FLAG_NEED_RTNL,
11410 	},
11411 	{
11412 		.cmd = NL80211_CMD_SET_COALESCE,
11413 		.doit = nl80211_set_coalesce,
11414 		.policy = nl80211_policy,
11415 		.flags = GENL_ADMIN_PERM,
11416 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11417 				  NL80211_FLAG_NEED_RTNL,
11418 	},
11419 	{
11420 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
11421 		.doit = nl80211_channel_switch,
11422 		.policy = nl80211_policy,
11423 		.flags = GENL_ADMIN_PERM,
11424 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11425 				  NL80211_FLAG_NEED_RTNL,
11426 	},
11427 	{
11428 		.cmd = NL80211_CMD_VENDOR,
11429 		.doit = nl80211_vendor_cmd,
11430 		.dumpit = nl80211_vendor_cmd_dump,
11431 		.policy = nl80211_policy,
11432 		.flags = GENL_ADMIN_PERM,
11433 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
11434 				  NL80211_FLAG_NEED_RTNL,
11435 	},
11436 	{
11437 		.cmd = NL80211_CMD_SET_QOS_MAP,
11438 		.doit = nl80211_set_qos_map,
11439 		.policy = nl80211_policy,
11440 		.flags = GENL_ADMIN_PERM,
11441 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11442 				  NL80211_FLAG_NEED_RTNL,
11443 	},
11444 	{
11445 		.cmd = NL80211_CMD_ADD_TX_TS,
11446 		.doit = nl80211_add_tx_ts,
11447 		.policy = nl80211_policy,
11448 		.flags = GENL_ADMIN_PERM,
11449 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11450 				  NL80211_FLAG_NEED_RTNL,
11451 	},
11452 	{
11453 		.cmd = NL80211_CMD_DEL_TX_TS,
11454 		.doit = nl80211_del_tx_ts,
11455 		.policy = nl80211_policy,
11456 		.flags = GENL_ADMIN_PERM,
11457 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11458 				  NL80211_FLAG_NEED_RTNL,
11459 	},
11460 	{
11461 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
11462 		.doit = nl80211_tdls_channel_switch,
11463 		.policy = nl80211_policy,
11464 		.flags = GENL_ADMIN_PERM,
11465 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11466 				  NL80211_FLAG_NEED_RTNL,
11467 	},
11468 	{
11469 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
11470 		.doit = nl80211_tdls_cancel_channel_switch,
11471 		.policy = nl80211_policy,
11472 		.flags = GENL_ADMIN_PERM,
11473 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11474 				  NL80211_FLAG_NEED_RTNL,
11475 	},
11476 };
11477 
11478 /* notification functions */
11479 
11480 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
11481 			  enum nl80211_commands cmd)
11482 {
11483 	struct sk_buff *msg;
11484 	struct nl80211_dump_wiphy_state state = {};
11485 
11486 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
11487 		cmd != NL80211_CMD_DEL_WIPHY);
11488 
11489 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11490 	if (!msg)
11491 		return;
11492 
11493 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
11494 		nlmsg_free(msg);
11495 		return;
11496 	}
11497 
11498 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11499 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
11500 }
11501 
11502 static int nl80211_add_scan_req(struct sk_buff *msg,
11503 				struct cfg80211_registered_device *rdev)
11504 {
11505 	struct cfg80211_scan_request *req = rdev->scan_req;
11506 	struct nlattr *nest;
11507 	int i;
11508 
11509 	if (WARN_ON(!req))
11510 		return 0;
11511 
11512 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
11513 	if (!nest)
11514 		goto nla_put_failure;
11515 	for (i = 0; i < req->n_ssids; i++) {
11516 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
11517 			goto nla_put_failure;
11518 	}
11519 	nla_nest_end(msg, nest);
11520 
11521 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11522 	if (!nest)
11523 		goto nla_put_failure;
11524 	for (i = 0; i < req->n_channels; i++) {
11525 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11526 			goto nla_put_failure;
11527 	}
11528 	nla_nest_end(msg, nest);
11529 
11530 	if (req->ie &&
11531 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
11532 		goto nla_put_failure;
11533 
11534 	if (req->flags &&
11535 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
11536 		goto nla_put_failure;
11537 
11538 	return 0;
11539  nla_put_failure:
11540 	return -ENOBUFS;
11541 }
11542 
11543 static int nl80211_send_scan_msg(struct sk_buff *msg,
11544 				 struct cfg80211_registered_device *rdev,
11545 				 struct wireless_dev *wdev,
11546 				 u32 portid, u32 seq, int flags,
11547 				 u32 cmd)
11548 {
11549 	void *hdr;
11550 
11551 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11552 	if (!hdr)
11553 		return -1;
11554 
11555 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11556 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11557 					 wdev->netdev->ifindex)) ||
11558 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11559 		goto nla_put_failure;
11560 
11561 	/* ignore errors and send incomplete event anyway */
11562 	nl80211_add_scan_req(msg, rdev);
11563 
11564 	genlmsg_end(msg, hdr);
11565 	return 0;
11566 
11567  nla_put_failure:
11568 	genlmsg_cancel(msg, hdr);
11569 	return -EMSGSIZE;
11570 }
11571 
11572 static int
11573 nl80211_send_sched_scan_msg(struct sk_buff *msg,
11574 			    struct cfg80211_registered_device *rdev,
11575 			    struct net_device *netdev,
11576 			    u32 portid, u32 seq, int flags, u32 cmd)
11577 {
11578 	void *hdr;
11579 
11580 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11581 	if (!hdr)
11582 		return -1;
11583 
11584 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11585 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11586 		goto nla_put_failure;
11587 
11588 	genlmsg_end(msg, hdr);
11589 	return 0;
11590 
11591  nla_put_failure:
11592 	genlmsg_cancel(msg, hdr);
11593 	return -EMSGSIZE;
11594 }
11595 
11596 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
11597 			     struct wireless_dev *wdev)
11598 {
11599 	struct sk_buff *msg;
11600 
11601 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11602 	if (!msg)
11603 		return;
11604 
11605 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11606 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
11607 		nlmsg_free(msg);
11608 		return;
11609 	}
11610 
11611 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11612 				NL80211_MCGRP_SCAN, GFP_KERNEL);
11613 }
11614 
11615 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
11616 				       struct wireless_dev *wdev, bool aborted)
11617 {
11618 	struct sk_buff *msg;
11619 
11620 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11621 	if (!msg)
11622 		return NULL;
11623 
11624 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11625 				  aborted ? NL80211_CMD_SCAN_ABORTED :
11626 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
11627 		nlmsg_free(msg);
11628 		return NULL;
11629 	}
11630 
11631 	return msg;
11632 }
11633 
11634 void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
11635 			      struct sk_buff *msg)
11636 {
11637 	if (!msg)
11638 		return;
11639 
11640 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11641 				NL80211_MCGRP_SCAN, GFP_KERNEL);
11642 }
11643 
11644 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
11645 				     struct net_device *netdev)
11646 {
11647 	struct sk_buff *msg;
11648 
11649 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11650 	if (!msg)
11651 		return;
11652 
11653 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
11654 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
11655 		nlmsg_free(msg);
11656 		return;
11657 	}
11658 
11659 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11660 				NL80211_MCGRP_SCAN, GFP_KERNEL);
11661 }
11662 
11663 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
11664 			     struct net_device *netdev, u32 cmd)
11665 {
11666 	struct sk_buff *msg;
11667 
11668 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11669 	if (!msg)
11670 		return;
11671 
11672 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
11673 		nlmsg_free(msg);
11674 		return;
11675 	}
11676 
11677 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11678 				NL80211_MCGRP_SCAN, GFP_KERNEL);
11679 }
11680 
11681 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
11682 					  struct regulatory_request *request)
11683 {
11684 	/* Userspace can always count this one always being set */
11685 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
11686 		goto nla_put_failure;
11687 
11688 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
11689 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11690 			       NL80211_REGDOM_TYPE_WORLD))
11691 			goto nla_put_failure;
11692 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
11693 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11694 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
11695 			goto nla_put_failure;
11696 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
11697 		   request->intersect) {
11698 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11699 			       NL80211_REGDOM_TYPE_INTERSECTION))
11700 			goto nla_put_failure;
11701 	} else {
11702 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11703 			       NL80211_REGDOM_TYPE_COUNTRY) ||
11704 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
11705 				   request->alpha2))
11706 			goto nla_put_failure;
11707 	}
11708 
11709 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
11710 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
11711 
11712 		if (wiphy &&
11713 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
11714 			goto nla_put_failure;
11715 
11716 		if (wiphy &&
11717 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
11718 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
11719 			goto nla_put_failure;
11720 	}
11721 
11722 	return true;
11723 
11724 nla_put_failure:
11725 	return false;
11726 }
11727 
11728 /*
11729  * This can happen on global regulatory changes or device specific settings
11730  * based on custom regulatory domains.
11731  */
11732 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
11733 				     struct regulatory_request *request)
11734 {
11735 	struct sk_buff *msg;
11736 	void *hdr;
11737 
11738 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11739 	if (!msg)
11740 		return;
11741 
11742 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
11743 	if (!hdr) {
11744 		nlmsg_free(msg);
11745 		return;
11746 	}
11747 
11748 	if (nl80211_reg_change_event_fill(msg, request) == false)
11749 		goto nla_put_failure;
11750 
11751 	genlmsg_end(msg, hdr);
11752 
11753 	rcu_read_lock();
11754 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
11755 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
11756 	rcu_read_unlock();
11757 
11758 	return;
11759 
11760 nla_put_failure:
11761 	genlmsg_cancel(msg, hdr);
11762 	nlmsg_free(msg);
11763 }
11764 
11765 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
11766 				    struct net_device *netdev,
11767 				    const u8 *buf, size_t len,
11768 				    enum nl80211_commands cmd, gfp_t gfp,
11769 				    int uapsd_queues)
11770 {
11771 	struct sk_buff *msg;
11772 	void *hdr;
11773 
11774 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11775 	if (!msg)
11776 		return;
11777 
11778 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11779 	if (!hdr) {
11780 		nlmsg_free(msg);
11781 		return;
11782 	}
11783 
11784 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11785 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11786 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
11787 		goto nla_put_failure;
11788 
11789 	if (uapsd_queues >= 0) {
11790 		struct nlattr *nla_wmm =
11791 			nla_nest_start(msg, NL80211_ATTR_STA_WME);
11792 		if (!nla_wmm)
11793 			goto nla_put_failure;
11794 
11795 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
11796 			       uapsd_queues))
11797 			goto nla_put_failure;
11798 
11799 		nla_nest_end(msg, nla_wmm);
11800 	}
11801 
11802 	genlmsg_end(msg, hdr);
11803 
11804 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11805 				NL80211_MCGRP_MLME, gfp);
11806 	return;
11807 
11808  nla_put_failure:
11809 	genlmsg_cancel(msg, hdr);
11810 	nlmsg_free(msg);
11811 }
11812 
11813 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
11814 			  struct net_device *netdev, const u8 *buf,
11815 			  size_t len, gfp_t gfp)
11816 {
11817 	nl80211_send_mlme_event(rdev, netdev, buf, len,
11818 				NL80211_CMD_AUTHENTICATE, gfp, -1);
11819 }
11820 
11821 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
11822 			   struct net_device *netdev, const u8 *buf,
11823 			   size_t len, gfp_t gfp, int uapsd_queues)
11824 {
11825 	nl80211_send_mlme_event(rdev, netdev, buf, len,
11826 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
11827 }
11828 
11829 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
11830 			 struct net_device *netdev, const u8 *buf,
11831 			 size_t len, gfp_t gfp)
11832 {
11833 	nl80211_send_mlme_event(rdev, netdev, buf, len,
11834 				NL80211_CMD_DEAUTHENTICATE, gfp, -1);
11835 }
11836 
11837 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
11838 			   struct net_device *netdev, const u8 *buf,
11839 			   size_t len, gfp_t gfp)
11840 {
11841 	nl80211_send_mlme_event(rdev, netdev, buf, len,
11842 				NL80211_CMD_DISASSOCIATE, gfp, -1);
11843 }
11844 
11845 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
11846 				  size_t len)
11847 {
11848 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11849 	struct wiphy *wiphy = wdev->wiphy;
11850 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11851 	const struct ieee80211_mgmt *mgmt = (void *)buf;
11852 	u32 cmd;
11853 
11854 	if (WARN_ON(len < 2))
11855 		return;
11856 
11857 	if (ieee80211_is_deauth(mgmt->frame_control))
11858 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
11859 	else
11860 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
11861 
11862 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
11863 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
11864 }
11865 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
11866 
11867 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
11868 				      struct net_device *netdev, int cmd,
11869 				      const u8 *addr, gfp_t gfp)
11870 {
11871 	struct sk_buff *msg;
11872 	void *hdr;
11873 
11874 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11875 	if (!msg)
11876 		return;
11877 
11878 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11879 	if (!hdr) {
11880 		nlmsg_free(msg);
11881 		return;
11882 	}
11883 
11884 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11885 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11886 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
11887 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
11888 		goto nla_put_failure;
11889 
11890 	genlmsg_end(msg, hdr);
11891 
11892 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11893 				NL80211_MCGRP_MLME, gfp);
11894 	return;
11895 
11896  nla_put_failure:
11897 	genlmsg_cancel(msg, hdr);
11898 	nlmsg_free(msg);
11899 }
11900 
11901 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
11902 			       struct net_device *netdev, const u8 *addr,
11903 			       gfp_t gfp)
11904 {
11905 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
11906 				  addr, gfp);
11907 }
11908 
11909 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
11910 				struct net_device *netdev, const u8 *addr,
11911 				gfp_t gfp)
11912 {
11913 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
11914 				  addr, gfp);
11915 }
11916 
11917 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
11918 				 struct net_device *netdev, const u8 *bssid,
11919 				 const u8 *req_ie, size_t req_ie_len,
11920 				 const u8 *resp_ie, size_t resp_ie_len,
11921 				 u16 status, gfp_t gfp)
11922 {
11923 	struct sk_buff *msg;
11924 	void *hdr;
11925 
11926 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11927 	if (!msg)
11928 		return;
11929 
11930 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
11931 	if (!hdr) {
11932 		nlmsg_free(msg);
11933 		return;
11934 	}
11935 
11936 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11937 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11938 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
11939 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
11940 	    (req_ie &&
11941 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11942 	    (resp_ie &&
11943 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11944 		goto nla_put_failure;
11945 
11946 	genlmsg_end(msg, hdr);
11947 
11948 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11949 				NL80211_MCGRP_MLME, gfp);
11950 	return;
11951 
11952  nla_put_failure:
11953 	genlmsg_cancel(msg, hdr);
11954 	nlmsg_free(msg);
11955 
11956 }
11957 
11958 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
11959 			 struct net_device *netdev, const u8 *bssid,
11960 			 const u8 *req_ie, size_t req_ie_len,
11961 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
11962 {
11963 	struct sk_buff *msg;
11964 	void *hdr;
11965 
11966 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11967 	if (!msg)
11968 		return;
11969 
11970 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
11971 	if (!hdr) {
11972 		nlmsg_free(msg);
11973 		return;
11974 	}
11975 
11976 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11977 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11978 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
11979 	    (req_ie &&
11980 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11981 	    (resp_ie &&
11982 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11983 		goto nla_put_failure;
11984 
11985 	genlmsg_end(msg, hdr);
11986 
11987 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11988 				NL80211_MCGRP_MLME, gfp);
11989 	return;
11990 
11991  nla_put_failure:
11992 	genlmsg_cancel(msg, hdr);
11993 	nlmsg_free(msg);
11994 
11995 }
11996 
11997 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
11998 			       struct net_device *netdev, u16 reason,
11999 			       const u8 *ie, size_t ie_len, bool from_ap)
12000 {
12001 	struct sk_buff *msg;
12002 	void *hdr;
12003 
12004 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12005 	if (!msg)
12006 		return;
12007 
12008 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
12009 	if (!hdr) {
12010 		nlmsg_free(msg);
12011 		return;
12012 	}
12013 
12014 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12015 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12016 	    (from_ap && reason &&
12017 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
12018 	    (from_ap &&
12019 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
12020 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
12021 		goto nla_put_failure;
12022 
12023 	genlmsg_end(msg, hdr);
12024 
12025 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12026 				NL80211_MCGRP_MLME, GFP_KERNEL);
12027 	return;
12028 
12029  nla_put_failure:
12030 	genlmsg_cancel(msg, hdr);
12031 	nlmsg_free(msg);
12032 
12033 }
12034 
12035 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
12036 			     struct net_device *netdev, const u8 *bssid,
12037 			     gfp_t gfp)
12038 {
12039 	struct sk_buff *msg;
12040 	void *hdr;
12041 
12042 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12043 	if (!msg)
12044 		return;
12045 
12046 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
12047 	if (!hdr) {
12048 		nlmsg_free(msg);
12049 		return;
12050 	}
12051 
12052 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12053 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12054 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12055 		goto nla_put_failure;
12056 
12057 	genlmsg_end(msg, hdr);
12058 
12059 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12060 				NL80211_MCGRP_MLME, gfp);
12061 	return;
12062 
12063  nla_put_failure:
12064 	genlmsg_cancel(msg, hdr);
12065 	nlmsg_free(msg);
12066 }
12067 
12068 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
12069 					const u8* ie, u8 ie_len, gfp_t gfp)
12070 {
12071 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12072 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12073 	struct sk_buff *msg;
12074 	void *hdr;
12075 
12076 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
12077 		return;
12078 
12079 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
12080 
12081 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12082 	if (!msg)
12083 		return;
12084 
12085 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
12086 	if (!hdr) {
12087 		nlmsg_free(msg);
12088 		return;
12089 	}
12090 
12091 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12092 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12093 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12094 	    (ie_len && ie &&
12095 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
12096 		goto nla_put_failure;
12097 
12098 	genlmsg_end(msg, hdr);
12099 
12100 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12101 				NL80211_MCGRP_MLME, gfp);
12102 	return;
12103 
12104  nla_put_failure:
12105 	genlmsg_cancel(msg, hdr);
12106 	nlmsg_free(msg);
12107 }
12108 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
12109 
12110 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
12111 				 struct net_device *netdev, const u8 *addr,
12112 				 enum nl80211_key_type key_type, int key_id,
12113 				 const u8 *tsc, gfp_t gfp)
12114 {
12115 	struct sk_buff *msg;
12116 	void *hdr;
12117 
12118 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12119 	if (!msg)
12120 		return;
12121 
12122 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
12123 	if (!hdr) {
12124 		nlmsg_free(msg);
12125 		return;
12126 	}
12127 
12128 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12129 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12130 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
12131 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
12132 	    (key_id != -1 &&
12133 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
12134 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
12135 		goto nla_put_failure;
12136 
12137 	genlmsg_end(msg, hdr);
12138 
12139 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12140 				NL80211_MCGRP_MLME, gfp);
12141 	return;
12142 
12143  nla_put_failure:
12144 	genlmsg_cancel(msg, hdr);
12145 	nlmsg_free(msg);
12146 }
12147 
12148 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
12149 				    struct ieee80211_channel *channel_before,
12150 				    struct ieee80211_channel *channel_after)
12151 {
12152 	struct sk_buff *msg;
12153 	void *hdr;
12154 	struct nlattr *nl_freq;
12155 
12156 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
12157 	if (!msg)
12158 		return;
12159 
12160 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
12161 	if (!hdr) {
12162 		nlmsg_free(msg);
12163 		return;
12164 	}
12165 
12166 	/*
12167 	 * Since we are applying the beacon hint to a wiphy we know its
12168 	 * wiphy_idx is valid
12169 	 */
12170 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
12171 		goto nla_put_failure;
12172 
12173 	/* Before */
12174 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
12175 	if (!nl_freq)
12176 		goto nla_put_failure;
12177 	if (nl80211_msg_put_channel(msg, channel_before, false))
12178 		goto nla_put_failure;
12179 	nla_nest_end(msg, nl_freq);
12180 
12181 	/* After */
12182 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
12183 	if (!nl_freq)
12184 		goto nla_put_failure;
12185 	if (nl80211_msg_put_channel(msg, channel_after, false))
12186 		goto nla_put_failure;
12187 	nla_nest_end(msg, nl_freq);
12188 
12189 	genlmsg_end(msg, hdr);
12190 
12191 	rcu_read_lock();
12192 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
12193 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
12194 	rcu_read_unlock();
12195 
12196 	return;
12197 
12198 nla_put_failure:
12199 	genlmsg_cancel(msg, hdr);
12200 	nlmsg_free(msg);
12201 }
12202 
12203 static void nl80211_send_remain_on_chan_event(
12204 	int cmd, struct cfg80211_registered_device *rdev,
12205 	struct wireless_dev *wdev, u64 cookie,
12206 	struct ieee80211_channel *chan,
12207 	unsigned int duration, gfp_t gfp)
12208 {
12209 	struct sk_buff *msg;
12210 	void *hdr;
12211 
12212 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12213 	if (!msg)
12214 		return;
12215 
12216 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12217 	if (!hdr) {
12218 		nlmsg_free(msg);
12219 		return;
12220 	}
12221 
12222 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12223 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12224 					 wdev->netdev->ifindex)) ||
12225 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12226 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
12227 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
12228 			NL80211_CHAN_NO_HT) ||
12229 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
12230 		goto nla_put_failure;
12231 
12232 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
12233 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
12234 		goto nla_put_failure;
12235 
12236 	genlmsg_end(msg, hdr);
12237 
12238 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12239 				NL80211_MCGRP_MLME, gfp);
12240 	return;
12241 
12242  nla_put_failure:
12243 	genlmsg_cancel(msg, hdr);
12244 	nlmsg_free(msg);
12245 }
12246 
12247 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
12248 			       struct ieee80211_channel *chan,
12249 			       unsigned int duration, gfp_t gfp)
12250 {
12251 	struct wiphy *wiphy = wdev->wiphy;
12252 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12253 
12254 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
12255 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
12256 					  rdev, wdev, cookie, chan,
12257 					  duration, gfp);
12258 }
12259 EXPORT_SYMBOL(cfg80211_ready_on_channel);
12260 
12261 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
12262 					struct ieee80211_channel *chan,
12263 					gfp_t gfp)
12264 {
12265 	struct wiphy *wiphy = wdev->wiphy;
12266 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12267 
12268 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
12269 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
12270 					  rdev, wdev, cookie, chan, 0, gfp);
12271 }
12272 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
12273 
12274 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
12275 		      struct station_info *sinfo, gfp_t gfp)
12276 {
12277 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12278 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12279 	struct sk_buff *msg;
12280 
12281 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
12282 
12283 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12284 	if (!msg)
12285 		return;
12286 
12287 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
12288 				 rdev, dev, mac_addr, sinfo) < 0) {
12289 		nlmsg_free(msg);
12290 		return;
12291 	}
12292 
12293 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12294 				NL80211_MCGRP_MLME, gfp);
12295 }
12296 EXPORT_SYMBOL(cfg80211_new_sta);
12297 
12298 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
12299 			    struct station_info *sinfo, gfp_t gfp)
12300 {
12301 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12302 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12303 	struct sk_buff *msg;
12304 	struct station_info empty_sinfo = {};
12305 
12306 	if (!sinfo)
12307 		sinfo = &empty_sinfo;
12308 
12309 	trace_cfg80211_del_sta(dev, mac_addr);
12310 
12311 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12312 	if (!msg)
12313 		return;
12314 
12315 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
12316 				 rdev, dev, mac_addr, sinfo) < 0) {
12317 		nlmsg_free(msg);
12318 		return;
12319 	}
12320 
12321 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12322 				NL80211_MCGRP_MLME, gfp);
12323 }
12324 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
12325 
12326 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
12327 			  enum nl80211_connect_failed_reason reason,
12328 			  gfp_t gfp)
12329 {
12330 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
12331 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12332 	struct sk_buff *msg;
12333 	void *hdr;
12334 
12335 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
12336 	if (!msg)
12337 		return;
12338 
12339 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
12340 	if (!hdr) {
12341 		nlmsg_free(msg);
12342 		return;
12343 	}
12344 
12345 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12346 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
12347 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
12348 		goto nla_put_failure;
12349 
12350 	genlmsg_end(msg, hdr);
12351 
12352 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12353 				NL80211_MCGRP_MLME, gfp);
12354 	return;
12355 
12356  nla_put_failure:
12357 	genlmsg_cancel(msg, hdr);
12358 	nlmsg_free(msg);
12359 }
12360 EXPORT_SYMBOL(cfg80211_conn_failed);
12361 
12362 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
12363 				       const u8 *addr, gfp_t gfp)
12364 {
12365 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12366 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12367 	struct sk_buff *msg;
12368 	void *hdr;
12369 	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
12370 
12371 	if (!nlportid)
12372 		return false;
12373 
12374 	msg = nlmsg_new(100, gfp);
12375 	if (!msg)
12376 		return true;
12377 
12378 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
12379 	if (!hdr) {
12380 		nlmsg_free(msg);
12381 		return true;
12382 	}
12383 
12384 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12385 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12386 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
12387 		goto nla_put_failure;
12388 
12389 	genlmsg_end(msg, hdr);
12390 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12391 	return true;
12392 
12393  nla_put_failure:
12394 	genlmsg_cancel(msg, hdr);
12395 	nlmsg_free(msg);
12396 	return true;
12397 }
12398 
12399 bool cfg80211_rx_spurious_frame(struct net_device *dev,
12400 				const u8 *addr, gfp_t gfp)
12401 {
12402 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12403 	bool ret;
12404 
12405 	trace_cfg80211_rx_spurious_frame(dev, addr);
12406 
12407 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12408 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
12409 		trace_cfg80211_return_bool(false);
12410 		return false;
12411 	}
12412 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
12413 					 addr, gfp);
12414 	trace_cfg80211_return_bool(ret);
12415 	return ret;
12416 }
12417 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
12418 
12419 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
12420 					const u8 *addr, gfp_t gfp)
12421 {
12422 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12423 	bool ret;
12424 
12425 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
12426 
12427 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
12428 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
12429 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
12430 		trace_cfg80211_return_bool(false);
12431 		return false;
12432 	}
12433 	ret = __nl80211_unexpected_frame(dev,
12434 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
12435 					 addr, gfp);
12436 	trace_cfg80211_return_bool(ret);
12437 	return ret;
12438 }
12439 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
12440 
12441 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
12442 		      struct wireless_dev *wdev, u32 nlportid,
12443 		      int freq, int sig_dbm,
12444 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
12445 {
12446 	struct net_device *netdev = wdev->netdev;
12447 	struct sk_buff *msg;
12448 	void *hdr;
12449 
12450 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12451 	if (!msg)
12452 		return -ENOMEM;
12453 
12454 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12455 	if (!hdr) {
12456 		nlmsg_free(msg);
12457 		return -ENOMEM;
12458 	}
12459 
12460 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12461 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12462 					netdev->ifindex)) ||
12463 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12464 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
12465 	    (sig_dbm &&
12466 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12467 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12468 	    (flags &&
12469 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
12470 		goto nla_put_failure;
12471 
12472 	genlmsg_end(msg, hdr);
12473 
12474 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12475 
12476  nla_put_failure:
12477 	genlmsg_cancel(msg, hdr);
12478 	nlmsg_free(msg);
12479 	return -ENOBUFS;
12480 }
12481 
12482 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
12483 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
12484 {
12485 	struct wiphy *wiphy = wdev->wiphy;
12486 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12487 	struct net_device *netdev = wdev->netdev;
12488 	struct sk_buff *msg;
12489 	void *hdr;
12490 
12491 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
12492 
12493 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12494 	if (!msg)
12495 		return;
12496 
12497 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
12498 	if (!hdr) {
12499 		nlmsg_free(msg);
12500 		return;
12501 	}
12502 
12503 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12504 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12505 				   netdev->ifindex)) ||
12506 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12507 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12508 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12509 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
12510 		goto nla_put_failure;
12511 
12512 	genlmsg_end(msg, hdr);
12513 
12514 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12515 				NL80211_MCGRP_MLME, gfp);
12516 	return;
12517 
12518  nla_put_failure:
12519 	genlmsg_cancel(msg, hdr);
12520 	nlmsg_free(msg);
12521 }
12522 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
12523 
12524 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
12525 					    const char *mac, gfp_t gfp)
12526 {
12527 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12528 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12529 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12530 	void **cb;
12531 
12532 	if (!msg)
12533 		return NULL;
12534 
12535 	cb = (void **)msg->cb;
12536 
12537 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
12538 	if (!cb[0]) {
12539 		nlmsg_free(msg);
12540 		return NULL;
12541 	}
12542 
12543 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12544 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
12545 		goto nla_put_failure;
12546 
12547 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
12548 		goto nla_put_failure;
12549 
12550 	cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
12551 	if (!cb[1])
12552 		goto nla_put_failure;
12553 
12554 	cb[2] = rdev;
12555 
12556 	return msg;
12557  nla_put_failure:
12558 	nlmsg_free(msg);
12559 	return NULL;
12560 }
12561 
12562 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
12563 {
12564 	void **cb = (void **)msg->cb;
12565 	struct cfg80211_registered_device *rdev = cb[2];
12566 
12567 	nla_nest_end(msg, cb[1]);
12568 	genlmsg_end(msg, cb[0]);
12569 
12570 	memset(msg->cb, 0, sizeof(msg->cb));
12571 
12572 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12573 				NL80211_MCGRP_MLME, gfp);
12574 }
12575 
12576 void cfg80211_cqm_rssi_notify(struct net_device *dev,
12577 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
12578 			      gfp_t gfp)
12579 {
12580 	struct sk_buff *msg;
12581 
12582 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
12583 
12584 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
12585 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
12586 		return;
12587 
12588 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12589 	if (!msg)
12590 		return;
12591 
12592 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
12593 			rssi_event))
12594 		goto nla_put_failure;
12595 
12596 	cfg80211_send_cqm(msg, gfp);
12597 
12598 	return;
12599 
12600  nla_put_failure:
12601 	nlmsg_free(msg);
12602 }
12603 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
12604 
12605 void cfg80211_cqm_txe_notify(struct net_device *dev,
12606 			     const u8 *peer, u32 num_packets,
12607 			     u32 rate, u32 intvl, gfp_t gfp)
12608 {
12609 	struct sk_buff *msg;
12610 
12611 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
12612 	if (!msg)
12613 		return;
12614 
12615 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
12616 		goto nla_put_failure;
12617 
12618 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
12619 		goto nla_put_failure;
12620 
12621 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
12622 		goto nla_put_failure;
12623 
12624 	cfg80211_send_cqm(msg, gfp);
12625 	return;
12626 
12627  nla_put_failure:
12628 	nlmsg_free(msg);
12629 }
12630 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
12631 
12632 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
12633 				 const u8 *peer, u32 num_packets, gfp_t gfp)
12634 {
12635 	struct sk_buff *msg;
12636 
12637 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
12638 
12639 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
12640 	if (!msg)
12641 		return;
12642 
12643 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
12644 		goto nla_put_failure;
12645 
12646 	cfg80211_send_cqm(msg, gfp);
12647 	return;
12648 
12649  nla_put_failure:
12650 	nlmsg_free(msg);
12651 }
12652 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
12653 
12654 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
12655 {
12656 	struct sk_buff *msg;
12657 
12658 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12659 	if (!msg)
12660 		return;
12661 
12662 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
12663 		goto nla_put_failure;
12664 
12665 	cfg80211_send_cqm(msg, gfp);
12666 	return;
12667 
12668  nla_put_failure:
12669 	nlmsg_free(msg);
12670 }
12671 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
12672 
12673 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
12674 				     struct net_device *netdev, const u8 *bssid,
12675 				     const u8 *replay_ctr, gfp_t gfp)
12676 {
12677 	struct sk_buff *msg;
12678 	struct nlattr *rekey_attr;
12679 	void *hdr;
12680 
12681 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12682 	if (!msg)
12683 		return;
12684 
12685 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
12686 	if (!hdr) {
12687 		nlmsg_free(msg);
12688 		return;
12689 	}
12690 
12691 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12692 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12693 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12694 		goto nla_put_failure;
12695 
12696 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
12697 	if (!rekey_attr)
12698 		goto nla_put_failure;
12699 
12700 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
12701 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
12702 		goto nla_put_failure;
12703 
12704 	nla_nest_end(msg, rekey_attr);
12705 
12706 	genlmsg_end(msg, hdr);
12707 
12708 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12709 				NL80211_MCGRP_MLME, gfp);
12710 	return;
12711 
12712  nla_put_failure:
12713 	genlmsg_cancel(msg, hdr);
12714 	nlmsg_free(msg);
12715 }
12716 
12717 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
12718 			       const u8 *replay_ctr, gfp_t gfp)
12719 {
12720 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12721 	struct wiphy *wiphy = wdev->wiphy;
12722 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12723 
12724 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
12725 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
12726 }
12727 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
12728 
12729 static void
12730 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
12731 			       struct net_device *netdev, int index,
12732 			       const u8 *bssid, bool preauth, gfp_t gfp)
12733 {
12734 	struct sk_buff *msg;
12735 	struct nlattr *attr;
12736 	void *hdr;
12737 
12738 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12739 	if (!msg)
12740 		return;
12741 
12742 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
12743 	if (!hdr) {
12744 		nlmsg_free(msg);
12745 		return;
12746 	}
12747 
12748 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12749 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12750 		goto nla_put_failure;
12751 
12752 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
12753 	if (!attr)
12754 		goto nla_put_failure;
12755 
12756 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
12757 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
12758 	    (preauth &&
12759 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
12760 		goto nla_put_failure;
12761 
12762 	nla_nest_end(msg, attr);
12763 
12764 	genlmsg_end(msg, hdr);
12765 
12766 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12767 				NL80211_MCGRP_MLME, gfp);
12768 	return;
12769 
12770  nla_put_failure:
12771 	genlmsg_cancel(msg, hdr);
12772 	nlmsg_free(msg);
12773 }
12774 
12775 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
12776 				     const u8 *bssid, bool preauth, gfp_t gfp)
12777 {
12778 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12779 	struct wiphy *wiphy = wdev->wiphy;
12780 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12781 
12782 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
12783 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
12784 }
12785 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
12786 
12787 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
12788 				     struct net_device *netdev,
12789 				     struct cfg80211_chan_def *chandef,
12790 				     gfp_t gfp,
12791 				     enum nl80211_commands notif,
12792 				     u8 count)
12793 {
12794 	struct sk_buff *msg;
12795 	void *hdr;
12796 
12797 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12798 	if (!msg)
12799 		return;
12800 
12801 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
12802 	if (!hdr) {
12803 		nlmsg_free(msg);
12804 		return;
12805 	}
12806 
12807 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12808 		goto nla_put_failure;
12809 
12810 	if (nl80211_send_chandef(msg, chandef))
12811 		goto nla_put_failure;
12812 
12813 	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
12814 	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
12815 			goto nla_put_failure;
12816 
12817 	genlmsg_end(msg, hdr);
12818 
12819 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12820 				NL80211_MCGRP_MLME, gfp);
12821 	return;
12822 
12823  nla_put_failure:
12824 	genlmsg_cancel(msg, hdr);
12825 	nlmsg_free(msg);
12826 }
12827 
12828 void cfg80211_ch_switch_notify(struct net_device *dev,
12829 			       struct cfg80211_chan_def *chandef)
12830 {
12831 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12832 	struct wiphy *wiphy = wdev->wiphy;
12833 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12834 
12835 	ASSERT_WDEV_LOCK(wdev);
12836 
12837 	trace_cfg80211_ch_switch_notify(dev, chandef);
12838 
12839 	wdev->chandef = *chandef;
12840 	wdev->preset_chandef = *chandef;
12841 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12842 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
12843 }
12844 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
12845 
12846 void cfg80211_ch_switch_started_notify(struct net_device *dev,
12847 				       struct cfg80211_chan_def *chandef,
12848 				       u8 count)
12849 {
12850 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12851 	struct wiphy *wiphy = wdev->wiphy;
12852 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12853 
12854 	trace_cfg80211_ch_switch_started_notify(dev, chandef);
12855 
12856 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12857 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
12858 }
12859 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
12860 
12861 void
12862 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
12863 		     const struct cfg80211_chan_def *chandef,
12864 		     enum nl80211_radar_event event,
12865 		     struct net_device *netdev, gfp_t gfp)
12866 {
12867 	struct sk_buff *msg;
12868 	void *hdr;
12869 
12870 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12871 	if (!msg)
12872 		return;
12873 
12874 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
12875 	if (!hdr) {
12876 		nlmsg_free(msg);
12877 		return;
12878 	}
12879 
12880 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
12881 		goto nla_put_failure;
12882 
12883 	/* NOP and radar events don't need a netdev parameter */
12884 	if (netdev) {
12885 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
12886 
12887 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12888 		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12889 			goto nla_put_failure;
12890 	}
12891 
12892 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
12893 		goto nla_put_failure;
12894 
12895 	if (nl80211_send_chandef(msg, chandef))
12896 		goto nla_put_failure;
12897 
12898 	genlmsg_end(msg, hdr);
12899 
12900 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12901 				NL80211_MCGRP_MLME, gfp);
12902 	return;
12903 
12904  nla_put_failure:
12905 	genlmsg_cancel(msg, hdr);
12906 	nlmsg_free(msg);
12907 }
12908 
12909 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
12910 			   u64 cookie, bool acked, gfp_t gfp)
12911 {
12912 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12913 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12914 	struct sk_buff *msg;
12915 	void *hdr;
12916 
12917 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
12918 
12919 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12920 
12921 	if (!msg)
12922 		return;
12923 
12924 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
12925 	if (!hdr) {
12926 		nlmsg_free(msg);
12927 		return;
12928 	}
12929 
12930 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12931 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12932 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12933 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12934 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
12935 		goto nla_put_failure;
12936 
12937 	genlmsg_end(msg, hdr);
12938 
12939 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12940 				NL80211_MCGRP_MLME, gfp);
12941 	return;
12942 
12943  nla_put_failure:
12944 	genlmsg_cancel(msg, hdr);
12945 	nlmsg_free(msg);
12946 }
12947 EXPORT_SYMBOL(cfg80211_probe_status);
12948 
12949 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
12950 				 const u8 *frame, size_t len,
12951 				 int freq, int sig_dbm)
12952 {
12953 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12954 	struct sk_buff *msg;
12955 	void *hdr;
12956 	struct cfg80211_beacon_registration *reg;
12957 
12958 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
12959 
12960 	spin_lock_bh(&rdev->beacon_registrations_lock);
12961 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12962 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
12963 		if (!msg) {
12964 			spin_unlock_bh(&rdev->beacon_registrations_lock);
12965 			return;
12966 		}
12967 
12968 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12969 		if (!hdr)
12970 			goto nla_put_failure;
12971 
12972 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12973 		    (freq &&
12974 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
12975 		    (sig_dbm &&
12976 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12977 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
12978 			goto nla_put_failure;
12979 
12980 		genlmsg_end(msg, hdr);
12981 
12982 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
12983 	}
12984 	spin_unlock_bh(&rdev->beacon_registrations_lock);
12985 	return;
12986 
12987  nla_put_failure:
12988 	spin_unlock_bh(&rdev->beacon_registrations_lock);
12989 	if (hdr)
12990 		genlmsg_cancel(msg, hdr);
12991 	nlmsg_free(msg);
12992 }
12993 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
12994 
12995 #ifdef CONFIG_PM
12996 static int cfg80211_net_detect_results(struct sk_buff *msg,
12997 				       struct cfg80211_wowlan_wakeup *wakeup)
12998 {
12999 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
13000 	struct nlattr *nl_results, *nl_match, *nl_freqs;
13001 	int i, j;
13002 
13003 	nl_results = nla_nest_start(
13004 		msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
13005 	if (!nl_results)
13006 		return -EMSGSIZE;
13007 
13008 	for (i = 0; i < nd->n_matches; i++) {
13009 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
13010 
13011 		nl_match = nla_nest_start(msg, i);
13012 		if (!nl_match)
13013 			break;
13014 
13015 		/* The SSID attribute is optional in nl80211, but for
13016 		 * simplicity reasons it's always present in the
13017 		 * cfg80211 structure.  If a driver can't pass the
13018 		 * SSID, that needs to be changed.  A zero length SSID
13019 		 * is still a valid SSID (wildcard), so it cannot be
13020 		 * used for this purpose.
13021 		 */
13022 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
13023 			    match->ssid.ssid)) {
13024 			nla_nest_cancel(msg, nl_match);
13025 			goto out;
13026 		}
13027 
13028 		if (match->n_channels) {
13029 			nl_freqs = nla_nest_start(
13030 				msg, NL80211_ATTR_SCAN_FREQUENCIES);
13031 			if (!nl_freqs) {
13032 				nla_nest_cancel(msg, nl_match);
13033 				goto out;
13034 			}
13035 
13036 			for (j = 0; j < match->n_channels; j++) {
13037 				if (nla_put_u32(msg, j, match->channels[j])) {
13038 					nla_nest_cancel(msg, nl_freqs);
13039 					nla_nest_cancel(msg, nl_match);
13040 					goto out;
13041 				}
13042 			}
13043 
13044 			nla_nest_end(msg, nl_freqs);
13045 		}
13046 
13047 		nla_nest_end(msg, nl_match);
13048 	}
13049 
13050 out:
13051 	nla_nest_end(msg, nl_results);
13052 	return 0;
13053 }
13054 
13055 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
13056 				   struct cfg80211_wowlan_wakeup *wakeup,
13057 				   gfp_t gfp)
13058 {
13059 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13060 	struct sk_buff *msg;
13061 	void *hdr;
13062 	int size = 200;
13063 
13064 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
13065 
13066 	if (wakeup)
13067 		size += wakeup->packet_present_len;
13068 
13069 	msg = nlmsg_new(size, gfp);
13070 	if (!msg)
13071 		return;
13072 
13073 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
13074 	if (!hdr)
13075 		goto free_msg;
13076 
13077 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13078 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13079 		goto free_msg;
13080 
13081 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13082 					wdev->netdev->ifindex))
13083 		goto free_msg;
13084 
13085 	if (wakeup) {
13086 		struct nlattr *reasons;
13087 
13088 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
13089 		if (!reasons)
13090 			goto free_msg;
13091 
13092 		if (wakeup->disconnect &&
13093 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
13094 			goto free_msg;
13095 		if (wakeup->magic_pkt &&
13096 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
13097 			goto free_msg;
13098 		if (wakeup->gtk_rekey_failure &&
13099 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
13100 			goto free_msg;
13101 		if (wakeup->eap_identity_req &&
13102 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
13103 			goto free_msg;
13104 		if (wakeup->four_way_handshake &&
13105 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
13106 			goto free_msg;
13107 		if (wakeup->rfkill_release &&
13108 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
13109 			goto free_msg;
13110 
13111 		if (wakeup->pattern_idx >= 0 &&
13112 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
13113 				wakeup->pattern_idx))
13114 			goto free_msg;
13115 
13116 		if (wakeup->tcp_match &&
13117 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
13118 			goto free_msg;
13119 
13120 		if (wakeup->tcp_connlost &&
13121 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
13122 			goto free_msg;
13123 
13124 		if (wakeup->tcp_nomoretokens &&
13125 		    nla_put_flag(msg,
13126 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
13127 			goto free_msg;
13128 
13129 		if (wakeup->packet) {
13130 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
13131 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
13132 
13133 			if (!wakeup->packet_80211) {
13134 				pkt_attr =
13135 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
13136 				len_attr =
13137 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
13138 			}
13139 
13140 			if (wakeup->packet_len &&
13141 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
13142 				goto free_msg;
13143 
13144 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
13145 				    wakeup->packet))
13146 				goto free_msg;
13147 		}
13148 
13149 		if (wakeup->net_detect &&
13150 		    cfg80211_net_detect_results(msg, wakeup))
13151 				goto free_msg;
13152 
13153 		nla_nest_end(msg, reasons);
13154 	}
13155 
13156 	genlmsg_end(msg, hdr);
13157 
13158 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13159 				NL80211_MCGRP_MLME, gfp);
13160 	return;
13161 
13162  free_msg:
13163 	nlmsg_free(msg);
13164 }
13165 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
13166 #endif
13167 
13168 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
13169 				enum nl80211_tdls_operation oper,
13170 				u16 reason_code, gfp_t gfp)
13171 {
13172 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13173 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
13174 	struct sk_buff *msg;
13175 	void *hdr;
13176 
13177 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
13178 					 reason_code);
13179 
13180 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13181 	if (!msg)
13182 		return;
13183 
13184 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
13185 	if (!hdr) {
13186 		nlmsg_free(msg);
13187 		return;
13188 	}
13189 
13190 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13191 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
13192 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
13193 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
13194 	    (reason_code > 0 &&
13195 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
13196 		goto nla_put_failure;
13197 
13198 	genlmsg_end(msg, hdr);
13199 
13200 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13201 				NL80211_MCGRP_MLME, gfp);
13202 	return;
13203 
13204  nla_put_failure:
13205 	genlmsg_cancel(msg, hdr);
13206 	nlmsg_free(msg);
13207 }
13208 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
13209 
13210 static int nl80211_netlink_notify(struct notifier_block * nb,
13211 				  unsigned long state,
13212 				  void *_notify)
13213 {
13214 	struct netlink_notify *notify = _notify;
13215 	struct cfg80211_registered_device *rdev;
13216 	struct wireless_dev *wdev;
13217 	struct cfg80211_beacon_registration *reg, *tmp;
13218 
13219 	if (state != NETLINK_URELEASE)
13220 		return NOTIFY_DONE;
13221 
13222 	rcu_read_lock();
13223 
13224 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
13225 		bool schedule_destroy_work = false;
13226 		bool schedule_scan_stop = false;
13227 		struct cfg80211_sched_scan_request *sched_scan_req =
13228 			rcu_dereference(rdev->sched_scan_req);
13229 
13230 		if (sched_scan_req && notify->portid &&
13231 		    sched_scan_req->owner_nlportid == notify->portid)
13232 			schedule_scan_stop = true;
13233 
13234 		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
13235 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
13236 
13237 			if (wdev->owner_nlportid == notify->portid)
13238 				schedule_destroy_work = true;
13239 		}
13240 
13241 		spin_lock_bh(&rdev->beacon_registrations_lock);
13242 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
13243 					 list) {
13244 			if (reg->nlportid == notify->portid) {
13245 				list_del(&reg->list);
13246 				kfree(reg);
13247 				break;
13248 			}
13249 		}
13250 		spin_unlock_bh(&rdev->beacon_registrations_lock);
13251 
13252 		if (schedule_destroy_work) {
13253 			struct cfg80211_iface_destroy *destroy;
13254 
13255 			destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
13256 			if (destroy) {
13257 				destroy->nlportid = notify->portid;
13258 				spin_lock(&rdev->destroy_list_lock);
13259 				list_add(&destroy->list, &rdev->destroy_list);
13260 				spin_unlock(&rdev->destroy_list_lock);
13261 				schedule_work(&rdev->destroy_work);
13262 			}
13263 		} else if (schedule_scan_stop) {
13264 			sched_scan_req->owner_nlportid = 0;
13265 
13266 			if (rdev->ops->sched_scan_stop &&
13267 			    rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
13268 				schedule_work(&rdev->sched_scan_stop_wk);
13269 		}
13270 	}
13271 
13272 	rcu_read_unlock();
13273 
13274 	/*
13275 	 * It is possible that the user space process that is controlling the
13276 	 * indoor setting disappeared, so notify the regulatory core.
13277 	 */
13278 	regulatory_netlink_notify(notify->portid);
13279 	return NOTIFY_OK;
13280 }
13281 
13282 static struct notifier_block nl80211_netlink_notifier = {
13283 	.notifier_call = nl80211_netlink_notify,
13284 };
13285 
13286 void cfg80211_ft_event(struct net_device *netdev,
13287 		       struct cfg80211_ft_event_params *ft_event)
13288 {
13289 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
13290 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13291 	struct sk_buff *msg;
13292 	void *hdr;
13293 
13294 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
13295 
13296 	if (!ft_event->target_ap)
13297 		return;
13298 
13299 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13300 	if (!msg)
13301 		return;
13302 
13303 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
13304 	if (!hdr)
13305 		goto out;
13306 
13307 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13308 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
13309 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
13310 		goto out;
13311 
13312 	if (ft_event->ies &&
13313 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
13314 		goto out;
13315 	if (ft_event->ric_ies &&
13316 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
13317 		    ft_event->ric_ies))
13318 		goto out;
13319 
13320 	genlmsg_end(msg, hdr);
13321 
13322 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
13323 				NL80211_MCGRP_MLME, GFP_KERNEL);
13324 	return;
13325  out:
13326 	nlmsg_free(msg);
13327 }
13328 EXPORT_SYMBOL(cfg80211_ft_event);
13329 
13330 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
13331 {
13332 	struct cfg80211_registered_device *rdev;
13333 	struct sk_buff *msg;
13334 	void *hdr;
13335 	u32 nlportid;
13336 
13337 	rdev = wiphy_to_rdev(wdev->wiphy);
13338 	if (!rdev->crit_proto_nlportid)
13339 		return;
13340 
13341 	nlportid = rdev->crit_proto_nlportid;
13342 	rdev->crit_proto_nlportid = 0;
13343 
13344 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13345 	if (!msg)
13346 		return;
13347 
13348 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
13349 	if (!hdr)
13350 		goto nla_put_failure;
13351 
13352 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13353 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13354 		goto nla_put_failure;
13355 
13356 	genlmsg_end(msg, hdr);
13357 
13358 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
13359 	return;
13360 
13361  nla_put_failure:
13362 	if (hdr)
13363 		genlmsg_cancel(msg, hdr);
13364 	nlmsg_free(msg);
13365 
13366 }
13367 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
13368 
13369 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
13370 {
13371 	struct wiphy *wiphy = wdev->wiphy;
13372 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13373 	struct sk_buff *msg;
13374 	void *hdr;
13375 
13376 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13377 	if (!msg)
13378 		return;
13379 
13380 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
13381 	if (!hdr)
13382 		goto out;
13383 
13384 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13385 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
13386 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
13387 		goto out;
13388 
13389 	genlmsg_end(msg, hdr);
13390 
13391 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
13392 				NL80211_MCGRP_MLME, GFP_KERNEL);
13393 	return;
13394  out:
13395 	nlmsg_free(msg);
13396 }
13397 
13398 /* initialisation/exit functions */
13399 
13400 int nl80211_init(void)
13401 {
13402 	int err;
13403 
13404 	err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
13405 						   nl80211_mcgrps);
13406 	if (err)
13407 		return err;
13408 
13409 	err = netlink_register_notifier(&nl80211_netlink_notifier);
13410 	if (err)
13411 		goto err_out;
13412 
13413 	return 0;
13414  err_out:
13415 	genl_unregister_family(&nl80211_fam);
13416 	return err;
13417 }
13418 
13419 void nl80211_exit(void)
13420 {
13421 	netlink_unregister_notifier(&nl80211_netlink_notifier);
13422 	genl_unregister_family(&nl80211_fam);
13423 }
13424