xref: /openbmc/linux/net/wireless/nl80211.c (revision 5497b23e)
1  // SPDX-License-Identifier: GPL-2.0-only
2  /*
3   * This is the new netlink-based wireless configuration interface.
4   *
5   * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
6   * Copyright 2013-2014  Intel Mobile Communications GmbH
7   * Copyright 2015-2017	Intel Deutschland GmbH
8   * Copyright (C) 2018-2020 Intel Corporation
9   */
10  
11  #include <linux/if.h>
12  #include <linux/module.h>
13  #include <linux/err.h>
14  #include <linux/slab.h>
15  #include <linux/list.h>
16  #include <linux/if_ether.h>
17  #include <linux/ieee80211.h>
18  #include <linux/nl80211.h>
19  #include <linux/rtnetlink.h>
20  #include <linux/netlink.h>
21  #include <linux/nospec.h>
22  #include <linux/etherdevice.h>
23  #include <linux/if_vlan.h>
24  #include <net/net_namespace.h>
25  #include <net/genetlink.h>
26  #include <net/cfg80211.h>
27  #include <net/sock.h>
28  #include <net/inet_connection_sock.h>
29  #include "core.h"
30  #include "nl80211.h"
31  #include "reg.h"
32  #include "rdev-ops.h"
33  
34  static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
35  				   struct genl_info *info,
36  				   struct cfg80211_crypto_settings *settings,
37  				   int cipher_limit);
38  
39  /* the netlink family */
40  static struct genl_family nl80211_fam;
41  
42  /* multicast groups */
43  enum nl80211_multicast_groups {
44  	NL80211_MCGRP_CONFIG,
45  	NL80211_MCGRP_SCAN,
46  	NL80211_MCGRP_REGULATORY,
47  	NL80211_MCGRP_MLME,
48  	NL80211_MCGRP_VENDOR,
49  	NL80211_MCGRP_NAN,
50  	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
51  };
52  
53  static const struct genl_multicast_group nl80211_mcgrps[] = {
54  	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
55  	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
56  	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
57  	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
58  	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
59  	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
60  #ifdef CONFIG_NL80211_TESTMODE
61  	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
62  #endif
63  };
64  
65  /* returns ERR_PTR values */
66  static struct wireless_dev *
67  __cfg80211_wdev_from_attrs(struct cfg80211_registered_device *rdev,
68  			   struct net *netns, struct nlattr **attrs)
69  {
70  	struct wireless_dev *result = NULL;
71  	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
72  	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
73  	u64 wdev_id;
74  	int wiphy_idx = -1;
75  	int ifidx = -1;
76  
77  	if (!have_ifidx && !have_wdev_id)
78  		return ERR_PTR(-EINVAL);
79  
80  	if (have_ifidx)
81  		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82  	if (have_wdev_id) {
83  		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84  		wiphy_idx = wdev_id >> 32;
85  	}
86  
87  	if (rdev) {
88  		struct wireless_dev *wdev;
89  
90  		lockdep_assert_held(&rdev->wiphy.mtx);
91  
92  		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
93  			if (have_ifidx && wdev->netdev &&
94  			    wdev->netdev->ifindex == ifidx) {
95  				result = wdev;
96  				break;
97  			}
98  			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
99  				result = wdev;
100  				break;
101  			}
102  		}
103  
104  		return result ?: ERR_PTR(-ENODEV);
105  	}
106  
107  	ASSERT_RTNL();
108  
109  	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
110  		struct wireless_dev *wdev;
111  
112  		if (wiphy_net(&rdev->wiphy) != netns)
113  			continue;
114  
115  		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
116  			continue;
117  
118  		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
119  			if (have_ifidx && wdev->netdev &&
120  			    wdev->netdev->ifindex == ifidx) {
121  				result = wdev;
122  				break;
123  			}
124  			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
125  				result = wdev;
126  				break;
127  			}
128  		}
129  
130  		if (result)
131  			break;
132  	}
133  
134  	if (result)
135  		return result;
136  	return ERR_PTR(-ENODEV);
137  }
138  
139  static struct cfg80211_registered_device *
140  __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
141  {
142  	struct cfg80211_registered_device *rdev = NULL, *tmp;
143  	struct net_device *netdev;
144  
145  	ASSERT_RTNL();
146  
147  	if (!attrs[NL80211_ATTR_WIPHY] &&
148  	    !attrs[NL80211_ATTR_IFINDEX] &&
149  	    !attrs[NL80211_ATTR_WDEV])
150  		return ERR_PTR(-EINVAL);
151  
152  	if (attrs[NL80211_ATTR_WIPHY])
153  		rdev = cfg80211_rdev_by_wiphy_idx(
154  				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
155  
156  	if (attrs[NL80211_ATTR_WDEV]) {
157  		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
158  		struct wireless_dev *wdev;
159  		bool found = false;
160  
161  		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
162  		if (tmp) {
163  			/* make sure wdev exists */
164  			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
165  				if (wdev->identifier != (u32)wdev_id)
166  					continue;
167  				found = true;
168  				break;
169  			}
170  
171  			if (!found)
172  				tmp = NULL;
173  
174  			if (rdev && tmp != rdev)
175  				return ERR_PTR(-EINVAL);
176  			rdev = tmp;
177  		}
178  	}
179  
180  	if (attrs[NL80211_ATTR_IFINDEX]) {
181  		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
182  
183  		netdev = __dev_get_by_index(netns, ifindex);
184  		if (netdev) {
185  			if (netdev->ieee80211_ptr)
186  				tmp = wiphy_to_rdev(
187  					netdev->ieee80211_ptr->wiphy);
188  			else
189  				tmp = NULL;
190  
191  			/* not wireless device -- return error */
192  			if (!tmp)
193  				return ERR_PTR(-EINVAL);
194  
195  			/* mismatch -- return error */
196  			if (rdev && tmp != rdev)
197  				return ERR_PTR(-EINVAL);
198  
199  			rdev = tmp;
200  		}
201  	}
202  
203  	if (!rdev)
204  		return ERR_PTR(-ENODEV);
205  
206  	if (netns != wiphy_net(&rdev->wiphy))
207  		return ERR_PTR(-ENODEV);
208  
209  	return rdev;
210  }
211  
212  /*
213   * This function returns a pointer to the driver
214   * that the genl_info item that is passed refers to.
215   *
216   * The result of this can be a PTR_ERR and hence must
217   * be checked with IS_ERR() for errors.
218   */
219  static struct cfg80211_registered_device *
220  cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
221  {
222  	return __cfg80211_rdev_from_attrs(netns, info->attrs);
223  }
224  
225  static int validate_beacon_head(const struct nlattr *attr,
226  				struct netlink_ext_ack *extack)
227  {
228  	const u8 *data = nla_data(attr);
229  	unsigned int len = nla_len(attr);
230  	const struct element *elem;
231  	const struct ieee80211_mgmt *mgmt = (void *)data;
232  	bool s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
233  	unsigned int fixedlen, hdrlen;
234  
235  	if (s1g_bcn) {
236  		fixedlen = offsetof(struct ieee80211_ext,
237  				    u.s1g_beacon.variable);
238  		hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
239  	} else {
240  		fixedlen = offsetof(struct ieee80211_mgmt,
241  				    u.beacon.variable);
242  		hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
243  	}
244  
245  	if (len < fixedlen)
246  		goto err;
247  
248  	if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
249  		goto err;
250  
251  	data += fixedlen;
252  	len -= fixedlen;
253  
254  	for_each_element(elem, data, len) {
255  		/* nothing */
256  	}
257  
258  	if (for_each_element_completed(elem, data, len))
259  		return 0;
260  
261  err:
262  	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
263  	return -EINVAL;
264  }
265  
266  static int validate_ie_attr(const struct nlattr *attr,
267  			    struct netlink_ext_ack *extack)
268  {
269  	const u8 *data = nla_data(attr);
270  	unsigned int len = nla_len(attr);
271  	const struct element *elem;
272  
273  	for_each_element(elem, data, len) {
274  		/* nothing */
275  	}
276  
277  	if (for_each_element_completed(elem, data, len))
278  		return 0;
279  
280  	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
281  	return -EINVAL;
282  }
283  
284  /* policy for the attributes */
285  static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
286  
287  static const struct nla_policy
288  nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
289  	[NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
290  	[NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
291  					.len = U8_MAX },
292  	[NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
293  					     .len = U8_MAX },
294  };
295  
296  static const struct nla_policy
297  nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
298  	[NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
299  	[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
300  	[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
301  		NLA_POLICY_MAX(NLA_U8, 15),
302  	[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
303  	[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
304  		NLA_POLICY_MAX(NLA_U8, 15),
305  	[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
306  		NLA_POLICY_MAX(NLA_U8, 31),
307  	[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
308  	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
309  	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
310  	[NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
311  	[NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
312  };
313  
314  static const struct nla_policy
315  nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
316  	[NL80211_PMSR_TYPE_FTM] =
317  		NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
318  };
319  
320  static const struct nla_policy
321  nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
322  	[NL80211_PMSR_REQ_ATTR_DATA] =
323  		NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
324  	[NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
325  };
326  
327  static const struct nla_policy
328  nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
329  	[NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
330  	[NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
331  	[NL80211_PMSR_PEER_ATTR_REQ] =
332  		NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
333  	[NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
334  };
335  
336  static const struct nla_policy
337  nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
338  	[NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
339  	[NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
340  	[NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
341  	[NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
342  	[NL80211_PMSR_ATTR_PEERS] =
343  		NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
344  };
345  
346  static const struct nla_policy
347  he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
348  	[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
349  		NLA_POLICY_RANGE(NLA_U8, 1, 20),
350  	[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
351  		NLA_POLICY_RANGE(NLA_U8, 1, 20),
352  	[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
353  		NLA_POLICY_RANGE(NLA_U8, 1, 20),
354  	[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
355  		NLA_POLICY_EXACT_LEN(8),
356  	[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
357  		NLA_POLICY_EXACT_LEN(8),
358  	[NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
359  };
360  
361  static const struct nla_policy
362  he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
363  	[NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
364  	[NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
365  	[NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
366  };
367  
368  static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
369  	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
370  				    .len = NL80211_MAX_SUPP_RATES },
371  	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
372  				.len = NL80211_MAX_SUPP_HT_RATES },
373  	[NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
374  	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
375  	[NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
376  	[NL80211_TXRATE_HE_GI] =  NLA_POLICY_RANGE(NLA_U8,
377  						   NL80211_RATE_INFO_HE_GI_0_8,
378  						   NL80211_RATE_INFO_HE_GI_3_2),
379  	[NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
380  						   NL80211_RATE_INFO_HE_1XLTF,
381  						   NL80211_RATE_INFO_HE_4XLTF),
382  };
383  
384  static const struct nla_policy
385  nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
386  	[NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
387  	[NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
388  	[NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
389  	[NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
390  	[NL80211_TID_CONFIG_ATTR_NOACK] =
391  			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
392  	[NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
393  	[NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
394  	[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
395  			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
396  	[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
397  			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
398  	[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
399  			NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
400  	[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
401  			NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
402  	[NL80211_TID_CONFIG_ATTR_TX_RATE] =
403  			NLA_POLICY_NESTED(nl80211_txattr_policy),
404  };
405  
406  static const struct nla_policy
407  nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
408  	[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
409  	[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
410  	NLA_POLICY_RANGE(NLA_BINARY,
411  			 NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
412  			 IEEE80211_MAX_DATA_LEN),
413  };
414  
415  static const struct nla_policy
416  nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
417  	[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
418  	[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
419  						       .len = IEEE80211_MAX_DATA_LEN }
420  };
421  
422  static const struct nla_policy
423  sar_specs_policy[NL80211_SAR_ATTR_SPECS_MAX + 1] = {
424  	[NL80211_SAR_ATTR_SPECS_POWER] = { .type = NLA_S32 },
425  	[NL80211_SAR_ATTR_SPECS_RANGE_INDEX] = {.type = NLA_U32 },
426  };
427  
428  static const struct nla_policy
429  sar_policy[NL80211_SAR_ATTR_MAX + 1] = {
430  	[NL80211_SAR_ATTR_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_SAR_TYPE),
431  	[NL80211_SAR_ATTR_SPECS] = NLA_POLICY_NESTED_ARRAY(sar_specs_policy),
432  };
433  
434  static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
435  	[0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
436  	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
437  	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
438  				      .len = 20-1 },
439  	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
440  
441  	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
442  	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
443  	[NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
444  						NL80211_EDMG_CHANNELS_MIN,
445  						NL80211_EDMG_CHANNELS_MAX),
446  	[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
447  						NL80211_EDMG_BW_CONFIG_MIN,
448  						NL80211_EDMG_BW_CONFIG_MAX),
449  
450  	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
451  	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
452  	[NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
453  	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
454  
455  	[NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
456  	[NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
457  	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
458  	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
459  	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
460  	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
461  
462  	[NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
463  	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
464  	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
465  
466  	[NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
467  	[NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
468  
469  	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
470  	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
471  				    .len = WLAN_MAX_KEY_LEN },
472  	[NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
473  	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
474  	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
475  	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
476  	[NL80211_ATTR_KEY_TYPE] =
477  		NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
478  
479  	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
480  	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
481  	[NL80211_ATTR_BEACON_HEAD] =
482  		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
483  				       IEEE80211_MAX_DATA_LEN),
484  	[NL80211_ATTR_BEACON_TAIL] =
485  		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
486  				       IEEE80211_MAX_DATA_LEN),
487  	[NL80211_ATTR_STA_AID] =
488  		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
489  	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
490  	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
491  	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
492  					       .len = NL80211_MAX_SUPP_RATES },
493  	[NL80211_ATTR_STA_PLINK_ACTION] =
494  		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
495  	[NL80211_ATTR_STA_TX_POWER_SETTING] =
496  		NLA_POLICY_RANGE(NLA_U8,
497  				 NL80211_TX_POWER_AUTOMATIC,
498  				 NL80211_TX_POWER_FIXED),
499  	[NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
500  	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
501  	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
502  	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
503  				   .len = IEEE80211_MAX_MESH_ID_LEN },
504  	[NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
505  
506  	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
507  	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
508  
509  	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
510  	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
511  	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
512  	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
513  					   .len = NL80211_MAX_SUPP_RATES },
514  	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
515  
516  	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
517  	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
518  
519  	[NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
520  
521  	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
522  	[NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
523  						   validate_ie_attr,
524  						   IEEE80211_MAX_DATA_LEN),
525  	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
526  	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
527  
528  	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
529  				.len = IEEE80211_MAX_SSID_LEN },
530  	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
531  	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
532  	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
533  	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
534  	[NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
535  						  NL80211_MFP_NO,
536  						  NL80211_MFP_OPTIONAL),
537  	[NL80211_ATTR_STA_FLAGS2] = {
538  		.len = sizeof(struct nl80211_sta_flag_update),
539  	},
540  	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
541  	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
542  	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
543  	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
544  	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
545  	[NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
546  	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
547  	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
548  	[NL80211_ATTR_PID] = { .type = NLA_U32 },
549  	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
550  	[NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
551  	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
552  	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
553  	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
554  	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
555  				 .len = IEEE80211_MAX_DATA_LEN },
556  	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
557  	[NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
558  						   NL80211_PS_DISABLED,
559  						   NL80211_PS_ENABLED),
560  	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
561  	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
562  	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
563  	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
564  	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
565  	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
566  	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
567  	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
568  	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
569  	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
570  	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
571  	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
572  	[NL80211_ATTR_STA_PLINK_STATE] =
573  		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
574  	[NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
575  	[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
576  	[NL80211_ATTR_MESH_PEER_AID] =
577  		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
578  	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
579  	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
580  	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
581  	[NL80211_ATTR_HIDDEN_SSID] =
582  		NLA_POLICY_RANGE(NLA_U32,
583  				 NL80211_HIDDEN_SSID_NOT_IN_USE,
584  				 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
585  	[NL80211_ATTR_IE_PROBE_RESP] =
586  		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
587  				       IEEE80211_MAX_DATA_LEN),
588  	[NL80211_ATTR_IE_ASSOC_RESP] =
589  		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
590  				       IEEE80211_MAX_DATA_LEN),
591  	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
592  	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
593  	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
594  	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
595  	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
596  	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
597  	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
598  	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
599  	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
600  	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
601  	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
602  				      .len = IEEE80211_MAX_DATA_LEN },
603  	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
604  	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
605  	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
606  		.len = NL80211_HT_CAPABILITY_LEN
607  	},
608  	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
609  	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
610  	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
611  	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
612  	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
613  
614  	/* need to include at least Auth Transaction and Status Code */
615  	[NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
616  
617  	[NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
618  	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
619  	[NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
620  	[NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
621  	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
622  		NLA_POLICY_RANGE(NLA_U32,
623  				 NL80211_MESH_POWER_UNKNOWN + 1,
624  				 NL80211_MESH_POWER_MAX),
625  	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
626  	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
627  	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
628  	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
629  	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
630  	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
631  	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
632  		.len = NL80211_VHT_CAPABILITY_LEN,
633  	},
634  	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
635  	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
636  				  .len = IEEE80211_MAX_DATA_LEN },
637  	[NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
638  	[NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
639  		NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
640  	[NL80211_ATTR_PEER_AID] =
641  		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
642  	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
643  	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
644  	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
645  	[NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
646  	[NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
647  	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
648  	/*
649  	 * The value of the Length field of the Supported Operating
650  	 * Classes element is between 2 and 253.
651  	 */
652  	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
653  		NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
654  	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
655  	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
656  	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
657  	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
658  	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
659  	[NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
660  						  IEEE80211_QOS_MAP_LEN_MIN,
661  						  IEEE80211_QOS_MAP_LEN_MAX),
662  	[NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
663  	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
664  	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
665  	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
666  	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
667  	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
668  	[NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
669  	[NL80211_ATTR_USER_PRIO] =
670  		NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
671  	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
672  	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
673  	[NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
674  	[NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
675  	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
676  	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
677  	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
678  	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
679  	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
680  	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
681  	[NL80211_ATTR_STA_SUPPORT_P2P_PS] =
682  		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
683  	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
684  		.len = VHT_MUMIMO_GROUPS_DATA_LEN
685  	},
686  	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
687  	[NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
688  	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
689  	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
690  	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
691  				    .len = FILS_MAX_KEK_LEN },
692  	[NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
693  	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
694  	[NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
695  	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
696  	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
697  		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
698  	},
699  	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
700  	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
701  					     .len = FILS_ERP_MAX_USERNAME_LEN },
702  	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
703  					  .len = FILS_ERP_MAX_REALM_LEN },
704  	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
705  	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
706  					.len = FILS_ERP_MAX_RRK_LEN },
707  	[NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
708  	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
709  	[NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
710  	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
711  	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
712  
713  	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
714  	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
715  	[NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
716  	[NL80211_ATTR_HE_CAPABILITY] =
717  		NLA_POLICY_RANGE(NLA_BINARY,
718  				 NL80211_HE_MIN_CAPABILITY_LEN,
719  				 NL80211_HE_MAX_CAPABILITY_LEN),
720  	[NL80211_ATTR_FTM_RESPONDER] =
721  		NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
722  	[NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
723  	[NL80211_ATTR_PEER_MEASUREMENTS] =
724  		NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
725  	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
726  	[NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
727  					.len = SAE_PASSWORD_MAX_LEN },
728  	[NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
729  	[NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
730  	[NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
731  	[NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
732  	[NL80211_ATTR_TID_CONFIG] =
733  		NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
734  	[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
735  	[NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
736  	[NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
737  	[NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
738  	[NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
739  	[NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
740  	[NL80211_ATTR_HE_6GHZ_CAPABILITY] =
741  		NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
742  	[NL80211_ATTR_FILS_DISCOVERY] =
743  		NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
744  	[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
745  		NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
746  	[NL80211_ATTR_S1G_CAPABILITY] =
747  		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
748  	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
749  		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
750  	[NL80211_ATTR_SAE_PWE] =
751  		NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
752  				 NL80211_SAE_PWE_BOTH),
753  	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
754  	[NL80211_ATTR_SAR_SPEC] = NLA_POLICY_NESTED(sar_policy),
755  	[NL80211_ATTR_DISABLE_HE] = { .type = NLA_FLAG },
756  };
757  
758  /* policy for the key attributes */
759  static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
760  	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
761  	[NL80211_KEY_IDX] = { .type = NLA_U8 },
762  	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
763  	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
764  	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
765  	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
766  	[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
767  	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
768  	[NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
769  };
770  
771  /* policy for the key default flags */
772  static const struct nla_policy
773  nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
774  	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
775  	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
776  };
777  
778  #ifdef CONFIG_PM
779  /* policy for WoWLAN attributes */
780  static const struct nla_policy
781  nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
782  	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
783  	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
784  	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
785  	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
786  	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
787  	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
788  	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
789  	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
790  	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
791  	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
792  };
793  
794  static const struct nla_policy
795  nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
796  	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
797  	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
798  	[NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
799  	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
800  	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
801  	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
802  	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
803  		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
804  	},
805  	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
806  		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
807  	},
808  	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
809  	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
810  	[NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
811  };
812  #endif /* CONFIG_PM */
813  
814  /* policy for coalesce rule attributes */
815  static const struct nla_policy
816  nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
817  	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
818  	[NL80211_ATTR_COALESCE_RULE_CONDITION] =
819  		NLA_POLICY_RANGE(NLA_U32,
820  				 NL80211_COALESCE_CONDITION_MATCH,
821  				 NL80211_COALESCE_CONDITION_NO_MATCH),
822  	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
823  };
824  
825  /* policy for GTK rekey offload attributes */
826  static const struct nla_policy
827  nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
828  	[NL80211_REKEY_DATA_KEK] = {
829  		.type = NLA_BINARY,
830  		.len = NL80211_KEK_EXT_LEN
831  	},
832  	[NL80211_REKEY_DATA_KCK] = {
833  		.type = NLA_BINARY,
834  		.len = NL80211_KCK_EXT_LEN
835  	},
836  	[NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
837  	[NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
838  };
839  
840  static const struct nla_policy
841  nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
842  	[NL80211_BAND_2GHZ] = { .type = NLA_S32 },
843  	[NL80211_BAND_5GHZ] = { .type = NLA_S32 },
844  	[NL80211_BAND_6GHZ] = { .type = NLA_S32 },
845  	[NL80211_BAND_60GHZ] = { .type = NLA_S32 },
846  };
847  
848  static const struct nla_policy
849  nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
850  	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
851  						 .len = IEEE80211_MAX_SSID_LEN },
852  	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
853  	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
854  	[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
855  		NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
856  };
857  
858  static const struct nla_policy
859  nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
860  	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
861  	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
862  };
863  
864  static const struct nla_policy
865  nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
866  	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
867  	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
868  	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
869  		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
870  	},
871  };
872  
873  /* policy for NAN function attributes */
874  static const struct nla_policy
875  nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
876  	[NL80211_NAN_FUNC_TYPE] =
877  		NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
878  	[NL80211_NAN_FUNC_SERVICE_ID] = {
879  				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
880  	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
881  	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
882  	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
883  	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
884  	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
885  	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
886  	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
887  	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
888  	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
889  			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
890  	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
891  	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
892  	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
893  	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
894  	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
895  };
896  
897  /* policy for Service Response Filter attributes */
898  static const struct nla_policy
899  nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
900  	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
901  	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
902  				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
903  	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
904  	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
905  };
906  
907  /* policy for packet pattern attributes */
908  static const struct nla_policy
909  nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
910  	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
911  	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
912  	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
913  };
914  
915  int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
916  			      struct cfg80211_registered_device **rdev,
917  			      struct wireless_dev **wdev)
918  {
919  	int err;
920  
921  	if (!cb->args[0]) {
922  		struct nlattr **attrbuf;
923  
924  		attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
925  				  GFP_KERNEL);
926  		if (!attrbuf)
927  			return -ENOMEM;
928  
929  		err = nlmsg_parse_deprecated(cb->nlh,
930  					     GENL_HDRLEN + nl80211_fam.hdrsize,
931  					     attrbuf, nl80211_fam.maxattr,
932  					     nl80211_policy, NULL);
933  		if (err) {
934  			kfree(attrbuf);
935  			return err;
936  		}
937  
938  		rtnl_lock();
939  		*wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(cb->skb->sk),
940  						   attrbuf);
941  		kfree(attrbuf);
942  		if (IS_ERR(*wdev)) {
943  			rtnl_unlock();
944  			return PTR_ERR(*wdev);
945  		}
946  		*rdev = wiphy_to_rdev((*wdev)->wiphy);
947  		mutex_lock(&(*rdev)->wiphy.mtx);
948  		rtnl_unlock();
949  		/* 0 is the first index - add 1 to parse only once */
950  		cb->args[0] = (*rdev)->wiphy_idx + 1;
951  		cb->args[1] = (*wdev)->identifier;
952  	} else {
953  		/* subtract the 1 again here */
954  		struct wiphy *wiphy;
955  		struct wireless_dev *tmp;
956  
957  		rtnl_lock();
958  		wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
959  		if (!wiphy) {
960  			rtnl_unlock();
961  			return -ENODEV;
962  		}
963  		*rdev = wiphy_to_rdev(wiphy);
964  		*wdev = NULL;
965  
966  		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
967  			if (tmp->identifier == cb->args[1]) {
968  				*wdev = tmp;
969  				break;
970  			}
971  		}
972  
973  		if (!*wdev) {
974  			rtnl_unlock();
975  			return -ENODEV;
976  		}
977  		mutex_lock(&(*rdev)->wiphy.mtx);
978  		rtnl_unlock();
979  	}
980  
981  	return 0;
982  }
983  
984  /* message building helper */
985  void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
986  		     int flags, u8 cmd)
987  {
988  	/* since there is no private header just add the generic one */
989  	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
990  }
991  
992  static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
993  				     const struct ieee80211_reg_rule *rule)
994  {
995  	int j;
996  	struct nlattr *nl_wmm_rules =
997  		nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
998  
999  	if (!nl_wmm_rules)
1000  		goto nla_put_failure;
1001  
1002  	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
1003  		struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
1004  
1005  		if (!nl_wmm_rule)
1006  			goto nla_put_failure;
1007  
1008  		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
1009  				rule->wmm_rule.client[j].cw_min) ||
1010  		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,
1011  				rule->wmm_rule.client[j].cw_max) ||
1012  		    nla_put_u8(msg, NL80211_WMMR_AIFSN,
1013  			       rule->wmm_rule.client[j].aifsn) ||
1014  		    nla_put_u16(msg, NL80211_WMMR_TXOP,
1015  			        rule->wmm_rule.client[j].cot))
1016  			goto nla_put_failure;
1017  
1018  		nla_nest_end(msg, nl_wmm_rule);
1019  	}
1020  	nla_nest_end(msg, nl_wmm_rules);
1021  
1022  	return 0;
1023  
1024  nla_put_failure:
1025  	return -ENOBUFS;
1026  }
1027  
1028  static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
1029  				   struct ieee80211_channel *chan,
1030  				   bool large)
1031  {
1032  	/* Some channels must be completely excluded from the
1033  	 * list to protect old user-space tools from breaking
1034  	 */
1035  	if (!large && chan->flags &
1036  	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
1037  		return 0;
1038  	if (!large && chan->freq_offset)
1039  		return 0;
1040  
1041  	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
1042  			chan->center_freq))
1043  		goto nla_put_failure;
1044  
1045  	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
1046  		goto nla_put_failure;
1047  
1048  	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
1049  	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
1050  		goto nla_put_failure;
1051  	if (chan->flags & IEEE80211_CHAN_NO_IR) {
1052  		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
1053  			goto nla_put_failure;
1054  		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
1055  			goto nla_put_failure;
1056  	}
1057  	if (chan->flags & IEEE80211_CHAN_RADAR) {
1058  		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
1059  			goto nla_put_failure;
1060  		if (large) {
1061  			u32 time;
1062  
1063  			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
1064  
1065  			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
1066  					chan->dfs_state))
1067  				goto nla_put_failure;
1068  			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
1069  					time))
1070  				goto nla_put_failure;
1071  			if (nla_put_u32(msg,
1072  					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
1073  					chan->dfs_cac_ms))
1074  				goto nla_put_failure;
1075  		}
1076  	}
1077  
1078  	if (large) {
1079  		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
1080  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
1081  			goto nla_put_failure;
1082  		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
1083  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
1084  			goto nla_put_failure;
1085  		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
1086  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
1087  			goto nla_put_failure;
1088  		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
1089  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
1090  			goto nla_put_failure;
1091  		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
1092  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
1093  			goto nla_put_failure;
1094  		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
1095  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
1096  			goto nla_put_failure;
1097  		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
1098  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
1099  			goto nla_put_failure;
1100  		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
1101  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
1102  			goto nla_put_failure;
1103  		if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
1104  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
1105  			goto nla_put_failure;
1106  		if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
1107  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
1108  			goto nla_put_failure;
1109  		if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
1110  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
1111  			goto nla_put_failure;
1112  		if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
1113  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
1114  			goto nla_put_failure;
1115  		if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
1116  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
1117  			goto nla_put_failure;
1118  		if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
1119  		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
1120  			goto nla_put_failure;
1121  	}
1122  
1123  	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
1124  			DBM_TO_MBM(chan->max_power)))
1125  		goto nla_put_failure;
1126  
1127  	if (large) {
1128  		const struct ieee80211_reg_rule *rule =
1129  			freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
1130  
1131  		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
1132  			if (nl80211_msg_put_wmm_rules(msg, rule))
1133  				goto nla_put_failure;
1134  		}
1135  	}
1136  
1137  	return 0;
1138  
1139   nla_put_failure:
1140  	return -ENOBUFS;
1141  }
1142  
1143  static bool nl80211_put_txq_stats(struct sk_buff *msg,
1144  				  struct cfg80211_txq_stats *txqstats,
1145  				  int attrtype)
1146  {
1147  	struct nlattr *txqattr;
1148  
1149  #define PUT_TXQVAL_U32(attr, memb) do {					  \
1150  	if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&	  \
1151  	    nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
1152  		return false;						  \
1153  	} while (0)
1154  
1155  	txqattr = nla_nest_start_noflag(msg, attrtype);
1156  	if (!txqattr)
1157  		return false;
1158  
1159  	PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1160  	PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1161  	PUT_TXQVAL_U32(FLOWS, flows);
1162  	PUT_TXQVAL_U32(DROPS, drops);
1163  	PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1164  	PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1165  	PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1166  	PUT_TXQVAL_U32(COLLISIONS, collisions);
1167  	PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1168  	PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1169  	PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1170  	nla_nest_end(msg, txqattr);
1171  
1172  #undef PUT_TXQVAL_U32
1173  	return true;
1174  }
1175  
1176  /* netlink command implementations */
1177  
1178  struct key_parse {
1179  	struct key_params p;
1180  	int idx;
1181  	int type;
1182  	bool def, defmgmt, defbeacon;
1183  	bool def_uni, def_multi;
1184  };
1185  
1186  static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1187  				 struct key_parse *k)
1188  {
1189  	struct nlattr *tb[NL80211_KEY_MAX + 1];
1190  	int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1191  					      nl80211_key_policy,
1192  					      info->extack);
1193  	if (err)
1194  		return err;
1195  
1196  	k->def = !!tb[NL80211_KEY_DEFAULT];
1197  	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1198  	k->defbeacon = !!tb[NL80211_KEY_DEFAULT_BEACON];
1199  
1200  	if (k->def) {
1201  		k->def_uni = true;
1202  		k->def_multi = true;
1203  	}
1204  	if (k->defmgmt || k->defbeacon)
1205  		k->def_multi = true;
1206  
1207  	if (tb[NL80211_KEY_IDX])
1208  		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1209  
1210  	if (tb[NL80211_KEY_DATA]) {
1211  		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1212  		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1213  	}
1214  
1215  	if (tb[NL80211_KEY_SEQ]) {
1216  		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1217  		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1218  	}
1219  
1220  	if (tb[NL80211_KEY_CIPHER])
1221  		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1222  
1223  	if (tb[NL80211_KEY_TYPE])
1224  		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1225  
1226  	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1227  		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1228  
1229  		err = nla_parse_nested_deprecated(kdt,
1230  						  NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1231  						  tb[NL80211_KEY_DEFAULT_TYPES],
1232  						  nl80211_key_default_policy,
1233  						  info->extack);
1234  		if (err)
1235  			return err;
1236  
1237  		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1238  		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1239  	}
1240  
1241  	if (tb[NL80211_KEY_MODE])
1242  		k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1243  
1244  	return 0;
1245  }
1246  
1247  static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1248  {
1249  	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1250  		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1251  		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1252  	}
1253  
1254  	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1255  		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1256  		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1257  	}
1258  
1259  	if (info->attrs[NL80211_ATTR_KEY_IDX])
1260  		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1261  
1262  	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1263  		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1264  
1265  	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1266  	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1267  
1268  	if (k->def) {
1269  		k->def_uni = true;
1270  		k->def_multi = true;
1271  	}
1272  	if (k->defmgmt)
1273  		k->def_multi = true;
1274  
1275  	if (info->attrs[NL80211_ATTR_KEY_TYPE])
1276  		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1277  
1278  	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1279  		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1280  		int err = nla_parse_nested_deprecated(kdt,
1281  						      NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1282  						      info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1283  						      nl80211_key_default_policy,
1284  						      info->extack);
1285  		if (err)
1286  			return err;
1287  
1288  		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1289  		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1290  	}
1291  
1292  	return 0;
1293  }
1294  
1295  static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1296  {
1297  	int err;
1298  
1299  	memset(k, 0, sizeof(*k));
1300  	k->idx = -1;
1301  	k->type = -1;
1302  
1303  	if (info->attrs[NL80211_ATTR_KEY])
1304  		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1305  	else
1306  		err = nl80211_parse_key_old(info, k);
1307  
1308  	if (err)
1309  		return err;
1310  
1311  	if ((k->def ? 1 : 0) + (k->defmgmt ? 1 : 0) +
1312  	    (k->defbeacon ? 1 : 0) > 1) {
1313  		GENL_SET_ERR_MSG(info,
1314  				 "key with multiple default flags is invalid");
1315  		return -EINVAL;
1316  	}
1317  
1318  	if (k->defmgmt || k->defbeacon) {
1319  		if (k->def_uni || !k->def_multi) {
1320  			GENL_SET_ERR_MSG(info,
1321  					 "defmgmt/defbeacon key must be mcast");
1322  			return -EINVAL;
1323  		}
1324  	}
1325  
1326  	if (k->idx != -1) {
1327  		if (k->defmgmt) {
1328  			if (k->idx < 4 || k->idx > 5) {
1329  				GENL_SET_ERR_MSG(info,
1330  						 "defmgmt key idx not 4 or 5");
1331  				return -EINVAL;
1332  			}
1333  		} else if (k->defbeacon) {
1334  			if (k->idx < 6 || k->idx > 7) {
1335  				GENL_SET_ERR_MSG(info,
1336  						 "defbeacon key idx not 6 or 7");
1337  				return -EINVAL;
1338  			}
1339  		} else if (k->def) {
1340  			if (k->idx < 0 || k->idx > 3) {
1341  				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1342  				return -EINVAL;
1343  			}
1344  		} else {
1345  			if (k->idx < 0 || k->idx > 7) {
1346  				GENL_SET_ERR_MSG(info, "key idx not 0-7");
1347  				return -EINVAL;
1348  			}
1349  		}
1350  	}
1351  
1352  	return 0;
1353  }
1354  
1355  static struct cfg80211_cached_keys *
1356  nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1357  		       struct genl_info *info, bool *no_ht)
1358  {
1359  	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1360  	struct key_parse parse;
1361  	struct nlattr *key;
1362  	struct cfg80211_cached_keys *result;
1363  	int rem, err, def = 0;
1364  	bool have_key = false;
1365  
1366  	nla_for_each_nested(key, keys, rem) {
1367  		have_key = true;
1368  		break;
1369  	}
1370  
1371  	if (!have_key)
1372  		return NULL;
1373  
1374  	result = kzalloc(sizeof(*result), GFP_KERNEL);
1375  	if (!result)
1376  		return ERR_PTR(-ENOMEM);
1377  
1378  	result->def = -1;
1379  
1380  	nla_for_each_nested(key, keys, rem) {
1381  		memset(&parse, 0, sizeof(parse));
1382  		parse.idx = -1;
1383  
1384  		err = nl80211_parse_key_new(info, key, &parse);
1385  		if (err)
1386  			goto error;
1387  		err = -EINVAL;
1388  		if (!parse.p.key)
1389  			goto error;
1390  		if (parse.idx < 0 || parse.idx > 3) {
1391  			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1392  			goto error;
1393  		}
1394  		if (parse.def) {
1395  			if (def) {
1396  				GENL_SET_ERR_MSG(info,
1397  						 "only one key can be default");
1398  				goto error;
1399  			}
1400  			def = 1;
1401  			result->def = parse.idx;
1402  			if (!parse.def_uni || !parse.def_multi)
1403  				goto error;
1404  		} else if (parse.defmgmt)
1405  			goto error;
1406  		err = cfg80211_validate_key_settings(rdev, &parse.p,
1407  						     parse.idx, false, NULL);
1408  		if (err)
1409  			goto error;
1410  		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1411  		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1412  			GENL_SET_ERR_MSG(info, "connect key must be WEP");
1413  			err = -EINVAL;
1414  			goto error;
1415  		}
1416  		result->params[parse.idx].cipher = parse.p.cipher;
1417  		result->params[parse.idx].key_len = parse.p.key_len;
1418  		result->params[parse.idx].key = result->data[parse.idx];
1419  		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1420  
1421  		/* must be WEP key if we got here */
1422  		if (no_ht)
1423  			*no_ht = true;
1424  	}
1425  
1426  	if (result->def < 0) {
1427  		err = -EINVAL;
1428  		GENL_SET_ERR_MSG(info, "need a default/TX key");
1429  		goto error;
1430  	}
1431  
1432  	return result;
1433   error:
1434  	kfree(result);
1435  	return ERR_PTR(err);
1436  }
1437  
1438  static int nl80211_key_allowed(struct wireless_dev *wdev)
1439  {
1440  	ASSERT_WDEV_LOCK(wdev);
1441  
1442  	switch (wdev->iftype) {
1443  	case NL80211_IFTYPE_AP:
1444  	case NL80211_IFTYPE_AP_VLAN:
1445  	case NL80211_IFTYPE_P2P_GO:
1446  	case NL80211_IFTYPE_MESH_POINT:
1447  		break;
1448  	case NL80211_IFTYPE_ADHOC:
1449  	case NL80211_IFTYPE_STATION:
1450  	case NL80211_IFTYPE_P2P_CLIENT:
1451  		if (!wdev->current_bss)
1452  			return -ENOLINK;
1453  		break;
1454  	case NL80211_IFTYPE_UNSPECIFIED:
1455  	case NL80211_IFTYPE_OCB:
1456  	case NL80211_IFTYPE_MONITOR:
1457  	case NL80211_IFTYPE_NAN:
1458  	case NL80211_IFTYPE_P2P_DEVICE:
1459  	case NL80211_IFTYPE_WDS:
1460  	case NUM_NL80211_IFTYPES:
1461  		return -EINVAL;
1462  	}
1463  
1464  	return 0;
1465  }
1466  
1467  static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1468  							u32 freq)
1469  {
1470  	struct ieee80211_channel *chan;
1471  
1472  	chan = ieee80211_get_channel_khz(wiphy, freq);
1473  	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1474  		return NULL;
1475  	return chan;
1476  }
1477  
1478  static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1479  {
1480  	struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1481  	int i;
1482  
1483  	if (!nl_modes)
1484  		goto nla_put_failure;
1485  
1486  	i = 0;
1487  	while (ifmodes) {
1488  		if ((ifmodes & 1) && nla_put_flag(msg, i))
1489  			goto nla_put_failure;
1490  		ifmodes >>= 1;
1491  		i++;
1492  	}
1493  
1494  	nla_nest_end(msg, nl_modes);
1495  	return 0;
1496  
1497  nla_put_failure:
1498  	return -ENOBUFS;
1499  }
1500  
1501  static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1502  					  struct sk_buff *msg,
1503  					  bool large)
1504  {
1505  	struct nlattr *nl_combis;
1506  	int i, j;
1507  
1508  	nl_combis = nla_nest_start_noflag(msg,
1509  					  NL80211_ATTR_INTERFACE_COMBINATIONS);
1510  	if (!nl_combis)
1511  		goto nla_put_failure;
1512  
1513  	for (i = 0; i < wiphy->n_iface_combinations; i++) {
1514  		const struct ieee80211_iface_combination *c;
1515  		struct nlattr *nl_combi, *nl_limits;
1516  
1517  		c = &wiphy->iface_combinations[i];
1518  
1519  		nl_combi = nla_nest_start_noflag(msg, i + 1);
1520  		if (!nl_combi)
1521  			goto nla_put_failure;
1522  
1523  		nl_limits = nla_nest_start_noflag(msg,
1524  						  NL80211_IFACE_COMB_LIMITS);
1525  		if (!nl_limits)
1526  			goto nla_put_failure;
1527  
1528  		for (j = 0; j < c->n_limits; j++) {
1529  			struct nlattr *nl_limit;
1530  
1531  			nl_limit = nla_nest_start_noflag(msg, j + 1);
1532  			if (!nl_limit)
1533  				goto nla_put_failure;
1534  			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1535  					c->limits[j].max))
1536  				goto nla_put_failure;
1537  			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1538  						c->limits[j].types))
1539  				goto nla_put_failure;
1540  			nla_nest_end(msg, nl_limit);
1541  		}
1542  
1543  		nla_nest_end(msg, nl_limits);
1544  
1545  		if (c->beacon_int_infra_match &&
1546  		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1547  			goto nla_put_failure;
1548  		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1549  				c->num_different_channels) ||
1550  		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1551  				c->max_interfaces))
1552  			goto nla_put_failure;
1553  		if (large &&
1554  		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1555  				c->radar_detect_widths) ||
1556  		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1557  				c->radar_detect_regions)))
1558  			goto nla_put_failure;
1559  		if (c->beacon_int_min_gcd &&
1560  		    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1561  				c->beacon_int_min_gcd))
1562  			goto nla_put_failure;
1563  
1564  		nla_nest_end(msg, nl_combi);
1565  	}
1566  
1567  	nla_nest_end(msg, nl_combis);
1568  
1569  	return 0;
1570  nla_put_failure:
1571  	return -ENOBUFS;
1572  }
1573  
1574  #ifdef CONFIG_PM
1575  static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1576  					struct sk_buff *msg)
1577  {
1578  	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1579  	struct nlattr *nl_tcp;
1580  
1581  	if (!tcp)
1582  		return 0;
1583  
1584  	nl_tcp = nla_nest_start_noflag(msg,
1585  				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1586  	if (!nl_tcp)
1587  		return -ENOBUFS;
1588  
1589  	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1590  			tcp->data_payload_max))
1591  		return -ENOBUFS;
1592  
1593  	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1594  			tcp->data_payload_max))
1595  		return -ENOBUFS;
1596  
1597  	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1598  		return -ENOBUFS;
1599  
1600  	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1601  				sizeof(*tcp->tok), tcp->tok))
1602  		return -ENOBUFS;
1603  
1604  	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1605  			tcp->data_interval_max))
1606  		return -ENOBUFS;
1607  
1608  	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1609  			tcp->wake_payload_max))
1610  		return -ENOBUFS;
1611  
1612  	nla_nest_end(msg, nl_tcp);
1613  	return 0;
1614  }
1615  
1616  static int nl80211_send_wowlan(struct sk_buff *msg,
1617  			       struct cfg80211_registered_device *rdev,
1618  			       bool large)
1619  {
1620  	struct nlattr *nl_wowlan;
1621  
1622  	if (!rdev->wiphy.wowlan)
1623  		return 0;
1624  
1625  	nl_wowlan = nla_nest_start_noflag(msg,
1626  					  NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1627  	if (!nl_wowlan)
1628  		return -ENOBUFS;
1629  
1630  	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1631  	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1632  	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1633  	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1634  	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1635  	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1636  	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1637  	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1638  	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1639  	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1640  	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1641  	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1642  	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1643  	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1644  	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1645  	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1646  		return -ENOBUFS;
1647  
1648  	if (rdev->wiphy.wowlan->n_patterns) {
1649  		struct nl80211_pattern_support pat = {
1650  			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1651  			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1652  			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1653  			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1654  		};
1655  
1656  		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1657  			    sizeof(pat), &pat))
1658  			return -ENOBUFS;
1659  	}
1660  
1661  	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1662  	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1663  			rdev->wiphy.wowlan->max_nd_match_sets))
1664  		return -ENOBUFS;
1665  
1666  	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1667  		return -ENOBUFS;
1668  
1669  	nla_nest_end(msg, nl_wowlan);
1670  
1671  	return 0;
1672  }
1673  #endif
1674  
1675  static int nl80211_send_coalesce(struct sk_buff *msg,
1676  				 struct cfg80211_registered_device *rdev)
1677  {
1678  	struct nl80211_coalesce_rule_support rule;
1679  
1680  	if (!rdev->wiphy.coalesce)
1681  		return 0;
1682  
1683  	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1684  	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1685  	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1686  	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1687  	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1688  	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1689  
1690  	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1691  		return -ENOBUFS;
1692  
1693  	return 0;
1694  }
1695  
1696  static int
1697  nl80211_send_iftype_data(struct sk_buff *msg,
1698  			 const struct ieee80211_supported_band *sband,
1699  			 const struct ieee80211_sband_iftype_data *iftdata)
1700  {
1701  	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1702  
1703  	if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1704  				iftdata->types_mask))
1705  		return -ENOBUFS;
1706  
1707  	if (he_cap->has_he) {
1708  		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1709  			    sizeof(he_cap->he_cap_elem.mac_cap_info),
1710  			    he_cap->he_cap_elem.mac_cap_info) ||
1711  		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1712  			    sizeof(he_cap->he_cap_elem.phy_cap_info),
1713  			    he_cap->he_cap_elem.phy_cap_info) ||
1714  		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1715  			    sizeof(he_cap->he_mcs_nss_supp),
1716  			    &he_cap->he_mcs_nss_supp) ||
1717  		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1718  			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1719  			return -ENOBUFS;
1720  	}
1721  
1722  	if (sband->band == NL80211_BAND_6GHZ &&
1723  	    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
1724  		    sizeof(iftdata->he_6ghz_capa),
1725  		    &iftdata->he_6ghz_capa))
1726  		return -ENOBUFS;
1727  
1728  	return 0;
1729  }
1730  
1731  static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1732  				      struct ieee80211_supported_band *sband,
1733  				      bool large)
1734  {
1735  	struct nlattr *nl_rates, *nl_rate;
1736  	struct ieee80211_rate *rate;
1737  	int i;
1738  
1739  	/* add HT info */
1740  	if (sband->ht_cap.ht_supported &&
1741  	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1742  		     sizeof(sband->ht_cap.mcs),
1743  		     &sband->ht_cap.mcs) ||
1744  	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1745  			 sband->ht_cap.cap) ||
1746  	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1747  			sband->ht_cap.ampdu_factor) ||
1748  	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1749  			sband->ht_cap.ampdu_density)))
1750  		return -ENOBUFS;
1751  
1752  	/* add VHT info */
1753  	if (sband->vht_cap.vht_supported &&
1754  	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1755  		     sizeof(sband->vht_cap.vht_mcs),
1756  		     &sband->vht_cap.vht_mcs) ||
1757  	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1758  			 sband->vht_cap.cap)))
1759  		return -ENOBUFS;
1760  
1761  	if (large && sband->n_iftype_data) {
1762  		struct nlattr *nl_iftype_data =
1763  			nla_nest_start_noflag(msg,
1764  					      NL80211_BAND_ATTR_IFTYPE_DATA);
1765  		int err;
1766  
1767  		if (!nl_iftype_data)
1768  			return -ENOBUFS;
1769  
1770  		for (i = 0; i < sband->n_iftype_data; i++) {
1771  			struct nlattr *iftdata;
1772  
1773  			iftdata = nla_nest_start_noflag(msg, i + 1);
1774  			if (!iftdata)
1775  				return -ENOBUFS;
1776  
1777  			err = nl80211_send_iftype_data(msg, sband,
1778  						       &sband->iftype_data[i]);
1779  			if (err)
1780  				return err;
1781  
1782  			nla_nest_end(msg, iftdata);
1783  		}
1784  
1785  		nla_nest_end(msg, nl_iftype_data);
1786  	}
1787  
1788  	/* add EDMG info */
1789  	if (large && sband->edmg_cap.channels &&
1790  	    (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1791  		       sband->edmg_cap.channels) ||
1792  	    nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1793  		       sband->edmg_cap.bw_config)))
1794  
1795  		return -ENOBUFS;
1796  
1797  	/* add bitrates */
1798  	nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1799  	if (!nl_rates)
1800  		return -ENOBUFS;
1801  
1802  	for (i = 0; i < sband->n_bitrates; i++) {
1803  		nl_rate = nla_nest_start_noflag(msg, i);
1804  		if (!nl_rate)
1805  			return -ENOBUFS;
1806  
1807  		rate = &sband->bitrates[i];
1808  		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1809  				rate->bitrate))
1810  			return -ENOBUFS;
1811  		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1812  		    nla_put_flag(msg,
1813  				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1814  			return -ENOBUFS;
1815  
1816  		nla_nest_end(msg, nl_rate);
1817  	}
1818  
1819  	nla_nest_end(msg, nl_rates);
1820  
1821  	return 0;
1822  }
1823  
1824  static int
1825  nl80211_send_mgmt_stypes(struct sk_buff *msg,
1826  			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1827  {
1828  	u16 stypes;
1829  	struct nlattr *nl_ftypes, *nl_ifs;
1830  	enum nl80211_iftype ift;
1831  	int i;
1832  
1833  	if (!mgmt_stypes)
1834  		return 0;
1835  
1836  	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1837  	if (!nl_ifs)
1838  		return -ENOBUFS;
1839  
1840  	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1841  		nl_ftypes = nla_nest_start_noflag(msg, ift);
1842  		if (!nl_ftypes)
1843  			return -ENOBUFS;
1844  		i = 0;
1845  		stypes = mgmt_stypes[ift].tx;
1846  		while (stypes) {
1847  			if ((stypes & 1) &&
1848  			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1849  					(i << 4) | IEEE80211_FTYPE_MGMT))
1850  				return -ENOBUFS;
1851  			stypes >>= 1;
1852  			i++;
1853  		}
1854  		nla_nest_end(msg, nl_ftypes);
1855  	}
1856  
1857  	nla_nest_end(msg, nl_ifs);
1858  
1859  	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1860  	if (!nl_ifs)
1861  		return -ENOBUFS;
1862  
1863  	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1864  		nl_ftypes = nla_nest_start_noflag(msg, ift);
1865  		if (!nl_ftypes)
1866  			return -ENOBUFS;
1867  		i = 0;
1868  		stypes = mgmt_stypes[ift].rx;
1869  		while (stypes) {
1870  			if ((stypes & 1) &&
1871  			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1872  					(i << 4) | IEEE80211_FTYPE_MGMT))
1873  				return -ENOBUFS;
1874  			stypes >>= 1;
1875  			i++;
1876  		}
1877  		nla_nest_end(msg, nl_ftypes);
1878  	}
1879  	nla_nest_end(msg, nl_ifs);
1880  
1881  	return 0;
1882  }
1883  
1884  #define CMD(op, n)							\
1885  	 do {								\
1886  		if (rdev->ops->op) {					\
1887  			i++;						\
1888  			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
1889  				goto nla_put_failure;			\
1890  		}							\
1891  	} while (0)
1892  
1893  static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1894  					struct sk_buff *msg)
1895  {
1896  	int i = 0;
1897  
1898  	/*
1899  	 * do *NOT* add anything into this function, new things need to be
1900  	 * advertised only to new versions of userspace that can deal with
1901  	 * the split (and they can't possibly care about new features...
1902  	 */
1903  	CMD(add_virtual_intf, NEW_INTERFACE);
1904  	CMD(change_virtual_intf, SET_INTERFACE);
1905  	CMD(add_key, NEW_KEY);
1906  	CMD(start_ap, START_AP);
1907  	CMD(add_station, NEW_STATION);
1908  	CMD(add_mpath, NEW_MPATH);
1909  	CMD(update_mesh_config, SET_MESH_CONFIG);
1910  	CMD(change_bss, SET_BSS);
1911  	CMD(auth, AUTHENTICATE);
1912  	CMD(assoc, ASSOCIATE);
1913  	CMD(deauth, DEAUTHENTICATE);
1914  	CMD(disassoc, DISASSOCIATE);
1915  	CMD(join_ibss, JOIN_IBSS);
1916  	CMD(join_mesh, JOIN_MESH);
1917  	CMD(set_pmksa, SET_PMKSA);
1918  	CMD(del_pmksa, DEL_PMKSA);
1919  	CMD(flush_pmksa, FLUSH_PMKSA);
1920  	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1921  		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1922  	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1923  	CMD(mgmt_tx, FRAME);
1924  	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1925  	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1926  		i++;
1927  		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1928  			goto nla_put_failure;
1929  	}
1930  	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1931  	    rdev->ops->join_mesh) {
1932  		i++;
1933  		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1934  			goto nla_put_failure;
1935  	}
1936  	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1937  		CMD(tdls_mgmt, TDLS_MGMT);
1938  		CMD(tdls_oper, TDLS_OPER);
1939  	}
1940  	if (rdev->wiphy.max_sched_scan_reqs)
1941  		CMD(sched_scan_start, START_SCHED_SCAN);
1942  	CMD(probe_client, PROBE_CLIENT);
1943  	CMD(set_noack_map, SET_NOACK_MAP);
1944  	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1945  		i++;
1946  		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1947  			goto nla_put_failure;
1948  	}
1949  	CMD(start_p2p_device, START_P2P_DEVICE);
1950  	CMD(set_mcast_rate, SET_MCAST_RATE);
1951  #ifdef CONFIG_NL80211_TESTMODE
1952  	CMD(testmode_cmd, TESTMODE);
1953  #endif
1954  
1955  	if (rdev->ops->connect || rdev->ops->auth) {
1956  		i++;
1957  		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1958  			goto nla_put_failure;
1959  	}
1960  
1961  	if (rdev->ops->disconnect || rdev->ops->deauth) {
1962  		i++;
1963  		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1964  			goto nla_put_failure;
1965  	}
1966  
1967  	return i;
1968   nla_put_failure:
1969  	return -ENOBUFS;
1970  }
1971  
1972  static int
1973  nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1974  			   struct sk_buff *msg)
1975  {
1976  	struct nlattr *ftm;
1977  
1978  	if (!cap->ftm.supported)
1979  		return 0;
1980  
1981  	ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1982  	if (!ftm)
1983  		return -ENOBUFS;
1984  
1985  	if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1986  		return -ENOBUFS;
1987  	if (cap->ftm.non_asap &&
1988  	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1989  		return -ENOBUFS;
1990  	if (cap->ftm.request_lci &&
1991  	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1992  		return -ENOBUFS;
1993  	if (cap->ftm.request_civicloc &&
1994  	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1995  		return -ENOBUFS;
1996  	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1997  			cap->ftm.preambles))
1998  		return -ENOBUFS;
1999  	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
2000  			cap->ftm.bandwidths))
2001  		return -ENOBUFS;
2002  	if (cap->ftm.max_bursts_exponent >= 0 &&
2003  	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
2004  			cap->ftm.max_bursts_exponent))
2005  		return -ENOBUFS;
2006  	if (cap->ftm.max_ftms_per_burst &&
2007  	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
2008  			cap->ftm.max_ftms_per_burst))
2009  		return -ENOBUFS;
2010  	if (cap->ftm.trigger_based &&
2011  	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
2012  		return -ENOBUFS;
2013  	if (cap->ftm.non_trigger_based &&
2014  	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
2015  		return -ENOBUFS;
2016  
2017  	nla_nest_end(msg, ftm);
2018  	return 0;
2019  }
2020  
2021  static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
2022  				  struct sk_buff *msg)
2023  {
2024  	const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
2025  	struct nlattr *pmsr, *caps;
2026  
2027  	if (!cap)
2028  		return 0;
2029  
2030  	/*
2031  	 * we don't need to clean up anything here since the caller
2032  	 * will genlmsg_cancel() if we fail
2033  	 */
2034  
2035  	pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
2036  	if (!pmsr)
2037  		return -ENOBUFS;
2038  
2039  	if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
2040  		return -ENOBUFS;
2041  
2042  	if (cap->report_ap_tsf &&
2043  	    nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
2044  		return -ENOBUFS;
2045  
2046  	if (cap->randomize_mac_addr &&
2047  	    nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
2048  		return -ENOBUFS;
2049  
2050  	caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
2051  	if (!caps)
2052  		return -ENOBUFS;
2053  
2054  	if (nl80211_send_pmsr_ftm_capa(cap, msg))
2055  		return -ENOBUFS;
2056  
2057  	nla_nest_end(msg, caps);
2058  	nla_nest_end(msg, pmsr);
2059  
2060  	return 0;
2061  }
2062  
2063  static int
2064  nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
2065  			      struct sk_buff *msg)
2066  {
2067  	int i;
2068  	struct nlattr *nested, *nested_akms;
2069  	const struct wiphy_iftype_akm_suites *iftype_akms;
2070  
2071  	if (!rdev->wiphy.num_iftype_akm_suites ||
2072  	    !rdev->wiphy.iftype_akm_suites)
2073  		return 0;
2074  
2075  	nested = nla_nest_start(msg, NL80211_ATTR_IFTYPE_AKM_SUITES);
2076  	if (!nested)
2077  		return -ENOBUFS;
2078  
2079  	for (i = 0; i < rdev->wiphy.num_iftype_akm_suites; i++) {
2080  		nested_akms = nla_nest_start(msg, i + 1);
2081  		if (!nested_akms)
2082  			return -ENOBUFS;
2083  
2084  		iftype_akms = &rdev->wiphy.iftype_akm_suites[i];
2085  
2086  		if (nl80211_put_iftypes(msg, NL80211_IFTYPE_AKM_ATTR_IFTYPES,
2087  					iftype_akms->iftypes_mask))
2088  			return -ENOBUFS;
2089  
2090  		if (nla_put(msg, NL80211_IFTYPE_AKM_ATTR_SUITES,
2091  			    sizeof(u32) * iftype_akms->n_akm_suites,
2092  			    iftype_akms->akm_suites)) {
2093  			return -ENOBUFS;
2094  		}
2095  		nla_nest_end(msg, nested_akms);
2096  	}
2097  
2098  	nla_nest_end(msg, nested);
2099  
2100  	return 0;
2101  }
2102  
2103  static int
2104  nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
2105  			       struct sk_buff *msg)
2106  {
2107  	struct nlattr *supp;
2108  
2109  	if (!rdev->wiphy.tid_config_support.vif &&
2110  	    !rdev->wiphy.tid_config_support.peer)
2111  		return 0;
2112  
2113  	supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
2114  	if (!supp)
2115  		return -ENOSPC;
2116  
2117  	if (rdev->wiphy.tid_config_support.vif &&
2118  	    nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
2119  			      rdev->wiphy.tid_config_support.vif,
2120  			      NL80211_TID_CONFIG_ATTR_PAD))
2121  		goto fail;
2122  
2123  	if (rdev->wiphy.tid_config_support.peer &&
2124  	    nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
2125  			      rdev->wiphy.tid_config_support.peer,
2126  			      NL80211_TID_CONFIG_ATTR_PAD))
2127  		goto fail;
2128  
2129  	/* for now we just use the same value ... makes more sense */
2130  	if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
2131  		       rdev->wiphy.tid_config_support.max_retry))
2132  		goto fail;
2133  	if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
2134  		       rdev->wiphy.tid_config_support.max_retry))
2135  		goto fail;
2136  
2137  	nla_nest_end(msg, supp);
2138  
2139  	return 0;
2140  fail:
2141  	nla_nest_cancel(msg, supp);
2142  	return -ENOBUFS;
2143  }
2144  
2145  static int
2146  nl80211_put_sar_specs(struct cfg80211_registered_device *rdev,
2147  		      struct sk_buff *msg)
2148  {
2149  	struct nlattr *sar_capa, *specs, *sub_freq_range;
2150  	u8 num_freq_ranges;
2151  	int i;
2152  
2153  	if (!rdev->wiphy.sar_capa)
2154  		return 0;
2155  
2156  	num_freq_ranges = rdev->wiphy.sar_capa->num_freq_ranges;
2157  
2158  	sar_capa = nla_nest_start(msg, NL80211_ATTR_SAR_SPEC);
2159  	if (!sar_capa)
2160  		return -ENOSPC;
2161  
2162  	if (nla_put_u32(msg, NL80211_SAR_ATTR_TYPE, rdev->wiphy.sar_capa->type))
2163  		goto fail;
2164  
2165  	specs = nla_nest_start(msg, NL80211_SAR_ATTR_SPECS);
2166  	if (!specs)
2167  		goto fail;
2168  
2169  	/* report supported freq_ranges */
2170  	for (i = 0; i < num_freq_ranges; i++) {
2171  		sub_freq_range = nla_nest_start(msg, i + 1);
2172  		if (!sub_freq_range)
2173  			goto fail;
2174  
2175  		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_START_FREQ,
2176  				rdev->wiphy.sar_capa->freq_ranges[i].start_freq))
2177  			goto fail;
2178  
2179  		if (nla_put_u32(msg, NL80211_SAR_ATTR_SPECS_END_FREQ,
2180  				rdev->wiphy.sar_capa->freq_ranges[i].end_freq))
2181  			goto fail;
2182  
2183  		nla_nest_end(msg, sub_freq_range);
2184  	}
2185  
2186  	nla_nest_end(msg, specs);
2187  	nla_nest_end(msg, sar_capa);
2188  
2189  	return 0;
2190  fail:
2191  	nla_nest_cancel(msg, sar_capa);
2192  	return -ENOBUFS;
2193  }
2194  
2195  struct nl80211_dump_wiphy_state {
2196  	s64 filter_wiphy;
2197  	long start;
2198  	long split_start, band_start, chan_start, capa_start;
2199  	bool split;
2200  };
2201  
2202  static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
2203  			      enum nl80211_commands cmd,
2204  			      struct sk_buff *msg, u32 portid, u32 seq,
2205  			      int flags, struct nl80211_dump_wiphy_state *state)
2206  {
2207  	void *hdr;
2208  	struct nlattr *nl_bands, *nl_band;
2209  	struct nlattr *nl_freqs, *nl_freq;
2210  	struct nlattr *nl_cmds;
2211  	enum nl80211_band band;
2212  	struct ieee80211_channel *chan;
2213  	int i;
2214  	const struct ieee80211_txrx_stypes *mgmt_stypes =
2215  				rdev->wiphy.mgmt_stypes;
2216  	u32 features;
2217  
2218  	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2219  	if (!hdr)
2220  		return -ENOBUFS;
2221  
2222  	if (WARN_ON(!state))
2223  		return -EINVAL;
2224  
2225  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2226  	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
2227  			   wiphy_name(&rdev->wiphy)) ||
2228  	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2229  			cfg80211_rdev_list_generation))
2230  		goto nla_put_failure;
2231  
2232  	if (cmd != NL80211_CMD_NEW_WIPHY)
2233  		goto finish;
2234  
2235  	switch (state->split_start) {
2236  	case 0:
2237  		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
2238  			       rdev->wiphy.retry_short) ||
2239  		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
2240  			       rdev->wiphy.retry_long) ||
2241  		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
2242  				rdev->wiphy.frag_threshold) ||
2243  		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
2244  				rdev->wiphy.rts_threshold) ||
2245  		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
2246  			       rdev->wiphy.coverage_class) ||
2247  		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
2248  			       rdev->wiphy.max_scan_ssids) ||
2249  		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
2250  			       rdev->wiphy.max_sched_scan_ssids) ||
2251  		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
2252  				rdev->wiphy.max_scan_ie_len) ||
2253  		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
2254  				rdev->wiphy.max_sched_scan_ie_len) ||
2255  		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
2256  			       rdev->wiphy.max_match_sets))
2257  			goto nla_put_failure;
2258  
2259  		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
2260  		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
2261  			goto nla_put_failure;
2262  		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
2263  		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
2264  			goto nla_put_failure;
2265  		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2266  		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
2267  			goto nla_put_failure;
2268  		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
2269  		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
2270  			goto nla_put_failure;
2271  		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
2272  		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
2273  			goto nla_put_failure;
2274  		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
2275  		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
2276  			goto nla_put_failure;
2277  		state->split_start++;
2278  		if (state->split)
2279  			break;
2280  		fallthrough;
2281  	case 1:
2282  		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
2283  			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
2284  			    rdev->wiphy.cipher_suites))
2285  			goto nla_put_failure;
2286  
2287  		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
2288  			       rdev->wiphy.max_num_pmkids))
2289  			goto nla_put_failure;
2290  
2291  		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
2292  		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
2293  			goto nla_put_failure;
2294  
2295  		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
2296  				rdev->wiphy.available_antennas_tx) ||
2297  		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
2298  				rdev->wiphy.available_antennas_rx))
2299  			goto nla_put_failure;
2300  
2301  		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2302  		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2303  				rdev->wiphy.probe_resp_offload))
2304  			goto nla_put_failure;
2305  
2306  		if ((rdev->wiphy.available_antennas_tx ||
2307  		     rdev->wiphy.available_antennas_rx) &&
2308  		    rdev->ops->get_antenna) {
2309  			u32 tx_ant = 0, rx_ant = 0;
2310  			int res;
2311  
2312  			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2313  			if (!res) {
2314  				if (nla_put_u32(msg,
2315  						NL80211_ATTR_WIPHY_ANTENNA_TX,
2316  						tx_ant) ||
2317  				    nla_put_u32(msg,
2318  						NL80211_ATTR_WIPHY_ANTENNA_RX,
2319  						rx_ant))
2320  					goto nla_put_failure;
2321  			}
2322  		}
2323  
2324  		state->split_start++;
2325  		if (state->split)
2326  			break;
2327  		fallthrough;
2328  	case 2:
2329  		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2330  					rdev->wiphy.interface_modes))
2331  				goto nla_put_failure;
2332  		state->split_start++;
2333  		if (state->split)
2334  			break;
2335  		fallthrough;
2336  	case 3:
2337  		nl_bands = nla_nest_start_noflag(msg,
2338  						 NL80211_ATTR_WIPHY_BANDS);
2339  		if (!nl_bands)
2340  			goto nla_put_failure;
2341  
2342  		for (band = state->band_start;
2343  		     band < NUM_NL80211_BANDS; band++) {
2344  			struct ieee80211_supported_band *sband;
2345  
2346  			/* omit higher bands for ancient software */
2347  			if (band > NL80211_BAND_5GHZ && !state->split)
2348  				break;
2349  
2350  			sband = rdev->wiphy.bands[band];
2351  
2352  			if (!sband)
2353  				continue;
2354  
2355  			nl_band = nla_nest_start_noflag(msg, band);
2356  			if (!nl_band)
2357  				goto nla_put_failure;
2358  
2359  			switch (state->chan_start) {
2360  			case 0:
2361  				if (nl80211_send_band_rateinfo(msg, sband,
2362  							       state->split))
2363  					goto nla_put_failure;
2364  				state->chan_start++;
2365  				if (state->split)
2366  					break;
2367  				fallthrough;
2368  			default:
2369  				/* add frequencies */
2370  				nl_freqs = nla_nest_start_noflag(msg,
2371  								 NL80211_BAND_ATTR_FREQS);
2372  				if (!nl_freqs)
2373  					goto nla_put_failure;
2374  
2375  				for (i = state->chan_start - 1;
2376  				     i < sband->n_channels;
2377  				     i++) {
2378  					nl_freq = nla_nest_start_noflag(msg,
2379  									i);
2380  					if (!nl_freq)
2381  						goto nla_put_failure;
2382  
2383  					chan = &sband->channels[i];
2384  
2385  					if (nl80211_msg_put_channel(
2386  							msg, &rdev->wiphy, chan,
2387  							state->split))
2388  						goto nla_put_failure;
2389  
2390  					nla_nest_end(msg, nl_freq);
2391  					if (state->split)
2392  						break;
2393  				}
2394  				if (i < sband->n_channels)
2395  					state->chan_start = i + 2;
2396  				else
2397  					state->chan_start = 0;
2398  				nla_nest_end(msg, nl_freqs);
2399  			}
2400  
2401  			nla_nest_end(msg, nl_band);
2402  
2403  			if (state->split) {
2404  				/* start again here */
2405  				if (state->chan_start)
2406  					band--;
2407  				break;
2408  			}
2409  		}
2410  		nla_nest_end(msg, nl_bands);
2411  
2412  		if (band < NUM_NL80211_BANDS)
2413  			state->band_start = band + 1;
2414  		else
2415  			state->band_start = 0;
2416  
2417  		/* if bands & channels are done, continue outside */
2418  		if (state->band_start == 0 && state->chan_start == 0)
2419  			state->split_start++;
2420  		if (state->split)
2421  			break;
2422  		fallthrough;
2423  	case 4:
2424  		nl_cmds = nla_nest_start_noflag(msg,
2425  						NL80211_ATTR_SUPPORTED_COMMANDS);
2426  		if (!nl_cmds)
2427  			goto nla_put_failure;
2428  
2429  		i = nl80211_add_commands_unsplit(rdev, msg);
2430  		if (i < 0)
2431  			goto nla_put_failure;
2432  		if (state->split) {
2433  			CMD(crit_proto_start, CRIT_PROTOCOL_START);
2434  			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2435  			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2436  				CMD(channel_switch, CHANNEL_SWITCH);
2437  			CMD(set_qos_map, SET_QOS_MAP);
2438  			if (rdev->wiphy.features &
2439  					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2440  				CMD(add_tx_ts, ADD_TX_TS);
2441  			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2442  			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2443  			CMD(update_ft_ies, UPDATE_FT_IES);
2444  			if (rdev->wiphy.sar_capa)
2445  				CMD(set_sar_specs, SET_SAR_SPECS);
2446  		}
2447  #undef CMD
2448  
2449  		nla_nest_end(msg, nl_cmds);
2450  		state->split_start++;
2451  		if (state->split)
2452  			break;
2453  		fallthrough;
2454  	case 5:
2455  		if (rdev->ops->remain_on_channel &&
2456  		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2457  		    nla_put_u32(msg,
2458  				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2459  				rdev->wiphy.max_remain_on_channel_duration))
2460  			goto nla_put_failure;
2461  
2462  		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2463  		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2464  			goto nla_put_failure;
2465  
2466  		state->split_start++;
2467  		if (state->split)
2468  			break;
2469  		fallthrough;
2470  	case 6:
2471  #ifdef CONFIG_PM
2472  		if (nl80211_send_wowlan(msg, rdev, state->split))
2473  			goto nla_put_failure;
2474  		state->split_start++;
2475  		if (state->split)
2476  			break;
2477  #else
2478  		state->split_start++;
2479  #endif
2480  		fallthrough;
2481  	case 7:
2482  		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2483  					rdev->wiphy.software_iftypes))
2484  			goto nla_put_failure;
2485  
2486  		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2487  						   state->split))
2488  			goto nla_put_failure;
2489  
2490  		state->split_start++;
2491  		if (state->split)
2492  			break;
2493  		fallthrough;
2494  	case 8:
2495  		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2496  		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2497  				rdev->wiphy.ap_sme_capa))
2498  			goto nla_put_failure;
2499  
2500  		features = rdev->wiphy.features;
2501  		/*
2502  		 * We can only add the per-channel limit information if the
2503  		 * dump is split, otherwise it makes it too big. Therefore
2504  		 * only advertise it in that case.
2505  		 */
2506  		if (state->split)
2507  			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2508  		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2509  			goto nla_put_failure;
2510  
2511  		if (rdev->wiphy.ht_capa_mod_mask &&
2512  		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2513  			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
2514  			    rdev->wiphy.ht_capa_mod_mask))
2515  			goto nla_put_failure;
2516  
2517  		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2518  		    rdev->wiphy.max_acl_mac_addrs &&
2519  		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2520  				rdev->wiphy.max_acl_mac_addrs))
2521  			goto nla_put_failure;
2522  
2523  		/*
2524  		 * Any information below this point is only available to
2525  		 * applications that can deal with it being split. This
2526  		 * helps ensure that newly added capabilities don't break
2527  		 * older tools by overrunning their buffers.
2528  		 *
2529  		 * We still increment split_start so that in the split
2530  		 * case we'll continue with more data in the next round,
2531  		 * but break unconditionally so unsplit data stops here.
2532  		 */
2533  		if (state->split)
2534  			state->split_start++;
2535  		else
2536  			state->split_start = 0;
2537  		break;
2538  	case 9:
2539  		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2540  			goto nla_put_failure;
2541  
2542  		if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
2543  				rdev->wiphy.max_sched_scan_plans) ||
2544  		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
2545  				rdev->wiphy.max_sched_scan_plan_interval) ||
2546  		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
2547  				rdev->wiphy.max_sched_scan_plan_iterations))
2548  			goto nla_put_failure;
2549  
2550  		if (rdev->wiphy.extended_capabilities &&
2551  		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2552  			     rdev->wiphy.extended_capabilities_len,
2553  			     rdev->wiphy.extended_capabilities) ||
2554  		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2555  			     rdev->wiphy.extended_capabilities_len,
2556  			     rdev->wiphy.extended_capabilities_mask)))
2557  			goto nla_put_failure;
2558  
2559  		if (rdev->wiphy.vht_capa_mod_mask &&
2560  		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2561  			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
2562  			    rdev->wiphy.vht_capa_mod_mask))
2563  			goto nla_put_failure;
2564  
2565  		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2566  			    rdev->wiphy.perm_addr))
2567  			goto nla_put_failure;
2568  
2569  		if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2570  		    nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2571  			    rdev->wiphy.addr_mask))
2572  			goto nla_put_failure;
2573  
2574  		if (rdev->wiphy.n_addresses > 1) {
2575  			void *attr;
2576  
2577  			attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2578  			if (!attr)
2579  				goto nla_put_failure;
2580  
2581  			for (i = 0; i < rdev->wiphy.n_addresses; i++)
2582  				if (nla_put(msg, i + 1, ETH_ALEN,
2583  					    rdev->wiphy.addresses[i].addr))
2584  					goto nla_put_failure;
2585  
2586  			nla_nest_end(msg, attr);
2587  		}
2588  
2589  		state->split_start++;
2590  		break;
2591  	case 10:
2592  		if (nl80211_send_coalesce(msg, rdev))
2593  			goto nla_put_failure;
2594  
2595  		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2596  		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2597  		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2598  			goto nla_put_failure;
2599  
2600  		if (rdev->wiphy.max_ap_assoc_sta &&
2601  		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2602  				rdev->wiphy.max_ap_assoc_sta))
2603  			goto nla_put_failure;
2604  
2605  		state->split_start++;
2606  		break;
2607  	case 11:
2608  		if (rdev->wiphy.n_vendor_commands) {
2609  			const struct nl80211_vendor_cmd_info *info;
2610  			struct nlattr *nested;
2611  
2612  			nested = nla_nest_start_noflag(msg,
2613  						       NL80211_ATTR_VENDOR_DATA);
2614  			if (!nested)
2615  				goto nla_put_failure;
2616  
2617  			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2618  				info = &rdev->wiphy.vendor_commands[i].info;
2619  				if (nla_put(msg, i + 1, sizeof(*info), info))
2620  					goto nla_put_failure;
2621  			}
2622  			nla_nest_end(msg, nested);
2623  		}
2624  
2625  		if (rdev->wiphy.n_vendor_events) {
2626  			const struct nl80211_vendor_cmd_info *info;
2627  			struct nlattr *nested;
2628  
2629  			nested = nla_nest_start_noflag(msg,
2630  						       NL80211_ATTR_VENDOR_EVENTS);
2631  			if (!nested)
2632  				goto nla_put_failure;
2633  
2634  			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2635  				info = &rdev->wiphy.vendor_events[i];
2636  				if (nla_put(msg, i + 1, sizeof(*info), info))
2637  					goto nla_put_failure;
2638  			}
2639  			nla_nest_end(msg, nested);
2640  		}
2641  		state->split_start++;
2642  		break;
2643  	case 12:
2644  		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2645  		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2646  			       rdev->wiphy.max_num_csa_counters))
2647  			goto nla_put_failure;
2648  
2649  		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2650  		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2651  			goto nla_put_failure;
2652  
2653  		if (rdev->wiphy.max_sched_scan_reqs &&
2654  		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2655  				rdev->wiphy.max_sched_scan_reqs))
2656  			goto nla_put_failure;
2657  
2658  		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2659  			    sizeof(rdev->wiphy.ext_features),
2660  			    rdev->wiphy.ext_features))
2661  			goto nla_put_failure;
2662  
2663  		if (rdev->wiphy.bss_select_support) {
2664  			struct nlattr *nested;
2665  			u32 bss_select_support = rdev->wiphy.bss_select_support;
2666  
2667  			nested = nla_nest_start_noflag(msg,
2668  						       NL80211_ATTR_BSS_SELECT);
2669  			if (!nested)
2670  				goto nla_put_failure;
2671  
2672  			i = 0;
2673  			while (bss_select_support) {
2674  				if ((bss_select_support & 1) &&
2675  				    nla_put_flag(msg, i))
2676  					goto nla_put_failure;
2677  				i++;
2678  				bss_select_support >>= 1;
2679  			}
2680  			nla_nest_end(msg, nested);
2681  		}
2682  
2683  		state->split_start++;
2684  		break;
2685  	case 13:
2686  		if (rdev->wiphy.num_iftype_ext_capab &&
2687  		    rdev->wiphy.iftype_ext_capab) {
2688  			struct nlattr *nested_ext_capab, *nested;
2689  
2690  			nested = nla_nest_start_noflag(msg,
2691  						       NL80211_ATTR_IFTYPE_EXT_CAPA);
2692  			if (!nested)
2693  				goto nla_put_failure;
2694  
2695  			for (i = state->capa_start;
2696  			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
2697  				const struct wiphy_iftype_ext_capab *capab;
2698  
2699  				capab = &rdev->wiphy.iftype_ext_capab[i];
2700  
2701  				nested_ext_capab = nla_nest_start_noflag(msg,
2702  									 i);
2703  				if (!nested_ext_capab ||
2704  				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2705  						capab->iftype) ||
2706  				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
2707  					    capab->extended_capabilities_len,
2708  					    capab->extended_capabilities) ||
2709  				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2710  					    capab->extended_capabilities_len,
2711  					    capab->extended_capabilities_mask))
2712  					goto nla_put_failure;
2713  
2714  				nla_nest_end(msg, nested_ext_capab);
2715  				if (state->split)
2716  					break;
2717  			}
2718  			nla_nest_end(msg, nested);
2719  			if (i < rdev->wiphy.num_iftype_ext_capab) {
2720  				state->capa_start = i + 1;
2721  				break;
2722  			}
2723  		}
2724  
2725  		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2726  				rdev->wiphy.nan_supported_bands))
2727  			goto nla_put_failure;
2728  
2729  		if (wiphy_ext_feature_isset(&rdev->wiphy,
2730  					    NL80211_EXT_FEATURE_TXQS)) {
2731  			struct cfg80211_txq_stats txqstats = {};
2732  			int res;
2733  
2734  			res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2735  			if (!res &&
2736  			    !nl80211_put_txq_stats(msg, &txqstats,
2737  						   NL80211_ATTR_TXQ_STATS))
2738  				goto nla_put_failure;
2739  
2740  			if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2741  					rdev->wiphy.txq_limit))
2742  				goto nla_put_failure;
2743  			if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2744  					rdev->wiphy.txq_memory_limit))
2745  				goto nla_put_failure;
2746  			if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2747  					rdev->wiphy.txq_quantum))
2748  				goto nla_put_failure;
2749  		}
2750  
2751  		state->split_start++;
2752  		break;
2753  	case 14:
2754  		if (nl80211_send_pmsr_capa(rdev, msg))
2755  			goto nla_put_failure;
2756  
2757  		state->split_start++;
2758  		break;
2759  	case 15:
2760  		if (rdev->wiphy.akm_suites &&
2761  		    nla_put(msg, NL80211_ATTR_AKM_SUITES,
2762  			    sizeof(u32) * rdev->wiphy.n_akm_suites,
2763  			    rdev->wiphy.akm_suites))
2764  			goto nla_put_failure;
2765  
2766  		if (nl80211_put_iftype_akm_suites(rdev, msg))
2767  			goto nla_put_failure;
2768  
2769  		if (nl80211_put_tid_config_support(rdev, msg))
2770  			goto nla_put_failure;
2771  		state->split_start++;
2772  		break;
2773  	case 16:
2774  		if (nl80211_put_sar_specs(rdev, msg))
2775  			goto nla_put_failure;
2776  
2777  		/* done */
2778  		state->split_start = 0;
2779  		break;
2780  	}
2781   finish:
2782  	genlmsg_end(msg, hdr);
2783  	return 0;
2784  
2785   nla_put_failure:
2786  	genlmsg_cancel(msg, hdr);
2787  	return -EMSGSIZE;
2788  }
2789  
2790  static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2791  				    struct netlink_callback *cb,
2792  				    struct nl80211_dump_wiphy_state *state)
2793  {
2794  	struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2795  	int ret;
2796  
2797  	if (!tb)
2798  		return -ENOMEM;
2799  
2800  	ret = nlmsg_parse_deprecated(cb->nlh,
2801  				     GENL_HDRLEN + nl80211_fam.hdrsize,
2802  				     tb, nl80211_fam.maxattr,
2803  				     nl80211_policy, NULL);
2804  	/* ignore parse errors for backward compatibility */
2805  	if (ret) {
2806  		ret = 0;
2807  		goto out;
2808  	}
2809  
2810  	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2811  	if (tb[NL80211_ATTR_WIPHY])
2812  		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2813  	if (tb[NL80211_ATTR_WDEV])
2814  		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2815  	if (tb[NL80211_ATTR_IFINDEX]) {
2816  		struct net_device *netdev;
2817  		struct cfg80211_registered_device *rdev;
2818  		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2819  
2820  		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2821  		if (!netdev) {
2822  			ret = -ENODEV;
2823  			goto out;
2824  		}
2825  		if (netdev->ieee80211_ptr) {
2826  			rdev = wiphy_to_rdev(
2827  				netdev->ieee80211_ptr->wiphy);
2828  			state->filter_wiphy = rdev->wiphy_idx;
2829  		}
2830  	}
2831  
2832  	ret = 0;
2833  out:
2834  	kfree(tb);
2835  	return ret;
2836  }
2837  
2838  static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2839  {
2840  	int idx = 0, ret;
2841  	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2842  	struct cfg80211_registered_device *rdev;
2843  
2844  	rtnl_lock();
2845  	if (!state) {
2846  		state = kzalloc(sizeof(*state), GFP_KERNEL);
2847  		if (!state) {
2848  			rtnl_unlock();
2849  			return -ENOMEM;
2850  		}
2851  		state->filter_wiphy = -1;
2852  		ret = nl80211_dump_wiphy_parse(skb, cb, state);
2853  		if (ret) {
2854  			kfree(state);
2855  			rtnl_unlock();
2856  			return ret;
2857  		}
2858  		cb->args[0] = (long)state;
2859  	}
2860  
2861  	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2862  		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2863  			continue;
2864  		if (++idx <= state->start)
2865  			continue;
2866  		if (state->filter_wiphy != -1 &&
2867  		    state->filter_wiphy != rdev->wiphy_idx)
2868  			continue;
2869  		/* attempt to fit multiple wiphy data chunks into the skb */
2870  		do {
2871  			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2872  						 skb,
2873  						 NETLINK_CB(cb->skb).portid,
2874  						 cb->nlh->nlmsg_seq,
2875  						 NLM_F_MULTI, state);
2876  			if (ret < 0) {
2877  				/*
2878  				 * If sending the wiphy data didn't fit (ENOBUFS
2879  				 * or EMSGSIZE returned), this SKB is still
2880  				 * empty (so it's not too big because another
2881  				 * wiphy dataset is already in the skb) and
2882  				 * we've not tried to adjust the dump allocation
2883  				 * yet ... then adjust the alloc size to be
2884  				 * bigger, and return 1 but with the empty skb.
2885  				 * This results in an empty message being RX'ed
2886  				 * in userspace, but that is ignored.
2887  				 *
2888  				 * We can then retry with the larger buffer.
2889  				 */
2890  				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2891  				    !skb->len && !state->split &&
2892  				    cb->min_dump_alloc < 4096) {
2893  					cb->min_dump_alloc = 4096;
2894  					state->split_start = 0;
2895  					rtnl_unlock();
2896  					return 1;
2897  				}
2898  				idx--;
2899  				break;
2900  			}
2901  		} while (state->split_start > 0);
2902  		break;
2903  	}
2904  	rtnl_unlock();
2905  
2906  	state->start = idx;
2907  
2908  	return skb->len;
2909  }
2910  
2911  static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2912  {
2913  	kfree((void *)cb->args[0]);
2914  	return 0;
2915  }
2916  
2917  static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2918  {
2919  	struct sk_buff *msg;
2920  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2921  	struct nl80211_dump_wiphy_state state = {};
2922  
2923  	msg = nlmsg_new(4096, GFP_KERNEL);
2924  	if (!msg)
2925  		return -ENOMEM;
2926  
2927  	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2928  			       info->snd_portid, info->snd_seq, 0,
2929  			       &state) < 0) {
2930  		nlmsg_free(msg);
2931  		return -ENOBUFS;
2932  	}
2933  
2934  	return genlmsg_reply(msg, info);
2935  }
2936  
2937  static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2938  	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
2939  	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
2940  	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
2941  	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
2942  	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
2943  };
2944  
2945  static int parse_txq_params(struct nlattr *tb[],
2946  			    struct ieee80211_txq_params *txq_params)
2947  {
2948  	u8 ac;
2949  
2950  	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2951  	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2952  	    !tb[NL80211_TXQ_ATTR_AIFS])
2953  		return -EINVAL;
2954  
2955  	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2956  	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2957  	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2958  	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2959  	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2960  
2961  	if (ac >= NL80211_NUM_ACS)
2962  		return -EINVAL;
2963  	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2964  	return 0;
2965  }
2966  
2967  static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2968  {
2969  	/*
2970  	 * You can only set the channel explicitly for some interfaces,
2971  	 * most have their channel managed via their respective
2972  	 * "establish a connection" command (connect, join, ...)
2973  	 *
2974  	 * For AP/GO and mesh mode, the channel can be set with the
2975  	 * channel userspace API, but is only stored and passed to the
2976  	 * low-level driver when the AP starts or the mesh is joined.
2977  	 * This is for backward compatibility, userspace can also give
2978  	 * the channel in the start-ap or join-mesh commands instead.
2979  	 *
2980  	 * Monitors are special as they are normally slaved to
2981  	 * whatever else is going on, so they have their own special
2982  	 * operation to set the monitor channel if possible.
2983  	 */
2984  	return !wdev ||
2985  		wdev->iftype == NL80211_IFTYPE_AP ||
2986  		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2987  		wdev->iftype == NL80211_IFTYPE_MONITOR ||
2988  		wdev->iftype == NL80211_IFTYPE_P2P_GO;
2989  }
2990  
2991  int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2992  			  struct genl_info *info,
2993  			  struct cfg80211_chan_def *chandef)
2994  {
2995  	struct netlink_ext_ack *extack = info->extack;
2996  	struct nlattr **attrs = info->attrs;
2997  	u32 control_freq;
2998  
2999  	if (!attrs[NL80211_ATTR_WIPHY_FREQ])
3000  		return -EINVAL;
3001  
3002  	control_freq = MHZ_TO_KHZ(
3003  			nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3004  	if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
3005  		control_freq +=
3006  		    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
3007  
3008  	memset(chandef, 0, sizeof(*chandef));
3009  	chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
3010  	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
3011  	chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
3012  	chandef->freq1_offset = control_freq % 1000;
3013  	chandef->center_freq2 = 0;
3014  
3015  	/* Primary channel not allowed */
3016  	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
3017  		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
3018  				    "Channel is disabled");
3019  		return -EINVAL;
3020  	}
3021  
3022  	if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
3023  		enum nl80211_channel_type chantype;
3024  
3025  		chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
3026  
3027  		switch (chantype) {
3028  		case NL80211_CHAN_NO_HT:
3029  		case NL80211_CHAN_HT20:
3030  		case NL80211_CHAN_HT40PLUS:
3031  		case NL80211_CHAN_HT40MINUS:
3032  			cfg80211_chandef_create(chandef, chandef->chan,
3033  						chantype);
3034  			/* user input for center_freq is incorrect */
3035  			if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
3036  			    chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
3037  				NL_SET_ERR_MSG_ATTR(extack,
3038  						    attrs[NL80211_ATTR_CENTER_FREQ1],
3039  						    "bad center frequency 1");
3040  				return -EINVAL;
3041  			}
3042  			/* center_freq2 must be zero */
3043  			if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
3044  			    nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
3045  				NL_SET_ERR_MSG_ATTR(extack,
3046  						    attrs[NL80211_ATTR_CENTER_FREQ2],
3047  						    "center frequency 2 can't be used");
3048  				return -EINVAL;
3049  			}
3050  			break;
3051  		default:
3052  			NL_SET_ERR_MSG_ATTR(extack,
3053  					    attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
3054  					    "invalid channel type");
3055  			return -EINVAL;
3056  		}
3057  	} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
3058  		chandef->width =
3059  			nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
3060  		if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
3061  			chandef->center_freq1 =
3062  				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
3063  			if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET])
3064  				chandef->freq1_offset = nla_get_u32(
3065  				      attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]);
3066  			else
3067  				chandef->freq1_offset = 0;
3068  		}
3069  		if (attrs[NL80211_ATTR_CENTER_FREQ2])
3070  			chandef->center_freq2 =
3071  				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
3072  	}
3073  
3074  	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
3075  		chandef->edmg.channels =
3076  		      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
3077  
3078  		if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
3079  			chandef->edmg.bw_config =
3080  		     nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
3081  	} else {
3082  		chandef->edmg.bw_config = 0;
3083  		chandef->edmg.channels = 0;
3084  	}
3085  
3086  	if (!cfg80211_chandef_valid(chandef)) {
3087  		NL_SET_ERR_MSG(extack, "invalid channel definition");
3088  		return -EINVAL;
3089  	}
3090  
3091  	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
3092  				     IEEE80211_CHAN_DISABLED)) {
3093  		NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
3094  		return -EINVAL;
3095  	}
3096  
3097  	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
3098  	     chandef->width == NL80211_CHAN_WIDTH_10) &&
3099  	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
3100  		NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
3101  		return -EINVAL;
3102  	}
3103  
3104  	return 0;
3105  }
3106  
3107  static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
3108  				 struct net_device *dev,
3109  				 struct genl_info *info)
3110  {
3111  	struct cfg80211_chan_def chandef;
3112  	int result;
3113  	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
3114  	struct wireless_dev *wdev = NULL;
3115  
3116  	if (dev)
3117  		wdev = dev->ieee80211_ptr;
3118  	if (!nl80211_can_set_dev_channel(wdev))
3119  		return -EOPNOTSUPP;
3120  	if (wdev)
3121  		iftype = wdev->iftype;
3122  
3123  	result = nl80211_parse_chandef(rdev, info, &chandef);
3124  	if (result)
3125  		return result;
3126  
3127  	switch (iftype) {
3128  	case NL80211_IFTYPE_AP:
3129  	case NL80211_IFTYPE_P2P_GO:
3130  		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
3131  						   iftype)) {
3132  			result = -EINVAL;
3133  			break;
3134  		}
3135  		if (wdev->beacon_interval) {
3136  			if (!dev || !rdev->ops->set_ap_chanwidth ||
3137  			    !(rdev->wiphy.features &
3138  			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
3139  				result = -EBUSY;
3140  				break;
3141  			}
3142  
3143  			/* Only allow dynamic channel width changes */
3144  			if (chandef.chan != wdev->preset_chandef.chan) {
3145  				result = -EBUSY;
3146  				break;
3147  			}
3148  			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
3149  			if (result)
3150  				break;
3151  		}
3152  		wdev->preset_chandef = chandef;
3153  		result = 0;
3154  		break;
3155  	case NL80211_IFTYPE_MESH_POINT:
3156  		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
3157  		break;
3158  	case NL80211_IFTYPE_MONITOR:
3159  		result = cfg80211_set_monitor_channel(rdev, &chandef);
3160  		break;
3161  	default:
3162  		result = -EINVAL;
3163  	}
3164  
3165  	return result;
3166  }
3167  
3168  static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
3169  {
3170  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3171  	struct net_device *netdev = info->user_ptr[1];
3172  
3173  	return __nl80211_set_channel(rdev, netdev, info);
3174  }
3175  
3176  static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
3177  {
3178  	struct cfg80211_registered_device *rdev = NULL;
3179  	struct net_device *netdev = NULL;
3180  	struct wireless_dev *wdev;
3181  	int result = 0, rem_txq_params = 0;
3182  	struct nlattr *nl_txq_params;
3183  	u32 changed;
3184  	u8 retry_short = 0, retry_long = 0;
3185  	u32 frag_threshold = 0, rts_threshold = 0;
3186  	u8 coverage_class = 0;
3187  	u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
3188  
3189  	rtnl_lock();
3190  	/*
3191  	 * Try to find the wiphy and netdev. Normally this
3192  	 * function shouldn't need the netdev, but this is
3193  	 * done for backward compatibility -- previously
3194  	 * setting the channel was done per wiphy, but now
3195  	 * it is per netdev. Previous userland like hostapd
3196  	 * also passed a netdev to set_wiphy, so that it is
3197  	 * possible to let that go to the right netdev!
3198  	 */
3199  
3200  	if (info->attrs[NL80211_ATTR_IFINDEX]) {
3201  		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
3202  
3203  		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
3204  		if (netdev && netdev->ieee80211_ptr)
3205  			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
3206  		else
3207  			netdev = NULL;
3208  	}
3209  
3210  	if (!netdev) {
3211  		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
3212  						  info->attrs);
3213  		if (IS_ERR(rdev)) {
3214  			rtnl_unlock();
3215  			return PTR_ERR(rdev);
3216  		}
3217  		wdev = NULL;
3218  		netdev = NULL;
3219  		result = 0;
3220  	} else
3221  		wdev = netdev->ieee80211_ptr;
3222  
3223  	wiphy_lock(&rdev->wiphy);
3224  
3225  	/*
3226  	 * end workaround code, by now the rdev is available
3227  	 * and locked, and wdev may or may not be NULL.
3228  	 */
3229  
3230  	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
3231  		result = cfg80211_dev_rename(
3232  			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
3233  	rtnl_unlock();
3234  
3235  	if (result)
3236  		goto out;
3237  
3238  	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
3239  		struct ieee80211_txq_params txq_params;
3240  		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
3241  
3242  		if (!rdev->ops->set_txq_params) {
3243  			result = -EOPNOTSUPP;
3244  			goto out;
3245  		}
3246  
3247  		if (!netdev) {
3248  			result = -EINVAL;
3249  			goto out;
3250  		}
3251  
3252  		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3253  		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3254  			result = -EINVAL;
3255  			goto out;
3256  		}
3257  
3258  		if (!netif_running(netdev)) {
3259  			result = -ENETDOWN;
3260  			goto out;
3261  		}
3262  
3263  		nla_for_each_nested(nl_txq_params,
3264  				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
3265  				    rem_txq_params) {
3266  			result = nla_parse_nested_deprecated(tb,
3267  							     NL80211_TXQ_ATTR_MAX,
3268  							     nl_txq_params,
3269  							     txq_params_policy,
3270  							     info->extack);
3271  			if (result)
3272  				goto out;
3273  			result = parse_txq_params(tb, &txq_params);
3274  			if (result)
3275  				goto out;
3276  
3277  			result = rdev_set_txq_params(rdev, netdev,
3278  						     &txq_params);
3279  			if (result)
3280  				goto out;
3281  		}
3282  	}
3283  
3284  	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3285  		result = __nl80211_set_channel(
3286  			rdev,
3287  			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
3288  			info);
3289  		if (result)
3290  			goto out;
3291  	}
3292  
3293  	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
3294  		struct wireless_dev *txp_wdev = wdev;
3295  		enum nl80211_tx_power_setting type;
3296  		int idx, mbm = 0;
3297  
3298  		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
3299  			txp_wdev = NULL;
3300  
3301  		if (!rdev->ops->set_tx_power) {
3302  			result = -EOPNOTSUPP;
3303  			goto out;
3304  		}
3305  
3306  		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
3307  		type = nla_get_u32(info->attrs[idx]);
3308  
3309  		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
3310  		    (type != NL80211_TX_POWER_AUTOMATIC)) {
3311  			result = -EINVAL;
3312  			goto out;
3313  		}
3314  
3315  		if (type != NL80211_TX_POWER_AUTOMATIC) {
3316  			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
3317  			mbm = nla_get_u32(info->attrs[idx]);
3318  		}
3319  
3320  		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
3321  		if (result)
3322  			goto out;
3323  	}
3324  
3325  	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
3326  	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
3327  		u32 tx_ant, rx_ant;
3328  
3329  		if ((!rdev->wiphy.available_antennas_tx &&
3330  		     !rdev->wiphy.available_antennas_rx) ||
3331  		    !rdev->ops->set_antenna) {
3332  			result = -EOPNOTSUPP;
3333  			goto out;
3334  		}
3335  
3336  		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3337  		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3338  
3339  		/* reject antenna configurations which don't match the
3340  		 * available antenna masks, except for the "all" mask */
3341  		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3342  		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
3343  			result = -EINVAL;
3344  			goto out;
3345  		}
3346  
3347  		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3348  		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3349  
3350  		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3351  		if (result)
3352  			goto out;
3353  	}
3354  
3355  	changed = 0;
3356  
3357  	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3358  		retry_short = nla_get_u8(
3359  			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3360  
3361  		changed |= WIPHY_PARAM_RETRY_SHORT;
3362  	}
3363  
3364  	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3365  		retry_long = nla_get_u8(
3366  			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3367  
3368  		changed |= WIPHY_PARAM_RETRY_LONG;
3369  	}
3370  
3371  	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3372  		frag_threshold = nla_get_u32(
3373  			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3374  		if (frag_threshold < 256) {
3375  			result = -EINVAL;
3376  			goto out;
3377  		}
3378  
3379  		if (frag_threshold != (u32) -1) {
3380  			/*
3381  			 * Fragments (apart from the last one) are required to
3382  			 * have even length. Make the fragmentation code
3383  			 * simpler by stripping LSB should someone try to use
3384  			 * odd threshold value.
3385  			 */
3386  			frag_threshold &= ~0x1;
3387  		}
3388  		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3389  	}
3390  
3391  	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3392  		rts_threshold = nla_get_u32(
3393  			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3394  		changed |= WIPHY_PARAM_RTS_THRESHOLD;
3395  	}
3396  
3397  	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3398  		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3399  			result = -EINVAL;
3400  			goto out;
3401  		}
3402  
3403  		coverage_class = nla_get_u8(
3404  			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3405  		changed |= WIPHY_PARAM_COVERAGE_CLASS;
3406  	}
3407  
3408  	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3409  		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION)) {
3410  			result = -EOPNOTSUPP;
3411  			goto out;
3412  		}
3413  
3414  		changed |= WIPHY_PARAM_DYN_ACK;
3415  	}
3416  
3417  	if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3418  		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3419  					     NL80211_EXT_FEATURE_TXQS)) {
3420  			result = -EOPNOTSUPP;
3421  			goto out;
3422  		}
3423  		txq_limit = nla_get_u32(
3424  			info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3425  		changed |= WIPHY_PARAM_TXQ_LIMIT;
3426  	}
3427  
3428  	if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3429  		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3430  					     NL80211_EXT_FEATURE_TXQS)) {
3431  			result = -EOPNOTSUPP;
3432  			goto out;
3433  		}
3434  		txq_memory_limit = nla_get_u32(
3435  			info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3436  		changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3437  	}
3438  
3439  	if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3440  		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3441  					     NL80211_EXT_FEATURE_TXQS)) {
3442  			result = -EOPNOTSUPP;
3443  			goto out;
3444  		}
3445  		txq_quantum = nla_get_u32(
3446  			info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3447  		changed |= WIPHY_PARAM_TXQ_QUANTUM;
3448  	}
3449  
3450  	if (changed) {
3451  		u8 old_retry_short, old_retry_long;
3452  		u32 old_frag_threshold, old_rts_threshold;
3453  		u8 old_coverage_class;
3454  		u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3455  
3456  		if (!rdev->ops->set_wiphy_params) {
3457  			result = -EOPNOTSUPP;
3458  			goto out;
3459  		}
3460  
3461  		old_retry_short = rdev->wiphy.retry_short;
3462  		old_retry_long = rdev->wiphy.retry_long;
3463  		old_frag_threshold = rdev->wiphy.frag_threshold;
3464  		old_rts_threshold = rdev->wiphy.rts_threshold;
3465  		old_coverage_class = rdev->wiphy.coverage_class;
3466  		old_txq_limit = rdev->wiphy.txq_limit;
3467  		old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3468  		old_txq_quantum = rdev->wiphy.txq_quantum;
3469  
3470  		if (changed & WIPHY_PARAM_RETRY_SHORT)
3471  			rdev->wiphy.retry_short = retry_short;
3472  		if (changed & WIPHY_PARAM_RETRY_LONG)
3473  			rdev->wiphy.retry_long = retry_long;
3474  		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3475  			rdev->wiphy.frag_threshold = frag_threshold;
3476  		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3477  			rdev->wiphy.rts_threshold = rts_threshold;
3478  		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3479  			rdev->wiphy.coverage_class = coverage_class;
3480  		if (changed & WIPHY_PARAM_TXQ_LIMIT)
3481  			rdev->wiphy.txq_limit = txq_limit;
3482  		if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3483  			rdev->wiphy.txq_memory_limit = txq_memory_limit;
3484  		if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3485  			rdev->wiphy.txq_quantum = txq_quantum;
3486  
3487  		result = rdev_set_wiphy_params(rdev, changed);
3488  		if (result) {
3489  			rdev->wiphy.retry_short = old_retry_short;
3490  			rdev->wiphy.retry_long = old_retry_long;
3491  			rdev->wiphy.frag_threshold = old_frag_threshold;
3492  			rdev->wiphy.rts_threshold = old_rts_threshold;
3493  			rdev->wiphy.coverage_class = old_coverage_class;
3494  			rdev->wiphy.txq_limit = old_txq_limit;
3495  			rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3496  			rdev->wiphy.txq_quantum = old_txq_quantum;
3497  			goto out;
3498  		}
3499  	}
3500  
3501  	result = 0;
3502  
3503  out:
3504  	wiphy_unlock(&rdev->wiphy);
3505  	return result;
3506  }
3507  
3508  static int nl80211_send_chandef(struct sk_buff *msg,
3509  				const struct cfg80211_chan_def *chandef)
3510  {
3511  	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3512  		return -EINVAL;
3513  
3514  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3515  			chandef->chan->center_freq))
3516  		return -ENOBUFS;
3517  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
3518  			chandef->chan->freq_offset))
3519  		return -ENOBUFS;
3520  	switch (chandef->width) {
3521  	case NL80211_CHAN_WIDTH_20_NOHT:
3522  	case NL80211_CHAN_WIDTH_20:
3523  	case NL80211_CHAN_WIDTH_40:
3524  		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3525  				cfg80211_get_chandef_type(chandef)))
3526  			return -ENOBUFS;
3527  		break;
3528  	default:
3529  		break;
3530  	}
3531  	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3532  		return -ENOBUFS;
3533  	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3534  		return -ENOBUFS;
3535  	if (chandef->center_freq2 &&
3536  	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3537  		return -ENOBUFS;
3538  	return 0;
3539  }
3540  
3541  static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3542  			      struct cfg80211_registered_device *rdev,
3543  			      struct wireless_dev *wdev,
3544  			      enum nl80211_commands cmd)
3545  {
3546  	struct net_device *dev = wdev->netdev;
3547  	void *hdr;
3548  
3549  	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3550  		cmd != NL80211_CMD_DEL_INTERFACE &&
3551  		cmd != NL80211_CMD_SET_INTERFACE);
3552  
3553  	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3554  	if (!hdr)
3555  		return -1;
3556  
3557  	if (dev &&
3558  	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3559  	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3560  		goto nla_put_failure;
3561  
3562  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3563  	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3564  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3565  			      NL80211_ATTR_PAD) ||
3566  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3567  	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
3568  			rdev->devlist_generation ^
3569  			(cfg80211_rdev_list_generation << 2)) ||
3570  	    nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3571  		goto nla_put_failure;
3572  
3573  	if (rdev->ops->get_channel) {
3574  		int ret;
3575  		struct cfg80211_chan_def chandef = {};
3576  
3577  		ret = rdev_get_channel(rdev, wdev, &chandef);
3578  		if (ret == 0) {
3579  			if (nl80211_send_chandef(msg, &chandef))
3580  				goto nla_put_failure;
3581  		}
3582  	}
3583  
3584  	if (rdev->ops->get_tx_power) {
3585  		int dbm, ret;
3586  
3587  		ret = rdev_get_tx_power(rdev, wdev, &dbm);
3588  		if (ret == 0 &&
3589  		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3590  				DBM_TO_MBM(dbm)))
3591  			goto nla_put_failure;
3592  	}
3593  
3594  	wdev_lock(wdev);
3595  	switch (wdev->iftype) {
3596  	case NL80211_IFTYPE_AP:
3597  		if (wdev->ssid_len &&
3598  		    nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3599  			goto nla_put_failure_locked;
3600  		break;
3601  	case NL80211_IFTYPE_STATION:
3602  	case NL80211_IFTYPE_P2P_CLIENT:
3603  	case NL80211_IFTYPE_ADHOC: {
3604  		const u8 *ssid_ie;
3605  		if (!wdev->current_bss)
3606  			break;
3607  		rcu_read_lock();
3608  		ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3609  					       WLAN_EID_SSID);
3610  		if (ssid_ie &&
3611  		    nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3612  			goto nla_put_failure_rcu_locked;
3613  		rcu_read_unlock();
3614  		break;
3615  		}
3616  	default:
3617  		/* nothing */
3618  		break;
3619  	}
3620  	wdev_unlock(wdev);
3621  
3622  	if (rdev->ops->get_txq_stats) {
3623  		struct cfg80211_txq_stats txqstats = {};
3624  		int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3625  
3626  		if (ret == 0 &&
3627  		    !nl80211_put_txq_stats(msg, &txqstats,
3628  					   NL80211_ATTR_TXQ_STATS))
3629  			goto nla_put_failure;
3630  	}
3631  
3632  	genlmsg_end(msg, hdr);
3633  	return 0;
3634  
3635   nla_put_failure_rcu_locked:
3636  	rcu_read_unlock();
3637   nla_put_failure_locked:
3638  	wdev_unlock(wdev);
3639   nla_put_failure:
3640  	genlmsg_cancel(msg, hdr);
3641  	return -EMSGSIZE;
3642  }
3643  
3644  static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3645  {
3646  	int wp_idx = 0;
3647  	int if_idx = 0;
3648  	int wp_start = cb->args[0];
3649  	int if_start = cb->args[1];
3650  	int filter_wiphy = -1;
3651  	struct cfg80211_registered_device *rdev;
3652  	struct wireless_dev *wdev;
3653  	int ret;
3654  
3655  	rtnl_lock();
3656  	if (!cb->args[2]) {
3657  		struct nl80211_dump_wiphy_state state = {
3658  			.filter_wiphy = -1,
3659  		};
3660  
3661  		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3662  		if (ret)
3663  			goto out_unlock;
3664  
3665  		filter_wiphy = state.filter_wiphy;
3666  
3667  		/*
3668  		 * if filtering, set cb->args[2] to +1 since 0 is the default
3669  		 * value needed to determine that parsing is necessary.
3670  		 */
3671  		if (filter_wiphy >= 0)
3672  			cb->args[2] = filter_wiphy + 1;
3673  		else
3674  			cb->args[2] = -1;
3675  	} else if (cb->args[2] > 0) {
3676  		filter_wiphy = cb->args[2] - 1;
3677  	}
3678  
3679  	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3680  		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3681  			continue;
3682  		if (wp_idx < wp_start) {
3683  			wp_idx++;
3684  			continue;
3685  		}
3686  
3687  		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3688  			continue;
3689  
3690  		if_idx = 0;
3691  
3692  		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3693  			if (if_idx < if_start) {
3694  				if_idx++;
3695  				continue;
3696  			}
3697  			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3698  					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3699  					       rdev, wdev,
3700  					       NL80211_CMD_NEW_INTERFACE) < 0) {
3701  				goto out;
3702  			}
3703  			if_idx++;
3704  		}
3705  
3706  		wp_idx++;
3707  	}
3708   out:
3709  	cb->args[0] = wp_idx;
3710  	cb->args[1] = if_idx;
3711  
3712  	ret = skb->len;
3713   out_unlock:
3714  	rtnl_unlock();
3715  
3716  	return ret;
3717  }
3718  
3719  static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3720  {
3721  	struct sk_buff *msg;
3722  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3723  	struct wireless_dev *wdev = info->user_ptr[1];
3724  
3725  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3726  	if (!msg)
3727  		return -ENOMEM;
3728  
3729  	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3730  			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3731  		nlmsg_free(msg);
3732  		return -ENOBUFS;
3733  	}
3734  
3735  	return genlmsg_reply(msg, info);
3736  }
3737  
3738  static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3739  	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3740  	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3741  	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3742  	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3743  	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3744  	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3745  };
3746  
3747  static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3748  {
3749  	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3750  	int flag;
3751  
3752  	*mntrflags = 0;
3753  
3754  	if (!nla)
3755  		return -EINVAL;
3756  
3757  	if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3758  		return -EINVAL;
3759  
3760  	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3761  		if (flags[flag])
3762  			*mntrflags |= (1<<flag);
3763  
3764  	*mntrflags |= MONITOR_FLAG_CHANGED;
3765  
3766  	return 0;
3767  }
3768  
3769  static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3770  				     enum nl80211_iftype type,
3771  				     struct genl_info *info,
3772  				     struct vif_params *params)
3773  {
3774  	bool change = false;
3775  	int err;
3776  
3777  	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3778  		if (type != NL80211_IFTYPE_MONITOR)
3779  			return -EINVAL;
3780  
3781  		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3782  					  &params->flags);
3783  		if (err)
3784  			return err;
3785  
3786  		change = true;
3787  	}
3788  
3789  	if (params->flags & MONITOR_FLAG_ACTIVE &&
3790  	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3791  		return -EOPNOTSUPP;
3792  
3793  	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3794  		const u8 *mumimo_groups;
3795  		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3796  
3797  		if (type != NL80211_IFTYPE_MONITOR)
3798  			return -EINVAL;
3799  
3800  		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3801  			return -EOPNOTSUPP;
3802  
3803  		mumimo_groups =
3804  			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3805  
3806  		/* bits 0 and 63 are reserved and must be zero */
3807  		if ((mumimo_groups[0] & BIT(0)) ||
3808  		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3809  			return -EINVAL;
3810  
3811  		params->vht_mumimo_groups = mumimo_groups;
3812  		change = true;
3813  	}
3814  
3815  	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3816  		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3817  
3818  		if (type != NL80211_IFTYPE_MONITOR)
3819  			return -EINVAL;
3820  
3821  		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3822  			return -EOPNOTSUPP;
3823  
3824  		params->vht_mumimo_follow_addr =
3825  			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3826  		change = true;
3827  	}
3828  
3829  	return change ? 1 : 0;
3830  }
3831  
3832  static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3833  			       struct net_device *netdev, u8 use_4addr,
3834  			       enum nl80211_iftype iftype)
3835  {
3836  	if (!use_4addr) {
3837  		if (netdev && netif_is_bridge_port(netdev))
3838  			return -EBUSY;
3839  		return 0;
3840  	}
3841  
3842  	switch (iftype) {
3843  	case NL80211_IFTYPE_AP_VLAN:
3844  		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3845  			return 0;
3846  		break;
3847  	case NL80211_IFTYPE_STATION:
3848  		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3849  			return 0;
3850  		break;
3851  	default:
3852  		break;
3853  	}
3854  
3855  	return -EOPNOTSUPP;
3856  }
3857  
3858  static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3859  {
3860  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3861  	struct vif_params params;
3862  	int err;
3863  	enum nl80211_iftype otype, ntype;
3864  	struct net_device *dev = info->user_ptr[1];
3865  	bool change = false;
3866  
3867  	memset(&params, 0, sizeof(params));
3868  
3869  	otype = ntype = dev->ieee80211_ptr->iftype;
3870  
3871  	if (info->attrs[NL80211_ATTR_IFTYPE]) {
3872  		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3873  		if (otype != ntype)
3874  			change = true;
3875  	}
3876  
3877  	if (info->attrs[NL80211_ATTR_MESH_ID]) {
3878  		struct wireless_dev *wdev = dev->ieee80211_ptr;
3879  
3880  		if (ntype != NL80211_IFTYPE_MESH_POINT)
3881  			return -EINVAL;
3882  		if (netif_running(dev))
3883  			return -EBUSY;
3884  
3885  		wdev_lock(wdev);
3886  		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3887  			     IEEE80211_MAX_MESH_ID_LEN);
3888  		wdev->mesh_id_up_len =
3889  			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3890  		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3891  		       wdev->mesh_id_up_len);
3892  		wdev_unlock(wdev);
3893  	}
3894  
3895  	if (info->attrs[NL80211_ATTR_4ADDR]) {
3896  		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3897  		change = true;
3898  		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3899  		if (err)
3900  			return err;
3901  	} else {
3902  		params.use_4addr = -1;
3903  	}
3904  
3905  	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3906  	if (err < 0)
3907  		return err;
3908  	if (err > 0)
3909  		change = true;
3910  
3911  	if (change)
3912  		err = cfg80211_change_iface(rdev, dev, ntype, &params);
3913  	else
3914  		err = 0;
3915  
3916  	if (!err && params.use_4addr != -1)
3917  		dev->ieee80211_ptr->use_4addr = params.use_4addr;
3918  
3919  	if (change && !err) {
3920  		struct wireless_dev *wdev = dev->ieee80211_ptr;
3921  
3922  		nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3923  	}
3924  
3925  	return err;
3926  }
3927  
3928  static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3929  {
3930  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3931  	struct vif_params params;
3932  	struct wireless_dev *wdev;
3933  	struct sk_buff *msg;
3934  	int err;
3935  	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3936  
3937  	/* to avoid failing a new interface creation due to pending removal */
3938  	cfg80211_destroy_ifaces(rdev);
3939  
3940  	memset(&params, 0, sizeof(params));
3941  
3942  	if (!info->attrs[NL80211_ATTR_IFNAME])
3943  		return -EINVAL;
3944  
3945  	if (info->attrs[NL80211_ATTR_IFTYPE])
3946  		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3947  
3948  	if (!rdev->ops->add_virtual_intf)
3949  		return -EOPNOTSUPP;
3950  
3951  	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3952  	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3953  	    info->attrs[NL80211_ATTR_MAC]) {
3954  		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3955  			   ETH_ALEN);
3956  		if (!is_valid_ether_addr(params.macaddr))
3957  			return -EADDRNOTAVAIL;
3958  	}
3959  
3960  	if (info->attrs[NL80211_ATTR_4ADDR]) {
3961  		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3962  		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3963  		if (err)
3964  			return err;
3965  	}
3966  
3967  	if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3968  		return -EOPNOTSUPP;
3969  
3970  	err = nl80211_parse_mon_options(rdev, type, info, &params);
3971  	if (err < 0)
3972  		return err;
3973  
3974  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3975  	if (!msg)
3976  		return -ENOMEM;
3977  
3978  	wdev = rdev_add_virtual_intf(rdev,
3979  				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3980  				NET_NAME_USER, type, &params);
3981  	if (WARN_ON(!wdev)) {
3982  		nlmsg_free(msg);
3983  		return -EPROTO;
3984  	} else if (IS_ERR(wdev)) {
3985  		nlmsg_free(msg);
3986  		return PTR_ERR(wdev);
3987  	}
3988  
3989  	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3990  		wdev->owner_nlportid = info->snd_portid;
3991  
3992  	switch (type) {
3993  	case NL80211_IFTYPE_MESH_POINT:
3994  		if (!info->attrs[NL80211_ATTR_MESH_ID])
3995  			break;
3996  		wdev_lock(wdev);
3997  		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3998  			     IEEE80211_MAX_MESH_ID_LEN);
3999  		wdev->mesh_id_up_len =
4000  			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4001  		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
4002  		       wdev->mesh_id_up_len);
4003  		wdev_unlock(wdev);
4004  		break;
4005  	case NL80211_IFTYPE_NAN:
4006  	case NL80211_IFTYPE_P2P_DEVICE:
4007  		/*
4008  		 * P2P Device and NAN do not have a netdev, so don't go
4009  		 * through the netdev notifier and must be added here
4010  		 */
4011  		cfg80211_init_wdev(wdev);
4012  		cfg80211_register_wdev(rdev, wdev);
4013  		break;
4014  	default:
4015  		break;
4016  	}
4017  
4018  	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
4019  			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
4020  		nlmsg_free(msg);
4021  		return -ENOBUFS;
4022  	}
4023  
4024  	return genlmsg_reply(msg, info);
4025  }
4026  
4027  static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
4028  {
4029  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4030  	struct wireless_dev *wdev = info->user_ptr[1];
4031  
4032  	if (!rdev->ops->del_virtual_intf)
4033  		return -EOPNOTSUPP;
4034  
4035  	/*
4036  	 * We hold RTNL, so this is safe, without RTNL opencount cannot
4037  	 * reach 0, and thus the rdev cannot be deleted.
4038  	 *
4039  	 * We need to do it for the dev_close(), since that will call
4040  	 * the netdev notifiers, and we need to acquire the mutex there
4041  	 * but don't know if we get there from here or from some other
4042  	 * place (e.g. "ip link set ... down").
4043  	 */
4044  	mutex_unlock(&rdev->wiphy.mtx);
4045  
4046  	/*
4047  	 * If we remove a wireless device without a netdev then clear
4048  	 * user_ptr[1] so that nl80211_post_doit won't dereference it
4049  	 * to check if it needs to do dev_put(). Otherwise it crashes
4050  	 * since the wdev has been freed, unlike with a netdev where
4051  	 * we need the dev_put() for the netdev to really be freed.
4052  	 */
4053  	if (!wdev->netdev)
4054  		info->user_ptr[1] = NULL;
4055  	else
4056  		dev_close(wdev->netdev);
4057  
4058  	mutex_lock(&rdev->wiphy.mtx);
4059  
4060  	return rdev_del_virtual_intf(rdev, wdev);
4061  }
4062  
4063  static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
4064  {
4065  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4066  	struct net_device *dev = info->user_ptr[1];
4067  	u16 noack_map;
4068  
4069  	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
4070  		return -EINVAL;
4071  
4072  	if (!rdev->ops->set_noack_map)
4073  		return -EOPNOTSUPP;
4074  
4075  	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
4076  
4077  	return rdev_set_noack_map(rdev, dev, noack_map);
4078  }
4079  
4080  struct get_key_cookie {
4081  	struct sk_buff *msg;
4082  	int error;
4083  	int idx;
4084  };
4085  
4086  static void get_key_callback(void *c, struct key_params *params)
4087  {
4088  	struct nlattr *key;
4089  	struct get_key_cookie *cookie = c;
4090  
4091  	if ((params->key &&
4092  	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
4093  		     params->key_len, params->key)) ||
4094  	    (params->seq &&
4095  	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
4096  		     params->seq_len, params->seq)) ||
4097  	    (params->cipher &&
4098  	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
4099  			 params->cipher)))
4100  		goto nla_put_failure;
4101  
4102  	key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
4103  	if (!key)
4104  		goto nla_put_failure;
4105  
4106  	if ((params->key &&
4107  	     nla_put(cookie->msg, NL80211_KEY_DATA,
4108  		     params->key_len, params->key)) ||
4109  	    (params->seq &&
4110  	     nla_put(cookie->msg, NL80211_KEY_SEQ,
4111  		     params->seq_len, params->seq)) ||
4112  	    (params->cipher &&
4113  	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
4114  			 params->cipher)))
4115  		goto nla_put_failure;
4116  
4117  	if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
4118  		goto nla_put_failure;
4119  
4120  	nla_nest_end(cookie->msg, key);
4121  
4122  	return;
4123   nla_put_failure:
4124  	cookie->error = 1;
4125  }
4126  
4127  static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
4128  {
4129  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4130  	int err;
4131  	struct net_device *dev = info->user_ptr[1];
4132  	u8 key_idx = 0;
4133  	const u8 *mac_addr = NULL;
4134  	bool pairwise;
4135  	struct get_key_cookie cookie = {
4136  		.error = 0,
4137  	};
4138  	void *hdr;
4139  	struct sk_buff *msg;
4140  	bool bigtk_support = false;
4141  
4142  	if (wiphy_ext_feature_isset(&rdev->wiphy,
4143  				    NL80211_EXT_FEATURE_BEACON_PROTECTION))
4144  		bigtk_support = true;
4145  
4146  	if ((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_STATION ||
4147  	     dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
4148  	    wiphy_ext_feature_isset(&rdev->wiphy,
4149  				    NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
4150  		bigtk_support = true;
4151  
4152  	if (info->attrs[NL80211_ATTR_KEY_IDX]) {
4153  		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
4154  
4155  		if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
4156  			GENL_SET_ERR_MSG(info, "BIGTK not supported");
4157  			return -EINVAL;
4158  		}
4159  	}
4160  
4161  	if (info->attrs[NL80211_ATTR_MAC])
4162  		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4163  
4164  	pairwise = !!mac_addr;
4165  	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
4166  		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
4167  
4168  		if (kt != NL80211_KEYTYPE_GROUP &&
4169  		    kt != NL80211_KEYTYPE_PAIRWISE)
4170  			return -EINVAL;
4171  		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
4172  	}
4173  
4174  	if (!rdev->ops->get_key)
4175  		return -EOPNOTSUPP;
4176  
4177  	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4178  		return -ENOENT;
4179  
4180  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4181  	if (!msg)
4182  		return -ENOMEM;
4183  
4184  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4185  			     NL80211_CMD_NEW_KEY);
4186  	if (!hdr)
4187  		goto nla_put_failure;
4188  
4189  	cookie.msg = msg;
4190  	cookie.idx = key_idx;
4191  
4192  	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4193  	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
4194  		goto nla_put_failure;
4195  	if (mac_addr &&
4196  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
4197  		goto nla_put_failure;
4198  
4199  	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
4200  			   get_key_callback);
4201  
4202  	if (err)
4203  		goto free_msg;
4204  
4205  	if (cookie.error)
4206  		goto nla_put_failure;
4207  
4208  	genlmsg_end(msg, hdr);
4209  	return genlmsg_reply(msg, info);
4210  
4211   nla_put_failure:
4212  	err = -ENOBUFS;
4213   free_msg:
4214  	nlmsg_free(msg);
4215  	return err;
4216  }
4217  
4218  static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
4219  {
4220  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4221  	struct key_parse key;
4222  	int err;
4223  	struct net_device *dev = info->user_ptr[1];
4224  
4225  	err = nl80211_parse_key(info, &key);
4226  	if (err)
4227  		return err;
4228  
4229  	if (key.idx < 0)
4230  		return -EINVAL;
4231  
4232  	/* Only support setting default key and
4233  	 * Extended Key ID action NL80211_KEY_SET_TX.
4234  	 */
4235  	if (!key.def && !key.defmgmt && !key.defbeacon &&
4236  	    !(key.p.mode == NL80211_KEY_SET_TX))
4237  		return -EINVAL;
4238  
4239  	wdev_lock(dev->ieee80211_ptr);
4240  
4241  	if (key.def) {
4242  		if (!rdev->ops->set_default_key) {
4243  			err = -EOPNOTSUPP;
4244  			goto out;
4245  		}
4246  
4247  		err = nl80211_key_allowed(dev->ieee80211_ptr);
4248  		if (err)
4249  			goto out;
4250  
4251  		err = rdev_set_default_key(rdev, dev, key.idx,
4252  						 key.def_uni, key.def_multi);
4253  
4254  		if (err)
4255  			goto out;
4256  
4257  #ifdef CONFIG_CFG80211_WEXT
4258  		dev->ieee80211_ptr->wext.default_key = key.idx;
4259  #endif
4260  	} else if (key.defmgmt) {
4261  		if (key.def_uni || !key.def_multi) {
4262  			err = -EINVAL;
4263  			goto out;
4264  		}
4265  
4266  		if (!rdev->ops->set_default_mgmt_key) {
4267  			err = -EOPNOTSUPP;
4268  			goto out;
4269  		}
4270  
4271  		err = nl80211_key_allowed(dev->ieee80211_ptr);
4272  		if (err)
4273  			goto out;
4274  
4275  		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
4276  		if (err)
4277  			goto out;
4278  
4279  #ifdef CONFIG_CFG80211_WEXT
4280  		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
4281  #endif
4282  	} else if (key.defbeacon) {
4283  		if (key.def_uni || !key.def_multi) {
4284  			err = -EINVAL;
4285  			goto out;
4286  		}
4287  
4288  		if (!rdev->ops->set_default_beacon_key) {
4289  			err = -EOPNOTSUPP;
4290  			goto out;
4291  		}
4292  
4293  		err = nl80211_key_allowed(dev->ieee80211_ptr);
4294  		if (err)
4295  			goto out;
4296  
4297  		err = rdev_set_default_beacon_key(rdev, dev, key.idx);
4298  		if (err)
4299  			goto out;
4300  	} else if (key.p.mode == NL80211_KEY_SET_TX &&
4301  		   wiphy_ext_feature_isset(&rdev->wiphy,
4302  					   NL80211_EXT_FEATURE_EXT_KEY_ID)) {
4303  		u8 *mac_addr = NULL;
4304  
4305  		if (info->attrs[NL80211_ATTR_MAC])
4306  			mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4307  
4308  		if (!mac_addr || key.idx < 0 || key.idx > 1) {
4309  			err = -EINVAL;
4310  			goto out;
4311  		}
4312  
4313  		err = rdev_add_key(rdev, dev, key.idx,
4314  				   NL80211_KEYTYPE_PAIRWISE,
4315  				   mac_addr, &key.p);
4316  	} else {
4317  		err = -EINVAL;
4318  	}
4319   out:
4320  	wdev_unlock(dev->ieee80211_ptr);
4321  
4322  	return err;
4323  }
4324  
4325  static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
4326  {
4327  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4328  	int err;
4329  	struct net_device *dev = info->user_ptr[1];
4330  	struct key_parse key;
4331  	const u8 *mac_addr = NULL;
4332  
4333  	err = nl80211_parse_key(info, &key);
4334  	if (err)
4335  		return err;
4336  
4337  	if (!key.p.key) {
4338  		GENL_SET_ERR_MSG(info, "no key");
4339  		return -EINVAL;
4340  	}
4341  
4342  	if (info->attrs[NL80211_ATTR_MAC])
4343  		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4344  
4345  	if (key.type == -1) {
4346  		if (mac_addr)
4347  			key.type = NL80211_KEYTYPE_PAIRWISE;
4348  		else
4349  			key.type = NL80211_KEYTYPE_GROUP;
4350  	}
4351  
4352  	/* for now */
4353  	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4354  	    key.type != NL80211_KEYTYPE_GROUP) {
4355  		GENL_SET_ERR_MSG(info, "key type not pairwise or group");
4356  		return -EINVAL;
4357  	}
4358  
4359  	if (key.type == NL80211_KEYTYPE_GROUP &&
4360  	    info->attrs[NL80211_ATTR_VLAN_ID])
4361  		key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
4362  
4363  	if (!rdev->ops->add_key)
4364  		return -EOPNOTSUPP;
4365  
4366  	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
4367  					   key.type == NL80211_KEYTYPE_PAIRWISE,
4368  					   mac_addr)) {
4369  		GENL_SET_ERR_MSG(info, "key setting validation failed");
4370  		return -EINVAL;
4371  	}
4372  
4373  	wdev_lock(dev->ieee80211_ptr);
4374  	err = nl80211_key_allowed(dev->ieee80211_ptr);
4375  	if (err)
4376  		GENL_SET_ERR_MSG(info, "key not allowed");
4377  	if (!err) {
4378  		err = rdev_add_key(rdev, dev, key.idx,
4379  				   key.type == NL80211_KEYTYPE_PAIRWISE,
4380  				    mac_addr, &key.p);
4381  		if (err)
4382  			GENL_SET_ERR_MSG(info, "key addition failed");
4383  	}
4384  	wdev_unlock(dev->ieee80211_ptr);
4385  
4386  	return err;
4387  }
4388  
4389  static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
4390  {
4391  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4392  	int err;
4393  	struct net_device *dev = info->user_ptr[1];
4394  	u8 *mac_addr = NULL;
4395  	struct key_parse key;
4396  
4397  	err = nl80211_parse_key(info, &key);
4398  	if (err)
4399  		return err;
4400  
4401  	if (info->attrs[NL80211_ATTR_MAC])
4402  		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4403  
4404  	if (key.type == -1) {
4405  		if (mac_addr)
4406  			key.type = NL80211_KEYTYPE_PAIRWISE;
4407  		else
4408  			key.type = NL80211_KEYTYPE_GROUP;
4409  	}
4410  
4411  	/* for now */
4412  	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
4413  	    key.type != NL80211_KEYTYPE_GROUP)
4414  		return -EINVAL;
4415  
4416  	if (!cfg80211_valid_key_idx(rdev, key.idx,
4417  				    key.type == NL80211_KEYTYPE_PAIRWISE))
4418  		return -EINVAL;
4419  
4420  	if (!rdev->ops->del_key)
4421  		return -EOPNOTSUPP;
4422  
4423  	wdev_lock(dev->ieee80211_ptr);
4424  	err = nl80211_key_allowed(dev->ieee80211_ptr);
4425  
4426  	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4427  	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4428  		err = -ENOENT;
4429  
4430  	if (!err)
4431  		err = rdev_del_key(rdev, dev, key.idx,
4432  				   key.type == NL80211_KEYTYPE_PAIRWISE,
4433  				   mac_addr);
4434  
4435  #ifdef CONFIG_CFG80211_WEXT
4436  	if (!err) {
4437  		if (key.idx == dev->ieee80211_ptr->wext.default_key)
4438  			dev->ieee80211_ptr->wext.default_key = -1;
4439  		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4440  			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4441  	}
4442  #endif
4443  	wdev_unlock(dev->ieee80211_ptr);
4444  
4445  	return err;
4446  }
4447  
4448  /* This function returns an error or the number of nested attributes */
4449  static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4450  {
4451  	struct nlattr *attr;
4452  	int n_entries = 0, tmp;
4453  
4454  	nla_for_each_nested(attr, nl_attr, tmp) {
4455  		if (nla_len(attr) != ETH_ALEN)
4456  			return -EINVAL;
4457  
4458  		n_entries++;
4459  	}
4460  
4461  	return n_entries;
4462  }
4463  
4464  /*
4465   * This function parses ACL information and allocates memory for ACL data.
4466   * On successful return, the calling function is responsible to free the
4467   * ACL buffer returned by this function.
4468   */
4469  static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4470  						struct genl_info *info)
4471  {
4472  	enum nl80211_acl_policy acl_policy;
4473  	struct nlattr *attr;
4474  	struct cfg80211_acl_data *acl;
4475  	int i = 0, n_entries, tmp;
4476  
4477  	if (!wiphy->max_acl_mac_addrs)
4478  		return ERR_PTR(-EOPNOTSUPP);
4479  
4480  	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4481  		return ERR_PTR(-EINVAL);
4482  
4483  	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4484  	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4485  	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4486  		return ERR_PTR(-EINVAL);
4487  
4488  	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4489  		return ERR_PTR(-EINVAL);
4490  
4491  	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4492  	if (n_entries < 0)
4493  		return ERR_PTR(n_entries);
4494  
4495  	if (n_entries > wiphy->max_acl_mac_addrs)
4496  		return ERR_PTR(-ENOTSUPP);
4497  
4498  	acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4499  	if (!acl)
4500  		return ERR_PTR(-ENOMEM);
4501  
4502  	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4503  		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4504  		i++;
4505  	}
4506  
4507  	acl->n_acl_entries = n_entries;
4508  	acl->acl_policy = acl_policy;
4509  
4510  	return acl;
4511  }
4512  
4513  static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4514  {
4515  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4516  	struct net_device *dev = info->user_ptr[1];
4517  	struct cfg80211_acl_data *acl;
4518  	int err;
4519  
4520  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4521  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4522  		return -EOPNOTSUPP;
4523  
4524  	if (!dev->ieee80211_ptr->beacon_interval)
4525  		return -EINVAL;
4526  
4527  	acl = parse_acl_data(&rdev->wiphy, info);
4528  	if (IS_ERR(acl))
4529  		return PTR_ERR(acl);
4530  
4531  	err = rdev_set_mac_acl(rdev, dev, acl);
4532  
4533  	kfree(acl);
4534  
4535  	return err;
4536  }
4537  
4538  static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4539  			   u8 *rates, u8 rates_len)
4540  {
4541  	u8 i;
4542  	u32 mask = 0;
4543  
4544  	for (i = 0; i < rates_len; i++) {
4545  		int rate = (rates[i] & 0x7f) * 5;
4546  		int ridx;
4547  
4548  		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4549  			struct ieee80211_rate *srate =
4550  				&sband->bitrates[ridx];
4551  			if (rate == srate->bitrate) {
4552  				mask |= 1 << ridx;
4553  				break;
4554  			}
4555  		}
4556  		if (ridx == sband->n_bitrates)
4557  			return 0; /* rate not found */
4558  	}
4559  
4560  	return mask;
4561  }
4562  
4563  static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4564  			       u8 *rates, u8 rates_len,
4565  			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4566  {
4567  	u8 i;
4568  
4569  	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4570  
4571  	for (i = 0; i < rates_len; i++) {
4572  		int ridx, rbit;
4573  
4574  		ridx = rates[i] / 8;
4575  		rbit = BIT(rates[i] % 8);
4576  
4577  		/* check validity */
4578  		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4579  			return false;
4580  
4581  		/* check availability */
4582  		ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4583  		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4584  			mcs[ridx] |= rbit;
4585  		else
4586  			return false;
4587  	}
4588  
4589  	return true;
4590  }
4591  
4592  static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4593  {
4594  	u16 mcs_mask = 0;
4595  
4596  	switch (vht_mcs_map) {
4597  	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4598  		break;
4599  	case IEEE80211_VHT_MCS_SUPPORT_0_7:
4600  		mcs_mask = 0x00FF;
4601  		break;
4602  	case IEEE80211_VHT_MCS_SUPPORT_0_8:
4603  		mcs_mask = 0x01FF;
4604  		break;
4605  	case IEEE80211_VHT_MCS_SUPPORT_0_9:
4606  		mcs_mask = 0x03FF;
4607  		break;
4608  	default:
4609  		break;
4610  	}
4611  
4612  	return mcs_mask;
4613  }
4614  
4615  static void vht_build_mcs_mask(u16 vht_mcs_map,
4616  			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4617  {
4618  	u8 nss;
4619  
4620  	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4621  		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4622  		vht_mcs_map >>= 2;
4623  	}
4624  }
4625  
4626  static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4627  			     struct nl80211_txrate_vht *txrate,
4628  			     u16 mcs[NL80211_VHT_NSS_MAX])
4629  {
4630  	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4631  	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4632  	u8 i;
4633  
4634  	if (!sband->vht_cap.vht_supported)
4635  		return false;
4636  
4637  	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4638  
4639  	/* Build vht_mcs_mask from VHT capabilities */
4640  	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4641  
4642  	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4643  		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4644  			mcs[i] = txrate->mcs[i];
4645  		else
4646  			return false;
4647  	}
4648  
4649  	return true;
4650  }
4651  
4652  static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
4653  {
4654  	switch (he_mcs_map) {
4655  	case IEEE80211_HE_MCS_NOT_SUPPORTED:
4656  		return 0;
4657  	case IEEE80211_HE_MCS_SUPPORT_0_7:
4658  		return 0x00FF;
4659  	case IEEE80211_HE_MCS_SUPPORT_0_9:
4660  		return 0x03FF;
4661  	case IEEE80211_HE_MCS_SUPPORT_0_11:
4662  		return 0xFFF;
4663  	default:
4664  		break;
4665  	}
4666  	return 0;
4667  }
4668  
4669  static void he_build_mcs_mask(u16 he_mcs_map,
4670  			      u16 he_mcs_mask[NL80211_HE_NSS_MAX])
4671  {
4672  	u8 nss;
4673  
4674  	for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
4675  		he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
4676  		he_mcs_map >>= 2;
4677  	}
4678  }
4679  
4680  static u16 he_get_txmcsmap(struct genl_info *info,
4681  			   const struct ieee80211_sta_he_cap *he_cap)
4682  {
4683  	struct net_device *dev = info->user_ptr[1];
4684  	struct wireless_dev *wdev = dev->ieee80211_ptr;
4685  	__le16	tx_mcs;
4686  
4687  	switch (wdev->chandef.width) {
4688  	case NL80211_CHAN_WIDTH_80P80:
4689  		tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
4690  		break;
4691  	case NL80211_CHAN_WIDTH_160:
4692  		tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
4693  		break;
4694  	default:
4695  		tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
4696  		break;
4697  	}
4698  	return le16_to_cpu(tx_mcs);
4699  }
4700  
4701  static bool he_set_mcs_mask(struct genl_info *info,
4702  			    struct wireless_dev *wdev,
4703  			    struct ieee80211_supported_band *sband,
4704  			    struct nl80211_txrate_he *txrate,
4705  			    u16 mcs[NL80211_HE_NSS_MAX])
4706  {
4707  	const struct ieee80211_sta_he_cap *he_cap;
4708  	u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
4709  	u16 tx_mcs_map = 0;
4710  	u8 i;
4711  
4712  	he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4713  	if (!he_cap)
4714  		return false;
4715  
4716  	memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
4717  
4718  	tx_mcs_map = he_get_txmcsmap(info, he_cap);
4719  
4720  	/* Build he_mcs_mask from HE capabilities */
4721  	he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4722  
4723  	for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
4724  		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4725  			mcs[i] = txrate->mcs[i];
4726  		else
4727  			return false;
4728  	}
4729  
4730  	return true;
4731  }
4732  
4733  static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4734  					 struct nlattr *attrs[],
4735  					 enum nl80211_attrs attr,
4736  					 struct cfg80211_bitrate_mask *mask,
4737  					 struct net_device *dev,
4738  					 bool default_all_enabled)
4739  {
4740  	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4741  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4742  	struct wireless_dev *wdev = dev->ieee80211_ptr;
4743  	int rem, i;
4744  	struct nlattr *tx_rates;
4745  	struct ieee80211_supported_band *sband;
4746  	u16 vht_tx_mcs_map, he_tx_mcs_map;
4747  
4748  	memset(mask, 0, sizeof(*mask));
4749  	/* Default to all rates enabled */
4750  	for (i = 0; i < NUM_NL80211_BANDS; i++) {
4751  		const struct ieee80211_sta_he_cap *he_cap;
4752  
4753  		if (!default_all_enabled)
4754  			break;
4755  
4756  		sband = rdev->wiphy.bands[i];
4757  
4758  		if (!sband)
4759  			continue;
4760  
4761  		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4762  		memcpy(mask->control[i].ht_mcs,
4763  		       sband->ht_cap.mcs.rx_mask,
4764  		       sizeof(mask->control[i].ht_mcs));
4765  
4766  		if (!sband->vht_cap.vht_supported)
4767  			continue;
4768  
4769  		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4770  		vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4771  
4772  		he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
4773  		if (!he_cap)
4774  			continue;
4775  
4776  		he_tx_mcs_map = he_get_txmcsmap(info, he_cap);
4777  		he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
4778  
4779  		mask->control[i].he_gi = 0xFF;
4780  		mask->control[i].he_ltf = 0xFF;
4781  	}
4782  
4783  	/* if no rates are given set it back to the defaults */
4784  	if (!attrs[attr])
4785  		goto out;
4786  
4787  	/* The nested attribute uses enum nl80211_band as the index. This maps
4788  	 * directly to the enum nl80211_band values used in cfg80211.
4789  	 */
4790  	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4791  	nla_for_each_nested(tx_rates, attrs[attr], rem) {
4792  		enum nl80211_band band = nla_type(tx_rates);
4793  		int err;
4794  
4795  		if (band < 0 || band >= NUM_NL80211_BANDS)
4796  			return -EINVAL;
4797  		sband = rdev->wiphy.bands[band];
4798  		if (sband == NULL)
4799  			return -EINVAL;
4800  		err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4801  						  tx_rates,
4802  						  nl80211_txattr_policy,
4803  						  info->extack);
4804  		if (err)
4805  			return err;
4806  		if (tb[NL80211_TXRATE_LEGACY]) {
4807  			mask->control[band].legacy = rateset_to_mask(
4808  				sband,
4809  				nla_data(tb[NL80211_TXRATE_LEGACY]),
4810  				nla_len(tb[NL80211_TXRATE_LEGACY]));
4811  			if ((mask->control[band].legacy == 0) &&
4812  			    nla_len(tb[NL80211_TXRATE_LEGACY]))
4813  				return -EINVAL;
4814  		}
4815  		if (tb[NL80211_TXRATE_HT]) {
4816  			if (!ht_rateset_to_mask(
4817  					sband,
4818  					nla_data(tb[NL80211_TXRATE_HT]),
4819  					nla_len(tb[NL80211_TXRATE_HT]),
4820  					mask->control[band].ht_mcs))
4821  				return -EINVAL;
4822  		}
4823  
4824  		if (tb[NL80211_TXRATE_VHT]) {
4825  			if (!vht_set_mcs_mask(
4826  					sband,
4827  					nla_data(tb[NL80211_TXRATE_VHT]),
4828  					mask->control[band].vht_mcs))
4829  				return -EINVAL;
4830  		}
4831  
4832  		if (tb[NL80211_TXRATE_GI]) {
4833  			mask->control[band].gi =
4834  				nla_get_u8(tb[NL80211_TXRATE_GI]);
4835  			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4836  				return -EINVAL;
4837  		}
4838  		if (tb[NL80211_TXRATE_HE] &&
4839  		    !he_set_mcs_mask(info, wdev, sband,
4840  				     nla_data(tb[NL80211_TXRATE_HE]),
4841  				     mask->control[band].he_mcs))
4842  			return -EINVAL;
4843  
4844  		if (tb[NL80211_TXRATE_HE_GI])
4845  			mask->control[band].he_gi =
4846  				nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
4847  		if (tb[NL80211_TXRATE_HE_LTF])
4848  			mask->control[band].he_ltf =
4849  				nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
4850  
4851  		if (mask->control[band].legacy == 0) {
4852  			/* don't allow empty legacy rates if HT, VHT or HE
4853  			 * are not even supported.
4854  			 */
4855  			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4856  			      rdev->wiphy.bands[band]->vht_cap.vht_supported ||
4857  			      ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
4858  				return -EINVAL;
4859  
4860  			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4861  				if (mask->control[band].ht_mcs[i])
4862  					goto out;
4863  
4864  			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4865  				if (mask->control[band].vht_mcs[i])
4866  					goto out;
4867  
4868  			for (i = 0; i < NL80211_HE_NSS_MAX; i++)
4869  				if (mask->control[band].he_mcs[i])
4870  					goto out;
4871  
4872  			/* legacy and mcs rates may not be both empty */
4873  			return -EINVAL;
4874  		}
4875  	}
4876  
4877  out:
4878  	return 0;
4879  }
4880  
4881  static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4882  				   enum nl80211_band band,
4883  				   struct cfg80211_bitrate_mask *beacon_rate)
4884  {
4885  	u32 count_ht, count_vht, count_he, i;
4886  	u32 rate = beacon_rate->control[band].legacy;
4887  
4888  	/* Allow only one rate */
4889  	if (hweight32(rate) > 1)
4890  		return -EINVAL;
4891  
4892  	count_ht = 0;
4893  	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4894  		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4895  			return -EINVAL;
4896  		} else if (beacon_rate->control[band].ht_mcs[i]) {
4897  			count_ht++;
4898  			if (count_ht > 1)
4899  				return -EINVAL;
4900  		}
4901  		if (count_ht && rate)
4902  			return -EINVAL;
4903  	}
4904  
4905  	count_vht = 0;
4906  	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4907  		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4908  			return -EINVAL;
4909  		} else if (beacon_rate->control[band].vht_mcs[i]) {
4910  			count_vht++;
4911  			if (count_vht > 1)
4912  				return -EINVAL;
4913  		}
4914  		if (count_vht && rate)
4915  			return -EINVAL;
4916  	}
4917  
4918  	count_he = 0;
4919  	for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
4920  		if (hweight16(beacon_rate->control[band].he_mcs[i]) > 1) {
4921  			return -EINVAL;
4922  		} else if (beacon_rate->control[band].he_mcs[i]) {
4923  			count_he++;
4924  			if (count_he > 1)
4925  				return -EINVAL;
4926  		}
4927  		if (count_he && rate)
4928  			return -EINVAL;
4929  	}
4930  
4931  	if ((count_ht && count_vht && count_he) ||
4932  	    (!rate && !count_ht && !count_vht && !count_he))
4933  		return -EINVAL;
4934  
4935  	if (rate &&
4936  	    !wiphy_ext_feature_isset(&rdev->wiphy,
4937  				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4938  		return -EINVAL;
4939  	if (count_ht &&
4940  	    !wiphy_ext_feature_isset(&rdev->wiphy,
4941  				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
4942  		return -EINVAL;
4943  	if (count_vht &&
4944  	    !wiphy_ext_feature_isset(&rdev->wiphy,
4945  				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4946  		return -EINVAL;
4947  	if (count_he &&
4948  	    !wiphy_ext_feature_isset(&rdev->wiphy,
4949  				     NL80211_EXT_FEATURE_BEACON_RATE_HE))
4950  		return -EINVAL;
4951  
4952  	return 0;
4953  }
4954  
4955  static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4956  				struct nlattr *attrs[],
4957  				struct cfg80211_beacon_data *bcn)
4958  {
4959  	bool haveinfo = false;
4960  	int err;
4961  
4962  	memset(bcn, 0, sizeof(*bcn));
4963  
4964  	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4965  		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4966  		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4967  		if (!bcn->head_len)
4968  			return -EINVAL;
4969  		haveinfo = true;
4970  	}
4971  
4972  	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4973  		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4974  		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4975  		haveinfo = true;
4976  	}
4977  
4978  	if (!haveinfo)
4979  		return -EINVAL;
4980  
4981  	if (attrs[NL80211_ATTR_IE]) {
4982  		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4983  		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4984  	}
4985  
4986  	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4987  		bcn->proberesp_ies =
4988  			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4989  		bcn->proberesp_ies_len =
4990  			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4991  	}
4992  
4993  	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4994  		bcn->assocresp_ies =
4995  			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4996  		bcn->assocresp_ies_len =
4997  			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4998  	}
4999  
5000  	if (attrs[NL80211_ATTR_PROBE_RESP]) {
5001  		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
5002  		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
5003  	}
5004  
5005  	if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
5006  		struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
5007  
5008  		err = nla_parse_nested_deprecated(tb,
5009  						  NL80211_FTM_RESP_ATTR_MAX,
5010  						  attrs[NL80211_ATTR_FTM_RESPONDER],
5011  						  NULL, NULL);
5012  		if (err)
5013  			return err;
5014  
5015  		if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
5016  		    wiphy_ext_feature_isset(&rdev->wiphy,
5017  					    NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
5018  			bcn->ftm_responder = 1;
5019  		else
5020  			return -EOPNOTSUPP;
5021  
5022  		if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
5023  			bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
5024  			bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
5025  		}
5026  
5027  		if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
5028  			bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5029  			bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
5030  		}
5031  	} else {
5032  		bcn->ftm_responder = -1;
5033  	}
5034  
5035  	return 0;
5036  }
5037  
5038  static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
5039  				    struct ieee80211_he_obss_pd *he_obss_pd)
5040  {
5041  	struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
5042  	int err;
5043  
5044  	err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
5045  			       he_obss_pd_policy, NULL);
5046  	if (err)
5047  		return err;
5048  
5049  	if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
5050  		return -EINVAL;
5051  
5052  	he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
5053  
5054  	if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
5055  		he_obss_pd->min_offset =
5056  			nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
5057  	if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
5058  		he_obss_pd->max_offset =
5059  			nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
5060  	if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
5061  		he_obss_pd->non_srg_max_offset =
5062  			nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
5063  
5064  	if (he_obss_pd->min_offset > he_obss_pd->max_offset)
5065  		return -EINVAL;
5066  
5067  	if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
5068  		memcpy(he_obss_pd->bss_color_bitmap,
5069  		       nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
5070  		       sizeof(he_obss_pd->bss_color_bitmap));
5071  
5072  	if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
5073  		memcpy(he_obss_pd->partial_bssid_bitmap,
5074  		       nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
5075  		       sizeof(he_obss_pd->partial_bssid_bitmap));
5076  
5077  	he_obss_pd->enable = true;
5078  
5079  	return 0;
5080  }
5081  
5082  static int nl80211_parse_he_bss_color(struct nlattr *attrs,
5083  				      struct cfg80211_he_bss_color *he_bss_color)
5084  {
5085  	struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
5086  	int err;
5087  
5088  	err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
5089  			       he_bss_color_policy, NULL);
5090  	if (err)
5091  		return err;
5092  
5093  	if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
5094  		return -EINVAL;
5095  
5096  	he_bss_color->color =
5097  		nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
5098  	he_bss_color->enabled =
5099  		!nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
5100  	he_bss_color->partial =
5101  		nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
5102  
5103  	return 0;
5104  }
5105  
5106  static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
5107  					struct nlattr *attrs,
5108  					struct cfg80211_ap_settings *params)
5109  {
5110  	struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
5111  	int ret;
5112  	struct cfg80211_fils_discovery *fd = &params->fils_discovery;
5113  
5114  	if (!wiphy_ext_feature_isset(&rdev->wiphy,
5115  				     NL80211_EXT_FEATURE_FILS_DISCOVERY))
5116  		return -EINVAL;
5117  
5118  	ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
5119  			       NULL, NULL);
5120  	if (ret)
5121  		return ret;
5122  
5123  	if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] ||
5124  	    !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] ||
5125  	    !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
5126  		return -EINVAL;
5127  
5128  	fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5129  	fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
5130  	fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
5131  	fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
5132  
5133  	return 0;
5134  }
5135  
5136  static int
5137  nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
5138  				     struct nlattr *attrs,
5139  				     struct cfg80211_ap_settings *params)
5140  {
5141  	struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
5142  	int ret;
5143  	struct cfg80211_unsol_bcast_probe_resp *presp =
5144  					&params->unsol_bcast_probe_resp;
5145  
5146  	if (!wiphy_ext_feature_isset(&rdev->wiphy,
5147  				     NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
5148  		return -EINVAL;
5149  
5150  	ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
5151  			       attrs, NULL, NULL);
5152  	if (ret)
5153  		return ret;
5154  
5155  	if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] ||
5156  	    !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
5157  		return -EINVAL;
5158  
5159  	presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5160  	presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
5161  	presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
5162  	return 0;
5163  }
5164  
5165  static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
5166  					    const u8 *rates)
5167  {
5168  	int i;
5169  
5170  	if (!rates)
5171  		return;
5172  
5173  	for (i = 0; i < rates[1]; i++) {
5174  		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
5175  			params->ht_required = true;
5176  		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
5177  			params->vht_required = true;
5178  		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
5179  			params->he_required = true;
5180  		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_SAE_H2E)
5181  			params->sae_h2e_required = true;
5182  	}
5183  }
5184  
5185  /*
5186   * Since the nl80211 API didn't include, from the beginning, attributes about
5187   * HT/VHT requirements/capabilities, we parse them out of the IEs for the
5188   * benefit of drivers that rebuild IEs in the firmware.
5189   */
5190  static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
5191  {
5192  	const struct cfg80211_beacon_data *bcn = &params->beacon;
5193  	size_t ies_len = bcn->tail_len;
5194  	const u8 *ies = bcn->tail;
5195  	const u8 *rates;
5196  	const u8 *cap;
5197  
5198  	rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
5199  	nl80211_check_ap_rate_selectors(params, rates);
5200  
5201  	rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
5202  	nl80211_check_ap_rate_selectors(params, rates);
5203  
5204  	cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
5205  	if (cap && cap[1] >= sizeof(*params->ht_cap))
5206  		params->ht_cap = (void *)(cap + 2);
5207  	cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
5208  	if (cap && cap[1] >= sizeof(*params->vht_cap))
5209  		params->vht_cap = (void *)(cap + 2);
5210  	cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
5211  	if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
5212  		params->he_cap = (void *)(cap + 3);
5213  	cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
5214  	if (cap && cap[1] >= sizeof(*params->he_oper) + 1)
5215  		params->he_oper = (void *)(cap + 3);
5216  }
5217  
5218  static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
5219  				   struct cfg80211_ap_settings *params)
5220  {
5221  	struct wireless_dev *wdev;
5222  	bool ret = false;
5223  
5224  	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
5225  		if (wdev->iftype != NL80211_IFTYPE_AP &&
5226  		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
5227  			continue;
5228  
5229  		if (!wdev->preset_chandef.chan)
5230  			continue;
5231  
5232  		params->chandef = wdev->preset_chandef;
5233  		ret = true;
5234  		break;
5235  	}
5236  
5237  	return ret;
5238  }
5239  
5240  static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
5241  				    enum nl80211_auth_type auth_type,
5242  				    enum nl80211_commands cmd)
5243  {
5244  	if (auth_type > NL80211_AUTHTYPE_MAX)
5245  		return false;
5246  
5247  	switch (cmd) {
5248  	case NL80211_CMD_AUTHENTICATE:
5249  		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5250  		    auth_type == NL80211_AUTHTYPE_SAE)
5251  			return false;
5252  		if (!wiphy_ext_feature_isset(&rdev->wiphy,
5253  					     NL80211_EXT_FEATURE_FILS_STA) &&
5254  		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5255  		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5256  		     auth_type == NL80211_AUTHTYPE_FILS_PK))
5257  			return false;
5258  		return true;
5259  	case NL80211_CMD_CONNECT:
5260  		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
5261  		    !wiphy_ext_feature_isset(&rdev->wiphy,
5262  					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
5263  		    auth_type == NL80211_AUTHTYPE_SAE)
5264  			return false;
5265  
5266  		/* FILS with SK PFS or PK not supported yet */
5267  		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5268  		    auth_type == NL80211_AUTHTYPE_FILS_PK)
5269  			return false;
5270  		if (!wiphy_ext_feature_isset(
5271  			    &rdev->wiphy,
5272  			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
5273  		    auth_type == NL80211_AUTHTYPE_FILS_SK)
5274  			return false;
5275  		return true;
5276  	case NL80211_CMD_START_AP:
5277  		if (!wiphy_ext_feature_isset(&rdev->wiphy,
5278  					     NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
5279  		    auth_type == NL80211_AUTHTYPE_SAE)
5280  			return false;
5281  		/* FILS not supported yet */
5282  		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
5283  		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
5284  		    auth_type == NL80211_AUTHTYPE_FILS_PK)
5285  			return false;
5286  		return true;
5287  	default:
5288  		return false;
5289  	}
5290  }
5291  
5292  static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
5293  {
5294  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5295  	struct net_device *dev = info->user_ptr[1];
5296  	struct wireless_dev *wdev = dev->ieee80211_ptr;
5297  	struct cfg80211_ap_settings params;
5298  	int err;
5299  
5300  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5301  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5302  		return -EOPNOTSUPP;
5303  
5304  	if (!rdev->ops->start_ap)
5305  		return -EOPNOTSUPP;
5306  
5307  	if (wdev->beacon_interval)
5308  		return -EALREADY;
5309  
5310  	memset(&params, 0, sizeof(params));
5311  
5312  	/* these are required for START_AP */
5313  	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
5314  	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
5315  	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
5316  		return -EINVAL;
5317  
5318  	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
5319  	if (err)
5320  		return err;
5321  
5322  	params.beacon_interval =
5323  		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
5324  	params.dtim_period =
5325  		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
5326  
5327  	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
5328  					   params.beacon_interval);
5329  	if (err)
5330  		return err;
5331  
5332  	/*
5333  	 * In theory, some of these attributes should be required here
5334  	 * but since they were not used when the command was originally
5335  	 * added, keep them optional for old user space programs to let
5336  	 * them continue to work with drivers that do not need the
5337  	 * additional information -- drivers must check!
5338  	 */
5339  	if (info->attrs[NL80211_ATTR_SSID]) {
5340  		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5341  		params.ssid_len =
5342  			nla_len(info->attrs[NL80211_ATTR_SSID]);
5343  		if (params.ssid_len == 0)
5344  			return -EINVAL;
5345  	}
5346  
5347  	if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
5348  		params.hidden_ssid = nla_get_u32(
5349  			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
5350  
5351  	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
5352  
5353  	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5354  		params.auth_type = nla_get_u32(
5355  			info->attrs[NL80211_ATTR_AUTH_TYPE]);
5356  		if (!nl80211_valid_auth_type(rdev, params.auth_type,
5357  					     NL80211_CMD_START_AP))
5358  			return -EINVAL;
5359  	} else
5360  		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5361  
5362  	err = nl80211_crypto_settings(rdev, info, &params.crypto,
5363  				      NL80211_MAX_NR_CIPHER_SUITES);
5364  	if (err)
5365  		return err;
5366  
5367  	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
5368  		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
5369  			return -EOPNOTSUPP;
5370  		params.inactivity_timeout = nla_get_u16(
5371  			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
5372  	}
5373  
5374  	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
5375  		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5376  			return -EINVAL;
5377  		params.p2p_ctwindow =
5378  			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
5379  		if (params.p2p_ctwindow != 0 &&
5380  		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
5381  			return -EINVAL;
5382  	}
5383  
5384  	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
5385  		u8 tmp;
5386  
5387  		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5388  			return -EINVAL;
5389  		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
5390  		params.p2p_opp_ps = tmp;
5391  		if (params.p2p_opp_ps != 0 &&
5392  		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
5393  			return -EINVAL;
5394  	}
5395  
5396  	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5397  		err = nl80211_parse_chandef(rdev, info, &params.chandef);
5398  		if (err)
5399  			return err;
5400  	} else if (wdev->preset_chandef.chan) {
5401  		params.chandef = wdev->preset_chandef;
5402  	} else if (!nl80211_get_ap_channel(rdev, &params))
5403  		return -EINVAL;
5404  
5405  	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
5406  					   wdev->iftype))
5407  		return -EINVAL;
5408  
5409  	if (info->attrs[NL80211_ATTR_TX_RATES]) {
5410  		err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
5411  						    NL80211_ATTR_TX_RATES,
5412  						    &params.beacon_rate,
5413  						    dev, false);
5414  		if (err)
5415  			return err;
5416  
5417  		err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
5418  					      &params.beacon_rate);
5419  		if (err)
5420  			return err;
5421  	}
5422  
5423  	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
5424  		params.smps_mode =
5425  			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
5426  		switch (params.smps_mode) {
5427  		case NL80211_SMPS_OFF:
5428  			break;
5429  		case NL80211_SMPS_STATIC:
5430  			if (!(rdev->wiphy.features &
5431  			      NL80211_FEATURE_STATIC_SMPS))
5432  				return -EINVAL;
5433  			break;
5434  		case NL80211_SMPS_DYNAMIC:
5435  			if (!(rdev->wiphy.features &
5436  			      NL80211_FEATURE_DYNAMIC_SMPS))
5437  				return -EINVAL;
5438  			break;
5439  		default:
5440  			return -EINVAL;
5441  		}
5442  	} else {
5443  		params.smps_mode = NL80211_SMPS_OFF;
5444  	}
5445  
5446  	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
5447  	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
5448  		return -EOPNOTSUPP;
5449  
5450  	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
5451  		params.acl = parse_acl_data(&rdev->wiphy, info);
5452  		if (IS_ERR(params.acl))
5453  			return PTR_ERR(params.acl);
5454  	}
5455  
5456  	params.twt_responder =
5457  		    nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
5458  
5459  	if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
5460  		err = nl80211_parse_he_obss_pd(
5461  					info->attrs[NL80211_ATTR_HE_OBSS_PD],
5462  					&params.he_obss_pd);
5463  		if (err)
5464  			goto out;
5465  	}
5466  
5467  	if (info->attrs[NL80211_ATTR_HE_BSS_COLOR]) {
5468  		err = nl80211_parse_he_bss_color(
5469  					info->attrs[NL80211_ATTR_HE_BSS_COLOR],
5470  					&params.he_bss_color);
5471  		if (err)
5472  			goto out;
5473  	}
5474  
5475  	if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
5476  		err = nl80211_parse_fils_discovery(rdev,
5477  						   info->attrs[NL80211_ATTR_FILS_DISCOVERY],
5478  						   &params);
5479  		if (err)
5480  			goto out;
5481  	}
5482  
5483  	if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
5484  		err = nl80211_parse_unsol_bcast_probe_resp(
5485  			rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
5486  			&params);
5487  		if (err)
5488  			return err;
5489  	}
5490  
5491  	nl80211_calculate_ap_params(&params);
5492  
5493  	if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
5494  		params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
5495  
5496  	wdev_lock(wdev);
5497  	err = rdev_start_ap(rdev, dev, &params);
5498  	if (!err) {
5499  		wdev->preset_chandef = params.chandef;
5500  		wdev->beacon_interval = params.beacon_interval;
5501  		wdev->chandef = params.chandef;
5502  		wdev->ssid_len = params.ssid_len;
5503  		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
5504  
5505  		if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
5506  			wdev->conn_owner_nlportid = info->snd_portid;
5507  	}
5508  	wdev_unlock(wdev);
5509  
5510  out:
5511  	kfree(params.acl);
5512  
5513  	return err;
5514  }
5515  
5516  static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
5517  {
5518  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5519  	struct net_device *dev = info->user_ptr[1];
5520  	struct wireless_dev *wdev = dev->ieee80211_ptr;
5521  	struct cfg80211_beacon_data params;
5522  	int err;
5523  
5524  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5525  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5526  		return -EOPNOTSUPP;
5527  
5528  	if (!rdev->ops->change_beacon)
5529  		return -EOPNOTSUPP;
5530  
5531  	if (!wdev->beacon_interval)
5532  		return -EINVAL;
5533  
5534  	err = nl80211_parse_beacon(rdev, info->attrs, &params);
5535  	if (err)
5536  		return err;
5537  
5538  	wdev_lock(wdev);
5539  	err = rdev_change_beacon(rdev, dev, &params);
5540  	wdev_unlock(wdev);
5541  
5542  	return err;
5543  }
5544  
5545  static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
5546  {
5547  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5548  	struct net_device *dev = info->user_ptr[1];
5549  
5550  	return cfg80211_stop_ap(rdev, dev, false);
5551  }
5552  
5553  static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
5554  	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
5555  	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
5556  	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
5557  	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
5558  	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
5559  	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
5560  };
5561  
5562  static int parse_station_flags(struct genl_info *info,
5563  			       enum nl80211_iftype iftype,
5564  			       struct station_parameters *params)
5565  {
5566  	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
5567  	struct nlattr *nla;
5568  	int flag;
5569  
5570  	/*
5571  	 * Try parsing the new attribute first so userspace
5572  	 * can specify both for older kernels.
5573  	 */
5574  	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
5575  	if (nla) {
5576  		struct nl80211_sta_flag_update *sta_flags;
5577  
5578  		sta_flags = nla_data(nla);
5579  		params->sta_flags_mask = sta_flags->mask;
5580  		params->sta_flags_set = sta_flags->set;
5581  		params->sta_flags_set &= params->sta_flags_mask;
5582  		if ((params->sta_flags_mask |
5583  		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
5584  			return -EINVAL;
5585  		return 0;
5586  	}
5587  
5588  	/* if present, parse the old attribute */
5589  
5590  	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
5591  	if (!nla)
5592  		return 0;
5593  
5594  	if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
5595  		return -EINVAL;
5596  
5597  	/*
5598  	 * Only allow certain flags for interface types so that
5599  	 * other attributes are silently ignored. Remember that
5600  	 * this is backward compatibility code with old userspace
5601  	 * and shouldn't be hit in other cases anyway.
5602  	 */
5603  	switch (iftype) {
5604  	case NL80211_IFTYPE_AP:
5605  	case NL80211_IFTYPE_AP_VLAN:
5606  	case NL80211_IFTYPE_P2P_GO:
5607  		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5608  					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5609  					 BIT(NL80211_STA_FLAG_WME) |
5610  					 BIT(NL80211_STA_FLAG_MFP);
5611  		break;
5612  	case NL80211_IFTYPE_P2P_CLIENT:
5613  	case NL80211_IFTYPE_STATION:
5614  		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
5615  					 BIT(NL80211_STA_FLAG_TDLS_PEER);
5616  		break;
5617  	case NL80211_IFTYPE_MESH_POINT:
5618  		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5619  					 BIT(NL80211_STA_FLAG_MFP) |
5620  					 BIT(NL80211_STA_FLAG_AUTHORIZED);
5621  		break;
5622  	default:
5623  		return -EINVAL;
5624  	}
5625  
5626  	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
5627  		if (flags[flag]) {
5628  			params->sta_flags_set |= (1<<flag);
5629  
5630  			/* no longer support new API additions in old API */
5631  			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
5632  				return -EINVAL;
5633  		}
5634  	}
5635  
5636  	return 0;
5637  }
5638  
5639  bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
5640  {
5641  	struct nlattr *rate;
5642  	u32 bitrate;
5643  	u16 bitrate_compat;
5644  	enum nl80211_rate_info rate_flg;
5645  
5646  	rate = nla_nest_start_noflag(msg, attr);
5647  	if (!rate)
5648  		return false;
5649  
5650  	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
5651  	bitrate = cfg80211_calculate_bitrate(info);
5652  	/* report 16-bit bitrate only if we can */
5653  	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
5654  	if (bitrate > 0 &&
5655  	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
5656  		return false;
5657  	if (bitrate_compat > 0 &&
5658  	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
5659  		return false;
5660  
5661  	switch (info->bw) {
5662  	case RATE_INFO_BW_5:
5663  		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
5664  		break;
5665  	case RATE_INFO_BW_10:
5666  		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
5667  		break;
5668  	default:
5669  		WARN_ON(1);
5670  		fallthrough;
5671  	case RATE_INFO_BW_20:
5672  		rate_flg = 0;
5673  		break;
5674  	case RATE_INFO_BW_40:
5675  		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
5676  		break;
5677  	case RATE_INFO_BW_80:
5678  		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
5679  		break;
5680  	case RATE_INFO_BW_160:
5681  		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
5682  		break;
5683  	case RATE_INFO_BW_HE_RU:
5684  		rate_flg = 0;
5685  		WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
5686  	}
5687  
5688  	if (rate_flg && nla_put_flag(msg, rate_flg))
5689  		return false;
5690  
5691  	if (info->flags & RATE_INFO_FLAGS_MCS) {
5692  		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5693  			return false;
5694  		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5695  		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5696  			return false;
5697  	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5698  		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5699  			return false;
5700  		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5701  			return false;
5702  		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5703  		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5704  			return false;
5705  	} else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5706  		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5707  			return false;
5708  		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5709  			return false;
5710  		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5711  			return false;
5712  		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5713  			return false;
5714  		if (info->bw == RATE_INFO_BW_HE_RU &&
5715  		    nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5716  			       info->he_ru_alloc))
5717  			return false;
5718  	}
5719  
5720  	nla_nest_end(msg, rate);
5721  	return true;
5722  }
5723  
5724  static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5725  			       int id)
5726  {
5727  	void *attr;
5728  	int i = 0;
5729  
5730  	if (!mask)
5731  		return true;
5732  
5733  	attr = nla_nest_start_noflag(msg, id);
5734  	if (!attr)
5735  		return false;
5736  
5737  	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5738  		if (!(mask & BIT(i)))
5739  			continue;
5740  
5741  		if (nla_put_u8(msg, i, signal[i]))
5742  			return false;
5743  	}
5744  
5745  	nla_nest_end(msg, attr);
5746  
5747  	return true;
5748  }
5749  
5750  static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5751  				u32 seq, int flags,
5752  				struct cfg80211_registered_device *rdev,
5753  				struct net_device *dev,
5754  				const u8 *mac_addr, struct station_info *sinfo)
5755  {
5756  	void *hdr;
5757  	struct nlattr *sinfoattr, *bss_param;
5758  
5759  	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5760  	if (!hdr) {
5761  		cfg80211_sinfo_release_content(sinfo);
5762  		return -1;
5763  	}
5764  
5765  	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5766  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5767  	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5768  		goto nla_put_failure;
5769  
5770  	sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5771  	if (!sinfoattr)
5772  		goto nla_put_failure;
5773  
5774  #define PUT_SINFO(attr, memb, type) do {				\
5775  	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
5776  	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
5777  	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
5778  			     sinfo->memb))				\
5779  		goto nla_put_failure;					\
5780  	} while (0)
5781  #define PUT_SINFO_U64(attr, memb) do {					\
5782  	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
5783  	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
5784  			      sinfo->memb, NL80211_STA_INFO_PAD))	\
5785  		goto nla_put_failure;					\
5786  	} while (0)
5787  
5788  	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5789  	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5790  	PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5791  
5792  	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5793  			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5794  	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5795  			(u32)sinfo->rx_bytes))
5796  		goto nla_put_failure;
5797  
5798  	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5799  			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5800  	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5801  			(u32)sinfo->tx_bytes))
5802  		goto nla_put_failure;
5803  
5804  	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5805  	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5806  	PUT_SINFO(LLID, llid, u16);
5807  	PUT_SINFO(PLID, plid, u16);
5808  	PUT_SINFO(PLINK_STATE, plink_state, u8);
5809  	PUT_SINFO_U64(RX_DURATION, rx_duration);
5810  	PUT_SINFO_U64(TX_DURATION, tx_duration);
5811  
5812  	if (wiphy_ext_feature_isset(&rdev->wiphy,
5813  				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5814  		PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5815  
5816  	switch (rdev->wiphy.signal_type) {
5817  	case CFG80211_SIGNAL_TYPE_MBM:
5818  		PUT_SINFO(SIGNAL, signal, u8);
5819  		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5820  		break;
5821  	default:
5822  		break;
5823  	}
5824  	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5825  		if (!nl80211_put_signal(msg, sinfo->chains,
5826  					sinfo->chain_signal,
5827  					NL80211_STA_INFO_CHAIN_SIGNAL))
5828  			goto nla_put_failure;
5829  	}
5830  	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5831  		if (!nl80211_put_signal(msg, sinfo->chains,
5832  					sinfo->chain_signal_avg,
5833  					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5834  			goto nla_put_failure;
5835  	}
5836  	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5837  		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5838  					  NL80211_STA_INFO_TX_BITRATE))
5839  			goto nla_put_failure;
5840  	}
5841  	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5842  		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5843  					  NL80211_STA_INFO_RX_BITRATE))
5844  			goto nla_put_failure;
5845  	}
5846  
5847  	PUT_SINFO(RX_PACKETS, rx_packets, u32);
5848  	PUT_SINFO(TX_PACKETS, tx_packets, u32);
5849  	PUT_SINFO(TX_RETRIES, tx_retries, u32);
5850  	PUT_SINFO(TX_FAILED, tx_failed, u32);
5851  	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5852  	PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5853  	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5854  	PUT_SINFO(LOCAL_PM, local_pm, u32);
5855  	PUT_SINFO(PEER_PM, peer_pm, u32);
5856  	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5857  	PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5858  	PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
5859  
5860  	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5861  		bss_param = nla_nest_start_noflag(msg,
5862  						  NL80211_STA_INFO_BSS_PARAM);
5863  		if (!bss_param)
5864  			goto nla_put_failure;
5865  
5866  		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5867  		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5868  		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5869  		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5870  		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5871  		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5872  		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5873  			       sinfo->bss_param.dtim_period) ||
5874  		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5875  				sinfo->bss_param.beacon_interval))
5876  			goto nla_put_failure;
5877  
5878  		nla_nest_end(msg, bss_param);
5879  	}
5880  	if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5881  	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5882  		    sizeof(struct nl80211_sta_flag_update),
5883  		    &sinfo->sta_flags))
5884  		goto nla_put_failure;
5885  
5886  	PUT_SINFO_U64(T_OFFSET, t_offset);
5887  	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5888  	PUT_SINFO_U64(BEACON_RX, rx_beacon);
5889  	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5890  	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5891  	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5892  	if (wiphy_ext_feature_isset(&rdev->wiphy,
5893  				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5894  		PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5895  		PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5896  	}
5897  
5898  #undef PUT_SINFO
5899  #undef PUT_SINFO_U64
5900  
5901  	if (sinfo->pertid) {
5902  		struct nlattr *tidsattr;
5903  		int tid;
5904  
5905  		tidsattr = nla_nest_start_noflag(msg,
5906  						 NL80211_STA_INFO_TID_STATS);
5907  		if (!tidsattr)
5908  			goto nla_put_failure;
5909  
5910  		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5911  			struct cfg80211_tid_stats *tidstats;
5912  			struct nlattr *tidattr;
5913  
5914  			tidstats = &sinfo->pertid[tid];
5915  
5916  			if (!tidstats->filled)
5917  				continue;
5918  
5919  			tidattr = nla_nest_start_noflag(msg, tid + 1);
5920  			if (!tidattr)
5921  				goto nla_put_failure;
5922  
5923  #define PUT_TIDVAL_U64(attr, memb) do {					\
5924  	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
5925  	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
5926  			      tidstats->memb, NL80211_TID_STATS_PAD))	\
5927  		goto nla_put_failure;					\
5928  	} while (0)
5929  
5930  			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5931  			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5932  			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5933  			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5934  
5935  #undef PUT_TIDVAL_U64
5936  			if ((tidstats->filled &
5937  			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5938  			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5939  						   NL80211_TID_STATS_TXQ_STATS))
5940  				goto nla_put_failure;
5941  
5942  			nla_nest_end(msg, tidattr);
5943  		}
5944  
5945  		nla_nest_end(msg, tidsattr);
5946  	}
5947  
5948  	nla_nest_end(msg, sinfoattr);
5949  
5950  	if (sinfo->assoc_req_ies_len &&
5951  	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5952  		    sinfo->assoc_req_ies))
5953  		goto nla_put_failure;
5954  
5955  	cfg80211_sinfo_release_content(sinfo);
5956  	genlmsg_end(msg, hdr);
5957  	return 0;
5958  
5959   nla_put_failure:
5960  	cfg80211_sinfo_release_content(sinfo);
5961  	genlmsg_cancel(msg, hdr);
5962  	return -EMSGSIZE;
5963  }
5964  
5965  static int nl80211_dump_station(struct sk_buff *skb,
5966  				struct netlink_callback *cb)
5967  {
5968  	struct station_info sinfo;
5969  	struct cfg80211_registered_device *rdev;
5970  	struct wireless_dev *wdev;
5971  	u8 mac_addr[ETH_ALEN];
5972  	int sta_idx = cb->args[2];
5973  	int err;
5974  
5975  	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5976  	if (err)
5977  		return err;
5978  	/* nl80211_prepare_wdev_dump acquired it in the successful case */
5979  	__acquire(&rdev->wiphy.mtx);
5980  
5981  	if (!wdev->netdev) {
5982  		err = -EINVAL;
5983  		goto out_err;
5984  	}
5985  
5986  	if (!rdev->ops->dump_station) {
5987  		err = -EOPNOTSUPP;
5988  		goto out_err;
5989  	}
5990  
5991  	while (1) {
5992  		memset(&sinfo, 0, sizeof(sinfo));
5993  		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5994  					mac_addr, &sinfo);
5995  		if (err == -ENOENT)
5996  			break;
5997  		if (err)
5998  			goto out_err;
5999  
6000  		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
6001  				NETLINK_CB(cb->skb).portid,
6002  				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6003  				rdev, wdev->netdev, mac_addr,
6004  				&sinfo) < 0)
6005  			goto out;
6006  
6007  		sta_idx++;
6008  	}
6009  
6010   out:
6011  	cb->args[2] = sta_idx;
6012  	err = skb->len;
6013   out_err:
6014  	wiphy_unlock(&rdev->wiphy);
6015  
6016  	return err;
6017  }
6018  
6019  static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
6020  {
6021  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6022  	struct net_device *dev = info->user_ptr[1];
6023  	struct station_info sinfo;
6024  	struct sk_buff *msg;
6025  	u8 *mac_addr = NULL;
6026  	int err;
6027  
6028  	memset(&sinfo, 0, sizeof(sinfo));
6029  
6030  	if (!info->attrs[NL80211_ATTR_MAC])
6031  		return -EINVAL;
6032  
6033  	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6034  
6035  	if (!rdev->ops->get_station)
6036  		return -EOPNOTSUPP;
6037  
6038  	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
6039  	if (err)
6040  		return err;
6041  
6042  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6043  	if (!msg) {
6044  		cfg80211_sinfo_release_content(&sinfo);
6045  		return -ENOMEM;
6046  	}
6047  
6048  	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
6049  				 info->snd_portid, info->snd_seq, 0,
6050  				 rdev, dev, mac_addr, &sinfo) < 0) {
6051  		nlmsg_free(msg);
6052  		return -ENOBUFS;
6053  	}
6054  
6055  	return genlmsg_reply(msg, info);
6056  }
6057  
6058  int cfg80211_check_station_change(struct wiphy *wiphy,
6059  				  struct station_parameters *params,
6060  				  enum cfg80211_station_type statype)
6061  {
6062  	if (params->listen_interval != -1 &&
6063  	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6064  		return -EINVAL;
6065  
6066  	if (params->support_p2p_ps != -1 &&
6067  	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6068  		return -EINVAL;
6069  
6070  	if (params->aid &&
6071  	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
6072  	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
6073  		return -EINVAL;
6074  
6075  	/* When you run into this, adjust the code below for the new flag */
6076  	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6077  
6078  	switch (statype) {
6079  	case CFG80211_STA_MESH_PEER_KERNEL:
6080  	case CFG80211_STA_MESH_PEER_USER:
6081  		/*
6082  		 * No ignoring the TDLS flag here -- the userspace mesh
6083  		 * code doesn't have the bug of including TDLS in the
6084  		 * mask everywhere.
6085  		 */
6086  		if (params->sta_flags_mask &
6087  				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6088  				  BIT(NL80211_STA_FLAG_MFP) |
6089  				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
6090  			return -EINVAL;
6091  		break;
6092  	case CFG80211_STA_TDLS_PEER_SETUP:
6093  	case CFG80211_STA_TDLS_PEER_ACTIVE:
6094  		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6095  			return -EINVAL;
6096  		/* ignore since it can't change */
6097  		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6098  		break;
6099  	default:
6100  		/* disallow mesh-specific things */
6101  		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
6102  			return -EINVAL;
6103  		if (params->local_pm)
6104  			return -EINVAL;
6105  		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6106  			return -EINVAL;
6107  	}
6108  
6109  	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6110  	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
6111  		/* TDLS can't be set, ... */
6112  		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
6113  			return -EINVAL;
6114  		/*
6115  		 * ... but don't bother the driver with it. This works around
6116  		 * a hostapd/wpa_supplicant issue -- it always includes the
6117  		 * TLDS_PEER flag in the mask even for AP mode.
6118  		 */
6119  		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6120  	}
6121  
6122  	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
6123  	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6124  		/* reject other things that can't change */
6125  		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
6126  			return -EINVAL;
6127  		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
6128  			return -EINVAL;
6129  		if (params->supported_rates)
6130  			return -EINVAL;
6131  		if (params->ext_capab || params->ht_capa || params->vht_capa ||
6132  		    params->he_capa)
6133  			return -EINVAL;
6134  	}
6135  
6136  	if (statype != CFG80211_STA_AP_CLIENT &&
6137  	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
6138  		if (params->vlan)
6139  			return -EINVAL;
6140  	}
6141  
6142  	switch (statype) {
6143  	case CFG80211_STA_AP_MLME_CLIENT:
6144  		/* Use this only for authorizing/unauthorizing a station */
6145  		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
6146  			return -EOPNOTSUPP;
6147  		break;
6148  	case CFG80211_STA_AP_CLIENT:
6149  	case CFG80211_STA_AP_CLIENT_UNASSOC:
6150  		/* accept only the listed bits */
6151  		if (params->sta_flags_mask &
6152  				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6153  				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6154  				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
6155  				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
6156  				  BIT(NL80211_STA_FLAG_WME) |
6157  				  BIT(NL80211_STA_FLAG_MFP)))
6158  			return -EINVAL;
6159  
6160  		/* but authenticated/associated only if driver handles it */
6161  		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6162  		    params->sta_flags_mask &
6163  				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6164  				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
6165  			return -EINVAL;
6166  		break;
6167  	case CFG80211_STA_IBSS:
6168  	case CFG80211_STA_AP_STA:
6169  		/* reject any changes other than AUTHORIZED */
6170  		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
6171  			return -EINVAL;
6172  		break;
6173  	case CFG80211_STA_TDLS_PEER_SETUP:
6174  		/* reject any changes other than AUTHORIZED or WME */
6175  		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
6176  					       BIT(NL80211_STA_FLAG_WME)))
6177  			return -EINVAL;
6178  		/* force (at least) rates when authorizing */
6179  		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
6180  		    !params->supported_rates)
6181  			return -EINVAL;
6182  		break;
6183  	case CFG80211_STA_TDLS_PEER_ACTIVE:
6184  		/* reject any changes */
6185  		return -EINVAL;
6186  	case CFG80211_STA_MESH_PEER_KERNEL:
6187  		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
6188  			return -EINVAL;
6189  		break;
6190  	case CFG80211_STA_MESH_PEER_USER:
6191  		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
6192  		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
6193  			return -EINVAL;
6194  		break;
6195  	}
6196  
6197  	/*
6198  	 * Older kernel versions ignored this attribute entirely, so don't
6199  	 * reject attempts to update it but mark it as unused instead so the
6200  	 * driver won't look at the data.
6201  	 */
6202  	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
6203  	    statype != CFG80211_STA_TDLS_PEER_SETUP)
6204  		params->opmode_notif_used = false;
6205  
6206  	return 0;
6207  }
6208  EXPORT_SYMBOL(cfg80211_check_station_change);
6209  
6210  /*
6211   * Get vlan interface making sure it is running and on the right wiphy.
6212   */
6213  static struct net_device *get_vlan(struct genl_info *info,
6214  				   struct cfg80211_registered_device *rdev)
6215  {
6216  	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
6217  	struct net_device *v;
6218  	int ret;
6219  
6220  	if (!vlanattr)
6221  		return NULL;
6222  
6223  	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
6224  	if (!v)
6225  		return ERR_PTR(-ENODEV);
6226  
6227  	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
6228  		ret = -EINVAL;
6229  		goto error;
6230  	}
6231  
6232  	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
6233  	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6234  	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
6235  		ret = -EINVAL;
6236  		goto error;
6237  	}
6238  
6239  	if (!netif_running(v)) {
6240  		ret = -ENETDOWN;
6241  		goto error;
6242  	}
6243  
6244  	return v;
6245   error:
6246  	dev_put(v);
6247  	return ERR_PTR(ret);
6248  }
6249  
6250  static const struct nla_policy
6251  nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
6252  	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
6253  	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
6254  };
6255  
6256  static int nl80211_parse_sta_wme(struct genl_info *info,
6257  				 struct station_parameters *params)
6258  {
6259  	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
6260  	struct nlattr *nla;
6261  	int err;
6262  
6263  	/* parse WME attributes if present */
6264  	if (!info->attrs[NL80211_ATTR_STA_WME])
6265  		return 0;
6266  
6267  	nla = info->attrs[NL80211_ATTR_STA_WME];
6268  	err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
6269  					  nl80211_sta_wme_policy,
6270  					  info->extack);
6271  	if (err)
6272  		return err;
6273  
6274  	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
6275  		params->uapsd_queues = nla_get_u8(
6276  			tb[NL80211_STA_WME_UAPSD_QUEUES]);
6277  	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
6278  		return -EINVAL;
6279  
6280  	if (tb[NL80211_STA_WME_MAX_SP])
6281  		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
6282  
6283  	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
6284  		return -EINVAL;
6285  
6286  	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
6287  
6288  	return 0;
6289  }
6290  
6291  static int nl80211_parse_sta_channel_info(struct genl_info *info,
6292  				      struct station_parameters *params)
6293  {
6294  	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
6295  		params->supported_channels =
6296  		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6297  		params->supported_channels_len =
6298  		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
6299  		/*
6300  		 * Need to include at least one (first channel, number of
6301  		 * channels) tuple for each subband (checked in policy),
6302  		 * and must have proper tuples for the rest of the data as well.
6303  		 */
6304  		if (params->supported_channels_len % 2)
6305  			return -EINVAL;
6306  	}
6307  
6308  	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
6309  		params->supported_oper_classes =
6310  		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6311  		params->supported_oper_classes_len =
6312  		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
6313  	}
6314  	return 0;
6315  }
6316  
6317  static int nl80211_set_station_tdls(struct genl_info *info,
6318  				    struct station_parameters *params)
6319  {
6320  	int err;
6321  	/* Dummy STA entry gets updated once the peer capabilities are known */
6322  	if (info->attrs[NL80211_ATTR_PEER_AID])
6323  		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6324  	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6325  		params->ht_capa =
6326  			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6327  	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6328  		params->vht_capa =
6329  			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6330  	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6331  		params->he_capa =
6332  			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6333  		params->he_capa_len =
6334  			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6335  	}
6336  
6337  	err = nl80211_parse_sta_channel_info(info, params);
6338  	if (err)
6339  		return err;
6340  
6341  	return nl80211_parse_sta_wme(info, params);
6342  }
6343  
6344  static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
6345  					     struct station_parameters *params)
6346  {
6347  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6348  	int idx;
6349  
6350  	if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
6351  		if (!rdev->ops->set_tx_power ||
6352  		    !wiphy_ext_feature_isset(&rdev->wiphy,
6353  					 NL80211_EXT_FEATURE_STA_TX_PWR))
6354  			return -EOPNOTSUPP;
6355  
6356  		idx = NL80211_ATTR_STA_TX_POWER_SETTING;
6357  		params->txpwr.type = nla_get_u8(info->attrs[idx]);
6358  
6359  		if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
6360  			idx = NL80211_ATTR_STA_TX_POWER;
6361  
6362  			if (info->attrs[idx])
6363  				params->txpwr.power =
6364  					nla_get_s16(info->attrs[idx]);
6365  			else
6366  				return -EINVAL;
6367  		}
6368  		params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
6369  	}
6370  
6371  	return 0;
6372  }
6373  
6374  static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
6375  {
6376  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6377  	struct net_device *dev = info->user_ptr[1];
6378  	struct station_parameters params;
6379  	u8 *mac_addr;
6380  	int err;
6381  
6382  	memset(&params, 0, sizeof(params));
6383  
6384  	if (!rdev->ops->change_station)
6385  		return -EOPNOTSUPP;
6386  
6387  	/*
6388  	 * AID and listen_interval properties can be set only for unassociated
6389  	 * station. Include these parameters here and will check them in
6390  	 * cfg80211_check_station_change().
6391  	 */
6392  	if (info->attrs[NL80211_ATTR_STA_AID])
6393  		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6394  
6395  	if (info->attrs[NL80211_ATTR_VLAN_ID])
6396  		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6397  
6398  	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6399  		params.listen_interval =
6400  		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6401  	else
6402  		params.listen_interval = -1;
6403  
6404  	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
6405  		params.support_p2p_ps =
6406  			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6407  	else
6408  		params.support_p2p_ps = -1;
6409  
6410  	if (!info->attrs[NL80211_ATTR_MAC])
6411  		return -EINVAL;
6412  
6413  	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6414  
6415  	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
6416  		params.supported_rates =
6417  			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6418  		params.supported_rates_len =
6419  			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6420  	}
6421  
6422  	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6423  		params.capability =
6424  			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6425  		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6426  	}
6427  
6428  	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6429  		params.ext_capab =
6430  			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6431  		params.ext_capab_len =
6432  			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6433  	}
6434  
6435  	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
6436  		return -EINVAL;
6437  
6438  	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6439  		params.plink_action =
6440  			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6441  
6442  	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
6443  		params.plink_state =
6444  			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
6445  		if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
6446  			params.peer_aid = nla_get_u16(
6447  				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
6448  		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
6449  	}
6450  
6451  	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
6452  		params.local_pm = nla_get_u32(
6453  			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
6454  
6455  	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6456  		params.opmode_notif_used = true;
6457  		params.opmode_notif =
6458  			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6459  	}
6460  
6461  	if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6462  		params.he_6ghz_capa =
6463  			nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6464  
6465  	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6466  		params.airtime_weight =
6467  			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6468  
6469  	if (params.airtime_weight &&
6470  	    !wiphy_ext_feature_isset(&rdev->wiphy,
6471  				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6472  		return -EOPNOTSUPP;
6473  
6474  	err = nl80211_parse_sta_txpower_setting(info, &params);
6475  	if (err)
6476  		return err;
6477  
6478  	/* Include parameters for TDLS peer (will check later) */
6479  	err = nl80211_set_station_tdls(info, &params);
6480  	if (err)
6481  		return err;
6482  
6483  	params.vlan = get_vlan(info, rdev);
6484  	if (IS_ERR(params.vlan))
6485  		return PTR_ERR(params.vlan);
6486  
6487  	switch (dev->ieee80211_ptr->iftype) {
6488  	case NL80211_IFTYPE_AP:
6489  	case NL80211_IFTYPE_AP_VLAN:
6490  	case NL80211_IFTYPE_P2P_GO:
6491  	case NL80211_IFTYPE_P2P_CLIENT:
6492  	case NL80211_IFTYPE_STATION:
6493  	case NL80211_IFTYPE_ADHOC:
6494  	case NL80211_IFTYPE_MESH_POINT:
6495  		break;
6496  	default:
6497  		err = -EOPNOTSUPP;
6498  		goto out_put_vlan;
6499  	}
6500  
6501  	/* driver will call cfg80211_check_station_change() */
6502  	err = rdev_change_station(rdev, dev, mac_addr, &params);
6503  
6504   out_put_vlan:
6505  	if (params.vlan)
6506  		dev_put(params.vlan);
6507  
6508  	return err;
6509  }
6510  
6511  static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
6512  {
6513  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6514  	int err;
6515  	struct net_device *dev = info->user_ptr[1];
6516  	struct station_parameters params;
6517  	u8 *mac_addr = NULL;
6518  	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
6519  			 BIT(NL80211_STA_FLAG_ASSOCIATED);
6520  
6521  	memset(&params, 0, sizeof(params));
6522  
6523  	if (!rdev->ops->add_station)
6524  		return -EOPNOTSUPP;
6525  
6526  	if (!info->attrs[NL80211_ATTR_MAC])
6527  		return -EINVAL;
6528  
6529  	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
6530  		return -EINVAL;
6531  
6532  	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
6533  		return -EINVAL;
6534  
6535  	if (!info->attrs[NL80211_ATTR_STA_AID] &&
6536  	    !info->attrs[NL80211_ATTR_PEER_AID])
6537  		return -EINVAL;
6538  
6539  	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
6540  	params.supported_rates =
6541  		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6542  	params.supported_rates_len =
6543  		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
6544  	params.listen_interval =
6545  		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
6546  
6547  	if (info->attrs[NL80211_ATTR_VLAN_ID])
6548  		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
6549  
6550  	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
6551  		params.support_p2p_ps =
6552  			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
6553  	} else {
6554  		/*
6555  		 * if not specified, assume it's supported for P2P GO interface,
6556  		 * and is NOT supported for AP interface
6557  		 */
6558  		params.support_p2p_ps =
6559  			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
6560  	}
6561  
6562  	if (info->attrs[NL80211_ATTR_PEER_AID])
6563  		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
6564  	else
6565  		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
6566  
6567  	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
6568  		params.capability =
6569  			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
6570  		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
6571  	}
6572  
6573  	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
6574  		params.ext_capab =
6575  			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6576  		params.ext_capab_len =
6577  			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
6578  	}
6579  
6580  	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
6581  		params.ht_capa =
6582  			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
6583  
6584  	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
6585  		params.vht_capa =
6586  			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
6587  
6588  	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
6589  		params.he_capa =
6590  			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6591  		params.he_capa_len =
6592  			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
6593  	}
6594  
6595  	if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
6596  		params.he_6ghz_capa =
6597  			nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
6598  
6599  	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
6600  		params.opmode_notif_used = true;
6601  		params.opmode_notif =
6602  			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
6603  	}
6604  
6605  	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
6606  		params.plink_action =
6607  			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
6608  
6609  	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
6610  		params.airtime_weight =
6611  			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
6612  
6613  	if (params.airtime_weight &&
6614  	    !wiphy_ext_feature_isset(&rdev->wiphy,
6615  				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
6616  		return -EOPNOTSUPP;
6617  
6618  	err = nl80211_parse_sta_txpower_setting(info, &params);
6619  	if (err)
6620  		return err;
6621  
6622  	err = nl80211_parse_sta_channel_info(info, &params);
6623  	if (err)
6624  		return err;
6625  
6626  	err = nl80211_parse_sta_wme(info, &params);
6627  	if (err)
6628  		return err;
6629  
6630  	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
6631  		return -EINVAL;
6632  
6633  	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
6634  	 * as userspace might just pass through the capabilities from the IEs
6635  	 * directly, rather than enforcing this restriction and returning an
6636  	 * error in this case.
6637  	 */
6638  	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
6639  		params.ht_capa = NULL;
6640  		params.vht_capa = NULL;
6641  
6642  		/* HE requires WME */
6643  		if (params.he_capa_len || params.he_6ghz_capa)
6644  			return -EINVAL;
6645  	}
6646  
6647  	/* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
6648  	if (params.he_6ghz_capa && (params.ht_capa || params.vht_capa))
6649  		return -EINVAL;
6650  
6651  	/* When you run into this, adjust the code below for the new flag */
6652  	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
6653  
6654  	switch (dev->ieee80211_ptr->iftype) {
6655  	case NL80211_IFTYPE_AP:
6656  	case NL80211_IFTYPE_AP_VLAN:
6657  	case NL80211_IFTYPE_P2P_GO:
6658  		/* ignore WME attributes if iface/sta is not capable */
6659  		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
6660  		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
6661  			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6662  
6663  		/* TDLS peers cannot be added */
6664  		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6665  		    info->attrs[NL80211_ATTR_PEER_AID])
6666  			return -EINVAL;
6667  		/* but don't bother the driver with it */
6668  		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
6669  
6670  		/* allow authenticated/associated only if driver handles it */
6671  		if (!(rdev->wiphy.features &
6672  				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
6673  		    params.sta_flags_mask & auth_assoc)
6674  			return -EINVAL;
6675  
6676  		/* Older userspace, or userspace wanting to be compatible with
6677  		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
6678  		 * and assoc flags in the mask, but assumes the station will be
6679  		 * added as associated anyway since this was the required driver
6680  		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
6681  		 * introduced.
6682  		 * In order to not bother drivers with this quirk in the API
6683  		 * set the flags in both the mask and set for new stations in
6684  		 * this case.
6685  		 */
6686  		if (!(params.sta_flags_mask & auth_assoc)) {
6687  			params.sta_flags_mask |= auth_assoc;
6688  			params.sta_flags_set |= auth_assoc;
6689  		}
6690  
6691  		/* must be last in here for error handling */
6692  		params.vlan = get_vlan(info, rdev);
6693  		if (IS_ERR(params.vlan))
6694  			return PTR_ERR(params.vlan);
6695  		break;
6696  	case NL80211_IFTYPE_MESH_POINT:
6697  		/* ignore uAPSD data */
6698  		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6699  
6700  		/* associated is disallowed */
6701  		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6702  			return -EINVAL;
6703  		/* TDLS peers cannot be added */
6704  		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6705  		    info->attrs[NL80211_ATTR_PEER_AID])
6706  			return -EINVAL;
6707  		break;
6708  	case NL80211_IFTYPE_STATION:
6709  	case NL80211_IFTYPE_P2P_CLIENT:
6710  		/* ignore uAPSD data */
6711  		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6712  
6713  		/* these are disallowed */
6714  		if (params.sta_flags_mask &
6715  				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
6716  				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6717  			return -EINVAL;
6718  		/* Only TDLS peers can be added */
6719  		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6720  			return -EINVAL;
6721  		/* Can only add if TDLS ... */
6722  		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6723  			return -EOPNOTSUPP;
6724  		/* ... with external setup is supported */
6725  		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6726  			return -EOPNOTSUPP;
6727  		/*
6728  		 * Older wpa_supplicant versions always mark the TDLS peer
6729  		 * as authorized, but it shouldn't yet be.
6730  		 */
6731  		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6732  		break;
6733  	default:
6734  		return -EOPNOTSUPP;
6735  	}
6736  
6737  	/* be aware of params.vlan when changing code here */
6738  
6739  	err = rdev_add_station(rdev, dev, mac_addr, &params);
6740  
6741  	if (params.vlan)
6742  		dev_put(params.vlan);
6743  	return err;
6744  }
6745  
6746  static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6747  {
6748  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6749  	struct net_device *dev = info->user_ptr[1];
6750  	struct station_del_parameters params;
6751  
6752  	memset(&params, 0, sizeof(params));
6753  
6754  	if (info->attrs[NL80211_ATTR_MAC])
6755  		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6756  
6757  	switch (dev->ieee80211_ptr->iftype) {
6758  	case NL80211_IFTYPE_AP:
6759  	case NL80211_IFTYPE_AP_VLAN:
6760  	case NL80211_IFTYPE_MESH_POINT:
6761  	case NL80211_IFTYPE_P2P_GO:
6762  		/* always accept these */
6763  		break;
6764  	case NL80211_IFTYPE_ADHOC:
6765  		/* conditionally accept */
6766  		if (wiphy_ext_feature_isset(&rdev->wiphy,
6767  					    NL80211_EXT_FEATURE_DEL_IBSS_STA))
6768  			break;
6769  		return -EINVAL;
6770  	default:
6771  		return -EINVAL;
6772  	}
6773  
6774  	if (!rdev->ops->del_station)
6775  		return -EOPNOTSUPP;
6776  
6777  	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6778  		params.subtype =
6779  			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6780  		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6781  		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6782  			return -EINVAL;
6783  	} else {
6784  		/* Default to Deauthentication frame */
6785  		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6786  	}
6787  
6788  	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6789  		params.reason_code =
6790  			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6791  		if (params.reason_code == 0)
6792  			return -EINVAL; /* 0 is reserved */
6793  	} else {
6794  		/* Default to reason code 2 */
6795  		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6796  	}
6797  
6798  	return rdev_del_station(rdev, dev, &params);
6799  }
6800  
6801  static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6802  				int flags, struct net_device *dev,
6803  				u8 *dst, u8 *next_hop,
6804  				struct mpath_info *pinfo)
6805  {
6806  	void *hdr;
6807  	struct nlattr *pinfoattr;
6808  
6809  	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6810  	if (!hdr)
6811  		return -1;
6812  
6813  	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6814  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6815  	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6816  	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6817  		goto nla_put_failure;
6818  
6819  	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6820  	if (!pinfoattr)
6821  		goto nla_put_failure;
6822  	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6823  	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6824  			pinfo->frame_qlen))
6825  		goto nla_put_failure;
6826  	if (((pinfo->filled & MPATH_INFO_SN) &&
6827  	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6828  	    ((pinfo->filled & MPATH_INFO_METRIC) &&
6829  	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6830  			 pinfo->metric)) ||
6831  	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6832  	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6833  			 pinfo->exptime)) ||
6834  	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
6835  	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6836  			pinfo->flags)) ||
6837  	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6838  	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6839  			 pinfo->discovery_timeout)) ||
6840  	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6841  	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6842  			pinfo->discovery_retries)) ||
6843  	    ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6844  	     nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6845  			pinfo->hop_count)) ||
6846  	    ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6847  	     nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6848  			 pinfo->path_change_count)))
6849  		goto nla_put_failure;
6850  
6851  	nla_nest_end(msg, pinfoattr);
6852  
6853  	genlmsg_end(msg, hdr);
6854  	return 0;
6855  
6856   nla_put_failure:
6857  	genlmsg_cancel(msg, hdr);
6858  	return -EMSGSIZE;
6859  }
6860  
6861  static int nl80211_dump_mpath(struct sk_buff *skb,
6862  			      struct netlink_callback *cb)
6863  {
6864  	struct mpath_info pinfo;
6865  	struct cfg80211_registered_device *rdev;
6866  	struct wireless_dev *wdev;
6867  	u8 dst[ETH_ALEN];
6868  	u8 next_hop[ETH_ALEN];
6869  	int path_idx = cb->args[2];
6870  	int err;
6871  
6872  	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6873  	if (err)
6874  		return err;
6875  	/* nl80211_prepare_wdev_dump acquired it in the successful case */
6876  	__acquire(&rdev->wiphy.mtx);
6877  
6878  	if (!rdev->ops->dump_mpath) {
6879  		err = -EOPNOTSUPP;
6880  		goto out_err;
6881  	}
6882  
6883  	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6884  		err = -EOPNOTSUPP;
6885  		goto out_err;
6886  	}
6887  
6888  	while (1) {
6889  		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6890  				      next_hop, &pinfo);
6891  		if (err == -ENOENT)
6892  			break;
6893  		if (err)
6894  			goto out_err;
6895  
6896  		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6897  				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6898  				       wdev->netdev, dst, next_hop,
6899  				       &pinfo) < 0)
6900  			goto out;
6901  
6902  		path_idx++;
6903  	}
6904  
6905   out:
6906  	cb->args[2] = path_idx;
6907  	err = skb->len;
6908   out_err:
6909  	wiphy_unlock(&rdev->wiphy);
6910  	return err;
6911  }
6912  
6913  static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6914  {
6915  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6916  	int err;
6917  	struct net_device *dev = info->user_ptr[1];
6918  	struct mpath_info pinfo;
6919  	struct sk_buff *msg;
6920  	u8 *dst = NULL;
6921  	u8 next_hop[ETH_ALEN];
6922  
6923  	memset(&pinfo, 0, sizeof(pinfo));
6924  
6925  	if (!info->attrs[NL80211_ATTR_MAC])
6926  		return -EINVAL;
6927  
6928  	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6929  
6930  	if (!rdev->ops->get_mpath)
6931  		return -EOPNOTSUPP;
6932  
6933  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6934  		return -EOPNOTSUPP;
6935  
6936  	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6937  	if (err)
6938  		return err;
6939  
6940  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6941  	if (!msg)
6942  		return -ENOMEM;
6943  
6944  	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6945  				 dev, dst, next_hop, &pinfo) < 0) {
6946  		nlmsg_free(msg);
6947  		return -ENOBUFS;
6948  	}
6949  
6950  	return genlmsg_reply(msg, info);
6951  }
6952  
6953  static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6954  {
6955  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6956  	struct net_device *dev = info->user_ptr[1];
6957  	u8 *dst = NULL;
6958  	u8 *next_hop = NULL;
6959  
6960  	if (!info->attrs[NL80211_ATTR_MAC])
6961  		return -EINVAL;
6962  
6963  	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6964  		return -EINVAL;
6965  
6966  	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6967  	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6968  
6969  	if (!rdev->ops->change_mpath)
6970  		return -EOPNOTSUPP;
6971  
6972  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6973  		return -EOPNOTSUPP;
6974  
6975  	return rdev_change_mpath(rdev, dev, dst, next_hop);
6976  }
6977  
6978  static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6979  {
6980  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6981  	struct net_device *dev = info->user_ptr[1];
6982  	u8 *dst = NULL;
6983  	u8 *next_hop = NULL;
6984  
6985  	if (!info->attrs[NL80211_ATTR_MAC])
6986  		return -EINVAL;
6987  
6988  	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6989  		return -EINVAL;
6990  
6991  	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6992  	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6993  
6994  	if (!rdev->ops->add_mpath)
6995  		return -EOPNOTSUPP;
6996  
6997  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6998  		return -EOPNOTSUPP;
6999  
7000  	return rdev_add_mpath(rdev, dev, dst, next_hop);
7001  }
7002  
7003  static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
7004  {
7005  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7006  	struct net_device *dev = info->user_ptr[1];
7007  	u8 *dst = NULL;
7008  
7009  	if (info->attrs[NL80211_ATTR_MAC])
7010  		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7011  
7012  	if (!rdev->ops->del_mpath)
7013  		return -EOPNOTSUPP;
7014  
7015  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7016  		return -EOPNOTSUPP;
7017  
7018  	return rdev_del_mpath(rdev, dev, dst);
7019  }
7020  
7021  static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
7022  {
7023  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7024  	int err;
7025  	struct net_device *dev = info->user_ptr[1];
7026  	struct mpath_info pinfo;
7027  	struct sk_buff *msg;
7028  	u8 *dst = NULL;
7029  	u8 mpp[ETH_ALEN];
7030  
7031  	memset(&pinfo, 0, sizeof(pinfo));
7032  
7033  	if (!info->attrs[NL80211_ATTR_MAC])
7034  		return -EINVAL;
7035  
7036  	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
7037  
7038  	if (!rdev->ops->get_mpp)
7039  		return -EOPNOTSUPP;
7040  
7041  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7042  		return -EOPNOTSUPP;
7043  
7044  	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
7045  	if (err)
7046  		return err;
7047  
7048  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7049  	if (!msg)
7050  		return -ENOMEM;
7051  
7052  	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
7053  			       dev, dst, mpp, &pinfo) < 0) {
7054  		nlmsg_free(msg);
7055  		return -ENOBUFS;
7056  	}
7057  
7058  	return genlmsg_reply(msg, info);
7059  }
7060  
7061  static int nl80211_dump_mpp(struct sk_buff *skb,
7062  			    struct netlink_callback *cb)
7063  {
7064  	struct mpath_info pinfo;
7065  	struct cfg80211_registered_device *rdev;
7066  	struct wireless_dev *wdev;
7067  	u8 dst[ETH_ALEN];
7068  	u8 mpp[ETH_ALEN];
7069  	int path_idx = cb->args[2];
7070  	int err;
7071  
7072  	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
7073  	if (err)
7074  		return err;
7075  	/* nl80211_prepare_wdev_dump acquired it in the successful case */
7076  	__acquire(&rdev->wiphy.mtx);
7077  
7078  	if (!rdev->ops->dump_mpp) {
7079  		err = -EOPNOTSUPP;
7080  		goto out_err;
7081  	}
7082  
7083  	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
7084  		err = -EOPNOTSUPP;
7085  		goto out_err;
7086  	}
7087  
7088  	while (1) {
7089  		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
7090  				    mpp, &pinfo);
7091  		if (err == -ENOENT)
7092  			break;
7093  		if (err)
7094  			goto out_err;
7095  
7096  		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
7097  				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
7098  				       wdev->netdev, dst, mpp,
7099  				       &pinfo) < 0)
7100  			goto out;
7101  
7102  		path_idx++;
7103  	}
7104  
7105   out:
7106  	cb->args[2] = path_idx;
7107  	err = skb->len;
7108   out_err:
7109  	wiphy_unlock(&rdev->wiphy);
7110  	return err;
7111  }
7112  
7113  static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
7114  {
7115  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7116  	struct net_device *dev = info->user_ptr[1];
7117  	struct wireless_dev *wdev = dev->ieee80211_ptr;
7118  	struct bss_parameters params;
7119  	int err;
7120  
7121  	memset(&params, 0, sizeof(params));
7122  	/* default to not changing parameters */
7123  	params.use_cts_prot = -1;
7124  	params.use_short_preamble = -1;
7125  	params.use_short_slot_time = -1;
7126  	params.ap_isolate = -1;
7127  	params.ht_opmode = -1;
7128  	params.p2p_ctwindow = -1;
7129  	params.p2p_opp_ps = -1;
7130  
7131  	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
7132  		params.use_cts_prot =
7133  		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
7134  	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
7135  		params.use_short_preamble =
7136  		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
7137  	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
7138  		params.use_short_slot_time =
7139  		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
7140  	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7141  		params.basic_rates =
7142  			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7143  		params.basic_rates_len =
7144  			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7145  	}
7146  	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
7147  		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
7148  	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
7149  		params.ht_opmode =
7150  			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
7151  
7152  	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
7153  		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7154  			return -EINVAL;
7155  		params.p2p_ctwindow =
7156  			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
7157  		if (params.p2p_ctwindow != 0 &&
7158  		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
7159  			return -EINVAL;
7160  	}
7161  
7162  	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
7163  		u8 tmp;
7164  
7165  		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7166  			return -EINVAL;
7167  		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
7168  		params.p2p_opp_ps = tmp;
7169  		if (params.p2p_opp_ps &&
7170  		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
7171  			return -EINVAL;
7172  	}
7173  
7174  	if (!rdev->ops->change_bss)
7175  		return -EOPNOTSUPP;
7176  
7177  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
7178  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
7179  		return -EOPNOTSUPP;
7180  
7181  	wdev_lock(wdev);
7182  	err = rdev_change_bss(rdev, dev, &params);
7183  	wdev_unlock(wdev);
7184  
7185  	return err;
7186  }
7187  
7188  static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
7189  {
7190  	char *data = NULL;
7191  	bool is_indoor;
7192  	enum nl80211_user_reg_hint_type user_reg_hint_type;
7193  	u32 owner_nlportid;
7194  
7195  	/*
7196  	 * You should only get this when cfg80211 hasn't yet initialized
7197  	 * completely when built-in to the kernel right between the time
7198  	 * window between nl80211_init() and regulatory_init(), if that is
7199  	 * even possible.
7200  	 */
7201  	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
7202  		return -EINPROGRESS;
7203  
7204  	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
7205  		user_reg_hint_type =
7206  		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
7207  	else
7208  		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
7209  
7210  	switch (user_reg_hint_type) {
7211  	case NL80211_USER_REG_HINT_USER:
7212  	case NL80211_USER_REG_HINT_CELL_BASE:
7213  		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7214  			return -EINVAL;
7215  
7216  		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7217  		return regulatory_hint_user(data, user_reg_hint_type);
7218  	case NL80211_USER_REG_HINT_INDOOR:
7219  		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
7220  			owner_nlportid = info->snd_portid;
7221  			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
7222  		} else {
7223  			owner_nlportid = 0;
7224  			is_indoor = true;
7225  		}
7226  
7227  		return regulatory_hint_indoor(is_indoor, owner_nlportid);
7228  	default:
7229  		return -EINVAL;
7230  	}
7231  }
7232  
7233  static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
7234  {
7235  	return reg_reload_regdb();
7236  }
7237  
7238  static int nl80211_get_mesh_config(struct sk_buff *skb,
7239  				   struct genl_info *info)
7240  {
7241  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7242  	struct net_device *dev = info->user_ptr[1];
7243  	struct wireless_dev *wdev = dev->ieee80211_ptr;
7244  	struct mesh_config cur_params;
7245  	int err = 0;
7246  	void *hdr;
7247  	struct nlattr *pinfoattr;
7248  	struct sk_buff *msg;
7249  
7250  	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7251  		return -EOPNOTSUPP;
7252  
7253  	if (!rdev->ops->get_mesh_config)
7254  		return -EOPNOTSUPP;
7255  
7256  	wdev_lock(wdev);
7257  	/* If not connected, get default parameters */
7258  	if (!wdev->mesh_id_len)
7259  		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
7260  	else
7261  		err = rdev_get_mesh_config(rdev, dev, &cur_params);
7262  	wdev_unlock(wdev);
7263  
7264  	if (err)
7265  		return err;
7266  
7267  	/* Draw up a netlink message to send back */
7268  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7269  	if (!msg)
7270  		return -ENOMEM;
7271  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7272  			     NL80211_CMD_GET_MESH_CONFIG);
7273  	if (!hdr)
7274  		goto out;
7275  	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
7276  	if (!pinfoattr)
7277  		goto nla_put_failure;
7278  	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
7279  	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
7280  			cur_params.dot11MeshRetryTimeout) ||
7281  	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
7282  			cur_params.dot11MeshConfirmTimeout) ||
7283  	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
7284  			cur_params.dot11MeshHoldingTimeout) ||
7285  	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
7286  			cur_params.dot11MeshMaxPeerLinks) ||
7287  	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
7288  		       cur_params.dot11MeshMaxRetries) ||
7289  	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
7290  		       cur_params.dot11MeshTTL) ||
7291  	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
7292  		       cur_params.element_ttl) ||
7293  	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7294  		       cur_params.auto_open_plinks) ||
7295  	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7296  			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
7297  	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7298  		       cur_params.dot11MeshHWMPmaxPREQretries) ||
7299  	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
7300  			cur_params.path_refresh_time) ||
7301  	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7302  			cur_params.min_discovery_timeout) ||
7303  	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7304  			cur_params.dot11MeshHWMPactivePathTimeout) ||
7305  	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7306  			cur_params.dot11MeshHWMPpreqMinInterval) ||
7307  	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7308  			cur_params.dot11MeshHWMPperrMinInterval) ||
7309  	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7310  			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
7311  	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
7312  		       cur_params.dot11MeshHWMPRootMode) ||
7313  	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7314  			cur_params.dot11MeshHWMPRannInterval) ||
7315  	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7316  		       cur_params.dot11MeshGateAnnouncementProtocol) ||
7317  	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
7318  		       cur_params.dot11MeshForwarding) ||
7319  	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
7320  			cur_params.rssi_threshold) ||
7321  	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
7322  			cur_params.ht_opmode) ||
7323  	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7324  			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
7325  	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7326  			cur_params.dot11MeshHWMProotInterval) ||
7327  	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7328  			cur_params.dot11MeshHWMPconfirmationInterval) ||
7329  	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
7330  			cur_params.power_mode) ||
7331  	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
7332  			cur_params.dot11MeshAwakeWindowDuration) ||
7333  	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
7334  			cur_params.plink_timeout) ||
7335  	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
7336  		       cur_params.dot11MeshConnectedToMeshGate) ||
7337  	    nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
7338  		       cur_params.dot11MeshNolearn) ||
7339  	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
7340  		       cur_params.dot11MeshConnectedToAuthServer))
7341  		goto nla_put_failure;
7342  	nla_nest_end(msg, pinfoattr);
7343  	genlmsg_end(msg, hdr);
7344  	return genlmsg_reply(msg, info);
7345  
7346   nla_put_failure:
7347   out:
7348  	nlmsg_free(msg);
7349  	return -ENOBUFS;
7350  }
7351  
7352  static const struct nla_policy
7353  nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
7354  	[NL80211_MESHCONF_RETRY_TIMEOUT] =
7355  		NLA_POLICY_RANGE(NLA_U16, 1, 255),
7356  	[NL80211_MESHCONF_CONFIRM_TIMEOUT] =
7357  		NLA_POLICY_RANGE(NLA_U16, 1, 255),
7358  	[NL80211_MESHCONF_HOLDING_TIMEOUT] =
7359  		NLA_POLICY_RANGE(NLA_U16, 1, 255),
7360  	[NL80211_MESHCONF_MAX_PEER_LINKS] =
7361  		NLA_POLICY_RANGE(NLA_U16, 0, 255),
7362  	[NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
7363  	[NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7364  	[NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
7365  	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
7366  	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
7367  		NLA_POLICY_RANGE(NLA_U32, 1, 255),
7368  	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
7369  	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
7370  	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
7371  	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
7372  	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
7373  		NLA_POLICY_MIN(NLA_U16, 1),
7374  	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
7375  		NLA_POLICY_MIN(NLA_U16, 1),
7376  	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
7377  		NLA_POLICY_MIN(NLA_U16, 1),
7378  	[NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
7379  	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
7380  		NLA_POLICY_MIN(NLA_U16, 1),
7381  	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
7382  	[NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
7383  	[NL80211_MESHCONF_RSSI_THRESHOLD] =
7384  		NLA_POLICY_RANGE(NLA_S32, -255, 0),
7385  	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
7386  	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
7387  	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
7388  		NLA_POLICY_MIN(NLA_U16, 1),
7389  	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
7390  		NLA_POLICY_MIN(NLA_U16, 1),
7391  	[NL80211_MESHCONF_POWER_MODE] =
7392  		NLA_POLICY_RANGE(NLA_U32,
7393  				 NL80211_MESH_POWER_ACTIVE,
7394  				 NL80211_MESH_POWER_MAX),
7395  	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
7396  	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
7397  	[NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7398  	[NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7399  	[NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
7400  };
7401  
7402  static const struct nla_policy
7403  	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
7404  	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
7405  	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
7406  	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
7407  	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
7408  	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
7409  	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
7410  	[NL80211_MESH_SETUP_IE] =
7411  		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
7412  				       IEEE80211_MAX_DATA_LEN),
7413  	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
7414  };
7415  
7416  static int nl80211_parse_mesh_config(struct genl_info *info,
7417  				     struct mesh_config *cfg,
7418  				     u32 *mask_out)
7419  {
7420  	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
7421  	u32 mask = 0;
7422  	u16 ht_opmode;
7423  
7424  #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)	\
7425  do {									\
7426  	if (tb[attr]) {							\
7427  		cfg->param = fn(tb[attr]);				\
7428  		mask |= BIT((attr) - 1);				\
7429  	}								\
7430  } while (0)
7431  
7432  	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
7433  		return -EINVAL;
7434  	if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
7435  		return -EINVAL;
7436  
7437  	/* This makes sure that there aren't more than 32 mesh config
7438  	 * parameters (otherwise our bitfield scheme would not work.) */
7439  	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
7440  
7441  	/* Fill in the params struct */
7442  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
7443  				  NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
7444  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
7445  				  NL80211_MESHCONF_CONFIRM_TIMEOUT,
7446  				  nla_get_u16);
7447  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
7448  				  NL80211_MESHCONF_HOLDING_TIMEOUT,
7449  				  nla_get_u16);
7450  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
7451  				  NL80211_MESHCONF_MAX_PEER_LINKS,
7452  				  nla_get_u16);
7453  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
7454  				  NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
7455  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
7456  				  NL80211_MESHCONF_TTL, nla_get_u8);
7457  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
7458  				  NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
7459  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
7460  				  NL80211_MESHCONF_AUTO_OPEN_PLINKS,
7461  				  nla_get_u8);
7462  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
7463  				  mask,
7464  				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
7465  				  nla_get_u32);
7466  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
7467  				  NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
7468  				  nla_get_u8);
7469  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
7470  				  NL80211_MESHCONF_PATH_REFRESH_TIME,
7471  				  nla_get_u32);
7472  	if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
7473  	    (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
7474  		return -EINVAL;
7475  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
7476  				  NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
7477  				  nla_get_u16);
7478  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
7479  				  mask,
7480  				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
7481  				  nla_get_u32);
7482  	if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
7483  	    (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
7484  	     cfg->dot11MeshHWMPactivePathTimeout > 65535))
7485  		return -EINVAL;
7486  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
7487  				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
7488  				  nla_get_u16);
7489  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
7490  				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
7491  				  nla_get_u16);
7492  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7493  				  dot11MeshHWMPnetDiameterTraversalTime, mask,
7494  				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
7495  				  nla_get_u16);
7496  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
7497  				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
7498  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
7499  				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
7500  				  nla_get_u16);
7501  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
7502  				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
7503  				  nla_get_u8);
7504  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
7505  				  NL80211_MESHCONF_FORWARDING, nla_get_u8);
7506  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
7507  				  NL80211_MESHCONF_RSSI_THRESHOLD,
7508  				  nla_get_s32);
7509  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
7510  				  NL80211_MESHCONF_CONNECTED_TO_GATE,
7511  				  nla_get_u8);
7512  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
7513  				  NL80211_MESHCONF_CONNECTED_TO_AS,
7514  				  nla_get_u8);
7515  	/*
7516  	 * Check HT operation mode based on
7517  	 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
7518  	 */
7519  	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
7520  		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
7521  
7522  		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
7523  				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
7524  				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
7525  			return -EINVAL;
7526  
7527  		/* NON_HT_STA bit is reserved, but some programs set it */
7528  		ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
7529  
7530  		cfg->ht_opmode = ht_opmode;
7531  		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
7532  	}
7533  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
7534  				  dot11MeshHWMPactivePathToRootTimeout, mask,
7535  				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
7536  				  nla_get_u32);
7537  	if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
7538  	    (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
7539  	     cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
7540  		return -EINVAL;
7541  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
7542  				  NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
7543  				  nla_get_u16);
7544  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
7545  				  mask,
7546  				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
7547  				  nla_get_u16);
7548  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
7549  				  NL80211_MESHCONF_POWER_MODE, nla_get_u32);
7550  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
7551  				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
7552  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
7553  				  NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
7554  	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
7555  				  NL80211_MESHCONF_NOLEARN, nla_get_u8);
7556  	if (mask_out)
7557  		*mask_out = mask;
7558  
7559  	return 0;
7560  
7561  #undef FILL_IN_MESH_PARAM_IF_SET
7562  }
7563  
7564  static int nl80211_parse_mesh_setup(struct genl_info *info,
7565  				     struct mesh_setup *setup)
7566  {
7567  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7568  	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
7569  
7570  	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
7571  		return -EINVAL;
7572  	if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
7573  		return -EINVAL;
7574  
7575  	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
7576  		setup->sync_method =
7577  		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
7578  		 IEEE80211_SYNC_METHOD_VENDOR :
7579  		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
7580  
7581  	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
7582  		setup->path_sel_proto =
7583  		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
7584  		 IEEE80211_PATH_PROTOCOL_VENDOR :
7585  		 IEEE80211_PATH_PROTOCOL_HWMP;
7586  
7587  	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
7588  		setup->path_metric =
7589  		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
7590  		 IEEE80211_PATH_METRIC_VENDOR :
7591  		 IEEE80211_PATH_METRIC_AIRTIME;
7592  
7593  	if (tb[NL80211_MESH_SETUP_IE]) {
7594  		struct nlattr *ieattr =
7595  			tb[NL80211_MESH_SETUP_IE];
7596  		setup->ie = nla_data(ieattr);
7597  		setup->ie_len = nla_len(ieattr);
7598  	}
7599  	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
7600  	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
7601  		return -EINVAL;
7602  	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
7603  	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
7604  	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
7605  	if (setup->is_secure)
7606  		setup->user_mpm = true;
7607  
7608  	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
7609  		if (!setup->user_mpm)
7610  			return -EINVAL;
7611  		setup->auth_id =
7612  			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
7613  	}
7614  
7615  	return 0;
7616  }
7617  
7618  static int nl80211_update_mesh_config(struct sk_buff *skb,
7619  				      struct genl_info *info)
7620  {
7621  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7622  	struct net_device *dev = info->user_ptr[1];
7623  	struct wireless_dev *wdev = dev->ieee80211_ptr;
7624  	struct mesh_config cfg;
7625  	u32 mask;
7626  	int err;
7627  
7628  	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
7629  		return -EOPNOTSUPP;
7630  
7631  	if (!rdev->ops->update_mesh_config)
7632  		return -EOPNOTSUPP;
7633  
7634  	err = nl80211_parse_mesh_config(info, &cfg, &mask);
7635  	if (err)
7636  		return err;
7637  
7638  	wdev_lock(wdev);
7639  	if (!wdev->mesh_id_len)
7640  		err = -ENOLINK;
7641  
7642  	if (!err)
7643  		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
7644  
7645  	wdev_unlock(wdev);
7646  
7647  	return err;
7648  }
7649  
7650  static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
7651  			      struct sk_buff *msg)
7652  {
7653  	struct nlattr *nl_reg_rules;
7654  	unsigned int i;
7655  
7656  	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
7657  	    (regdom->dfs_region &&
7658  	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
7659  		goto nla_put_failure;
7660  
7661  	nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
7662  	if (!nl_reg_rules)
7663  		goto nla_put_failure;
7664  
7665  	for (i = 0; i < regdom->n_reg_rules; i++) {
7666  		struct nlattr *nl_reg_rule;
7667  		const struct ieee80211_reg_rule *reg_rule;
7668  		const struct ieee80211_freq_range *freq_range;
7669  		const struct ieee80211_power_rule *power_rule;
7670  		unsigned int max_bandwidth_khz;
7671  
7672  		reg_rule = &regdom->reg_rules[i];
7673  		freq_range = &reg_rule->freq_range;
7674  		power_rule = &reg_rule->power_rule;
7675  
7676  		nl_reg_rule = nla_nest_start_noflag(msg, i);
7677  		if (!nl_reg_rule)
7678  			goto nla_put_failure;
7679  
7680  		max_bandwidth_khz = freq_range->max_bandwidth_khz;
7681  		if (!max_bandwidth_khz)
7682  			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
7683  								  reg_rule);
7684  
7685  		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
7686  				reg_rule->flags) ||
7687  		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
7688  				freq_range->start_freq_khz) ||
7689  		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
7690  				freq_range->end_freq_khz) ||
7691  		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
7692  				max_bandwidth_khz) ||
7693  		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
7694  				power_rule->max_antenna_gain) ||
7695  		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
7696  				power_rule->max_eirp) ||
7697  		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
7698  				reg_rule->dfs_cac_ms))
7699  			goto nla_put_failure;
7700  
7701  		nla_nest_end(msg, nl_reg_rule);
7702  	}
7703  
7704  	nla_nest_end(msg, nl_reg_rules);
7705  	return 0;
7706  
7707  nla_put_failure:
7708  	return -EMSGSIZE;
7709  }
7710  
7711  static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
7712  {
7713  	const struct ieee80211_regdomain *regdom = NULL;
7714  	struct cfg80211_registered_device *rdev;
7715  	struct wiphy *wiphy = NULL;
7716  	struct sk_buff *msg;
7717  	void *hdr;
7718  
7719  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7720  	if (!msg)
7721  		return -ENOBUFS;
7722  
7723  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7724  			     NL80211_CMD_GET_REG);
7725  	if (!hdr)
7726  		goto put_failure;
7727  
7728  	rtnl_lock();
7729  
7730  	if (info->attrs[NL80211_ATTR_WIPHY]) {
7731  		bool self_managed;
7732  
7733  		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7734  		if (IS_ERR(rdev)) {
7735  			nlmsg_free(msg);
7736  			rtnl_unlock();
7737  			return PTR_ERR(rdev);
7738  		}
7739  
7740  		wiphy = &rdev->wiphy;
7741  		self_managed = wiphy->regulatory_flags &
7742  			       REGULATORY_WIPHY_SELF_MANAGED;
7743  		regdom = get_wiphy_regdom(wiphy);
7744  
7745  		/* a self-managed-reg device must have a private regdom */
7746  		if (WARN_ON(!regdom && self_managed)) {
7747  			nlmsg_free(msg);
7748  			rtnl_unlock();
7749  			return -EINVAL;
7750  		}
7751  
7752  		if (regdom &&
7753  		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7754  			goto nla_put_failure;
7755  	}
7756  
7757  	if (!wiphy && reg_last_request_cell_base() &&
7758  	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7759  			NL80211_USER_REG_HINT_CELL_BASE))
7760  		goto nla_put_failure;
7761  
7762  	rcu_read_lock();
7763  
7764  	if (!regdom)
7765  		regdom = rcu_dereference(cfg80211_regdomain);
7766  
7767  	if (nl80211_put_regdom(regdom, msg))
7768  		goto nla_put_failure_rcu;
7769  
7770  	rcu_read_unlock();
7771  
7772  	genlmsg_end(msg, hdr);
7773  	rtnl_unlock();
7774  	return genlmsg_reply(msg, info);
7775  
7776  nla_put_failure_rcu:
7777  	rcu_read_unlock();
7778  nla_put_failure:
7779  	rtnl_unlock();
7780  put_failure:
7781  	nlmsg_free(msg);
7782  	return -EMSGSIZE;
7783  }
7784  
7785  static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7786  			       u32 seq, int flags, struct wiphy *wiphy,
7787  			       const struct ieee80211_regdomain *regdom)
7788  {
7789  	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7790  				   NL80211_CMD_GET_REG);
7791  
7792  	if (!hdr)
7793  		return -1;
7794  
7795  	genl_dump_check_consistent(cb, hdr);
7796  
7797  	if (nl80211_put_regdom(regdom, msg))
7798  		goto nla_put_failure;
7799  
7800  	if (!wiphy && reg_last_request_cell_base() &&
7801  	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7802  			NL80211_USER_REG_HINT_CELL_BASE))
7803  		goto nla_put_failure;
7804  
7805  	if (wiphy &&
7806  	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7807  		goto nla_put_failure;
7808  
7809  	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7810  	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7811  		goto nla_put_failure;
7812  
7813  	genlmsg_end(msg, hdr);
7814  	return 0;
7815  
7816  nla_put_failure:
7817  	genlmsg_cancel(msg, hdr);
7818  	return -EMSGSIZE;
7819  }
7820  
7821  static int nl80211_get_reg_dump(struct sk_buff *skb,
7822  				struct netlink_callback *cb)
7823  {
7824  	const struct ieee80211_regdomain *regdom = NULL;
7825  	struct cfg80211_registered_device *rdev;
7826  	int err, reg_idx, start = cb->args[2];
7827  
7828  	rtnl_lock();
7829  
7830  	if (cfg80211_regdomain && start == 0) {
7831  		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7832  					  NLM_F_MULTI, NULL,
7833  					  rtnl_dereference(cfg80211_regdomain));
7834  		if (err < 0)
7835  			goto out_err;
7836  	}
7837  
7838  	/* the global regdom is idx 0 */
7839  	reg_idx = 1;
7840  	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7841  		regdom = get_wiphy_regdom(&rdev->wiphy);
7842  		if (!regdom)
7843  			continue;
7844  
7845  		if (++reg_idx <= start)
7846  			continue;
7847  
7848  		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7849  					  NLM_F_MULTI, &rdev->wiphy, regdom);
7850  		if (err < 0) {
7851  			reg_idx--;
7852  			break;
7853  		}
7854  	}
7855  
7856  	cb->args[2] = reg_idx;
7857  	err = skb->len;
7858  out_err:
7859  	rtnl_unlock();
7860  	return err;
7861  }
7862  
7863  #ifdef CONFIG_CFG80211_CRDA_SUPPORT
7864  static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7865  	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
7866  	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
7867  	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
7868  	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
7869  	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
7870  	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
7871  	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
7872  };
7873  
7874  static int parse_reg_rule(struct nlattr *tb[],
7875  	struct ieee80211_reg_rule *reg_rule)
7876  {
7877  	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
7878  	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
7879  
7880  	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7881  		return -EINVAL;
7882  	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7883  		return -EINVAL;
7884  	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7885  		return -EINVAL;
7886  	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7887  		return -EINVAL;
7888  	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7889  		return -EINVAL;
7890  
7891  	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7892  
7893  	freq_range->start_freq_khz =
7894  		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7895  	freq_range->end_freq_khz =
7896  		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7897  	freq_range->max_bandwidth_khz =
7898  		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7899  
7900  	power_rule->max_eirp =
7901  		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7902  
7903  	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7904  		power_rule->max_antenna_gain =
7905  			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7906  
7907  	if (tb[NL80211_ATTR_DFS_CAC_TIME])
7908  		reg_rule->dfs_cac_ms =
7909  			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7910  
7911  	return 0;
7912  }
7913  
7914  static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7915  {
7916  	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7917  	struct nlattr *nl_reg_rule;
7918  	char *alpha2;
7919  	int rem_reg_rules, r;
7920  	u32 num_rules = 0, rule_idx = 0;
7921  	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7922  	struct ieee80211_regdomain *rd;
7923  
7924  	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7925  		return -EINVAL;
7926  
7927  	if (!info->attrs[NL80211_ATTR_REG_RULES])
7928  		return -EINVAL;
7929  
7930  	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7931  
7932  	if (info->attrs[NL80211_ATTR_DFS_REGION])
7933  		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7934  
7935  	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7936  			    rem_reg_rules) {
7937  		num_rules++;
7938  		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7939  			return -EINVAL;
7940  	}
7941  
7942  	rtnl_lock();
7943  	if (!reg_is_valid_request(alpha2)) {
7944  		r = -EINVAL;
7945  		goto out;
7946  	}
7947  
7948  	rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7949  	if (!rd) {
7950  		r = -ENOMEM;
7951  		goto out;
7952  	}
7953  
7954  	rd->n_reg_rules = num_rules;
7955  	rd->alpha2[0] = alpha2[0];
7956  	rd->alpha2[1] = alpha2[1];
7957  
7958  	/*
7959  	 * Disable DFS master mode if the DFS region was
7960  	 * not supported or known on this kernel.
7961  	 */
7962  	if (reg_supported_dfs_region(dfs_region))
7963  		rd->dfs_region = dfs_region;
7964  
7965  	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7966  			    rem_reg_rules) {
7967  		r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7968  						nl_reg_rule, reg_rule_policy,
7969  						info->extack);
7970  		if (r)
7971  			goto bad_reg;
7972  		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7973  		if (r)
7974  			goto bad_reg;
7975  
7976  		rule_idx++;
7977  
7978  		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7979  			r = -EINVAL;
7980  			goto bad_reg;
7981  		}
7982  	}
7983  
7984  	r = set_regdom(rd, REGD_SOURCE_CRDA);
7985  	/* set_regdom takes ownership of rd */
7986  	rd = NULL;
7987   bad_reg:
7988  	kfree(rd);
7989   out:
7990  	rtnl_unlock();
7991  	return r;
7992  }
7993  #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7994  
7995  static int validate_scan_freqs(struct nlattr *freqs)
7996  {
7997  	struct nlattr *attr1, *attr2;
7998  	int n_channels = 0, tmp1, tmp2;
7999  
8000  	nla_for_each_nested(attr1, freqs, tmp1)
8001  		if (nla_len(attr1) != sizeof(u32))
8002  			return 0;
8003  
8004  	nla_for_each_nested(attr1, freqs, tmp1) {
8005  		n_channels++;
8006  		/*
8007  		 * Some hardware has a limited channel list for
8008  		 * scanning, and it is pretty much nonsensical
8009  		 * to scan for a channel twice, so disallow that
8010  		 * and don't require drivers to check that the
8011  		 * channel list they get isn't longer than what
8012  		 * they can scan, as long as they can scan all
8013  		 * the channels they registered at once.
8014  		 */
8015  		nla_for_each_nested(attr2, freqs, tmp2)
8016  			if (attr1 != attr2 &&
8017  			    nla_get_u32(attr1) == nla_get_u32(attr2))
8018  				return 0;
8019  	}
8020  
8021  	return n_channels;
8022  }
8023  
8024  static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
8025  {
8026  	return b < NUM_NL80211_BANDS && wiphy->bands[b];
8027  }
8028  
8029  static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
8030  			    struct cfg80211_bss_selection *bss_select)
8031  {
8032  	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
8033  	struct nlattr *nest;
8034  	int err;
8035  	bool found = false;
8036  	int i;
8037  
8038  	/* only process one nested attribute */
8039  	nest = nla_data(nla);
8040  	if (!nla_ok(nest, nla_len(nest)))
8041  		return -EINVAL;
8042  
8043  	err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
8044  					  nest, nl80211_bss_select_policy,
8045  					  NULL);
8046  	if (err)
8047  		return err;
8048  
8049  	/* only one attribute may be given */
8050  	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
8051  		if (attr[i]) {
8052  			if (found)
8053  				return -EINVAL;
8054  			found = true;
8055  		}
8056  	}
8057  
8058  	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
8059  
8060  	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
8061  		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
8062  
8063  	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
8064  		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
8065  		bss_select->param.band_pref =
8066  			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
8067  		if (!is_band_valid(wiphy, bss_select->param.band_pref))
8068  			return -EINVAL;
8069  	}
8070  
8071  	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
8072  		struct nl80211_bss_select_rssi_adjust *adj_param;
8073  
8074  		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
8075  		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
8076  		bss_select->param.adjust.band = adj_param->band;
8077  		bss_select->param.adjust.delta = adj_param->delta;
8078  		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
8079  			return -EINVAL;
8080  	}
8081  
8082  	/* user-space did not provide behaviour attribute */
8083  	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
8084  		return -EINVAL;
8085  
8086  	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
8087  		return -EINVAL;
8088  
8089  	return 0;
8090  }
8091  
8092  int nl80211_parse_random_mac(struct nlattr **attrs,
8093  			     u8 *mac_addr, u8 *mac_addr_mask)
8094  {
8095  	int i;
8096  
8097  	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
8098  		eth_zero_addr(mac_addr);
8099  		eth_zero_addr(mac_addr_mask);
8100  		mac_addr[0] = 0x2;
8101  		mac_addr_mask[0] = 0x3;
8102  
8103  		return 0;
8104  	}
8105  
8106  	/* need both or none */
8107  	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
8108  		return -EINVAL;
8109  
8110  	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
8111  	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
8112  
8113  	/* don't allow or configure an mcast address */
8114  	if (!is_multicast_ether_addr(mac_addr_mask) ||
8115  	    is_multicast_ether_addr(mac_addr))
8116  		return -EINVAL;
8117  
8118  	/*
8119  	 * allow users to pass a MAC address that has bits set outside
8120  	 * of the mask, but don't bother drivers with having to deal
8121  	 * with such bits
8122  	 */
8123  	for (i = 0; i < ETH_ALEN; i++)
8124  		mac_addr[i] &= mac_addr_mask[i];
8125  
8126  	return 0;
8127  }
8128  
8129  static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
8130  {
8131  	ASSERT_WDEV_LOCK(wdev);
8132  
8133  	if (!cfg80211_beaconing_iface_active(wdev))
8134  		return true;
8135  
8136  	if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
8137  		return true;
8138  
8139  	return regulatory_pre_cac_allowed(wdev->wiphy);
8140  }
8141  
8142  static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
8143  				    enum nl80211_ext_feature_index feat)
8144  {
8145  	if (!(flags & flag))
8146  		return true;
8147  	if (wiphy_ext_feature_isset(wiphy, feat))
8148  		return true;
8149  	return false;
8150  }
8151  
8152  static int
8153  nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
8154  			 void *request, struct nlattr **attrs,
8155  			 bool is_sched_scan)
8156  {
8157  	u8 *mac_addr, *mac_addr_mask;
8158  	u32 *flags;
8159  	enum nl80211_feature_flags randomness_flag;
8160  
8161  	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
8162  		return 0;
8163  
8164  	if (is_sched_scan) {
8165  		struct cfg80211_sched_scan_request *req = request;
8166  
8167  		randomness_flag = wdev ?
8168  				  NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
8169  				  NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
8170  		flags = &req->flags;
8171  		mac_addr = req->mac_addr;
8172  		mac_addr_mask = req->mac_addr_mask;
8173  	} else {
8174  		struct cfg80211_scan_request *req = request;
8175  
8176  		randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
8177  		flags = &req->flags;
8178  		mac_addr = req->mac_addr;
8179  		mac_addr_mask = req->mac_addr_mask;
8180  	}
8181  
8182  	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
8183  
8184  	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
8185  	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
8186  	    !nl80211_check_scan_feat(wiphy, *flags,
8187  				     NL80211_SCAN_FLAG_LOW_SPAN,
8188  				     NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
8189  	    !nl80211_check_scan_feat(wiphy, *flags,
8190  				     NL80211_SCAN_FLAG_LOW_POWER,
8191  				     NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
8192  	    !nl80211_check_scan_feat(wiphy, *flags,
8193  				     NL80211_SCAN_FLAG_HIGH_ACCURACY,
8194  				     NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
8195  	    !nl80211_check_scan_feat(wiphy, *flags,
8196  				     NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
8197  				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
8198  	    !nl80211_check_scan_feat(wiphy, *flags,
8199  				     NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
8200  				     NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
8201  	    !nl80211_check_scan_feat(wiphy, *flags,
8202  				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
8203  				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
8204  	    !nl80211_check_scan_feat(wiphy, *flags,
8205  				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
8206  				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
8207  	    !nl80211_check_scan_feat(wiphy, *flags,
8208  				     NL80211_SCAN_FLAG_RANDOM_SN,
8209  				     NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
8210  	    !nl80211_check_scan_feat(wiphy, *flags,
8211  				     NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
8212  				     NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
8213  		return -EOPNOTSUPP;
8214  
8215  	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
8216  		int err;
8217  
8218  		if (!(wiphy->features & randomness_flag) ||
8219  		    (wdev && wdev->current_bss))
8220  			return -EOPNOTSUPP;
8221  
8222  		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
8223  		if (err)
8224  			return err;
8225  	}
8226  
8227  	return 0;
8228  }
8229  
8230  static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
8231  {
8232  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8233  	struct wireless_dev *wdev = info->user_ptr[1];
8234  	struct cfg80211_scan_request *request;
8235  	struct nlattr *scan_freqs = NULL;
8236  	bool scan_freqs_khz = false;
8237  	struct nlattr *attr;
8238  	struct wiphy *wiphy;
8239  	int err, tmp, n_ssids = 0, n_channels, i;
8240  	size_t ie_len;
8241  
8242  	wiphy = &rdev->wiphy;
8243  
8244  	if (wdev->iftype == NL80211_IFTYPE_NAN)
8245  		return -EOPNOTSUPP;
8246  
8247  	if (!rdev->ops->scan)
8248  		return -EOPNOTSUPP;
8249  
8250  	if (rdev->scan_req || rdev->scan_msg)
8251  		return -EBUSY;
8252  
8253  	if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
8254  		if (!wiphy_ext_feature_isset(wiphy,
8255  					     NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
8256  			return -EOPNOTSUPP;
8257  		scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
8258  		scan_freqs_khz = true;
8259  	} else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
8260  		scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
8261  
8262  	if (scan_freqs) {
8263  		n_channels = validate_scan_freqs(scan_freqs);
8264  		if (!n_channels)
8265  			return -EINVAL;
8266  	} else {
8267  		n_channels = ieee80211_get_num_supported_channels(wiphy);
8268  	}
8269  
8270  	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
8271  		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
8272  			n_ssids++;
8273  
8274  	if (n_ssids > wiphy->max_scan_ssids)
8275  		return -EINVAL;
8276  
8277  	if (info->attrs[NL80211_ATTR_IE])
8278  		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8279  	else
8280  		ie_len = 0;
8281  
8282  	if (ie_len > wiphy->max_scan_ie_len)
8283  		return -EINVAL;
8284  
8285  	request = kzalloc(sizeof(*request)
8286  			+ sizeof(*request->ssids) * n_ssids
8287  			+ sizeof(*request->channels) * n_channels
8288  			+ ie_len, GFP_KERNEL);
8289  	if (!request)
8290  		return -ENOMEM;
8291  
8292  	if (n_ssids)
8293  		request->ssids = (void *)&request->channels[n_channels];
8294  	request->n_ssids = n_ssids;
8295  	if (ie_len) {
8296  		if (n_ssids)
8297  			request->ie = (void *)(request->ssids + n_ssids);
8298  		else
8299  			request->ie = (void *)(request->channels + n_channels);
8300  	}
8301  
8302  	i = 0;
8303  	if (scan_freqs) {
8304  		/* user specified, bail out if channel not found */
8305  		nla_for_each_nested(attr, scan_freqs, tmp) {
8306  			struct ieee80211_channel *chan;
8307  			int freq = nla_get_u32(attr);
8308  
8309  			if (!scan_freqs_khz)
8310  				freq = MHZ_TO_KHZ(freq);
8311  
8312  			chan = ieee80211_get_channel_khz(wiphy, freq);
8313  			if (!chan) {
8314  				err = -EINVAL;
8315  				goto out_free;
8316  			}
8317  
8318  			/* ignore disabled channels */
8319  			if (chan->flags & IEEE80211_CHAN_DISABLED)
8320  				continue;
8321  
8322  			request->channels[i] = chan;
8323  			i++;
8324  		}
8325  	} else {
8326  		enum nl80211_band band;
8327  
8328  		/* all channels */
8329  		for (band = 0; band < NUM_NL80211_BANDS; band++) {
8330  			int j;
8331  
8332  			if (!wiphy->bands[band])
8333  				continue;
8334  			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8335  				struct ieee80211_channel *chan;
8336  
8337  				chan = &wiphy->bands[band]->channels[j];
8338  
8339  				if (chan->flags & IEEE80211_CHAN_DISABLED)
8340  					continue;
8341  
8342  				request->channels[i] = chan;
8343  				i++;
8344  			}
8345  		}
8346  	}
8347  
8348  	if (!i) {
8349  		err = -EINVAL;
8350  		goto out_free;
8351  	}
8352  
8353  	request->n_channels = i;
8354  
8355  	wdev_lock(wdev);
8356  	if (!cfg80211_off_channel_oper_allowed(wdev)) {
8357  		struct ieee80211_channel *chan;
8358  
8359  		if (request->n_channels != 1) {
8360  			wdev_unlock(wdev);
8361  			err = -EBUSY;
8362  			goto out_free;
8363  		}
8364  
8365  		chan = request->channels[0];
8366  		if (chan->center_freq != wdev->chandef.chan->center_freq) {
8367  			wdev_unlock(wdev);
8368  			err = -EBUSY;
8369  			goto out_free;
8370  		}
8371  	}
8372  	wdev_unlock(wdev);
8373  
8374  	i = 0;
8375  	if (n_ssids) {
8376  		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
8377  			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8378  				err = -EINVAL;
8379  				goto out_free;
8380  			}
8381  			request->ssids[i].ssid_len = nla_len(attr);
8382  			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
8383  			i++;
8384  		}
8385  	}
8386  
8387  	if (info->attrs[NL80211_ATTR_IE]) {
8388  		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8389  		memcpy((void *)request->ie,
8390  		       nla_data(info->attrs[NL80211_ATTR_IE]),
8391  		       request->ie_len);
8392  	}
8393  
8394  	for (i = 0; i < NUM_NL80211_BANDS; i++)
8395  		if (wiphy->bands[i])
8396  			request->rates[i] =
8397  				(1 << wiphy->bands[i]->n_bitrates) - 1;
8398  
8399  	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
8400  		nla_for_each_nested(attr,
8401  				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
8402  				    tmp) {
8403  			enum nl80211_band band = nla_type(attr);
8404  
8405  			if (band < 0 || band >= NUM_NL80211_BANDS) {
8406  				err = -EINVAL;
8407  				goto out_free;
8408  			}
8409  
8410  			if (!wiphy->bands[band])
8411  				continue;
8412  
8413  			err = ieee80211_get_ratemask(wiphy->bands[band],
8414  						     nla_data(attr),
8415  						     nla_len(attr),
8416  						     &request->rates[band]);
8417  			if (err)
8418  				goto out_free;
8419  		}
8420  	}
8421  
8422  	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
8423  		request->duration =
8424  			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
8425  		request->duration_mandatory =
8426  			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
8427  	}
8428  
8429  	err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
8430  				       false);
8431  	if (err)
8432  		goto out_free;
8433  
8434  	request->no_cck =
8435  		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8436  
8437  	/* Initial implementation used NL80211_ATTR_MAC to set the specific
8438  	 * BSSID to scan for. This was problematic because that same attribute
8439  	 * was already used for another purpose (local random MAC address). The
8440  	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
8441  	 * compatibility with older userspace components, also use the
8442  	 * NL80211_ATTR_MAC value here if it can be determined to be used for
8443  	 * the specific BSSID use case instead of the random MAC address
8444  	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
8445  	 */
8446  	if (info->attrs[NL80211_ATTR_BSSID])
8447  		memcpy(request->bssid,
8448  		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
8449  	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
8450  		 info->attrs[NL80211_ATTR_MAC])
8451  		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
8452  		       ETH_ALEN);
8453  	else
8454  		eth_broadcast_addr(request->bssid);
8455  
8456  	request->wdev = wdev;
8457  	request->wiphy = &rdev->wiphy;
8458  	request->scan_start = jiffies;
8459  
8460  	rdev->scan_req = request;
8461  	err = cfg80211_scan(rdev);
8462  
8463  	if (err)
8464  		goto out_free;
8465  
8466  	nl80211_send_scan_start(rdev, wdev);
8467  	if (wdev->netdev)
8468  		dev_hold(wdev->netdev);
8469  
8470  	return 0;
8471  
8472   out_free:
8473  	rdev->scan_req = NULL;
8474  	kfree(request);
8475  
8476  	return err;
8477  }
8478  
8479  static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
8480  {
8481  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8482  	struct wireless_dev *wdev = info->user_ptr[1];
8483  
8484  	if (!rdev->ops->abort_scan)
8485  		return -EOPNOTSUPP;
8486  
8487  	if (rdev->scan_msg)
8488  		return 0;
8489  
8490  	if (!rdev->scan_req)
8491  		return -ENOENT;
8492  
8493  	rdev_abort_scan(rdev, wdev);
8494  	return 0;
8495  }
8496  
8497  static int
8498  nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
8499  			       struct cfg80211_sched_scan_request *request,
8500  			       struct nlattr **attrs)
8501  {
8502  	int tmp, err, i = 0;
8503  	struct nlattr *attr;
8504  
8505  	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8506  		u32 interval;
8507  
8508  		/*
8509  		 * If scan plans are not specified,
8510  		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
8511  		 * case one scan plan will be set with the specified scan
8512  		 * interval and infinite number of iterations.
8513  		 */
8514  		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
8515  		if (!interval)
8516  			return -EINVAL;
8517  
8518  		request->scan_plans[0].interval =
8519  			DIV_ROUND_UP(interval, MSEC_PER_SEC);
8520  		if (!request->scan_plans[0].interval)
8521  			return -EINVAL;
8522  
8523  		if (request->scan_plans[0].interval >
8524  		    wiphy->max_sched_scan_plan_interval)
8525  			request->scan_plans[0].interval =
8526  				wiphy->max_sched_scan_plan_interval;
8527  
8528  		return 0;
8529  	}
8530  
8531  	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
8532  		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
8533  
8534  		if (WARN_ON(i >= n_plans))
8535  			return -EINVAL;
8536  
8537  		err = nla_parse_nested_deprecated(plan,
8538  						  NL80211_SCHED_SCAN_PLAN_MAX,
8539  						  attr, nl80211_plan_policy,
8540  						  NULL);
8541  		if (err)
8542  			return err;
8543  
8544  		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
8545  			return -EINVAL;
8546  
8547  		request->scan_plans[i].interval =
8548  			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
8549  		if (!request->scan_plans[i].interval ||
8550  		    request->scan_plans[i].interval >
8551  		    wiphy->max_sched_scan_plan_interval)
8552  			return -EINVAL;
8553  
8554  		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
8555  			request->scan_plans[i].iterations =
8556  				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
8557  			if (!request->scan_plans[i].iterations ||
8558  			    (request->scan_plans[i].iterations >
8559  			     wiphy->max_sched_scan_plan_iterations))
8560  				return -EINVAL;
8561  		} else if (i < n_plans - 1) {
8562  			/*
8563  			 * All scan plans but the last one must specify
8564  			 * a finite number of iterations
8565  			 */
8566  			return -EINVAL;
8567  		}
8568  
8569  		i++;
8570  	}
8571  
8572  	/*
8573  	 * The last scan plan must not specify the number of
8574  	 * iterations, it is supposed to run infinitely
8575  	 */
8576  	if (request->scan_plans[n_plans - 1].iterations)
8577  		return  -EINVAL;
8578  
8579  	return 0;
8580  }
8581  
8582  static int
8583  nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
8584  				       struct cfg80211_match_set *match_sets,
8585  				       struct nlattr *tb_band_rssi,
8586  				       s32 rssi_thold)
8587  {
8588  	struct nlattr *attr;
8589  	int i, tmp, ret = 0;
8590  
8591  	if (!wiphy_ext_feature_isset(wiphy,
8592  		    NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
8593  		if (tb_band_rssi)
8594  			ret = -EOPNOTSUPP;
8595  		else
8596  			for (i = 0; i < NUM_NL80211_BANDS; i++)
8597  				match_sets->per_band_rssi_thold[i] =
8598  					NL80211_SCAN_RSSI_THOLD_OFF;
8599  		return ret;
8600  	}
8601  
8602  	for (i = 0; i < NUM_NL80211_BANDS; i++)
8603  		match_sets->per_band_rssi_thold[i] = rssi_thold;
8604  
8605  	nla_for_each_nested(attr, tb_band_rssi, tmp) {
8606  		enum nl80211_band band = nla_type(attr);
8607  
8608  		if (band < 0 || band >= NUM_NL80211_BANDS)
8609  			return -EINVAL;
8610  
8611  		match_sets->per_band_rssi_thold[band] =	nla_get_s32(attr);
8612  	}
8613  
8614  	return 0;
8615  }
8616  
8617  static struct cfg80211_sched_scan_request *
8618  nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
8619  			 struct nlattr **attrs, int max_match_sets)
8620  {
8621  	struct cfg80211_sched_scan_request *request;
8622  	struct nlattr *attr;
8623  	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
8624  	enum nl80211_band band;
8625  	size_t ie_len;
8626  	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
8627  	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
8628  
8629  	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8630  		n_channels = validate_scan_freqs(
8631  				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
8632  		if (!n_channels)
8633  			return ERR_PTR(-EINVAL);
8634  	} else {
8635  		n_channels = ieee80211_get_num_supported_channels(wiphy);
8636  	}
8637  
8638  	if (attrs[NL80211_ATTR_SCAN_SSIDS])
8639  		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8640  				    tmp)
8641  			n_ssids++;
8642  
8643  	if (n_ssids > wiphy->max_sched_scan_ssids)
8644  		return ERR_PTR(-EINVAL);
8645  
8646  	/*
8647  	 * First, count the number of 'real' matchsets. Due to an issue with
8648  	 * the old implementation, matchsets containing only the RSSI attribute
8649  	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
8650  	 * RSSI for all matchsets, rather than their own matchset for reporting
8651  	 * all APs with a strong RSSI. This is needed to be compatible with
8652  	 * older userspace that treated a matchset with only the RSSI as the
8653  	 * global RSSI for all other matchsets - if there are other matchsets.
8654  	 */
8655  	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8656  		nla_for_each_nested(attr,
8657  				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8658  				    tmp) {
8659  			struct nlattr *rssi;
8660  
8661  			err = nla_parse_nested_deprecated(tb,
8662  							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8663  							  attr,
8664  							  nl80211_match_policy,
8665  							  NULL);
8666  			if (err)
8667  				return ERR_PTR(err);
8668  
8669  			/* SSID and BSSID are mutually exclusive */
8670  			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
8671  			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
8672  				return ERR_PTR(-EINVAL);
8673  
8674  			/* add other standalone attributes here */
8675  			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
8676  			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
8677  				n_match_sets++;
8678  				continue;
8679  			}
8680  			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8681  			if (rssi)
8682  				default_match_rssi = nla_get_s32(rssi);
8683  		}
8684  	}
8685  
8686  	/* However, if there's no other matchset, add the RSSI one */
8687  	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
8688  		n_match_sets = 1;
8689  
8690  	if (n_match_sets > max_match_sets)
8691  		return ERR_PTR(-EINVAL);
8692  
8693  	if (attrs[NL80211_ATTR_IE])
8694  		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
8695  	else
8696  		ie_len = 0;
8697  
8698  	if (ie_len > wiphy->max_sched_scan_ie_len)
8699  		return ERR_PTR(-EINVAL);
8700  
8701  	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
8702  		/*
8703  		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
8704  		 * each scan plan already specifies its own interval
8705  		 */
8706  		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8707  			return ERR_PTR(-EINVAL);
8708  
8709  		nla_for_each_nested(attr,
8710  				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
8711  			n_plans++;
8712  	} else {
8713  		/*
8714  		 * The scan interval attribute is kept for backward
8715  		 * compatibility. If no scan plans are specified and sched scan
8716  		 * interval is specified, one scan plan will be set with this
8717  		 * scan interval and infinite number of iterations.
8718  		 */
8719  		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8720  			return ERR_PTR(-EINVAL);
8721  
8722  		n_plans = 1;
8723  	}
8724  
8725  	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
8726  		return ERR_PTR(-EINVAL);
8727  
8728  	if (!wiphy_ext_feature_isset(
8729  		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8730  	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8731  	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8732  		return ERR_PTR(-EINVAL);
8733  
8734  	request = kzalloc(sizeof(*request)
8735  			+ sizeof(*request->ssids) * n_ssids
8736  			+ sizeof(*request->match_sets) * n_match_sets
8737  			+ sizeof(*request->scan_plans) * n_plans
8738  			+ sizeof(*request->channels) * n_channels
8739  			+ ie_len, GFP_KERNEL);
8740  	if (!request)
8741  		return ERR_PTR(-ENOMEM);
8742  
8743  	if (n_ssids)
8744  		request->ssids = (void *)&request->channels[n_channels];
8745  	request->n_ssids = n_ssids;
8746  	if (ie_len) {
8747  		if (n_ssids)
8748  			request->ie = (void *)(request->ssids + n_ssids);
8749  		else
8750  			request->ie = (void *)(request->channels + n_channels);
8751  	}
8752  
8753  	if (n_match_sets) {
8754  		if (request->ie)
8755  			request->match_sets = (void *)(request->ie + ie_len);
8756  		else if (n_ssids)
8757  			request->match_sets =
8758  				(void *)(request->ssids + n_ssids);
8759  		else
8760  			request->match_sets =
8761  				(void *)(request->channels + n_channels);
8762  	}
8763  	request->n_match_sets = n_match_sets;
8764  
8765  	if (n_match_sets)
8766  		request->scan_plans = (void *)(request->match_sets +
8767  					       n_match_sets);
8768  	else if (request->ie)
8769  		request->scan_plans = (void *)(request->ie + ie_len);
8770  	else if (n_ssids)
8771  		request->scan_plans = (void *)(request->ssids + n_ssids);
8772  	else
8773  		request->scan_plans = (void *)(request->channels + n_channels);
8774  
8775  	request->n_scan_plans = n_plans;
8776  
8777  	i = 0;
8778  	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8779  		/* user specified, bail out if channel not found */
8780  		nla_for_each_nested(attr,
8781  				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8782  				    tmp) {
8783  			struct ieee80211_channel *chan;
8784  
8785  			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8786  
8787  			if (!chan) {
8788  				err = -EINVAL;
8789  				goto out_free;
8790  			}
8791  
8792  			/* ignore disabled channels */
8793  			if (chan->flags & IEEE80211_CHAN_DISABLED)
8794  				continue;
8795  
8796  			request->channels[i] = chan;
8797  			i++;
8798  		}
8799  	} else {
8800  		/* all channels */
8801  		for (band = 0; band < NUM_NL80211_BANDS; band++) {
8802  			int j;
8803  
8804  			if (!wiphy->bands[band])
8805  				continue;
8806  			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8807  				struct ieee80211_channel *chan;
8808  
8809  				chan = &wiphy->bands[band]->channels[j];
8810  
8811  				if (chan->flags & IEEE80211_CHAN_DISABLED)
8812  					continue;
8813  
8814  				request->channels[i] = chan;
8815  				i++;
8816  			}
8817  		}
8818  	}
8819  
8820  	if (!i) {
8821  		err = -EINVAL;
8822  		goto out_free;
8823  	}
8824  
8825  	request->n_channels = i;
8826  
8827  	i = 0;
8828  	if (n_ssids) {
8829  		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8830  				    tmp) {
8831  			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8832  				err = -EINVAL;
8833  				goto out_free;
8834  			}
8835  			request->ssids[i].ssid_len = nla_len(attr);
8836  			memcpy(request->ssids[i].ssid, nla_data(attr),
8837  			       nla_len(attr));
8838  			i++;
8839  		}
8840  	}
8841  
8842  	i = 0;
8843  	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8844  		nla_for_each_nested(attr,
8845  				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8846  				    tmp) {
8847  			struct nlattr *ssid, *bssid, *rssi;
8848  
8849  			err = nla_parse_nested_deprecated(tb,
8850  							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8851  							  attr,
8852  							  nl80211_match_policy,
8853  							  NULL);
8854  			if (err)
8855  				goto out_free;
8856  			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8857  			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8858  
8859  			if (!ssid && !bssid) {
8860  				i++;
8861  				continue;
8862  			}
8863  
8864  			if (WARN_ON(i >= n_match_sets)) {
8865  				/* this indicates a programming error,
8866  				 * the loop above should have verified
8867  				 * things properly
8868  				 */
8869  				err = -EINVAL;
8870  				goto out_free;
8871  			}
8872  
8873  			if (ssid) {
8874  				memcpy(request->match_sets[i].ssid.ssid,
8875  				       nla_data(ssid), nla_len(ssid));
8876  				request->match_sets[i].ssid.ssid_len =
8877  					nla_len(ssid);
8878  			}
8879  			if (bssid)
8880  				memcpy(request->match_sets[i].bssid,
8881  				       nla_data(bssid), ETH_ALEN);
8882  
8883  			/* special attribute - old implementation w/a */
8884  			request->match_sets[i].rssi_thold = default_match_rssi;
8885  			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8886  			if (rssi)
8887  				request->match_sets[i].rssi_thold =
8888  					nla_get_s32(rssi);
8889  
8890  			/* Parse per band RSSI attribute */
8891  			err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8892  				&request->match_sets[i],
8893  				tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8894  				request->match_sets[i].rssi_thold);
8895  			if (err)
8896  				goto out_free;
8897  
8898  			i++;
8899  		}
8900  
8901  		/* there was no other matchset, so the RSSI one is alone */
8902  		if (i == 0 && n_match_sets)
8903  			request->match_sets[0].rssi_thold = default_match_rssi;
8904  
8905  		request->min_rssi_thold = INT_MAX;
8906  		for (i = 0; i < n_match_sets; i++)
8907  			request->min_rssi_thold =
8908  				min(request->match_sets[i].rssi_thold,
8909  				    request->min_rssi_thold);
8910  	} else {
8911  		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8912  	}
8913  
8914  	if (ie_len) {
8915  		request->ie_len = ie_len;
8916  		memcpy((void *)request->ie,
8917  		       nla_data(attrs[NL80211_ATTR_IE]),
8918  		       request->ie_len);
8919  	}
8920  
8921  	err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8922  	if (err)
8923  		goto out_free;
8924  
8925  	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8926  		request->delay =
8927  			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8928  
8929  	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8930  		request->relative_rssi = nla_get_s8(
8931  			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8932  		request->relative_rssi_set = true;
8933  	}
8934  
8935  	if (request->relative_rssi_set &&
8936  	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8937  		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8938  
8939  		rssi_adjust = nla_data(
8940  			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8941  		request->rssi_adjust.band = rssi_adjust->band;
8942  		request->rssi_adjust.delta = rssi_adjust->delta;
8943  		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8944  			err = -EINVAL;
8945  			goto out_free;
8946  		}
8947  	}
8948  
8949  	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8950  	if (err)
8951  		goto out_free;
8952  
8953  	request->scan_start = jiffies;
8954  
8955  	return request;
8956  
8957  out_free:
8958  	kfree(request);
8959  	return ERR_PTR(err);
8960  }
8961  
8962  static int nl80211_start_sched_scan(struct sk_buff *skb,
8963  				    struct genl_info *info)
8964  {
8965  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8966  	struct net_device *dev = info->user_ptr[1];
8967  	struct wireless_dev *wdev = dev->ieee80211_ptr;
8968  	struct cfg80211_sched_scan_request *sched_scan_req;
8969  	bool want_multi;
8970  	int err;
8971  
8972  	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8973  		return -EOPNOTSUPP;
8974  
8975  	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8976  	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8977  	if (err)
8978  		return err;
8979  
8980  	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8981  						  info->attrs,
8982  						  rdev->wiphy.max_match_sets);
8983  
8984  	err = PTR_ERR_OR_ZERO(sched_scan_req);
8985  	if (err)
8986  		goto out_err;
8987  
8988  	/* leave request id zero for legacy request
8989  	 * or if driver does not support multi-scheduled scan
8990  	 */
8991  	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
8992  		sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8993  
8994  	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8995  	if (err)
8996  		goto out_free;
8997  
8998  	sched_scan_req->dev = dev;
8999  	sched_scan_req->wiphy = &rdev->wiphy;
9000  
9001  	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9002  		sched_scan_req->owner_nlportid = info->snd_portid;
9003  
9004  	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
9005  
9006  	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
9007  	return 0;
9008  
9009  out_free:
9010  	kfree(sched_scan_req);
9011  out_err:
9012  	return err;
9013  }
9014  
9015  static int nl80211_stop_sched_scan(struct sk_buff *skb,
9016  				   struct genl_info *info)
9017  {
9018  	struct cfg80211_sched_scan_request *req;
9019  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9020  	u64 cookie;
9021  
9022  	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
9023  		return -EOPNOTSUPP;
9024  
9025  	if (info->attrs[NL80211_ATTR_COOKIE]) {
9026  		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
9027  		return __cfg80211_stop_sched_scan(rdev, cookie, false);
9028  	}
9029  
9030  	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
9031  				     struct cfg80211_sched_scan_request,
9032  				     list);
9033  	if (!req || req->reqid ||
9034  	    (req->owner_nlportid &&
9035  	     req->owner_nlportid != info->snd_portid))
9036  		return -ENOENT;
9037  
9038  	return cfg80211_stop_sched_scan_req(rdev, req, false);
9039  }
9040  
9041  static int nl80211_start_radar_detection(struct sk_buff *skb,
9042  					 struct genl_info *info)
9043  {
9044  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9045  	struct net_device *dev = info->user_ptr[1];
9046  	struct wireless_dev *wdev = dev->ieee80211_ptr;
9047  	struct wiphy *wiphy = wdev->wiphy;
9048  	struct cfg80211_chan_def chandef;
9049  	enum nl80211_dfs_regions dfs_region;
9050  	unsigned int cac_time_ms;
9051  	int err;
9052  
9053  	dfs_region = reg_get_dfs_region(wiphy);
9054  	if (dfs_region == NL80211_DFS_UNSET)
9055  		return -EINVAL;
9056  
9057  	err = nl80211_parse_chandef(rdev, info, &chandef);
9058  	if (err)
9059  		return err;
9060  
9061  	if (netif_carrier_ok(dev))
9062  		return -EBUSY;
9063  
9064  	if (wdev->cac_started)
9065  		return -EBUSY;
9066  
9067  	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
9068  	if (err < 0)
9069  		return err;
9070  
9071  	if (err == 0)
9072  		return -EINVAL;
9073  
9074  	if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
9075  		return -EINVAL;
9076  
9077  	/* CAC start is offloaded to HW and can't be started manually */
9078  	if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
9079  		return -EOPNOTSUPP;
9080  
9081  	if (!rdev->ops->start_radar_detection)
9082  		return -EOPNOTSUPP;
9083  
9084  	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
9085  	if (WARN_ON(!cac_time_ms))
9086  		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
9087  
9088  	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
9089  	if (!err) {
9090  		wdev->chandef = chandef;
9091  		wdev->cac_started = true;
9092  		wdev->cac_start_time = jiffies;
9093  		wdev->cac_time_ms = cac_time_ms;
9094  	}
9095  	return err;
9096  }
9097  
9098  static int nl80211_notify_radar_detection(struct sk_buff *skb,
9099  					  struct genl_info *info)
9100  {
9101  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9102  	struct net_device *dev = info->user_ptr[1];
9103  	struct wireless_dev *wdev = dev->ieee80211_ptr;
9104  	struct wiphy *wiphy = wdev->wiphy;
9105  	struct cfg80211_chan_def chandef;
9106  	enum nl80211_dfs_regions dfs_region;
9107  	int err;
9108  
9109  	dfs_region = reg_get_dfs_region(wiphy);
9110  	if (dfs_region == NL80211_DFS_UNSET) {
9111  		GENL_SET_ERR_MSG(info,
9112  				 "DFS Region is not set. Unexpected Radar indication");
9113  		return -EINVAL;
9114  	}
9115  
9116  	err = nl80211_parse_chandef(rdev, info, &chandef);
9117  	if (err) {
9118  		GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
9119  		return err;
9120  	}
9121  
9122  	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
9123  	if (err < 0) {
9124  		GENL_SET_ERR_MSG(info, "chandef is invalid");
9125  		return err;
9126  	}
9127  
9128  	if (err == 0) {
9129  		GENL_SET_ERR_MSG(info,
9130  				 "Unexpected Radar indication for chandef/iftype");
9131  		return -EINVAL;
9132  	}
9133  
9134  	/* Do not process this notification if radar is already detected
9135  	 * by kernel on this channel, and return success.
9136  	 */
9137  	if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
9138  		return 0;
9139  
9140  	cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
9141  
9142  	cfg80211_sched_dfs_chan_update(rdev);
9143  
9144  	rdev->radar_chandef = chandef;
9145  
9146  	/* Propagate this notification to other radios as well */
9147  	queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
9148  
9149  	return 0;
9150  }
9151  
9152  static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
9153  {
9154  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9155  	struct net_device *dev = info->user_ptr[1];
9156  	struct wireless_dev *wdev = dev->ieee80211_ptr;
9157  	struct cfg80211_csa_settings params;
9158  	struct nlattr **csa_attrs = NULL;
9159  	int err;
9160  	bool need_new_beacon = false;
9161  	bool need_handle_dfs_flag = true;
9162  	int len, i;
9163  	u32 cs_count;
9164  
9165  	if (!rdev->ops->channel_switch ||
9166  	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
9167  		return -EOPNOTSUPP;
9168  
9169  	switch (dev->ieee80211_ptr->iftype) {
9170  	case NL80211_IFTYPE_AP:
9171  	case NL80211_IFTYPE_P2P_GO:
9172  		need_new_beacon = true;
9173  		/* For all modes except AP the handle_dfs flag needs to be
9174  		 * supplied to tell the kernel that userspace will handle radar
9175  		 * events when they happen. Otherwise a switch to a channel
9176  		 * requiring DFS will be rejected.
9177  		 */
9178  		need_handle_dfs_flag = false;
9179  
9180  		/* useless if AP is not running */
9181  		if (!wdev->beacon_interval)
9182  			return -ENOTCONN;
9183  		break;
9184  	case NL80211_IFTYPE_ADHOC:
9185  		if (!wdev->ssid_len)
9186  			return -ENOTCONN;
9187  		break;
9188  	case NL80211_IFTYPE_MESH_POINT:
9189  		if (!wdev->mesh_id_len)
9190  			return -ENOTCONN;
9191  		break;
9192  	default:
9193  		return -EOPNOTSUPP;
9194  	}
9195  
9196  	memset(&params, 0, sizeof(params));
9197  	params.beacon_csa.ftm_responder = -1;
9198  
9199  	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
9200  	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
9201  		return -EINVAL;
9202  
9203  	/* only important for AP, IBSS and mesh create IEs internally */
9204  	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
9205  		return -EINVAL;
9206  
9207  	/* Even though the attribute is u32, the specification says
9208  	 * u8, so let's make sure we don't overflow.
9209  	 */
9210  	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
9211  	if (cs_count > 255)
9212  		return -EINVAL;
9213  
9214  	params.count = cs_count;
9215  
9216  	if (!need_new_beacon)
9217  		goto skip_beacons;
9218  
9219  	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
9220  	if (err)
9221  		return err;
9222  
9223  	csa_attrs = kcalloc(NL80211_ATTR_MAX + 1, sizeof(*csa_attrs),
9224  			    GFP_KERNEL);
9225  	if (!csa_attrs)
9226  		return -ENOMEM;
9227  
9228  	err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
9229  					  info->attrs[NL80211_ATTR_CSA_IES],
9230  					  nl80211_policy, info->extack);
9231  	if (err)
9232  		goto free;
9233  
9234  	err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
9235  	if (err)
9236  		goto free;
9237  
9238  	if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]) {
9239  		err = -EINVAL;
9240  		goto free;
9241  	}
9242  
9243  	len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9244  	if (!len || (len % sizeof(u16))) {
9245  		err = -EINVAL;
9246  		goto free;
9247  	}
9248  
9249  	params.n_counter_offsets_beacon = len / sizeof(u16);
9250  	if (rdev->wiphy.max_num_csa_counters &&
9251  	    (params.n_counter_offsets_beacon >
9252  	     rdev->wiphy.max_num_csa_counters)) {
9253  		err = -EINVAL;
9254  		goto free;
9255  	}
9256  
9257  	params.counter_offsets_beacon =
9258  		nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
9259  
9260  	/* sanity checks - counters should fit and be the same */
9261  	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
9262  		u16 offset = params.counter_offsets_beacon[i];
9263  
9264  		if (offset >= params.beacon_csa.tail_len) {
9265  			err = -EINVAL;
9266  			goto free;
9267  		}
9268  
9269  		if (params.beacon_csa.tail[offset] != params.count) {
9270  			err = -EINVAL;
9271  			goto free;
9272  		}
9273  	}
9274  
9275  	if (csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
9276  		len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9277  		if (!len || (len % sizeof(u16))) {
9278  			err = -EINVAL;
9279  			goto free;
9280  		}
9281  
9282  		params.n_counter_offsets_presp = len / sizeof(u16);
9283  		if (rdev->wiphy.max_num_csa_counters &&
9284  		    (params.n_counter_offsets_presp >
9285  		     rdev->wiphy.max_num_csa_counters)) {
9286  			err = -EINVAL;
9287  			goto free;
9288  		}
9289  
9290  		params.counter_offsets_presp =
9291  			nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
9292  
9293  		/* sanity checks - counters should fit and be the same */
9294  		for (i = 0; i < params.n_counter_offsets_presp; i++) {
9295  			u16 offset = params.counter_offsets_presp[i];
9296  
9297  			if (offset >= params.beacon_csa.probe_resp_len) {
9298  				err = -EINVAL;
9299  				goto free;
9300  			}
9301  
9302  			if (params.beacon_csa.probe_resp[offset] !=
9303  			    params.count) {
9304  				err = -EINVAL;
9305  				goto free;
9306  			}
9307  		}
9308  	}
9309  
9310  skip_beacons:
9311  	err = nl80211_parse_chandef(rdev, info, &params.chandef);
9312  	if (err)
9313  		goto free;
9314  
9315  	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
9316  					   wdev->iftype)) {
9317  		err = -EINVAL;
9318  		goto free;
9319  	}
9320  
9321  	err = cfg80211_chandef_dfs_required(wdev->wiphy,
9322  					    &params.chandef,
9323  					    wdev->iftype);
9324  	if (err < 0)
9325  		goto free;
9326  
9327  	if (err > 0) {
9328  		params.radar_required = true;
9329  		if (need_handle_dfs_flag &&
9330  		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
9331  			err = -EINVAL;
9332  			goto free;
9333  		}
9334  	}
9335  
9336  	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
9337  		params.block_tx = true;
9338  
9339  	wdev_lock(wdev);
9340  	err = rdev_channel_switch(rdev, dev, &params);
9341  	wdev_unlock(wdev);
9342  
9343  free:
9344  	kfree(csa_attrs);
9345  	return err;
9346  }
9347  
9348  static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
9349  			    u32 seq, int flags,
9350  			    struct cfg80211_registered_device *rdev,
9351  			    struct wireless_dev *wdev,
9352  			    struct cfg80211_internal_bss *intbss)
9353  {
9354  	struct cfg80211_bss *res = &intbss->pub;
9355  	const struct cfg80211_bss_ies *ies;
9356  	void *hdr;
9357  	struct nlattr *bss;
9358  
9359  	ASSERT_WDEV_LOCK(wdev);
9360  
9361  	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
9362  			     NL80211_CMD_NEW_SCAN_RESULTS);
9363  	if (!hdr)
9364  		return -1;
9365  
9366  	genl_dump_check_consistent(cb, hdr);
9367  
9368  	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
9369  		goto nla_put_failure;
9370  	if (wdev->netdev &&
9371  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
9372  		goto nla_put_failure;
9373  	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
9374  			      NL80211_ATTR_PAD))
9375  		goto nla_put_failure;
9376  
9377  	bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
9378  	if (!bss)
9379  		goto nla_put_failure;
9380  	if ((!is_zero_ether_addr(res->bssid) &&
9381  	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
9382  		goto nla_put_failure;
9383  
9384  	rcu_read_lock();
9385  	/* indicate whether we have probe response data or not */
9386  	if (rcu_access_pointer(res->proberesp_ies) &&
9387  	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
9388  		goto fail_unlock_rcu;
9389  
9390  	/* this pointer prefers to be pointed to probe response data
9391  	 * but is always valid
9392  	 */
9393  	ies = rcu_dereference(res->ies);
9394  	if (ies) {
9395  		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
9396  				      NL80211_BSS_PAD))
9397  			goto fail_unlock_rcu;
9398  		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
9399  					ies->len, ies->data))
9400  			goto fail_unlock_rcu;
9401  	}
9402  
9403  	/* and this pointer is always (unless driver didn't know) beacon data */
9404  	ies = rcu_dereference(res->beacon_ies);
9405  	if (ies && ies->from_beacon) {
9406  		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
9407  				      NL80211_BSS_PAD))
9408  			goto fail_unlock_rcu;
9409  		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
9410  					ies->len, ies->data))
9411  			goto fail_unlock_rcu;
9412  	}
9413  	rcu_read_unlock();
9414  
9415  	if (res->beacon_interval &&
9416  	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
9417  		goto nla_put_failure;
9418  	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
9419  	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
9420  	    nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
9421  			res->channel->freq_offset) ||
9422  	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
9423  	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
9424  			jiffies_to_msecs(jiffies - intbss->ts)))
9425  		goto nla_put_failure;
9426  
9427  	if (intbss->parent_tsf &&
9428  	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
9429  			       intbss->parent_tsf, NL80211_BSS_PAD) ||
9430  	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
9431  		     intbss->parent_bssid)))
9432  		goto nla_put_failure;
9433  
9434  	if (intbss->ts_boottime &&
9435  	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
9436  			      intbss->ts_boottime, NL80211_BSS_PAD))
9437  		goto nla_put_failure;
9438  
9439  	if (!nl80211_put_signal(msg, intbss->pub.chains,
9440  				intbss->pub.chain_signal,
9441  				NL80211_BSS_CHAIN_SIGNAL))
9442  		goto nla_put_failure;
9443  
9444  	switch (rdev->wiphy.signal_type) {
9445  	case CFG80211_SIGNAL_TYPE_MBM:
9446  		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
9447  			goto nla_put_failure;
9448  		break;
9449  	case CFG80211_SIGNAL_TYPE_UNSPEC:
9450  		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
9451  			goto nla_put_failure;
9452  		break;
9453  	default:
9454  		break;
9455  	}
9456  
9457  	switch (wdev->iftype) {
9458  	case NL80211_IFTYPE_P2P_CLIENT:
9459  	case NL80211_IFTYPE_STATION:
9460  		if (intbss == wdev->current_bss &&
9461  		    nla_put_u32(msg, NL80211_BSS_STATUS,
9462  				NL80211_BSS_STATUS_ASSOCIATED))
9463  			goto nla_put_failure;
9464  		break;
9465  	case NL80211_IFTYPE_ADHOC:
9466  		if (intbss == wdev->current_bss &&
9467  		    nla_put_u32(msg, NL80211_BSS_STATUS,
9468  				NL80211_BSS_STATUS_IBSS_JOINED))
9469  			goto nla_put_failure;
9470  		break;
9471  	default:
9472  		break;
9473  	}
9474  
9475  	nla_nest_end(msg, bss);
9476  
9477  	genlmsg_end(msg, hdr);
9478  	return 0;
9479  
9480   fail_unlock_rcu:
9481  	rcu_read_unlock();
9482   nla_put_failure:
9483  	genlmsg_cancel(msg, hdr);
9484  	return -EMSGSIZE;
9485  }
9486  
9487  static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
9488  {
9489  	struct cfg80211_registered_device *rdev;
9490  	struct cfg80211_internal_bss *scan;
9491  	struct wireless_dev *wdev;
9492  	int start = cb->args[2], idx = 0;
9493  	int err;
9494  
9495  	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9496  	if (err)
9497  		return err;
9498  	/* nl80211_prepare_wdev_dump acquired it in the successful case */
9499  	__acquire(&rdev->wiphy.mtx);
9500  
9501  	wdev_lock(wdev);
9502  	spin_lock_bh(&rdev->bss_lock);
9503  
9504  	/*
9505  	 * dump_scan will be called multiple times to break up the scan results
9506  	 * into multiple messages.  It is unlikely that any more bss-es will be
9507  	 * expired after the first call, so only call only call this on the
9508  	 * first dump_scan invocation.
9509  	 */
9510  	if (start == 0)
9511  		cfg80211_bss_expire(rdev);
9512  
9513  	cb->seq = rdev->bss_generation;
9514  
9515  	list_for_each_entry(scan, &rdev->bss_list, list) {
9516  		if (++idx <= start)
9517  			continue;
9518  		if (nl80211_send_bss(skb, cb,
9519  				cb->nlh->nlmsg_seq, NLM_F_MULTI,
9520  				rdev, wdev, scan) < 0) {
9521  			idx--;
9522  			break;
9523  		}
9524  	}
9525  
9526  	spin_unlock_bh(&rdev->bss_lock);
9527  	wdev_unlock(wdev);
9528  
9529  	cb->args[2] = idx;
9530  	wiphy_unlock(&rdev->wiphy);
9531  
9532  	return skb->len;
9533  }
9534  
9535  static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
9536  			       int flags, struct net_device *dev,
9537  			       bool allow_radio_stats,
9538  			       struct survey_info *survey)
9539  {
9540  	void *hdr;
9541  	struct nlattr *infoattr;
9542  
9543  	/* skip radio stats if userspace didn't request them */
9544  	if (!survey->channel && !allow_radio_stats)
9545  		return 0;
9546  
9547  	hdr = nl80211hdr_put(msg, portid, seq, flags,
9548  			     NL80211_CMD_NEW_SURVEY_RESULTS);
9549  	if (!hdr)
9550  		return -ENOMEM;
9551  
9552  	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
9553  		goto nla_put_failure;
9554  
9555  	infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
9556  	if (!infoattr)
9557  		goto nla_put_failure;
9558  
9559  	if (survey->channel &&
9560  	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
9561  			survey->channel->center_freq))
9562  		goto nla_put_failure;
9563  
9564  	if (survey->channel && survey->channel->freq_offset &&
9565  	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
9566  			survey->channel->freq_offset))
9567  		goto nla_put_failure;
9568  
9569  	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
9570  	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
9571  		goto nla_put_failure;
9572  	if ((survey->filled & SURVEY_INFO_IN_USE) &&
9573  	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
9574  		goto nla_put_failure;
9575  	if ((survey->filled & SURVEY_INFO_TIME) &&
9576  	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
9577  			survey->time, NL80211_SURVEY_INFO_PAD))
9578  		goto nla_put_failure;
9579  	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
9580  	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
9581  			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
9582  		goto nla_put_failure;
9583  	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
9584  	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
9585  			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
9586  		goto nla_put_failure;
9587  	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
9588  	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
9589  			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
9590  		goto nla_put_failure;
9591  	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
9592  	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
9593  			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
9594  		goto nla_put_failure;
9595  	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
9596  	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
9597  			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
9598  		goto nla_put_failure;
9599  	if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
9600  	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
9601  			      survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
9602  		goto nla_put_failure;
9603  
9604  	nla_nest_end(msg, infoattr);
9605  
9606  	genlmsg_end(msg, hdr);
9607  	return 0;
9608  
9609   nla_put_failure:
9610  	genlmsg_cancel(msg, hdr);
9611  	return -EMSGSIZE;
9612  }
9613  
9614  static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
9615  {
9616  	struct nlattr **attrbuf;
9617  	struct survey_info survey;
9618  	struct cfg80211_registered_device *rdev;
9619  	struct wireless_dev *wdev;
9620  	int survey_idx = cb->args[2];
9621  	int res;
9622  	bool radio_stats;
9623  
9624  	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
9625  	if (!attrbuf)
9626  		return -ENOMEM;
9627  
9628  	res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
9629  	if (res) {
9630  		kfree(attrbuf);
9631  		return res;
9632  	}
9633  	/* nl80211_prepare_wdev_dump acquired it in the successful case */
9634  	__acquire(&rdev->wiphy.mtx);
9635  
9636  	/* prepare_wdev_dump parsed the attributes */
9637  	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
9638  
9639  	if (!wdev->netdev) {
9640  		res = -EINVAL;
9641  		goto out_err;
9642  	}
9643  
9644  	if (!rdev->ops->dump_survey) {
9645  		res = -EOPNOTSUPP;
9646  		goto out_err;
9647  	}
9648  
9649  	while (1) {
9650  		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
9651  		if (res == -ENOENT)
9652  			break;
9653  		if (res)
9654  			goto out_err;
9655  
9656  		/* don't send disabled channels, but do send non-channel data */
9657  		if (survey.channel &&
9658  		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
9659  			survey_idx++;
9660  			continue;
9661  		}
9662  
9663  		if (nl80211_send_survey(skb,
9664  				NETLINK_CB(cb->skb).portid,
9665  				cb->nlh->nlmsg_seq, NLM_F_MULTI,
9666  				wdev->netdev, radio_stats, &survey) < 0)
9667  			goto out;
9668  		survey_idx++;
9669  	}
9670  
9671   out:
9672  	cb->args[2] = survey_idx;
9673  	res = skb->len;
9674   out_err:
9675  	kfree(attrbuf);
9676  	wiphy_unlock(&rdev->wiphy);
9677  	return res;
9678  }
9679  
9680  static bool nl80211_valid_wpa_versions(u32 wpa_versions)
9681  {
9682  	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
9683  				  NL80211_WPA_VERSION_2 |
9684  				  NL80211_WPA_VERSION_3));
9685  }
9686  
9687  static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
9688  {
9689  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9690  	struct net_device *dev = info->user_ptr[1];
9691  	struct ieee80211_channel *chan;
9692  	const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
9693  	int err, ssid_len, ie_len = 0, auth_data_len = 0;
9694  	enum nl80211_auth_type auth_type;
9695  	struct key_parse key;
9696  	bool local_state_change;
9697  	u32 freq;
9698  
9699  	if (!info->attrs[NL80211_ATTR_MAC])
9700  		return -EINVAL;
9701  
9702  	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
9703  		return -EINVAL;
9704  
9705  	if (!info->attrs[NL80211_ATTR_SSID])
9706  		return -EINVAL;
9707  
9708  	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
9709  		return -EINVAL;
9710  
9711  	err = nl80211_parse_key(info, &key);
9712  	if (err)
9713  		return err;
9714  
9715  	if (key.idx >= 0) {
9716  		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
9717  			return -EINVAL;
9718  		if (!key.p.key || !key.p.key_len)
9719  			return -EINVAL;
9720  		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
9721  		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
9722  		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
9723  		     key.p.key_len != WLAN_KEY_LEN_WEP104))
9724  			return -EINVAL;
9725  		if (key.idx > 3)
9726  			return -EINVAL;
9727  	} else {
9728  		key.p.key_len = 0;
9729  		key.p.key = NULL;
9730  	}
9731  
9732  	if (key.idx >= 0) {
9733  		int i;
9734  		bool ok = false;
9735  
9736  		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
9737  			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
9738  				ok = true;
9739  				break;
9740  			}
9741  		}
9742  		if (!ok)
9743  			return -EINVAL;
9744  	}
9745  
9746  	if (!rdev->ops->auth)
9747  		return -EOPNOTSUPP;
9748  
9749  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9750  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9751  		return -EOPNOTSUPP;
9752  
9753  	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9754  	freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9755  	if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9756  		freq +=
9757  		    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9758  
9759  	chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9760  	if (!chan)
9761  		return -EINVAL;
9762  
9763  	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9764  	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9765  
9766  	if (info->attrs[NL80211_ATTR_IE]) {
9767  		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9768  		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9769  	}
9770  
9771  	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9772  	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9773  		return -EINVAL;
9774  
9775  	if ((auth_type == NL80211_AUTHTYPE_SAE ||
9776  	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
9777  	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9778  	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9779  	    !info->attrs[NL80211_ATTR_AUTH_DATA])
9780  		return -EINVAL;
9781  
9782  	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9783  		if (auth_type != NL80211_AUTHTYPE_SAE &&
9784  		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
9785  		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9786  		    auth_type != NL80211_AUTHTYPE_FILS_PK)
9787  			return -EINVAL;
9788  		auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9789  		auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9790  	}
9791  
9792  	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9793  
9794  	/*
9795  	 * Since we no longer track auth state, ignore
9796  	 * requests to only change local state.
9797  	 */
9798  	if (local_state_change)
9799  		return 0;
9800  
9801  	wdev_lock(dev->ieee80211_ptr);
9802  	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9803  				 ssid, ssid_len, ie, ie_len,
9804  				 key.p.key, key.p.key_len, key.idx,
9805  				 auth_data, auth_data_len);
9806  	wdev_unlock(dev->ieee80211_ptr);
9807  	return err;
9808  }
9809  
9810  static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9811  				     struct genl_info *info)
9812  {
9813  	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9814  		GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9815  		return -EINVAL;
9816  	}
9817  
9818  	if (!rdev->ops->tx_control_port ||
9819  	    !wiphy_ext_feature_isset(&rdev->wiphy,
9820  				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9821  		return -EOPNOTSUPP;
9822  
9823  	return 0;
9824  }
9825  
9826  static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9827  				   struct genl_info *info,
9828  				   struct cfg80211_crypto_settings *settings,
9829  				   int cipher_limit)
9830  {
9831  	memset(settings, 0, sizeof(*settings));
9832  
9833  	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9834  
9835  	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9836  		u16 proto;
9837  
9838  		proto = nla_get_u16(
9839  			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9840  		settings->control_port_ethertype = cpu_to_be16(proto);
9841  		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9842  		    proto != ETH_P_PAE)
9843  			return -EINVAL;
9844  		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9845  			settings->control_port_no_encrypt = true;
9846  	} else
9847  		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9848  
9849  	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9850  		int r = validate_pae_over_nl80211(rdev, info);
9851  
9852  		if (r < 0)
9853  			return r;
9854  
9855  		settings->control_port_over_nl80211 = true;
9856  
9857  		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
9858  			settings->control_port_no_preauth = true;
9859  	}
9860  
9861  	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9862  		void *data;
9863  		int len, i;
9864  
9865  		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9866  		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9867  		settings->n_ciphers_pairwise = len / sizeof(u32);
9868  
9869  		if (len % sizeof(u32))
9870  			return -EINVAL;
9871  
9872  		if (settings->n_ciphers_pairwise > cipher_limit)
9873  			return -EINVAL;
9874  
9875  		memcpy(settings->ciphers_pairwise, data, len);
9876  
9877  		for (i = 0; i < settings->n_ciphers_pairwise; i++)
9878  			if (!cfg80211_supported_cipher_suite(
9879  					&rdev->wiphy,
9880  					settings->ciphers_pairwise[i]))
9881  				return -EINVAL;
9882  	}
9883  
9884  	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9885  		settings->cipher_group =
9886  			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9887  		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9888  						     settings->cipher_group))
9889  			return -EINVAL;
9890  	}
9891  
9892  	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9893  		settings->wpa_versions =
9894  			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9895  		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9896  			return -EINVAL;
9897  	}
9898  
9899  	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9900  		void *data;
9901  		int len;
9902  
9903  		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9904  		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9905  		settings->n_akm_suites = len / sizeof(u32);
9906  
9907  		if (len % sizeof(u32))
9908  			return -EINVAL;
9909  
9910  		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9911  			return -EINVAL;
9912  
9913  		memcpy(settings->akm_suites, data, len);
9914  	}
9915  
9916  	if (info->attrs[NL80211_ATTR_PMK]) {
9917  		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9918  			return -EINVAL;
9919  		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9920  					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
9921  		    !wiphy_ext_feature_isset(&rdev->wiphy,
9922  					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
9923  			return -EINVAL;
9924  		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9925  	}
9926  
9927  	if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9928  		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9929  					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
9930  		    !wiphy_ext_feature_isset(&rdev->wiphy,
9931  					     NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
9932  			return -EINVAL;
9933  		settings->sae_pwd =
9934  			nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9935  		settings->sae_pwd_len =
9936  			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9937  	}
9938  
9939  	if (info->attrs[NL80211_ATTR_SAE_PWE])
9940  		settings->sae_pwe =
9941  			nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
9942  	else
9943  		settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
9944  
9945  	return 0;
9946  }
9947  
9948  static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9949  {
9950  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9951  	struct net_device *dev = info->user_ptr[1];
9952  	struct ieee80211_channel *chan;
9953  	struct cfg80211_assoc_request req = {};
9954  	const u8 *bssid, *ssid;
9955  	int err, ssid_len = 0;
9956  	u32 freq;
9957  
9958  	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9959  	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9960  		return -EPERM;
9961  
9962  	if (!info->attrs[NL80211_ATTR_MAC] ||
9963  	    !info->attrs[NL80211_ATTR_SSID] ||
9964  	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9965  		return -EINVAL;
9966  
9967  	if (!rdev->ops->assoc)
9968  		return -EOPNOTSUPP;
9969  
9970  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9971  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9972  		return -EOPNOTSUPP;
9973  
9974  	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9975  
9976  	freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
9977  	if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
9978  		freq +=
9979  		    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
9980  	chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
9981  	if (!chan)
9982  		return -EINVAL;
9983  
9984  	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9985  	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9986  
9987  	if (info->attrs[NL80211_ATTR_IE]) {
9988  		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9989  		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9990  	}
9991  
9992  	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9993  		enum nl80211_mfp mfp =
9994  			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9995  		if (mfp == NL80211_MFP_REQUIRED)
9996  			req.use_mfp = true;
9997  		else if (mfp != NL80211_MFP_NO)
9998  			return -EINVAL;
9999  	}
10000  
10001  	if (info->attrs[NL80211_ATTR_PREV_BSSID])
10002  		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10003  
10004  	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10005  		req.flags |= ASSOC_REQ_DISABLE_HT;
10006  
10007  	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10008  		memcpy(&req.ht_capa_mask,
10009  		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10010  		       sizeof(req.ht_capa_mask));
10011  
10012  	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10013  		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10014  			return -EINVAL;
10015  		memcpy(&req.ht_capa,
10016  		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10017  		       sizeof(req.ht_capa));
10018  	}
10019  
10020  	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10021  		req.flags |= ASSOC_REQ_DISABLE_VHT;
10022  
10023  	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
10024  		req.flags |= ASSOC_REQ_DISABLE_HE;
10025  
10026  	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10027  		memcpy(&req.vht_capa_mask,
10028  		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10029  		       sizeof(req.vht_capa_mask));
10030  
10031  	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10032  		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10033  			return -EINVAL;
10034  		memcpy(&req.vht_capa,
10035  		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10036  		       sizeof(req.vht_capa));
10037  	}
10038  
10039  	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10040  		if (!((rdev->wiphy.features &
10041  			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10042  		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10043  		    !wiphy_ext_feature_isset(&rdev->wiphy,
10044  					     NL80211_EXT_FEATURE_RRM))
10045  			return -EINVAL;
10046  		req.flags |= ASSOC_REQ_USE_RRM;
10047  	}
10048  
10049  	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
10050  		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
10051  		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
10052  		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
10053  			return -EINVAL;
10054  		req.fils_nonces =
10055  			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
10056  	}
10057  
10058  	if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
10059  		if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
10060  			return -EINVAL;
10061  		memcpy(&req.s1g_capa_mask,
10062  		       nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
10063  		       sizeof(req.s1g_capa_mask));
10064  	}
10065  
10066  	if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
10067  		if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
10068  			return -EINVAL;
10069  		memcpy(&req.s1g_capa,
10070  		       nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
10071  		       sizeof(req.s1g_capa));
10072  	}
10073  
10074  	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
10075  	if (!err) {
10076  		wdev_lock(dev->ieee80211_ptr);
10077  
10078  		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
10079  					  ssid, ssid_len, &req);
10080  
10081  		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10082  			dev->ieee80211_ptr->conn_owner_nlportid =
10083  				info->snd_portid;
10084  			memcpy(dev->ieee80211_ptr->disconnect_bssid,
10085  			       bssid, ETH_ALEN);
10086  		}
10087  
10088  		wdev_unlock(dev->ieee80211_ptr);
10089  	}
10090  
10091  	return err;
10092  }
10093  
10094  static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
10095  {
10096  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10097  	struct net_device *dev = info->user_ptr[1];
10098  	const u8 *ie = NULL, *bssid;
10099  	int ie_len = 0, err;
10100  	u16 reason_code;
10101  	bool local_state_change;
10102  
10103  	if (dev->ieee80211_ptr->conn_owner_nlportid &&
10104  	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10105  		return -EPERM;
10106  
10107  	if (!info->attrs[NL80211_ATTR_MAC])
10108  		return -EINVAL;
10109  
10110  	if (!info->attrs[NL80211_ATTR_REASON_CODE])
10111  		return -EINVAL;
10112  
10113  	if (!rdev->ops->deauth)
10114  		return -EOPNOTSUPP;
10115  
10116  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10117  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10118  		return -EOPNOTSUPP;
10119  
10120  	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10121  
10122  	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10123  	if (reason_code == 0) {
10124  		/* Reason Code 0 is reserved */
10125  		return -EINVAL;
10126  	}
10127  
10128  	if (info->attrs[NL80211_ATTR_IE]) {
10129  		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10130  		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10131  	}
10132  
10133  	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10134  
10135  	wdev_lock(dev->ieee80211_ptr);
10136  	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
10137  				   local_state_change);
10138  	wdev_unlock(dev->ieee80211_ptr);
10139  	return err;
10140  }
10141  
10142  static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
10143  {
10144  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10145  	struct net_device *dev = info->user_ptr[1];
10146  	const u8 *ie = NULL, *bssid;
10147  	int ie_len = 0, err;
10148  	u16 reason_code;
10149  	bool local_state_change;
10150  
10151  	if (dev->ieee80211_ptr->conn_owner_nlportid &&
10152  	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10153  		return -EPERM;
10154  
10155  	if (!info->attrs[NL80211_ATTR_MAC])
10156  		return -EINVAL;
10157  
10158  	if (!info->attrs[NL80211_ATTR_REASON_CODE])
10159  		return -EINVAL;
10160  
10161  	if (!rdev->ops->disassoc)
10162  		return -EOPNOTSUPP;
10163  
10164  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10165  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10166  		return -EOPNOTSUPP;
10167  
10168  	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10169  
10170  	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10171  	if (reason_code == 0) {
10172  		/* Reason Code 0 is reserved */
10173  		return -EINVAL;
10174  	}
10175  
10176  	if (info->attrs[NL80211_ATTR_IE]) {
10177  		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10178  		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10179  	}
10180  
10181  	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
10182  
10183  	wdev_lock(dev->ieee80211_ptr);
10184  	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
10185  				     local_state_change);
10186  	wdev_unlock(dev->ieee80211_ptr);
10187  	return err;
10188  }
10189  
10190  static bool
10191  nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
10192  			 int mcast_rate[NUM_NL80211_BANDS],
10193  			 int rateval)
10194  {
10195  	struct wiphy *wiphy = &rdev->wiphy;
10196  	bool found = false;
10197  	int band, i;
10198  
10199  	for (band = 0; band < NUM_NL80211_BANDS; band++) {
10200  		struct ieee80211_supported_band *sband;
10201  
10202  		sband = wiphy->bands[band];
10203  		if (!sband)
10204  			continue;
10205  
10206  		for (i = 0; i < sband->n_bitrates; i++) {
10207  			if (sband->bitrates[i].bitrate == rateval) {
10208  				mcast_rate[band] = i + 1;
10209  				found = true;
10210  				break;
10211  			}
10212  		}
10213  	}
10214  
10215  	return found;
10216  }
10217  
10218  static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
10219  {
10220  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10221  	struct net_device *dev = info->user_ptr[1];
10222  	struct cfg80211_ibss_params ibss;
10223  	struct wiphy *wiphy;
10224  	struct cfg80211_cached_keys *connkeys = NULL;
10225  	int err;
10226  
10227  	memset(&ibss, 0, sizeof(ibss));
10228  
10229  	if (!info->attrs[NL80211_ATTR_SSID] ||
10230  	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
10231  		return -EINVAL;
10232  
10233  	ibss.beacon_interval = 100;
10234  
10235  	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
10236  		ibss.beacon_interval =
10237  			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10238  
10239  	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
10240  					   ibss.beacon_interval);
10241  	if (err)
10242  		return err;
10243  
10244  	if (!rdev->ops->join_ibss)
10245  		return -EOPNOTSUPP;
10246  
10247  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10248  		return -EOPNOTSUPP;
10249  
10250  	wiphy = &rdev->wiphy;
10251  
10252  	if (info->attrs[NL80211_ATTR_MAC]) {
10253  		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10254  
10255  		if (!is_valid_ether_addr(ibss.bssid))
10256  			return -EINVAL;
10257  	}
10258  	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10259  	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10260  
10261  	if (info->attrs[NL80211_ATTR_IE]) {
10262  		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10263  		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10264  	}
10265  
10266  	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
10267  	if (err)
10268  		return err;
10269  
10270  	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
10271  				     NL80211_IFTYPE_ADHOC))
10272  		return -EINVAL;
10273  
10274  	switch (ibss.chandef.width) {
10275  	case NL80211_CHAN_WIDTH_5:
10276  	case NL80211_CHAN_WIDTH_10:
10277  	case NL80211_CHAN_WIDTH_20_NOHT:
10278  		break;
10279  	case NL80211_CHAN_WIDTH_20:
10280  	case NL80211_CHAN_WIDTH_40:
10281  		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10282  			return -EINVAL;
10283  		break;
10284  	case NL80211_CHAN_WIDTH_80:
10285  	case NL80211_CHAN_WIDTH_80P80:
10286  	case NL80211_CHAN_WIDTH_160:
10287  		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
10288  			return -EINVAL;
10289  		if (!wiphy_ext_feature_isset(&rdev->wiphy,
10290  					     NL80211_EXT_FEATURE_VHT_IBSS))
10291  			return -EINVAL;
10292  		break;
10293  	default:
10294  		return -EINVAL;
10295  	}
10296  
10297  	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
10298  	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
10299  
10300  	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10301  		u8 *rates =
10302  			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10303  		int n_rates =
10304  			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10305  		struct ieee80211_supported_band *sband =
10306  			wiphy->bands[ibss.chandef.chan->band];
10307  
10308  		err = ieee80211_get_ratemask(sband, rates, n_rates,
10309  					     &ibss.basic_rates);
10310  		if (err)
10311  			return err;
10312  	}
10313  
10314  	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10315  		memcpy(&ibss.ht_capa_mask,
10316  		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10317  		       sizeof(ibss.ht_capa_mask));
10318  
10319  	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10320  		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10321  			return -EINVAL;
10322  		memcpy(&ibss.ht_capa,
10323  		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10324  		       sizeof(ibss.ht_capa));
10325  	}
10326  
10327  	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10328  	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
10329  			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10330  		return -EINVAL;
10331  
10332  	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10333  		bool no_ht = false;
10334  
10335  		connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
10336  		if (IS_ERR(connkeys))
10337  			return PTR_ERR(connkeys);
10338  
10339  		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
10340  		    no_ht) {
10341  			kfree_sensitive(connkeys);
10342  			return -EINVAL;
10343  		}
10344  	}
10345  
10346  	ibss.control_port =
10347  		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
10348  
10349  	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10350  		int r = validate_pae_over_nl80211(rdev, info);
10351  
10352  		if (r < 0) {
10353  			kfree_sensitive(connkeys);
10354  			return r;
10355  		}
10356  
10357  		ibss.control_port_over_nl80211 = true;
10358  	}
10359  
10360  	ibss.userspace_handles_dfs =
10361  		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10362  
10363  	wdev_lock(dev->ieee80211_ptr);
10364  	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
10365  	if (err)
10366  		kfree_sensitive(connkeys);
10367  	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
10368  		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10369  	wdev_unlock(dev->ieee80211_ptr);
10370  
10371  	return err;
10372  }
10373  
10374  static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
10375  {
10376  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10377  	struct net_device *dev = info->user_ptr[1];
10378  
10379  	if (!rdev->ops->leave_ibss)
10380  		return -EOPNOTSUPP;
10381  
10382  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
10383  		return -EOPNOTSUPP;
10384  
10385  	return cfg80211_leave_ibss(rdev, dev, false);
10386  }
10387  
10388  static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
10389  {
10390  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10391  	struct net_device *dev = info->user_ptr[1];
10392  	int mcast_rate[NUM_NL80211_BANDS];
10393  	u32 nla_rate;
10394  	int err;
10395  
10396  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
10397  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
10398  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
10399  		return -EOPNOTSUPP;
10400  
10401  	if (!rdev->ops->set_mcast_rate)
10402  		return -EOPNOTSUPP;
10403  
10404  	memset(mcast_rate, 0, sizeof(mcast_rate));
10405  
10406  	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
10407  		return -EINVAL;
10408  
10409  	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
10410  	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
10411  		return -EINVAL;
10412  
10413  	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
10414  
10415  	return err;
10416  }
10417  
10418  static struct sk_buff *
10419  __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
10420  			    struct wireless_dev *wdev, int approxlen,
10421  			    u32 portid, u32 seq, enum nl80211_commands cmd,
10422  			    enum nl80211_attrs attr,
10423  			    const struct nl80211_vendor_cmd_info *info,
10424  			    gfp_t gfp)
10425  {
10426  	struct sk_buff *skb;
10427  	void *hdr;
10428  	struct nlattr *data;
10429  
10430  	skb = nlmsg_new(approxlen + 100, gfp);
10431  	if (!skb)
10432  		return NULL;
10433  
10434  	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
10435  	if (!hdr) {
10436  		kfree_skb(skb);
10437  		return NULL;
10438  	}
10439  
10440  	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
10441  		goto nla_put_failure;
10442  
10443  	if (info) {
10444  		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
10445  				info->vendor_id))
10446  			goto nla_put_failure;
10447  		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
10448  				info->subcmd))
10449  			goto nla_put_failure;
10450  	}
10451  
10452  	if (wdev) {
10453  		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
10454  				      wdev_id(wdev), NL80211_ATTR_PAD))
10455  			goto nla_put_failure;
10456  		if (wdev->netdev &&
10457  		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
10458  				wdev->netdev->ifindex))
10459  			goto nla_put_failure;
10460  	}
10461  
10462  	data = nla_nest_start_noflag(skb, attr);
10463  	if (!data)
10464  		goto nla_put_failure;
10465  
10466  	((void **)skb->cb)[0] = rdev;
10467  	((void **)skb->cb)[1] = hdr;
10468  	((void **)skb->cb)[2] = data;
10469  
10470  	return skb;
10471  
10472   nla_put_failure:
10473  	kfree_skb(skb);
10474  	return NULL;
10475  }
10476  
10477  struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
10478  					   struct wireless_dev *wdev,
10479  					   enum nl80211_commands cmd,
10480  					   enum nl80211_attrs attr,
10481  					   unsigned int portid,
10482  					   int vendor_event_idx,
10483  					   int approxlen, gfp_t gfp)
10484  {
10485  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10486  	const struct nl80211_vendor_cmd_info *info;
10487  
10488  	switch (cmd) {
10489  	case NL80211_CMD_TESTMODE:
10490  		if (WARN_ON(vendor_event_idx != -1))
10491  			return NULL;
10492  		info = NULL;
10493  		break;
10494  	case NL80211_CMD_VENDOR:
10495  		if (WARN_ON(vendor_event_idx < 0 ||
10496  			    vendor_event_idx >= wiphy->n_vendor_events))
10497  			return NULL;
10498  		info = &wiphy->vendor_events[vendor_event_idx];
10499  		break;
10500  	default:
10501  		WARN_ON(1);
10502  		return NULL;
10503  	}
10504  
10505  	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
10506  					   cmd, attr, info, gfp);
10507  }
10508  EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
10509  
10510  void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
10511  {
10512  	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
10513  	void *hdr = ((void **)skb->cb)[1];
10514  	struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
10515  	struct nlattr *data = ((void **)skb->cb)[2];
10516  	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
10517  
10518  	/* clear CB data for netlink core to own from now on */
10519  	memset(skb->cb, 0, sizeof(skb->cb));
10520  
10521  	nla_nest_end(skb, data);
10522  	genlmsg_end(skb, hdr);
10523  
10524  	if (nlhdr->nlmsg_pid) {
10525  		genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
10526  				nlhdr->nlmsg_pid);
10527  	} else {
10528  		if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
10529  			mcgrp = NL80211_MCGRP_VENDOR;
10530  
10531  		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
10532  					skb, 0, mcgrp, gfp);
10533  	}
10534  }
10535  EXPORT_SYMBOL(__cfg80211_send_event_skb);
10536  
10537  #ifdef CONFIG_NL80211_TESTMODE
10538  static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
10539  {
10540  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10541  	struct wireless_dev *wdev;
10542  	int err;
10543  
10544  	lockdep_assert_held(&rdev->wiphy.mtx);
10545  
10546  	wdev = __cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
10547  					  info->attrs);
10548  
10549  	if (!rdev->ops->testmode_cmd)
10550  		return -EOPNOTSUPP;
10551  
10552  	if (IS_ERR(wdev)) {
10553  		err = PTR_ERR(wdev);
10554  		if (err != -EINVAL)
10555  			return err;
10556  		wdev = NULL;
10557  	} else if (wdev->wiphy != &rdev->wiphy) {
10558  		return -EINVAL;
10559  	}
10560  
10561  	if (!info->attrs[NL80211_ATTR_TESTDATA])
10562  		return -EINVAL;
10563  
10564  	rdev->cur_cmd_info = info;
10565  	err = rdev_testmode_cmd(rdev, wdev,
10566  				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
10567  				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
10568  	rdev->cur_cmd_info = NULL;
10569  
10570  	return err;
10571  }
10572  
10573  static int nl80211_testmode_dump(struct sk_buff *skb,
10574  				 struct netlink_callback *cb)
10575  {
10576  	struct cfg80211_registered_device *rdev;
10577  	struct nlattr **attrbuf = NULL;
10578  	int err;
10579  	long phy_idx;
10580  	void *data = NULL;
10581  	int data_len = 0;
10582  
10583  	rtnl_lock();
10584  
10585  	if (cb->args[0]) {
10586  		/*
10587  		 * 0 is a valid index, but not valid for args[0],
10588  		 * so we need to offset by 1.
10589  		 */
10590  		phy_idx = cb->args[0] - 1;
10591  
10592  		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
10593  		if (!rdev) {
10594  			err = -ENOENT;
10595  			goto out_err;
10596  		}
10597  	} else {
10598  		attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
10599  				  GFP_KERNEL);
10600  		if (!attrbuf) {
10601  			err = -ENOMEM;
10602  			goto out_err;
10603  		}
10604  
10605  		err = nlmsg_parse_deprecated(cb->nlh,
10606  					     GENL_HDRLEN + nl80211_fam.hdrsize,
10607  					     attrbuf, nl80211_fam.maxattr,
10608  					     nl80211_policy, NULL);
10609  		if (err)
10610  			goto out_err;
10611  
10612  		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
10613  		if (IS_ERR(rdev)) {
10614  			err = PTR_ERR(rdev);
10615  			goto out_err;
10616  		}
10617  		phy_idx = rdev->wiphy_idx;
10618  
10619  		if (attrbuf[NL80211_ATTR_TESTDATA])
10620  			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
10621  	}
10622  
10623  	if (cb->args[1]) {
10624  		data = nla_data((void *)cb->args[1]);
10625  		data_len = nla_len((void *)cb->args[1]);
10626  	}
10627  
10628  	if (!rdev->ops->testmode_dump) {
10629  		err = -EOPNOTSUPP;
10630  		goto out_err;
10631  	}
10632  
10633  	while (1) {
10634  		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
10635  					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
10636  					   NL80211_CMD_TESTMODE);
10637  		struct nlattr *tmdata;
10638  
10639  		if (!hdr)
10640  			break;
10641  
10642  		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
10643  			genlmsg_cancel(skb, hdr);
10644  			break;
10645  		}
10646  
10647  		tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
10648  		if (!tmdata) {
10649  			genlmsg_cancel(skb, hdr);
10650  			break;
10651  		}
10652  		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
10653  		nla_nest_end(skb, tmdata);
10654  
10655  		if (err == -ENOBUFS || err == -ENOENT) {
10656  			genlmsg_cancel(skb, hdr);
10657  			break;
10658  		} else if (err) {
10659  			genlmsg_cancel(skb, hdr);
10660  			goto out_err;
10661  		}
10662  
10663  		genlmsg_end(skb, hdr);
10664  	}
10665  
10666  	err = skb->len;
10667  	/* see above */
10668  	cb->args[0] = phy_idx + 1;
10669   out_err:
10670  	kfree(attrbuf);
10671  	rtnl_unlock();
10672  	return err;
10673  }
10674  #endif
10675  
10676  static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
10677  {
10678  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10679  	struct net_device *dev = info->user_ptr[1];
10680  	struct cfg80211_connect_params connect;
10681  	struct wiphy *wiphy;
10682  	struct cfg80211_cached_keys *connkeys = NULL;
10683  	u32 freq = 0;
10684  	int err;
10685  
10686  	memset(&connect, 0, sizeof(connect));
10687  
10688  	if (!info->attrs[NL80211_ATTR_SSID] ||
10689  	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
10690  		return -EINVAL;
10691  
10692  	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10693  		connect.auth_type =
10694  			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10695  		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
10696  					     NL80211_CMD_CONNECT))
10697  			return -EINVAL;
10698  	} else
10699  		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
10700  
10701  	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
10702  
10703  	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
10704  	    !wiphy_ext_feature_isset(&rdev->wiphy,
10705  				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
10706  		return -EINVAL;
10707  	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
10708  
10709  	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
10710  				      NL80211_MAX_NR_CIPHER_SUITES);
10711  	if (err)
10712  		return err;
10713  
10714  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10715  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10716  		return -EOPNOTSUPP;
10717  
10718  	wiphy = &rdev->wiphy;
10719  
10720  	connect.bg_scan_period = -1;
10721  	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
10722  		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
10723  		connect.bg_scan_period =
10724  			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
10725  	}
10726  
10727  	if (info->attrs[NL80211_ATTR_MAC])
10728  		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10729  	else if (info->attrs[NL80211_ATTR_MAC_HINT])
10730  		connect.bssid_hint =
10731  			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
10732  	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10733  	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10734  
10735  	if (info->attrs[NL80211_ATTR_IE]) {
10736  		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10737  		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10738  	}
10739  
10740  	if (info->attrs[NL80211_ATTR_USE_MFP]) {
10741  		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
10742  		if (connect.mfp == NL80211_MFP_OPTIONAL &&
10743  		    !wiphy_ext_feature_isset(&rdev->wiphy,
10744  					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
10745  			return -EOPNOTSUPP;
10746  	} else {
10747  		connect.mfp = NL80211_MFP_NO;
10748  	}
10749  
10750  	if (info->attrs[NL80211_ATTR_PREV_BSSID])
10751  		connect.prev_bssid =
10752  			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
10753  
10754  	if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
10755  		freq = MHZ_TO_KHZ(nla_get_u32(
10756  					info->attrs[NL80211_ATTR_WIPHY_FREQ]));
10757  	if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
10758  		freq +=
10759  		    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
10760  
10761  	if (freq) {
10762  		connect.channel = nl80211_get_valid_chan(wiphy, freq);
10763  		if (!connect.channel)
10764  			return -EINVAL;
10765  	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
10766  		freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
10767  		freq = MHZ_TO_KHZ(freq);
10768  		connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
10769  		if (!connect.channel_hint)
10770  			return -EINVAL;
10771  	}
10772  
10773  	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
10774  		connect.edmg.channels =
10775  		      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
10776  
10777  		if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
10778  			connect.edmg.bw_config =
10779  				nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
10780  	}
10781  
10782  	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
10783  		connkeys = nl80211_parse_connkeys(rdev, info, NULL);
10784  		if (IS_ERR(connkeys))
10785  			return PTR_ERR(connkeys);
10786  	}
10787  
10788  	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
10789  		connect.flags |= ASSOC_REQ_DISABLE_HT;
10790  
10791  	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
10792  		memcpy(&connect.ht_capa_mask,
10793  		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
10794  		       sizeof(connect.ht_capa_mask));
10795  
10796  	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10797  		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10798  			kfree_sensitive(connkeys);
10799  			return -EINVAL;
10800  		}
10801  		memcpy(&connect.ht_capa,
10802  		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10803  		       sizeof(connect.ht_capa));
10804  	}
10805  
10806  	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10807  		connect.flags |= ASSOC_REQ_DISABLE_VHT;
10808  
10809  	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HE]))
10810  		connect.flags |= ASSOC_REQ_DISABLE_HE;
10811  
10812  	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10813  		memcpy(&connect.vht_capa_mask,
10814  		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10815  		       sizeof(connect.vht_capa_mask));
10816  
10817  	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10818  		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10819  			kfree_sensitive(connkeys);
10820  			return -EINVAL;
10821  		}
10822  		memcpy(&connect.vht_capa,
10823  		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10824  		       sizeof(connect.vht_capa));
10825  	}
10826  
10827  	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10828  		if (!((rdev->wiphy.features &
10829  			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10830  		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10831  		    !wiphy_ext_feature_isset(&rdev->wiphy,
10832  					     NL80211_EXT_FEATURE_RRM)) {
10833  			kfree_sensitive(connkeys);
10834  			return -EINVAL;
10835  		}
10836  		connect.flags |= ASSOC_REQ_USE_RRM;
10837  	}
10838  
10839  	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10840  	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10841  		kfree_sensitive(connkeys);
10842  		return -EOPNOTSUPP;
10843  	}
10844  
10845  	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10846  		/* bss selection makes no sense if bssid is set */
10847  		if (connect.bssid) {
10848  			kfree_sensitive(connkeys);
10849  			return -EINVAL;
10850  		}
10851  
10852  		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10853  				       wiphy, &connect.bss_select);
10854  		if (err) {
10855  			kfree_sensitive(connkeys);
10856  			return err;
10857  		}
10858  	}
10859  
10860  	if (wiphy_ext_feature_isset(&rdev->wiphy,
10861  				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10862  	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10863  	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10864  	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10865  	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10866  		connect.fils_erp_username =
10867  			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10868  		connect.fils_erp_username_len =
10869  			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10870  		connect.fils_erp_realm =
10871  			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10872  		connect.fils_erp_realm_len =
10873  			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10874  		connect.fils_erp_next_seq_num =
10875  			nla_get_u16(
10876  			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10877  		connect.fils_erp_rrk =
10878  			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10879  		connect.fils_erp_rrk_len =
10880  			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10881  	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10882  		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10883  		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10884  		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10885  		kfree_sensitive(connkeys);
10886  		return -EINVAL;
10887  	}
10888  
10889  	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10890  		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10891  			kfree_sensitive(connkeys);
10892  			GENL_SET_ERR_MSG(info,
10893  					 "external auth requires connection ownership");
10894  			return -EINVAL;
10895  		}
10896  		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10897  	}
10898  
10899  	wdev_lock(dev->ieee80211_ptr);
10900  
10901  	err = cfg80211_connect(rdev, dev, &connect, connkeys,
10902  			       connect.prev_bssid);
10903  	if (err)
10904  		kfree_sensitive(connkeys);
10905  
10906  	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10907  		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10908  		if (connect.bssid)
10909  			memcpy(dev->ieee80211_ptr->disconnect_bssid,
10910  			       connect.bssid, ETH_ALEN);
10911  		else
10912  			eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
10913  	}
10914  
10915  	wdev_unlock(dev->ieee80211_ptr);
10916  
10917  	return err;
10918  }
10919  
10920  static int nl80211_update_connect_params(struct sk_buff *skb,
10921  					 struct genl_info *info)
10922  {
10923  	struct cfg80211_connect_params connect = {};
10924  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10925  	struct net_device *dev = info->user_ptr[1];
10926  	struct wireless_dev *wdev = dev->ieee80211_ptr;
10927  	bool fils_sk_offload;
10928  	u32 auth_type;
10929  	u32 changed = 0;
10930  	int ret;
10931  
10932  	if (!rdev->ops->update_connect_params)
10933  		return -EOPNOTSUPP;
10934  
10935  	if (info->attrs[NL80211_ATTR_IE]) {
10936  		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10937  		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10938  		changed |= UPDATE_ASSOC_IES;
10939  	}
10940  
10941  	fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10942  						  NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10943  
10944  	/*
10945  	 * when driver supports fils-sk offload all attributes must be
10946  	 * provided. So the else covers "fils-sk-not-all" and
10947  	 * "no-fils-sk-any".
10948  	 */
10949  	if (fils_sk_offload &&
10950  	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10951  	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10952  	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10953  	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10954  		connect.fils_erp_username =
10955  			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10956  		connect.fils_erp_username_len =
10957  			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10958  		connect.fils_erp_realm =
10959  			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10960  		connect.fils_erp_realm_len =
10961  			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10962  		connect.fils_erp_next_seq_num =
10963  			nla_get_u16(
10964  			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10965  		connect.fils_erp_rrk =
10966  			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10967  		connect.fils_erp_rrk_len =
10968  			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10969  		changed |= UPDATE_FILS_ERP_INFO;
10970  	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10971  		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10972  		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10973  		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10974  		return -EINVAL;
10975  	}
10976  
10977  	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10978  		auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10979  		if (!nl80211_valid_auth_type(rdev, auth_type,
10980  					     NL80211_CMD_CONNECT))
10981  			return -EINVAL;
10982  
10983  		if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
10984  		    fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
10985  			return -EINVAL;
10986  
10987  		connect.auth_type = auth_type;
10988  		changed |= UPDATE_AUTH_TYPE;
10989  	}
10990  
10991  	wdev_lock(dev->ieee80211_ptr);
10992  	if (!wdev->current_bss)
10993  		ret = -ENOLINK;
10994  	else
10995  		ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10996  	wdev_unlock(dev->ieee80211_ptr);
10997  
10998  	return ret;
10999  }
11000  
11001  static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
11002  {
11003  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11004  	struct net_device *dev = info->user_ptr[1];
11005  	u16 reason;
11006  	int ret;
11007  
11008  	if (dev->ieee80211_ptr->conn_owner_nlportid &&
11009  	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
11010  		return -EPERM;
11011  
11012  	if (!info->attrs[NL80211_ATTR_REASON_CODE])
11013  		reason = WLAN_REASON_DEAUTH_LEAVING;
11014  	else
11015  		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
11016  
11017  	if (reason == 0)
11018  		return -EINVAL;
11019  
11020  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11021  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11022  		return -EOPNOTSUPP;
11023  
11024  	wdev_lock(dev->ieee80211_ptr);
11025  	ret = cfg80211_disconnect(rdev, dev, reason, true);
11026  	wdev_unlock(dev->ieee80211_ptr);
11027  	return ret;
11028  }
11029  
11030  static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
11031  {
11032  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11033  	struct net *net;
11034  	int err;
11035  
11036  	if (info->attrs[NL80211_ATTR_PID]) {
11037  		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
11038  
11039  		net = get_net_ns_by_pid(pid);
11040  	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
11041  		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
11042  
11043  		net = get_net_ns_by_fd(fd);
11044  	} else {
11045  		return -EINVAL;
11046  	}
11047  
11048  	if (IS_ERR(net))
11049  		return PTR_ERR(net);
11050  
11051  	err = 0;
11052  
11053  	/* check if anything to do */
11054  	if (!net_eq(wiphy_net(&rdev->wiphy), net))
11055  		err = cfg80211_switch_netns(rdev, net);
11056  
11057  	put_net(net);
11058  	return err;
11059  }
11060  
11061  static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
11062  {
11063  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11064  	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
11065  			struct cfg80211_pmksa *pmksa) = NULL;
11066  	struct net_device *dev = info->user_ptr[1];
11067  	struct cfg80211_pmksa pmksa;
11068  
11069  	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
11070  
11071  	if (!info->attrs[NL80211_ATTR_PMKID])
11072  		return -EINVAL;
11073  
11074  	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
11075  
11076  	if (info->attrs[NL80211_ATTR_MAC]) {
11077  		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
11078  	} else if (info->attrs[NL80211_ATTR_SSID] &&
11079  		   info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
11080  		   (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
11081  		    info->attrs[NL80211_ATTR_PMK])) {
11082  		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
11083  		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
11084  		pmksa.cache_id =
11085  			nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
11086  	} else {
11087  		return -EINVAL;
11088  	}
11089  	if (info->attrs[NL80211_ATTR_PMK]) {
11090  		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
11091  		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
11092  	}
11093  
11094  	if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
11095  		pmksa.pmk_lifetime =
11096  			nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
11097  
11098  	if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
11099  		pmksa.pmk_reauth_threshold =
11100  			nla_get_u8(
11101  				info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
11102  
11103  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11104  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
11105  	    !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
11106  	      wiphy_ext_feature_isset(&rdev->wiphy,
11107  				      NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
11108  		return -EOPNOTSUPP;
11109  
11110  	switch (info->genlhdr->cmd) {
11111  	case NL80211_CMD_SET_PMKSA:
11112  		rdev_ops = rdev->ops->set_pmksa;
11113  		break;
11114  	case NL80211_CMD_DEL_PMKSA:
11115  		rdev_ops = rdev->ops->del_pmksa;
11116  		break;
11117  	default:
11118  		WARN_ON(1);
11119  		break;
11120  	}
11121  
11122  	if (!rdev_ops)
11123  		return -EOPNOTSUPP;
11124  
11125  	return rdev_ops(&rdev->wiphy, dev, &pmksa);
11126  }
11127  
11128  static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
11129  {
11130  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11131  	struct net_device *dev = info->user_ptr[1];
11132  
11133  	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
11134  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
11135  		return -EOPNOTSUPP;
11136  
11137  	if (!rdev->ops->flush_pmksa)
11138  		return -EOPNOTSUPP;
11139  
11140  	return rdev_flush_pmksa(rdev, dev);
11141  }
11142  
11143  static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
11144  {
11145  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11146  	struct net_device *dev = info->user_ptr[1];
11147  	u8 action_code, dialog_token;
11148  	u32 peer_capability = 0;
11149  	u16 status_code;
11150  	u8 *peer;
11151  	bool initiator;
11152  
11153  	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
11154  	    !rdev->ops->tdls_mgmt)
11155  		return -EOPNOTSUPP;
11156  
11157  	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
11158  	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
11159  	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
11160  	    !info->attrs[NL80211_ATTR_IE] ||
11161  	    !info->attrs[NL80211_ATTR_MAC])
11162  		return -EINVAL;
11163  
11164  	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
11165  	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
11166  	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
11167  	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
11168  	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
11169  	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
11170  		peer_capability =
11171  			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
11172  
11173  	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
11174  			      dialog_token, status_code, peer_capability,
11175  			      initiator,
11176  			      nla_data(info->attrs[NL80211_ATTR_IE]),
11177  			      nla_len(info->attrs[NL80211_ATTR_IE]));
11178  }
11179  
11180  static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
11181  {
11182  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11183  	struct net_device *dev = info->user_ptr[1];
11184  	enum nl80211_tdls_operation operation;
11185  	u8 *peer;
11186  
11187  	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
11188  	    !rdev->ops->tdls_oper)
11189  		return -EOPNOTSUPP;
11190  
11191  	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
11192  	    !info->attrs[NL80211_ATTR_MAC])
11193  		return -EINVAL;
11194  
11195  	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
11196  	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
11197  
11198  	return rdev_tdls_oper(rdev, dev, peer, operation);
11199  }
11200  
11201  static int nl80211_remain_on_channel(struct sk_buff *skb,
11202  				     struct genl_info *info)
11203  {
11204  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11205  	struct wireless_dev *wdev = info->user_ptr[1];
11206  	struct cfg80211_chan_def chandef;
11207  	const struct cfg80211_chan_def *compat_chandef;
11208  	struct sk_buff *msg;
11209  	void *hdr;
11210  	u64 cookie;
11211  	u32 duration;
11212  	int err;
11213  
11214  	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
11215  	    !info->attrs[NL80211_ATTR_DURATION])
11216  		return -EINVAL;
11217  
11218  	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11219  
11220  	if (!rdev->ops->remain_on_channel ||
11221  	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
11222  		return -EOPNOTSUPP;
11223  
11224  	/*
11225  	 * We should be on that channel for at least a minimum amount of
11226  	 * time (10ms) but no longer than the driver supports.
11227  	 */
11228  	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11229  	    duration > rdev->wiphy.max_remain_on_channel_duration)
11230  		return -EINVAL;
11231  
11232  	err = nl80211_parse_chandef(rdev, info, &chandef);
11233  	if (err)
11234  		return err;
11235  
11236  	wdev_lock(wdev);
11237  	if (!cfg80211_off_channel_oper_allowed(wdev) &&
11238  	    !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
11239  		compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
11240  							     &chandef);
11241  		if (compat_chandef != &chandef) {
11242  			wdev_unlock(wdev);
11243  			return -EBUSY;
11244  		}
11245  	}
11246  	wdev_unlock(wdev);
11247  
11248  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11249  	if (!msg)
11250  		return -ENOMEM;
11251  
11252  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11253  			     NL80211_CMD_REMAIN_ON_CHANNEL);
11254  	if (!hdr) {
11255  		err = -ENOBUFS;
11256  		goto free_msg;
11257  	}
11258  
11259  	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
11260  				     duration, &cookie);
11261  
11262  	if (err)
11263  		goto free_msg;
11264  
11265  	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11266  			      NL80211_ATTR_PAD))
11267  		goto nla_put_failure;
11268  
11269  	genlmsg_end(msg, hdr);
11270  
11271  	return genlmsg_reply(msg, info);
11272  
11273   nla_put_failure:
11274  	err = -ENOBUFS;
11275   free_msg:
11276  	nlmsg_free(msg);
11277  	return err;
11278  }
11279  
11280  static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
11281  					    struct genl_info *info)
11282  {
11283  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11284  	struct wireless_dev *wdev = info->user_ptr[1];
11285  	u64 cookie;
11286  
11287  	if (!info->attrs[NL80211_ATTR_COOKIE])
11288  		return -EINVAL;
11289  
11290  	if (!rdev->ops->cancel_remain_on_channel)
11291  		return -EOPNOTSUPP;
11292  
11293  	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11294  
11295  	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
11296  }
11297  
11298  static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
11299  				       struct genl_info *info)
11300  {
11301  	struct cfg80211_bitrate_mask mask;
11302  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11303  	struct net_device *dev = info->user_ptr[1];
11304  	int err;
11305  
11306  	if (!rdev->ops->set_bitrate_mask)
11307  		return -EOPNOTSUPP;
11308  
11309  	err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11310  					    NL80211_ATTR_TX_RATES, &mask,
11311  					    dev, true);
11312  	if (err)
11313  		return err;
11314  
11315  	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
11316  }
11317  
11318  static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
11319  {
11320  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11321  	struct wireless_dev *wdev = info->user_ptr[1];
11322  	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
11323  
11324  	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
11325  		return -EINVAL;
11326  
11327  	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
11328  		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
11329  
11330  	switch (wdev->iftype) {
11331  	case NL80211_IFTYPE_STATION:
11332  	case NL80211_IFTYPE_ADHOC:
11333  	case NL80211_IFTYPE_P2P_CLIENT:
11334  	case NL80211_IFTYPE_AP:
11335  	case NL80211_IFTYPE_AP_VLAN:
11336  	case NL80211_IFTYPE_MESH_POINT:
11337  	case NL80211_IFTYPE_P2P_GO:
11338  	case NL80211_IFTYPE_P2P_DEVICE:
11339  		break;
11340  	case NL80211_IFTYPE_NAN:
11341  	default:
11342  		return -EOPNOTSUPP;
11343  	}
11344  
11345  	/* not much point in registering if we can't reply */
11346  	if (!rdev->ops->mgmt_tx)
11347  		return -EOPNOTSUPP;
11348  
11349  	if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
11350  	    !wiphy_ext_feature_isset(&rdev->wiphy,
11351  				     NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
11352  		GENL_SET_ERR_MSG(info,
11353  				 "multicast RX registrations are not supported");
11354  		return -EOPNOTSUPP;
11355  	}
11356  
11357  	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
11358  					   nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11359  					   nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
11360  					   info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
11361  					   info->extack);
11362  }
11363  
11364  static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
11365  {
11366  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11367  	struct wireless_dev *wdev = info->user_ptr[1];
11368  	struct cfg80211_chan_def chandef;
11369  	int err;
11370  	void *hdr = NULL;
11371  	u64 cookie;
11372  	struct sk_buff *msg = NULL;
11373  	struct cfg80211_mgmt_tx_params params = {
11374  		.dont_wait_for_ack =
11375  			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
11376  	};
11377  
11378  	if (!info->attrs[NL80211_ATTR_FRAME])
11379  		return -EINVAL;
11380  
11381  	if (!rdev->ops->mgmt_tx)
11382  		return -EOPNOTSUPP;
11383  
11384  	switch (wdev->iftype) {
11385  	case NL80211_IFTYPE_P2P_DEVICE:
11386  		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
11387  			return -EINVAL;
11388  		break;
11389  	case NL80211_IFTYPE_STATION:
11390  	case NL80211_IFTYPE_ADHOC:
11391  	case NL80211_IFTYPE_P2P_CLIENT:
11392  	case NL80211_IFTYPE_AP:
11393  	case NL80211_IFTYPE_AP_VLAN:
11394  	case NL80211_IFTYPE_MESH_POINT:
11395  	case NL80211_IFTYPE_P2P_GO:
11396  		break;
11397  	case NL80211_IFTYPE_NAN:
11398  	default:
11399  		return -EOPNOTSUPP;
11400  	}
11401  
11402  	if (info->attrs[NL80211_ATTR_DURATION]) {
11403  		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11404  			return -EINVAL;
11405  		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
11406  
11407  		/*
11408  		 * We should wait on the channel for at least a minimum amount
11409  		 * of time (10ms) but no longer than the driver supports.
11410  		 */
11411  		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
11412  		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
11413  			return -EINVAL;
11414  	}
11415  
11416  	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
11417  
11418  	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
11419  		return -EINVAL;
11420  
11421  	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
11422  
11423  	/* get the channel if any has been specified, otherwise pass NULL to
11424  	 * the driver. The latter will use the current one
11425  	 */
11426  	chandef.chan = NULL;
11427  	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11428  		err = nl80211_parse_chandef(rdev, info, &chandef);
11429  		if (err)
11430  			return err;
11431  	}
11432  
11433  	if (!chandef.chan && params.offchan)
11434  		return -EINVAL;
11435  
11436  	wdev_lock(wdev);
11437  	if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
11438  		wdev_unlock(wdev);
11439  		return -EBUSY;
11440  	}
11441  	wdev_unlock(wdev);
11442  
11443  	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
11444  	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
11445  
11446  	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
11447  		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11448  		int i;
11449  
11450  		if (len % sizeof(u16))
11451  			return -EINVAL;
11452  
11453  		params.n_csa_offsets = len / sizeof(u16);
11454  		params.csa_offsets =
11455  			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
11456  
11457  		/* check that all the offsets fit the frame */
11458  		for (i = 0; i < params.n_csa_offsets; i++) {
11459  			if (params.csa_offsets[i] >= params.len)
11460  				return -EINVAL;
11461  		}
11462  	}
11463  
11464  	if (!params.dont_wait_for_ack) {
11465  		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11466  		if (!msg)
11467  			return -ENOMEM;
11468  
11469  		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11470  				     NL80211_CMD_FRAME);
11471  		if (!hdr) {
11472  			err = -ENOBUFS;
11473  			goto free_msg;
11474  		}
11475  	}
11476  
11477  	params.chan = chandef.chan;
11478  	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
11479  	if (err)
11480  		goto free_msg;
11481  
11482  	if (msg) {
11483  		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11484  				      NL80211_ATTR_PAD))
11485  			goto nla_put_failure;
11486  
11487  		genlmsg_end(msg, hdr);
11488  		return genlmsg_reply(msg, info);
11489  	}
11490  
11491  	return 0;
11492  
11493   nla_put_failure:
11494  	err = -ENOBUFS;
11495   free_msg:
11496  	nlmsg_free(msg);
11497  	return err;
11498  }
11499  
11500  static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
11501  {
11502  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11503  	struct wireless_dev *wdev = info->user_ptr[1];
11504  	u64 cookie;
11505  
11506  	if (!info->attrs[NL80211_ATTR_COOKIE])
11507  		return -EINVAL;
11508  
11509  	if (!rdev->ops->mgmt_tx_cancel_wait)
11510  		return -EOPNOTSUPP;
11511  
11512  	switch (wdev->iftype) {
11513  	case NL80211_IFTYPE_STATION:
11514  	case NL80211_IFTYPE_ADHOC:
11515  	case NL80211_IFTYPE_P2P_CLIENT:
11516  	case NL80211_IFTYPE_AP:
11517  	case NL80211_IFTYPE_AP_VLAN:
11518  	case NL80211_IFTYPE_P2P_GO:
11519  	case NL80211_IFTYPE_P2P_DEVICE:
11520  		break;
11521  	case NL80211_IFTYPE_NAN:
11522  	default:
11523  		return -EOPNOTSUPP;
11524  	}
11525  
11526  	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
11527  
11528  	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
11529  }
11530  
11531  static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
11532  {
11533  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11534  	struct wireless_dev *wdev;
11535  	struct net_device *dev = info->user_ptr[1];
11536  	u8 ps_state;
11537  	bool state;
11538  	int err;
11539  
11540  	if (!info->attrs[NL80211_ATTR_PS_STATE])
11541  		return -EINVAL;
11542  
11543  	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
11544  
11545  	wdev = dev->ieee80211_ptr;
11546  
11547  	if (!rdev->ops->set_power_mgmt)
11548  		return -EOPNOTSUPP;
11549  
11550  	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
11551  
11552  	if (state == wdev->ps)
11553  		return 0;
11554  
11555  	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
11556  	if (!err)
11557  		wdev->ps = state;
11558  	return err;
11559  }
11560  
11561  static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
11562  {
11563  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11564  	enum nl80211_ps_state ps_state;
11565  	struct wireless_dev *wdev;
11566  	struct net_device *dev = info->user_ptr[1];
11567  	struct sk_buff *msg;
11568  	void *hdr;
11569  	int err;
11570  
11571  	wdev = dev->ieee80211_ptr;
11572  
11573  	if (!rdev->ops->set_power_mgmt)
11574  		return -EOPNOTSUPP;
11575  
11576  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11577  	if (!msg)
11578  		return -ENOMEM;
11579  
11580  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11581  			     NL80211_CMD_GET_POWER_SAVE);
11582  	if (!hdr) {
11583  		err = -ENOBUFS;
11584  		goto free_msg;
11585  	}
11586  
11587  	if (wdev->ps)
11588  		ps_state = NL80211_PS_ENABLED;
11589  	else
11590  		ps_state = NL80211_PS_DISABLED;
11591  
11592  	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
11593  		goto nla_put_failure;
11594  
11595  	genlmsg_end(msg, hdr);
11596  	return genlmsg_reply(msg, info);
11597  
11598   nla_put_failure:
11599  	err = -ENOBUFS;
11600   free_msg:
11601  	nlmsg_free(msg);
11602  	return err;
11603  }
11604  
11605  static const struct nla_policy
11606  nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
11607  	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
11608  	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
11609  	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
11610  	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
11611  	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
11612  	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
11613  	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
11614  };
11615  
11616  static int nl80211_set_cqm_txe(struct genl_info *info,
11617  			       u32 rate, u32 pkts, u32 intvl)
11618  {
11619  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11620  	struct net_device *dev = info->user_ptr[1];
11621  	struct wireless_dev *wdev = dev->ieee80211_ptr;
11622  
11623  	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
11624  		return -EINVAL;
11625  
11626  	if (!rdev->ops->set_cqm_txe_config)
11627  		return -EOPNOTSUPP;
11628  
11629  	if (wdev->iftype != NL80211_IFTYPE_STATION &&
11630  	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11631  		return -EOPNOTSUPP;
11632  
11633  	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
11634  }
11635  
11636  static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
11637  				    struct net_device *dev)
11638  {
11639  	struct wireless_dev *wdev = dev->ieee80211_ptr;
11640  	s32 last, low, high;
11641  	u32 hyst;
11642  	int i, n, low_index;
11643  	int err;
11644  
11645  	/* RSSI reporting disabled? */
11646  	if (!wdev->cqm_config)
11647  		return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
11648  
11649  	/*
11650  	 * Obtain current RSSI value if possible, if not and no RSSI threshold
11651  	 * event has been received yet, we should receive an event after a
11652  	 * connection is established and enough beacons received to calculate
11653  	 * the average.
11654  	 */
11655  	if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
11656  	    rdev->ops->get_station) {
11657  		struct station_info sinfo = {};
11658  		u8 *mac_addr;
11659  
11660  		mac_addr = wdev->current_bss->pub.bssid;
11661  
11662  		err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
11663  		if (err)
11664  			return err;
11665  
11666  		cfg80211_sinfo_release_content(&sinfo);
11667  		if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
11668  			wdev->cqm_config->last_rssi_event_value =
11669  				(s8) sinfo.rx_beacon_signal_avg;
11670  	}
11671  
11672  	last = wdev->cqm_config->last_rssi_event_value;
11673  	hyst = wdev->cqm_config->rssi_hyst;
11674  	n = wdev->cqm_config->n_rssi_thresholds;
11675  
11676  	for (i = 0; i < n; i++) {
11677  		i = array_index_nospec(i, n);
11678  		if (last < wdev->cqm_config->rssi_thresholds[i])
11679  			break;
11680  	}
11681  
11682  	low_index = i - 1;
11683  	if (low_index >= 0) {
11684  		low_index = array_index_nospec(low_index, n);
11685  		low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
11686  	} else {
11687  		low = S32_MIN;
11688  	}
11689  	if (i < n) {
11690  		i = array_index_nospec(i, n);
11691  		high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
11692  	} else {
11693  		high = S32_MAX;
11694  	}
11695  
11696  	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
11697  }
11698  
11699  static int nl80211_set_cqm_rssi(struct genl_info *info,
11700  				const s32 *thresholds, int n_thresholds,
11701  				u32 hysteresis)
11702  {
11703  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11704  	struct net_device *dev = info->user_ptr[1];
11705  	struct wireless_dev *wdev = dev->ieee80211_ptr;
11706  	int i, err;
11707  	s32 prev = S32_MIN;
11708  
11709  	/* Check all values negative and sorted */
11710  	for (i = 0; i < n_thresholds; i++) {
11711  		if (thresholds[i] > 0 || thresholds[i] <= prev)
11712  			return -EINVAL;
11713  
11714  		prev = thresholds[i];
11715  	}
11716  
11717  	if (wdev->iftype != NL80211_IFTYPE_STATION &&
11718  	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
11719  		return -EOPNOTSUPP;
11720  
11721  	wdev_lock(wdev);
11722  	cfg80211_cqm_config_free(wdev);
11723  	wdev_unlock(wdev);
11724  
11725  	if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
11726  		if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
11727  			return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
11728  
11729  		return rdev_set_cqm_rssi_config(rdev, dev,
11730  						thresholds[0], hysteresis);
11731  	}
11732  
11733  	if (!wiphy_ext_feature_isset(&rdev->wiphy,
11734  				     NL80211_EXT_FEATURE_CQM_RSSI_LIST))
11735  		return -EOPNOTSUPP;
11736  
11737  	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
11738  		n_thresholds = 0;
11739  
11740  	wdev_lock(wdev);
11741  	if (n_thresholds) {
11742  		struct cfg80211_cqm_config *cqm_config;
11743  
11744  		cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
11745  				     n_thresholds * sizeof(s32), GFP_KERNEL);
11746  		if (!cqm_config) {
11747  			err = -ENOMEM;
11748  			goto unlock;
11749  		}
11750  
11751  		cqm_config->rssi_hyst = hysteresis;
11752  		cqm_config->n_rssi_thresholds = n_thresholds;
11753  		memcpy(cqm_config->rssi_thresholds, thresholds,
11754  		       n_thresholds * sizeof(s32));
11755  
11756  		wdev->cqm_config = cqm_config;
11757  	}
11758  
11759  	err = cfg80211_cqm_rssi_update(rdev, dev);
11760  
11761  unlock:
11762  	wdev_unlock(wdev);
11763  
11764  	return err;
11765  }
11766  
11767  static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
11768  {
11769  	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
11770  	struct nlattr *cqm;
11771  	int err;
11772  
11773  	cqm = info->attrs[NL80211_ATTR_CQM];
11774  	if (!cqm)
11775  		return -EINVAL;
11776  
11777  	err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
11778  					  nl80211_attr_cqm_policy,
11779  					  info->extack);
11780  	if (err)
11781  		return err;
11782  
11783  	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
11784  	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
11785  		const s32 *thresholds =
11786  			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11787  		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
11788  		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
11789  
11790  		if (len % 4)
11791  			return -EINVAL;
11792  
11793  		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
11794  					    hysteresis);
11795  	}
11796  
11797  	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
11798  	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
11799  	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
11800  		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
11801  		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
11802  		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
11803  
11804  		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
11805  	}
11806  
11807  	return -EINVAL;
11808  }
11809  
11810  static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
11811  {
11812  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11813  	struct net_device *dev = info->user_ptr[1];
11814  	struct ocb_setup setup = {};
11815  	int err;
11816  
11817  	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11818  	if (err)
11819  		return err;
11820  
11821  	return cfg80211_join_ocb(rdev, dev, &setup);
11822  }
11823  
11824  static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11825  {
11826  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11827  	struct net_device *dev = info->user_ptr[1];
11828  
11829  	return cfg80211_leave_ocb(rdev, dev);
11830  }
11831  
11832  static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11833  {
11834  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11835  	struct net_device *dev = info->user_ptr[1];
11836  	struct mesh_config cfg;
11837  	struct mesh_setup setup;
11838  	int err;
11839  
11840  	/* start with default */
11841  	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11842  	memcpy(&setup, &default_mesh_setup, sizeof(setup));
11843  
11844  	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11845  		/* and parse parameters if given */
11846  		err = nl80211_parse_mesh_config(info, &cfg, NULL);
11847  		if (err)
11848  			return err;
11849  	}
11850  
11851  	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11852  	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11853  		return -EINVAL;
11854  
11855  	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11856  	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11857  
11858  	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11859  	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11860  			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11861  			return -EINVAL;
11862  
11863  	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11864  		setup.beacon_interval =
11865  			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11866  
11867  		err = cfg80211_validate_beacon_int(rdev,
11868  						   NL80211_IFTYPE_MESH_POINT,
11869  						   setup.beacon_interval);
11870  		if (err)
11871  			return err;
11872  	}
11873  
11874  	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11875  		setup.dtim_period =
11876  			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11877  		if (setup.dtim_period < 1 || setup.dtim_period > 100)
11878  			return -EINVAL;
11879  	}
11880  
11881  	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11882  		/* parse additional setup parameters if given */
11883  		err = nl80211_parse_mesh_setup(info, &setup);
11884  		if (err)
11885  			return err;
11886  	}
11887  
11888  	if (setup.user_mpm)
11889  		cfg.auto_open_plinks = false;
11890  
11891  	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11892  		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11893  		if (err)
11894  			return err;
11895  	} else {
11896  		/* __cfg80211_join_mesh() will sort it out */
11897  		setup.chandef.chan = NULL;
11898  	}
11899  
11900  	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11901  		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11902  		int n_rates =
11903  			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11904  		struct ieee80211_supported_band *sband;
11905  
11906  		if (!setup.chandef.chan)
11907  			return -EINVAL;
11908  
11909  		sband = rdev->wiphy.bands[setup.chandef.chan->band];
11910  
11911  		err = ieee80211_get_ratemask(sband, rates, n_rates,
11912  					     &setup.basic_rates);
11913  		if (err)
11914  			return err;
11915  	}
11916  
11917  	if (info->attrs[NL80211_ATTR_TX_RATES]) {
11918  		err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
11919  						    NL80211_ATTR_TX_RATES,
11920  						    &setup.beacon_rate,
11921  						    dev, false);
11922  		if (err)
11923  			return err;
11924  
11925  		if (!setup.chandef.chan)
11926  			return -EINVAL;
11927  
11928  		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11929  					      &setup.beacon_rate);
11930  		if (err)
11931  			return err;
11932  	}
11933  
11934  	setup.userspace_handles_dfs =
11935  		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11936  
11937  	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11938  		int r = validate_pae_over_nl80211(rdev, info);
11939  
11940  		if (r < 0)
11941  			return r;
11942  
11943  		setup.control_port_over_nl80211 = true;
11944  	}
11945  
11946  	wdev_lock(dev->ieee80211_ptr);
11947  	err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11948  	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11949  		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11950  	wdev_unlock(dev->ieee80211_ptr);
11951  
11952  	return err;
11953  }
11954  
11955  static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11956  {
11957  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11958  	struct net_device *dev = info->user_ptr[1];
11959  
11960  	return cfg80211_leave_mesh(rdev, dev);
11961  }
11962  
11963  #ifdef CONFIG_PM
11964  static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11965  					struct cfg80211_registered_device *rdev)
11966  {
11967  	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11968  	struct nlattr *nl_pats, *nl_pat;
11969  	int i, pat_len;
11970  
11971  	if (!wowlan->n_patterns)
11972  		return 0;
11973  
11974  	nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
11975  	if (!nl_pats)
11976  		return -ENOBUFS;
11977  
11978  	for (i = 0; i < wowlan->n_patterns; i++) {
11979  		nl_pat = nla_nest_start_noflag(msg, i + 1);
11980  		if (!nl_pat)
11981  			return -ENOBUFS;
11982  		pat_len = wowlan->patterns[i].pattern_len;
11983  		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
11984  			    wowlan->patterns[i].mask) ||
11985  		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11986  			    wowlan->patterns[i].pattern) ||
11987  		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11988  				wowlan->patterns[i].pkt_offset))
11989  			return -ENOBUFS;
11990  		nla_nest_end(msg, nl_pat);
11991  	}
11992  	nla_nest_end(msg, nl_pats);
11993  
11994  	return 0;
11995  }
11996  
11997  static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
11998  				   struct cfg80211_wowlan_tcp *tcp)
11999  {
12000  	struct nlattr *nl_tcp;
12001  
12002  	if (!tcp)
12003  		return 0;
12004  
12005  	nl_tcp = nla_nest_start_noflag(msg,
12006  				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
12007  	if (!nl_tcp)
12008  		return -ENOBUFS;
12009  
12010  	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
12011  	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
12012  	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
12013  	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
12014  	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
12015  	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
12016  		    tcp->payload_len, tcp->payload) ||
12017  	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
12018  			tcp->data_interval) ||
12019  	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
12020  		    tcp->wake_len, tcp->wake_data) ||
12021  	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
12022  		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
12023  		return -ENOBUFS;
12024  
12025  	if (tcp->payload_seq.len &&
12026  	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
12027  		    sizeof(tcp->payload_seq), &tcp->payload_seq))
12028  		return -ENOBUFS;
12029  
12030  	if (tcp->payload_tok.len &&
12031  	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
12032  		    sizeof(tcp->payload_tok) + tcp->tokens_size,
12033  		    &tcp->payload_tok))
12034  		return -ENOBUFS;
12035  
12036  	nla_nest_end(msg, nl_tcp);
12037  
12038  	return 0;
12039  }
12040  
12041  static int nl80211_send_wowlan_nd(struct sk_buff *msg,
12042  				  struct cfg80211_sched_scan_request *req)
12043  {
12044  	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
12045  	int i;
12046  
12047  	if (!req)
12048  		return 0;
12049  
12050  	nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
12051  	if (!nd)
12052  		return -ENOBUFS;
12053  
12054  	if (req->n_scan_plans == 1 &&
12055  	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
12056  			req->scan_plans[0].interval * 1000))
12057  		return -ENOBUFS;
12058  
12059  	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
12060  		return -ENOBUFS;
12061  
12062  	if (req->relative_rssi_set) {
12063  		struct nl80211_bss_select_rssi_adjust rssi_adjust;
12064  
12065  		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
12066  			       req->relative_rssi))
12067  			return -ENOBUFS;
12068  
12069  		rssi_adjust.band = req->rssi_adjust.band;
12070  		rssi_adjust.delta = req->rssi_adjust.delta;
12071  		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
12072  			    sizeof(rssi_adjust), &rssi_adjust))
12073  			return -ENOBUFS;
12074  	}
12075  
12076  	freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
12077  	if (!freqs)
12078  		return -ENOBUFS;
12079  
12080  	for (i = 0; i < req->n_channels; i++) {
12081  		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
12082  			return -ENOBUFS;
12083  	}
12084  
12085  	nla_nest_end(msg, freqs);
12086  
12087  	if (req->n_match_sets) {
12088  		matches = nla_nest_start_noflag(msg,
12089  						NL80211_ATTR_SCHED_SCAN_MATCH);
12090  		if (!matches)
12091  			return -ENOBUFS;
12092  
12093  		for (i = 0; i < req->n_match_sets; i++) {
12094  			match = nla_nest_start_noflag(msg, i);
12095  			if (!match)
12096  				return -ENOBUFS;
12097  
12098  			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
12099  				    req->match_sets[i].ssid.ssid_len,
12100  				    req->match_sets[i].ssid.ssid))
12101  				return -ENOBUFS;
12102  			nla_nest_end(msg, match);
12103  		}
12104  		nla_nest_end(msg, matches);
12105  	}
12106  
12107  	scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
12108  	if (!scan_plans)
12109  		return -ENOBUFS;
12110  
12111  	for (i = 0; i < req->n_scan_plans; i++) {
12112  		scan_plan = nla_nest_start_noflag(msg, i + 1);
12113  		if (!scan_plan)
12114  			return -ENOBUFS;
12115  
12116  		if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
12117  				req->scan_plans[i].interval) ||
12118  		    (req->scan_plans[i].iterations &&
12119  		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
12120  				 req->scan_plans[i].iterations)))
12121  			return -ENOBUFS;
12122  		nla_nest_end(msg, scan_plan);
12123  	}
12124  	nla_nest_end(msg, scan_plans);
12125  
12126  	nla_nest_end(msg, nd);
12127  
12128  	return 0;
12129  }
12130  
12131  static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
12132  {
12133  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12134  	struct sk_buff *msg;
12135  	void *hdr;
12136  	u32 size = NLMSG_DEFAULT_SIZE;
12137  
12138  	if (!rdev->wiphy.wowlan)
12139  		return -EOPNOTSUPP;
12140  
12141  	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
12142  		/* adjust size to have room for all the data */
12143  		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
12144  			rdev->wiphy.wowlan_config->tcp->payload_len +
12145  			rdev->wiphy.wowlan_config->tcp->wake_len +
12146  			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
12147  	}
12148  
12149  	msg = nlmsg_new(size, GFP_KERNEL);
12150  	if (!msg)
12151  		return -ENOMEM;
12152  
12153  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12154  			     NL80211_CMD_GET_WOWLAN);
12155  	if (!hdr)
12156  		goto nla_put_failure;
12157  
12158  	if (rdev->wiphy.wowlan_config) {
12159  		struct nlattr *nl_wowlan;
12160  
12161  		nl_wowlan = nla_nest_start_noflag(msg,
12162  						  NL80211_ATTR_WOWLAN_TRIGGERS);
12163  		if (!nl_wowlan)
12164  			goto nla_put_failure;
12165  
12166  		if ((rdev->wiphy.wowlan_config->any &&
12167  		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
12168  		    (rdev->wiphy.wowlan_config->disconnect &&
12169  		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
12170  		    (rdev->wiphy.wowlan_config->magic_pkt &&
12171  		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
12172  		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
12173  		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
12174  		    (rdev->wiphy.wowlan_config->eap_identity_req &&
12175  		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
12176  		    (rdev->wiphy.wowlan_config->four_way_handshake &&
12177  		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
12178  		    (rdev->wiphy.wowlan_config->rfkill_release &&
12179  		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
12180  			goto nla_put_failure;
12181  
12182  		if (nl80211_send_wowlan_patterns(msg, rdev))
12183  			goto nla_put_failure;
12184  
12185  		if (nl80211_send_wowlan_tcp(msg,
12186  					    rdev->wiphy.wowlan_config->tcp))
12187  			goto nla_put_failure;
12188  
12189  		if (nl80211_send_wowlan_nd(
12190  			    msg,
12191  			    rdev->wiphy.wowlan_config->nd_config))
12192  			goto nla_put_failure;
12193  
12194  		nla_nest_end(msg, nl_wowlan);
12195  	}
12196  
12197  	genlmsg_end(msg, hdr);
12198  	return genlmsg_reply(msg, info);
12199  
12200  nla_put_failure:
12201  	nlmsg_free(msg);
12202  	return -ENOBUFS;
12203  }
12204  
12205  static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
12206  				    struct nlattr *attr,
12207  				    struct cfg80211_wowlan *trig)
12208  {
12209  	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
12210  	struct cfg80211_wowlan_tcp *cfg;
12211  	struct nl80211_wowlan_tcp_data_token *tok = NULL;
12212  	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
12213  	u32 size;
12214  	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
12215  	int err, port;
12216  
12217  	if (!rdev->wiphy.wowlan->tcp)
12218  		return -EINVAL;
12219  
12220  	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
12221  					  nl80211_wowlan_tcp_policy, NULL);
12222  	if (err)
12223  		return err;
12224  
12225  	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
12226  	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
12227  	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
12228  	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
12229  	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
12230  	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
12231  	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
12232  	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
12233  		return -EINVAL;
12234  
12235  	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
12236  	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
12237  		return -EINVAL;
12238  
12239  	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
12240  			rdev->wiphy.wowlan->tcp->data_interval_max ||
12241  	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
12242  		return -EINVAL;
12243  
12244  	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
12245  	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
12246  		return -EINVAL;
12247  
12248  	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
12249  	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
12250  		return -EINVAL;
12251  
12252  	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
12253  		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12254  
12255  		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
12256  		tokens_size = tokln - sizeof(*tok);
12257  
12258  		if (!tok->len || tokens_size % tok->len)
12259  			return -EINVAL;
12260  		if (!rdev->wiphy.wowlan->tcp->tok)
12261  			return -EINVAL;
12262  		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
12263  			return -EINVAL;
12264  		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
12265  			return -EINVAL;
12266  		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
12267  			return -EINVAL;
12268  		if (tok->offset + tok->len > data_size)
12269  			return -EINVAL;
12270  	}
12271  
12272  	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
12273  		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
12274  		if (!rdev->wiphy.wowlan->tcp->seq)
12275  			return -EINVAL;
12276  		if (seq->len == 0 || seq->len > 4)
12277  			return -EINVAL;
12278  		if (seq->len + seq->offset > data_size)
12279  			return -EINVAL;
12280  	}
12281  
12282  	size = sizeof(*cfg);
12283  	size += data_size;
12284  	size += wake_size + wake_mask_size;
12285  	size += tokens_size;
12286  
12287  	cfg = kzalloc(size, GFP_KERNEL);
12288  	if (!cfg)
12289  		return -ENOMEM;
12290  	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
12291  	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
12292  	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
12293  	       ETH_ALEN);
12294  	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
12295  		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
12296  	else
12297  		port = 0;
12298  #ifdef CONFIG_INET
12299  	/* allocate a socket and port for it and use it */
12300  	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
12301  			    IPPROTO_TCP, &cfg->sock, 1);
12302  	if (err) {
12303  		kfree(cfg);
12304  		return err;
12305  	}
12306  	if (inet_csk_get_port(cfg->sock->sk, port)) {
12307  		sock_release(cfg->sock);
12308  		kfree(cfg);
12309  		return -EADDRINUSE;
12310  	}
12311  	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
12312  #else
12313  	if (!port) {
12314  		kfree(cfg);
12315  		return -EINVAL;
12316  	}
12317  	cfg->src_port = port;
12318  #endif
12319  
12320  	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
12321  	cfg->payload_len = data_size;
12322  	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
12323  	memcpy((void *)cfg->payload,
12324  	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
12325  	       data_size);
12326  	if (seq)
12327  		cfg->payload_seq = *seq;
12328  	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
12329  	cfg->wake_len = wake_size;
12330  	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
12331  	memcpy((void *)cfg->wake_data,
12332  	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
12333  	       wake_size);
12334  	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
12335  			 data_size + wake_size;
12336  	memcpy((void *)cfg->wake_mask,
12337  	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
12338  	       wake_mask_size);
12339  	if (tok) {
12340  		cfg->tokens_size = tokens_size;
12341  		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
12342  	}
12343  
12344  	trig->tcp = cfg;
12345  
12346  	return 0;
12347  }
12348  
12349  static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
12350  				   const struct wiphy_wowlan_support *wowlan,
12351  				   struct nlattr *attr,
12352  				   struct cfg80211_wowlan *trig)
12353  {
12354  	struct nlattr **tb;
12355  	int err;
12356  
12357  	tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
12358  	if (!tb)
12359  		return -ENOMEM;
12360  
12361  	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
12362  		err = -EOPNOTSUPP;
12363  		goto out;
12364  	}
12365  
12366  	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
12367  					  nl80211_policy, NULL);
12368  	if (err)
12369  		goto out;
12370  
12371  	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
12372  						   wowlan->max_nd_match_sets);
12373  	err = PTR_ERR_OR_ZERO(trig->nd_config);
12374  	if (err)
12375  		trig->nd_config = NULL;
12376  
12377  out:
12378  	kfree(tb);
12379  	return err;
12380  }
12381  
12382  static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
12383  {
12384  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12385  	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
12386  	struct cfg80211_wowlan new_triggers = {};
12387  	struct cfg80211_wowlan *ntrig;
12388  	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
12389  	int err, i;
12390  	bool prev_enabled = rdev->wiphy.wowlan_config;
12391  	bool regular = false;
12392  
12393  	if (!wowlan)
12394  		return -EOPNOTSUPP;
12395  
12396  	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
12397  		cfg80211_rdev_free_wowlan(rdev);
12398  		rdev->wiphy.wowlan_config = NULL;
12399  		goto set_wakeup;
12400  	}
12401  
12402  	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
12403  					  info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
12404  					  nl80211_wowlan_policy, info->extack);
12405  	if (err)
12406  		return err;
12407  
12408  	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
12409  		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
12410  			return -EINVAL;
12411  		new_triggers.any = true;
12412  	}
12413  
12414  	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
12415  		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
12416  			return -EINVAL;
12417  		new_triggers.disconnect = true;
12418  		regular = true;
12419  	}
12420  
12421  	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
12422  		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
12423  			return -EINVAL;
12424  		new_triggers.magic_pkt = true;
12425  		regular = true;
12426  	}
12427  
12428  	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
12429  		return -EINVAL;
12430  
12431  	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
12432  		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
12433  			return -EINVAL;
12434  		new_triggers.gtk_rekey_failure = true;
12435  		regular = true;
12436  	}
12437  
12438  	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
12439  		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
12440  			return -EINVAL;
12441  		new_triggers.eap_identity_req = true;
12442  		regular = true;
12443  	}
12444  
12445  	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
12446  		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
12447  			return -EINVAL;
12448  		new_triggers.four_way_handshake = true;
12449  		regular = true;
12450  	}
12451  
12452  	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
12453  		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
12454  			return -EINVAL;
12455  		new_triggers.rfkill_release = true;
12456  		regular = true;
12457  	}
12458  
12459  	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
12460  		struct nlattr *pat;
12461  		int n_patterns = 0;
12462  		int rem, pat_len, mask_len, pkt_offset;
12463  		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12464  
12465  		regular = true;
12466  
12467  		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12468  				    rem)
12469  			n_patterns++;
12470  		if (n_patterns > wowlan->n_patterns)
12471  			return -EINVAL;
12472  
12473  		new_triggers.patterns = kcalloc(n_patterns,
12474  						sizeof(new_triggers.patterns[0]),
12475  						GFP_KERNEL);
12476  		if (!new_triggers.patterns)
12477  			return -ENOMEM;
12478  
12479  		new_triggers.n_patterns = n_patterns;
12480  		i = 0;
12481  
12482  		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
12483  				    rem) {
12484  			u8 *mask_pat;
12485  
12486  			err = nla_parse_nested_deprecated(pat_tb,
12487  							  MAX_NL80211_PKTPAT,
12488  							  pat,
12489  							  nl80211_packet_pattern_policy,
12490  							  info->extack);
12491  			if (err)
12492  				goto error;
12493  
12494  			err = -EINVAL;
12495  			if (!pat_tb[NL80211_PKTPAT_MASK] ||
12496  			    !pat_tb[NL80211_PKTPAT_PATTERN])
12497  				goto error;
12498  			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12499  			mask_len = DIV_ROUND_UP(pat_len, 8);
12500  			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12501  				goto error;
12502  			if (pat_len > wowlan->pattern_max_len ||
12503  			    pat_len < wowlan->pattern_min_len)
12504  				goto error;
12505  
12506  			if (!pat_tb[NL80211_PKTPAT_OFFSET])
12507  				pkt_offset = 0;
12508  			else
12509  				pkt_offset = nla_get_u32(
12510  					pat_tb[NL80211_PKTPAT_OFFSET]);
12511  			if (pkt_offset > wowlan->max_pkt_offset)
12512  				goto error;
12513  			new_triggers.patterns[i].pkt_offset = pkt_offset;
12514  
12515  			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12516  			if (!mask_pat) {
12517  				err = -ENOMEM;
12518  				goto error;
12519  			}
12520  			new_triggers.patterns[i].mask = mask_pat;
12521  			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12522  			       mask_len);
12523  			mask_pat += mask_len;
12524  			new_triggers.patterns[i].pattern = mask_pat;
12525  			new_triggers.patterns[i].pattern_len = pat_len;
12526  			memcpy(mask_pat,
12527  			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12528  			       pat_len);
12529  			i++;
12530  		}
12531  	}
12532  
12533  	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
12534  		regular = true;
12535  		err = nl80211_parse_wowlan_tcp(
12536  			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
12537  			&new_triggers);
12538  		if (err)
12539  			goto error;
12540  	}
12541  
12542  	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
12543  		regular = true;
12544  		err = nl80211_parse_wowlan_nd(
12545  			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
12546  			&new_triggers);
12547  		if (err)
12548  			goto error;
12549  	}
12550  
12551  	/* The 'any' trigger means the device continues operating more or less
12552  	 * as in its normal operation mode and wakes up the host on most of the
12553  	 * normal interrupts (like packet RX, ...)
12554  	 * It therefore makes little sense to combine with the more constrained
12555  	 * wakeup trigger modes.
12556  	 */
12557  	if (new_triggers.any && regular) {
12558  		err = -EINVAL;
12559  		goto error;
12560  	}
12561  
12562  	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
12563  	if (!ntrig) {
12564  		err = -ENOMEM;
12565  		goto error;
12566  	}
12567  	cfg80211_rdev_free_wowlan(rdev);
12568  	rdev->wiphy.wowlan_config = ntrig;
12569  
12570   set_wakeup:
12571  	if (rdev->ops->set_wakeup &&
12572  	    prev_enabled != !!rdev->wiphy.wowlan_config)
12573  		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
12574  
12575  	return 0;
12576   error:
12577  	for (i = 0; i < new_triggers.n_patterns; i++)
12578  		kfree(new_triggers.patterns[i].mask);
12579  	kfree(new_triggers.patterns);
12580  	if (new_triggers.tcp && new_triggers.tcp->sock)
12581  		sock_release(new_triggers.tcp->sock);
12582  	kfree(new_triggers.tcp);
12583  	kfree(new_triggers.nd_config);
12584  	return err;
12585  }
12586  #endif
12587  
12588  static int nl80211_send_coalesce_rules(struct sk_buff *msg,
12589  				       struct cfg80211_registered_device *rdev)
12590  {
12591  	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
12592  	int i, j, pat_len;
12593  	struct cfg80211_coalesce_rules *rule;
12594  
12595  	if (!rdev->coalesce->n_rules)
12596  		return 0;
12597  
12598  	nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
12599  	if (!nl_rules)
12600  		return -ENOBUFS;
12601  
12602  	for (i = 0; i < rdev->coalesce->n_rules; i++) {
12603  		nl_rule = nla_nest_start_noflag(msg, i + 1);
12604  		if (!nl_rule)
12605  			return -ENOBUFS;
12606  
12607  		rule = &rdev->coalesce->rules[i];
12608  		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
12609  				rule->delay))
12610  			return -ENOBUFS;
12611  
12612  		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
12613  				rule->condition))
12614  			return -ENOBUFS;
12615  
12616  		nl_pats = nla_nest_start_noflag(msg,
12617  						NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
12618  		if (!nl_pats)
12619  			return -ENOBUFS;
12620  
12621  		for (j = 0; j < rule->n_patterns; j++) {
12622  			nl_pat = nla_nest_start_noflag(msg, j + 1);
12623  			if (!nl_pat)
12624  				return -ENOBUFS;
12625  			pat_len = rule->patterns[j].pattern_len;
12626  			if (nla_put(msg, NL80211_PKTPAT_MASK,
12627  				    DIV_ROUND_UP(pat_len, 8),
12628  				    rule->patterns[j].mask) ||
12629  			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
12630  				    rule->patterns[j].pattern) ||
12631  			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
12632  					rule->patterns[j].pkt_offset))
12633  				return -ENOBUFS;
12634  			nla_nest_end(msg, nl_pat);
12635  		}
12636  		nla_nest_end(msg, nl_pats);
12637  		nla_nest_end(msg, nl_rule);
12638  	}
12639  	nla_nest_end(msg, nl_rules);
12640  
12641  	return 0;
12642  }
12643  
12644  static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
12645  {
12646  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12647  	struct sk_buff *msg;
12648  	void *hdr;
12649  
12650  	if (!rdev->wiphy.coalesce)
12651  		return -EOPNOTSUPP;
12652  
12653  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12654  	if (!msg)
12655  		return -ENOMEM;
12656  
12657  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12658  			     NL80211_CMD_GET_COALESCE);
12659  	if (!hdr)
12660  		goto nla_put_failure;
12661  
12662  	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
12663  		goto nla_put_failure;
12664  
12665  	genlmsg_end(msg, hdr);
12666  	return genlmsg_reply(msg, info);
12667  
12668  nla_put_failure:
12669  	nlmsg_free(msg);
12670  	return -ENOBUFS;
12671  }
12672  
12673  void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
12674  {
12675  	struct cfg80211_coalesce *coalesce = rdev->coalesce;
12676  	int i, j;
12677  	struct cfg80211_coalesce_rules *rule;
12678  
12679  	if (!coalesce)
12680  		return;
12681  
12682  	for (i = 0; i < coalesce->n_rules; i++) {
12683  		rule = &coalesce->rules[i];
12684  		for (j = 0; j < rule->n_patterns; j++)
12685  			kfree(rule->patterns[j].mask);
12686  		kfree(rule->patterns);
12687  	}
12688  	kfree(coalesce->rules);
12689  	kfree(coalesce);
12690  	rdev->coalesce = NULL;
12691  }
12692  
12693  static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
12694  				       struct nlattr *rule,
12695  				       struct cfg80211_coalesce_rules *new_rule)
12696  {
12697  	int err, i;
12698  	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12699  	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
12700  	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
12701  	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
12702  
12703  	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
12704  					  rule, nl80211_coalesce_policy, NULL);
12705  	if (err)
12706  		return err;
12707  
12708  	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
12709  		new_rule->delay =
12710  			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
12711  	if (new_rule->delay > coalesce->max_delay)
12712  		return -EINVAL;
12713  
12714  	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
12715  		new_rule->condition =
12716  			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
12717  
12718  	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
12719  		return -EINVAL;
12720  
12721  	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12722  			    rem)
12723  		n_patterns++;
12724  	if (n_patterns > coalesce->n_patterns)
12725  		return -EINVAL;
12726  
12727  	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
12728  				     GFP_KERNEL);
12729  	if (!new_rule->patterns)
12730  		return -ENOMEM;
12731  
12732  	new_rule->n_patterns = n_patterns;
12733  	i = 0;
12734  
12735  	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
12736  			    rem) {
12737  		u8 *mask_pat;
12738  
12739  		err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
12740  						  pat,
12741  						  nl80211_packet_pattern_policy,
12742  						  NULL);
12743  		if (err)
12744  			return err;
12745  
12746  		if (!pat_tb[NL80211_PKTPAT_MASK] ||
12747  		    !pat_tb[NL80211_PKTPAT_PATTERN])
12748  			return -EINVAL;
12749  		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
12750  		mask_len = DIV_ROUND_UP(pat_len, 8);
12751  		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
12752  			return -EINVAL;
12753  		if (pat_len > coalesce->pattern_max_len ||
12754  		    pat_len < coalesce->pattern_min_len)
12755  			return -EINVAL;
12756  
12757  		if (!pat_tb[NL80211_PKTPAT_OFFSET])
12758  			pkt_offset = 0;
12759  		else
12760  			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
12761  		if (pkt_offset > coalesce->max_pkt_offset)
12762  			return -EINVAL;
12763  		new_rule->patterns[i].pkt_offset = pkt_offset;
12764  
12765  		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
12766  		if (!mask_pat)
12767  			return -ENOMEM;
12768  
12769  		new_rule->patterns[i].mask = mask_pat;
12770  		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
12771  		       mask_len);
12772  
12773  		mask_pat += mask_len;
12774  		new_rule->patterns[i].pattern = mask_pat;
12775  		new_rule->patterns[i].pattern_len = pat_len;
12776  		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
12777  		       pat_len);
12778  		i++;
12779  	}
12780  
12781  	return 0;
12782  }
12783  
12784  static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
12785  {
12786  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12787  	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
12788  	struct cfg80211_coalesce new_coalesce = {};
12789  	struct cfg80211_coalesce *n_coalesce;
12790  	int err, rem_rule, n_rules = 0, i, j;
12791  	struct nlattr *rule;
12792  	struct cfg80211_coalesce_rules *tmp_rule;
12793  
12794  	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
12795  		return -EOPNOTSUPP;
12796  
12797  	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
12798  		cfg80211_rdev_free_coalesce(rdev);
12799  		rdev_set_coalesce(rdev, NULL);
12800  		return 0;
12801  	}
12802  
12803  	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12804  			    rem_rule)
12805  		n_rules++;
12806  	if (n_rules > coalesce->n_rules)
12807  		return -EINVAL;
12808  
12809  	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
12810  				     GFP_KERNEL);
12811  	if (!new_coalesce.rules)
12812  		return -ENOMEM;
12813  
12814  	new_coalesce.n_rules = n_rules;
12815  	i = 0;
12816  
12817  	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
12818  			    rem_rule) {
12819  		err = nl80211_parse_coalesce_rule(rdev, rule,
12820  						  &new_coalesce.rules[i]);
12821  		if (err)
12822  			goto error;
12823  
12824  		i++;
12825  	}
12826  
12827  	err = rdev_set_coalesce(rdev, &new_coalesce);
12828  	if (err)
12829  		goto error;
12830  
12831  	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12832  	if (!n_coalesce) {
12833  		err = -ENOMEM;
12834  		goto error;
12835  	}
12836  	cfg80211_rdev_free_coalesce(rdev);
12837  	rdev->coalesce = n_coalesce;
12838  
12839  	return 0;
12840  error:
12841  	for (i = 0; i < new_coalesce.n_rules; i++) {
12842  		tmp_rule = &new_coalesce.rules[i];
12843  		for (j = 0; j < tmp_rule->n_patterns; j++)
12844  			kfree(tmp_rule->patterns[j].mask);
12845  		kfree(tmp_rule->patterns);
12846  	}
12847  	kfree(new_coalesce.rules);
12848  
12849  	return err;
12850  }
12851  
12852  static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12853  {
12854  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12855  	struct net_device *dev = info->user_ptr[1];
12856  	struct wireless_dev *wdev = dev->ieee80211_ptr;
12857  	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12858  	struct cfg80211_gtk_rekey_data rekey_data = {};
12859  	int err;
12860  
12861  	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12862  		return -EINVAL;
12863  
12864  	err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12865  					  info->attrs[NL80211_ATTR_REKEY_DATA],
12866  					  nl80211_rekey_policy, info->extack);
12867  	if (err)
12868  		return err;
12869  
12870  	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12871  	    !tb[NL80211_REKEY_DATA_KCK])
12872  		return -EINVAL;
12873  	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
12874  	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12875  	      nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
12876  		return -ERANGE;
12877  	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
12878  	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
12879  	      nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KCK_EXT_LEN))
12880  		return -ERANGE;
12881  
12882  	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12883  	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12884  	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12885  	rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
12886  	rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
12887  	if (tb[NL80211_REKEY_DATA_AKM])
12888  		rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
12889  
12890  	wdev_lock(wdev);
12891  	if (!wdev->current_bss) {
12892  		err = -ENOTCONN;
12893  		goto out;
12894  	}
12895  
12896  	if (!rdev->ops->set_rekey_data) {
12897  		err = -EOPNOTSUPP;
12898  		goto out;
12899  	}
12900  
12901  	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12902   out:
12903  	wdev_unlock(wdev);
12904  	return err;
12905  }
12906  
12907  static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12908  					     struct genl_info *info)
12909  {
12910  	struct net_device *dev = info->user_ptr[1];
12911  	struct wireless_dev *wdev = dev->ieee80211_ptr;
12912  
12913  	if (wdev->iftype != NL80211_IFTYPE_AP &&
12914  	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
12915  		return -EINVAL;
12916  
12917  	if (wdev->ap_unexpected_nlportid)
12918  		return -EBUSY;
12919  
12920  	wdev->ap_unexpected_nlportid = info->snd_portid;
12921  	return 0;
12922  }
12923  
12924  static int nl80211_probe_client(struct sk_buff *skb,
12925  				struct genl_info *info)
12926  {
12927  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12928  	struct net_device *dev = info->user_ptr[1];
12929  	struct wireless_dev *wdev = dev->ieee80211_ptr;
12930  	struct sk_buff *msg;
12931  	void *hdr;
12932  	const u8 *addr;
12933  	u64 cookie;
12934  	int err;
12935  
12936  	if (wdev->iftype != NL80211_IFTYPE_AP &&
12937  	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
12938  		return -EOPNOTSUPP;
12939  
12940  	if (!info->attrs[NL80211_ATTR_MAC])
12941  		return -EINVAL;
12942  
12943  	if (!rdev->ops->probe_client)
12944  		return -EOPNOTSUPP;
12945  
12946  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12947  	if (!msg)
12948  		return -ENOMEM;
12949  
12950  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12951  			     NL80211_CMD_PROBE_CLIENT);
12952  	if (!hdr) {
12953  		err = -ENOBUFS;
12954  		goto free_msg;
12955  	}
12956  
12957  	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12958  
12959  	err = rdev_probe_client(rdev, dev, addr, &cookie);
12960  	if (err)
12961  		goto free_msg;
12962  
12963  	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12964  			      NL80211_ATTR_PAD))
12965  		goto nla_put_failure;
12966  
12967  	genlmsg_end(msg, hdr);
12968  
12969  	return genlmsg_reply(msg, info);
12970  
12971   nla_put_failure:
12972  	err = -ENOBUFS;
12973   free_msg:
12974  	nlmsg_free(msg);
12975  	return err;
12976  }
12977  
12978  static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
12979  {
12980  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12981  	struct cfg80211_beacon_registration *reg, *nreg;
12982  	int rv;
12983  
12984  	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
12985  		return -EOPNOTSUPP;
12986  
12987  	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
12988  	if (!nreg)
12989  		return -ENOMEM;
12990  
12991  	/* First, check if already registered. */
12992  	spin_lock_bh(&rdev->beacon_registrations_lock);
12993  	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12994  		if (reg->nlportid == info->snd_portid) {
12995  			rv = -EALREADY;
12996  			goto out_err;
12997  		}
12998  	}
12999  	/* Add it to the list */
13000  	nreg->nlportid = info->snd_portid;
13001  	list_add(&nreg->list, &rdev->beacon_registrations);
13002  
13003  	spin_unlock_bh(&rdev->beacon_registrations_lock);
13004  
13005  	return 0;
13006  out_err:
13007  	spin_unlock_bh(&rdev->beacon_registrations_lock);
13008  	kfree(nreg);
13009  	return rv;
13010  }
13011  
13012  static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
13013  {
13014  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13015  	struct wireless_dev *wdev = info->user_ptr[1];
13016  	int err;
13017  
13018  	if (!rdev->ops->start_p2p_device)
13019  		return -EOPNOTSUPP;
13020  
13021  	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
13022  		return -EOPNOTSUPP;
13023  
13024  	if (wdev_running(wdev))
13025  		return 0;
13026  
13027  	if (rfkill_blocked(rdev->rfkill))
13028  		return -ERFKILL;
13029  
13030  	err = rdev_start_p2p_device(rdev, wdev);
13031  	if (err)
13032  		return err;
13033  
13034  	wdev->is_running = true;
13035  	rdev->opencount++;
13036  
13037  	return 0;
13038  }
13039  
13040  static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
13041  {
13042  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13043  	struct wireless_dev *wdev = info->user_ptr[1];
13044  
13045  	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
13046  		return -EOPNOTSUPP;
13047  
13048  	if (!rdev->ops->stop_p2p_device)
13049  		return -EOPNOTSUPP;
13050  
13051  	cfg80211_stop_p2p_device(rdev, wdev);
13052  
13053  	return 0;
13054  }
13055  
13056  static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
13057  {
13058  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13059  	struct wireless_dev *wdev = info->user_ptr[1];
13060  	struct cfg80211_nan_conf conf = {};
13061  	int err;
13062  
13063  	if (wdev->iftype != NL80211_IFTYPE_NAN)
13064  		return -EOPNOTSUPP;
13065  
13066  	if (wdev_running(wdev))
13067  		return -EEXIST;
13068  
13069  	if (rfkill_blocked(rdev->rfkill))
13070  		return -ERFKILL;
13071  
13072  	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
13073  		return -EINVAL;
13074  
13075  	conf.master_pref =
13076  		nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
13077  
13078  	if (info->attrs[NL80211_ATTR_BANDS]) {
13079  		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
13080  
13081  		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
13082  			return -EOPNOTSUPP;
13083  
13084  		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
13085  			return -EINVAL;
13086  
13087  		conf.bands = bands;
13088  	}
13089  
13090  	err = rdev_start_nan(rdev, wdev, &conf);
13091  	if (err)
13092  		return err;
13093  
13094  	wdev->is_running = true;
13095  	rdev->opencount++;
13096  
13097  	return 0;
13098  }
13099  
13100  static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
13101  {
13102  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13103  	struct wireless_dev *wdev = info->user_ptr[1];
13104  
13105  	if (wdev->iftype != NL80211_IFTYPE_NAN)
13106  		return -EOPNOTSUPP;
13107  
13108  	cfg80211_stop_nan(rdev, wdev);
13109  
13110  	return 0;
13111  }
13112  
13113  static int validate_nan_filter(struct nlattr *filter_attr)
13114  {
13115  	struct nlattr *attr;
13116  	int len = 0, n_entries = 0, rem;
13117  
13118  	nla_for_each_nested(attr, filter_attr, rem) {
13119  		len += nla_len(attr);
13120  		n_entries++;
13121  	}
13122  
13123  	if (len >= U8_MAX)
13124  		return -EINVAL;
13125  
13126  	return n_entries;
13127  }
13128  
13129  static int handle_nan_filter(struct nlattr *attr_filter,
13130  			     struct cfg80211_nan_func *func,
13131  			     bool tx)
13132  {
13133  	struct nlattr *attr;
13134  	int n_entries, rem, i;
13135  	struct cfg80211_nan_func_filter *filter;
13136  
13137  	n_entries = validate_nan_filter(attr_filter);
13138  	if (n_entries < 0)
13139  		return n_entries;
13140  
13141  	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
13142  
13143  	filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
13144  	if (!filter)
13145  		return -ENOMEM;
13146  
13147  	i = 0;
13148  	nla_for_each_nested(attr, attr_filter, rem) {
13149  		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
13150  		filter[i].len = nla_len(attr);
13151  		i++;
13152  	}
13153  	if (tx) {
13154  		func->num_tx_filters = n_entries;
13155  		func->tx_filters = filter;
13156  	} else {
13157  		func->num_rx_filters = n_entries;
13158  		func->rx_filters = filter;
13159  	}
13160  
13161  	return 0;
13162  }
13163  
13164  static int nl80211_nan_add_func(struct sk_buff *skb,
13165  				struct genl_info *info)
13166  {
13167  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13168  	struct wireless_dev *wdev = info->user_ptr[1];
13169  	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
13170  	struct cfg80211_nan_func *func;
13171  	struct sk_buff *msg = NULL;
13172  	void *hdr = NULL;
13173  	int err = 0;
13174  
13175  	if (wdev->iftype != NL80211_IFTYPE_NAN)
13176  		return -EOPNOTSUPP;
13177  
13178  	if (!wdev_running(wdev))
13179  		return -ENOTCONN;
13180  
13181  	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
13182  		return -EINVAL;
13183  
13184  	err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
13185  					  info->attrs[NL80211_ATTR_NAN_FUNC],
13186  					  nl80211_nan_func_policy,
13187  					  info->extack);
13188  	if (err)
13189  		return err;
13190  
13191  	func = kzalloc(sizeof(*func), GFP_KERNEL);
13192  	if (!func)
13193  		return -ENOMEM;
13194  
13195  	func->cookie = cfg80211_assign_cookie(rdev);
13196  
13197  	if (!tb[NL80211_NAN_FUNC_TYPE]) {
13198  		err = -EINVAL;
13199  		goto out;
13200  	}
13201  
13202  
13203  	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
13204  
13205  	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
13206  		err = -EINVAL;
13207  		goto out;
13208  	}
13209  
13210  	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
13211  	       sizeof(func->service_id));
13212  
13213  	func->close_range =
13214  		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
13215  
13216  	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
13217  		func->serv_spec_info_len =
13218  			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
13219  		func->serv_spec_info =
13220  			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
13221  				func->serv_spec_info_len,
13222  				GFP_KERNEL);
13223  		if (!func->serv_spec_info) {
13224  			err = -ENOMEM;
13225  			goto out;
13226  		}
13227  	}
13228  
13229  	if (tb[NL80211_NAN_FUNC_TTL])
13230  		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
13231  
13232  	switch (func->type) {
13233  	case NL80211_NAN_FUNC_PUBLISH:
13234  		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
13235  			err = -EINVAL;
13236  			goto out;
13237  		}
13238  
13239  		func->publish_type =
13240  			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
13241  		func->publish_bcast =
13242  			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
13243  
13244  		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
13245  			func->publish_bcast) {
13246  			err = -EINVAL;
13247  			goto out;
13248  		}
13249  		break;
13250  	case NL80211_NAN_FUNC_SUBSCRIBE:
13251  		func->subscribe_active =
13252  			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
13253  		break;
13254  	case NL80211_NAN_FUNC_FOLLOW_UP:
13255  		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
13256  		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
13257  		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
13258  			err = -EINVAL;
13259  			goto out;
13260  		}
13261  
13262  		func->followup_id =
13263  			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
13264  		func->followup_reqid =
13265  			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
13266  		memcpy(func->followup_dest.addr,
13267  		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
13268  		       sizeof(func->followup_dest.addr));
13269  		if (func->ttl) {
13270  			err = -EINVAL;
13271  			goto out;
13272  		}
13273  		break;
13274  	default:
13275  		err = -EINVAL;
13276  		goto out;
13277  	}
13278  
13279  	if (tb[NL80211_NAN_FUNC_SRF]) {
13280  		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
13281  
13282  		err = nla_parse_nested_deprecated(srf_tb,
13283  						  NL80211_NAN_SRF_ATTR_MAX,
13284  						  tb[NL80211_NAN_FUNC_SRF],
13285  						  nl80211_nan_srf_policy,
13286  						  info->extack);
13287  		if (err)
13288  			goto out;
13289  
13290  		func->srf_include =
13291  			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
13292  
13293  		if (srf_tb[NL80211_NAN_SRF_BF]) {
13294  			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
13295  			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
13296  				err = -EINVAL;
13297  				goto out;
13298  			}
13299  
13300  			func->srf_bf_len =
13301  				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
13302  			func->srf_bf =
13303  				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
13304  					func->srf_bf_len, GFP_KERNEL);
13305  			if (!func->srf_bf) {
13306  				err = -ENOMEM;
13307  				goto out;
13308  			}
13309  
13310  			func->srf_bf_idx =
13311  				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
13312  		} else {
13313  			struct nlattr *attr, *mac_attr =
13314  				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
13315  			int n_entries, rem, i = 0;
13316  
13317  			if (!mac_attr) {
13318  				err = -EINVAL;
13319  				goto out;
13320  			}
13321  
13322  			n_entries = validate_acl_mac_addrs(mac_attr);
13323  			if (n_entries <= 0) {
13324  				err = -EINVAL;
13325  				goto out;
13326  			}
13327  
13328  			func->srf_num_macs = n_entries;
13329  			func->srf_macs =
13330  				kcalloc(n_entries, sizeof(*func->srf_macs),
13331  					GFP_KERNEL);
13332  			if (!func->srf_macs) {
13333  				err = -ENOMEM;
13334  				goto out;
13335  			}
13336  
13337  			nla_for_each_nested(attr, mac_attr, rem)
13338  				memcpy(func->srf_macs[i++].addr, nla_data(attr),
13339  				       sizeof(*func->srf_macs));
13340  		}
13341  	}
13342  
13343  	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
13344  		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
13345  					func, true);
13346  		if (err)
13347  			goto out;
13348  	}
13349  
13350  	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
13351  		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
13352  					func, false);
13353  		if (err)
13354  			goto out;
13355  	}
13356  
13357  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13358  	if (!msg) {
13359  		err = -ENOMEM;
13360  		goto out;
13361  	}
13362  
13363  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13364  			     NL80211_CMD_ADD_NAN_FUNCTION);
13365  	/* This can't really happen - we just allocated 4KB */
13366  	if (WARN_ON(!hdr)) {
13367  		err = -ENOMEM;
13368  		goto out;
13369  	}
13370  
13371  	err = rdev_add_nan_func(rdev, wdev, func);
13372  out:
13373  	if (err < 0) {
13374  		cfg80211_free_nan_func(func);
13375  		nlmsg_free(msg);
13376  		return err;
13377  	}
13378  
13379  	/* propagate the instance id and cookie to userspace  */
13380  	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
13381  			      NL80211_ATTR_PAD))
13382  		goto nla_put_failure;
13383  
13384  	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13385  	if (!func_attr)
13386  		goto nla_put_failure;
13387  
13388  	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
13389  		       func->instance_id))
13390  		goto nla_put_failure;
13391  
13392  	nla_nest_end(msg, func_attr);
13393  
13394  	genlmsg_end(msg, hdr);
13395  	return genlmsg_reply(msg, info);
13396  
13397  nla_put_failure:
13398  	nlmsg_free(msg);
13399  	return -ENOBUFS;
13400  }
13401  
13402  static int nl80211_nan_del_func(struct sk_buff *skb,
13403  			       struct genl_info *info)
13404  {
13405  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13406  	struct wireless_dev *wdev = info->user_ptr[1];
13407  	u64 cookie;
13408  
13409  	if (wdev->iftype != NL80211_IFTYPE_NAN)
13410  		return -EOPNOTSUPP;
13411  
13412  	if (!wdev_running(wdev))
13413  		return -ENOTCONN;
13414  
13415  	if (!info->attrs[NL80211_ATTR_COOKIE])
13416  		return -EINVAL;
13417  
13418  	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
13419  
13420  	rdev_del_nan_func(rdev, wdev, cookie);
13421  
13422  	return 0;
13423  }
13424  
13425  static int nl80211_nan_change_config(struct sk_buff *skb,
13426  				     struct genl_info *info)
13427  {
13428  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13429  	struct wireless_dev *wdev = info->user_ptr[1];
13430  	struct cfg80211_nan_conf conf = {};
13431  	u32 changed = 0;
13432  
13433  	if (wdev->iftype != NL80211_IFTYPE_NAN)
13434  		return -EOPNOTSUPP;
13435  
13436  	if (!wdev_running(wdev))
13437  		return -ENOTCONN;
13438  
13439  	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
13440  		conf.master_pref =
13441  			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
13442  		if (conf.master_pref <= 1 || conf.master_pref == 255)
13443  			return -EINVAL;
13444  
13445  		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
13446  	}
13447  
13448  	if (info->attrs[NL80211_ATTR_BANDS]) {
13449  		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
13450  
13451  		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
13452  			return -EOPNOTSUPP;
13453  
13454  		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
13455  			return -EINVAL;
13456  
13457  		conf.bands = bands;
13458  		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
13459  	}
13460  
13461  	if (!changed)
13462  		return -EINVAL;
13463  
13464  	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
13465  }
13466  
13467  void cfg80211_nan_match(struct wireless_dev *wdev,
13468  			struct cfg80211_nan_match_params *match, gfp_t gfp)
13469  {
13470  	struct wiphy *wiphy = wdev->wiphy;
13471  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13472  	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
13473  	struct sk_buff *msg;
13474  	void *hdr;
13475  
13476  	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
13477  		return;
13478  
13479  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13480  	if (!msg)
13481  		return;
13482  
13483  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
13484  	if (!hdr) {
13485  		nlmsg_free(msg);
13486  		return;
13487  	}
13488  
13489  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13490  	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13491  					 wdev->netdev->ifindex)) ||
13492  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13493  			      NL80211_ATTR_PAD))
13494  		goto nla_put_failure;
13495  
13496  	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
13497  			      NL80211_ATTR_PAD) ||
13498  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
13499  		goto nla_put_failure;
13500  
13501  	match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
13502  	if (!match_attr)
13503  		goto nla_put_failure;
13504  
13505  	local_func_attr = nla_nest_start_noflag(msg,
13506  						NL80211_NAN_MATCH_FUNC_LOCAL);
13507  	if (!local_func_attr)
13508  		goto nla_put_failure;
13509  
13510  	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
13511  		goto nla_put_failure;
13512  
13513  	nla_nest_end(msg, local_func_attr);
13514  
13515  	peer_func_attr = nla_nest_start_noflag(msg,
13516  					       NL80211_NAN_MATCH_FUNC_PEER);
13517  	if (!peer_func_attr)
13518  		goto nla_put_failure;
13519  
13520  	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
13521  	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
13522  		goto nla_put_failure;
13523  
13524  	if (match->info && match->info_len &&
13525  	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
13526  		    match->info))
13527  		goto nla_put_failure;
13528  
13529  	nla_nest_end(msg, peer_func_attr);
13530  	nla_nest_end(msg, match_attr);
13531  	genlmsg_end(msg, hdr);
13532  
13533  	if (!wdev->owner_nlportid)
13534  		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13535  					msg, 0, NL80211_MCGRP_NAN, gfp);
13536  	else
13537  		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13538  				wdev->owner_nlportid);
13539  
13540  	return;
13541  
13542  nla_put_failure:
13543  	nlmsg_free(msg);
13544  }
13545  EXPORT_SYMBOL(cfg80211_nan_match);
13546  
13547  void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
13548  				  u8 inst_id,
13549  				  enum nl80211_nan_func_term_reason reason,
13550  				  u64 cookie, gfp_t gfp)
13551  {
13552  	struct wiphy *wiphy = wdev->wiphy;
13553  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13554  	struct sk_buff *msg;
13555  	struct nlattr *func_attr;
13556  	void *hdr;
13557  
13558  	if (WARN_ON(!inst_id))
13559  		return;
13560  
13561  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
13562  	if (!msg)
13563  		return;
13564  
13565  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
13566  	if (!hdr) {
13567  		nlmsg_free(msg);
13568  		return;
13569  	}
13570  
13571  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13572  	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
13573  					 wdev->netdev->ifindex)) ||
13574  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
13575  			      NL80211_ATTR_PAD))
13576  		goto nla_put_failure;
13577  
13578  	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
13579  			      NL80211_ATTR_PAD))
13580  		goto nla_put_failure;
13581  
13582  	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
13583  	if (!func_attr)
13584  		goto nla_put_failure;
13585  
13586  	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
13587  	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
13588  		goto nla_put_failure;
13589  
13590  	nla_nest_end(msg, func_attr);
13591  	genlmsg_end(msg, hdr);
13592  
13593  	if (!wdev->owner_nlportid)
13594  		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
13595  					msg, 0, NL80211_MCGRP_NAN, gfp);
13596  	else
13597  		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
13598  				wdev->owner_nlportid);
13599  
13600  	return;
13601  
13602  nla_put_failure:
13603  	nlmsg_free(msg);
13604  }
13605  EXPORT_SYMBOL(cfg80211_nan_func_terminated);
13606  
13607  static int nl80211_get_protocol_features(struct sk_buff *skb,
13608  					 struct genl_info *info)
13609  {
13610  	void *hdr;
13611  	struct sk_buff *msg;
13612  
13613  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13614  	if (!msg)
13615  		return -ENOMEM;
13616  
13617  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13618  			     NL80211_CMD_GET_PROTOCOL_FEATURES);
13619  	if (!hdr)
13620  		goto nla_put_failure;
13621  
13622  	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
13623  			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
13624  		goto nla_put_failure;
13625  
13626  	genlmsg_end(msg, hdr);
13627  	return genlmsg_reply(msg, info);
13628  
13629   nla_put_failure:
13630  	kfree_skb(msg);
13631  	return -ENOBUFS;
13632  }
13633  
13634  static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
13635  {
13636  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13637  	struct cfg80211_update_ft_ies_params ft_params;
13638  	struct net_device *dev = info->user_ptr[1];
13639  
13640  	if (!rdev->ops->update_ft_ies)
13641  		return -EOPNOTSUPP;
13642  
13643  	if (!info->attrs[NL80211_ATTR_MDID] ||
13644  	    !info->attrs[NL80211_ATTR_IE])
13645  		return -EINVAL;
13646  
13647  	memset(&ft_params, 0, sizeof(ft_params));
13648  	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
13649  	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13650  	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13651  
13652  	return rdev_update_ft_ies(rdev, dev, &ft_params);
13653  }
13654  
13655  static int nl80211_crit_protocol_start(struct sk_buff *skb,
13656  				       struct genl_info *info)
13657  {
13658  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13659  	struct wireless_dev *wdev = info->user_ptr[1];
13660  	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
13661  	u16 duration;
13662  	int ret;
13663  
13664  	if (!rdev->ops->crit_proto_start)
13665  		return -EOPNOTSUPP;
13666  
13667  	if (WARN_ON(!rdev->ops->crit_proto_stop))
13668  		return -EINVAL;
13669  
13670  	if (rdev->crit_proto_nlportid)
13671  		return -EBUSY;
13672  
13673  	/* determine protocol if provided */
13674  	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
13675  		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
13676  
13677  	if (proto >= NUM_NL80211_CRIT_PROTO)
13678  		return -EINVAL;
13679  
13680  	/* timeout must be provided */
13681  	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
13682  		return -EINVAL;
13683  
13684  	duration =
13685  		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
13686  
13687  	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
13688  	if (!ret)
13689  		rdev->crit_proto_nlportid = info->snd_portid;
13690  
13691  	return ret;
13692  }
13693  
13694  static int nl80211_crit_protocol_stop(struct sk_buff *skb,
13695  				      struct genl_info *info)
13696  {
13697  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13698  	struct wireless_dev *wdev = info->user_ptr[1];
13699  
13700  	if (!rdev->ops->crit_proto_stop)
13701  		return -EOPNOTSUPP;
13702  
13703  	if (rdev->crit_proto_nlportid) {
13704  		rdev->crit_proto_nlportid = 0;
13705  		rdev_crit_proto_stop(rdev, wdev);
13706  	}
13707  	return 0;
13708  }
13709  
13710  static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
13711  				       struct nlattr *attr,
13712  				       struct netlink_ext_ack *extack)
13713  {
13714  	if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
13715  		if (attr->nla_type & NLA_F_NESTED) {
13716  			NL_SET_ERR_MSG_ATTR(extack, attr,
13717  					    "unexpected nested data");
13718  			return -EINVAL;
13719  		}
13720  
13721  		return 0;
13722  	}
13723  
13724  	if (!(attr->nla_type & NLA_F_NESTED)) {
13725  		NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
13726  		return -EINVAL;
13727  	}
13728  
13729  	return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
13730  }
13731  
13732  static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
13733  {
13734  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13735  	struct wireless_dev *wdev =
13736  		__cfg80211_wdev_from_attrs(rdev, genl_info_net(info),
13737  					   info->attrs);
13738  	int i, err;
13739  	u32 vid, subcmd;
13740  
13741  	if (!rdev->wiphy.vendor_commands)
13742  		return -EOPNOTSUPP;
13743  
13744  	if (IS_ERR(wdev)) {
13745  		err = PTR_ERR(wdev);
13746  		if (err != -EINVAL)
13747  			return err;
13748  		wdev = NULL;
13749  	} else if (wdev->wiphy != &rdev->wiphy) {
13750  		return -EINVAL;
13751  	}
13752  
13753  	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
13754  	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
13755  		return -EINVAL;
13756  
13757  	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
13758  	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
13759  	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
13760  		const struct wiphy_vendor_command *vcmd;
13761  		void *data = NULL;
13762  		int len = 0;
13763  
13764  		vcmd = &rdev->wiphy.vendor_commands[i];
13765  
13766  		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13767  			continue;
13768  
13769  		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13770  				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13771  			if (!wdev)
13772  				return -EINVAL;
13773  			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13774  			    !wdev->netdev)
13775  				return -EINVAL;
13776  
13777  			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13778  				if (!wdev_running(wdev))
13779  					return -ENETDOWN;
13780  			}
13781  		} else {
13782  			wdev = NULL;
13783  		}
13784  
13785  		if (!vcmd->doit)
13786  			return -EOPNOTSUPP;
13787  
13788  		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
13789  			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13790  			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
13791  
13792  			err = nl80211_vendor_check_policy(vcmd,
13793  					info->attrs[NL80211_ATTR_VENDOR_DATA],
13794  					info->extack);
13795  			if (err)
13796  				return err;
13797  		}
13798  
13799  		rdev->cur_cmd_info = info;
13800  		err = vcmd->doit(&rdev->wiphy, wdev, data, len);
13801  		rdev->cur_cmd_info = NULL;
13802  		return err;
13803  	}
13804  
13805  	return -EOPNOTSUPP;
13806  }
13807  
13808  static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
13809  				       struct netlink_callback *cb,
13810  				       struct cfg80211_registered_device **rdev,
13811  				       struct wireless_dev **wdev)
13812  {
13813  	struct nlattr **attrbuf;
13814  	u32 vid, subcmd;
13815  	unsigned int i;
13816  	int vcmd_idx = -1;
13817  	int err;
13818  	void *data = NULL;
13819  	unsigned int data_len = 0;
13820  
13821  	if (cb->args[0]) {
13822  		/* subtract the 1 again here */
13823  		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
13824  		struct wireless_dev *tmp;
13825  
13826  		if (!wiphy)
13827  			return -ENODEV;
13828  		*rdev = wiphy_to_rdev(wiphy);
13829  		*wdev = NULL;
13830  
13831  		if (cb->args[1]) {
13832  			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13833  				if (tmp->identifier == cb->args[1] - 1) {
13834  					*wdev = tmp;
13835  					break;
13836  				}
13837  			}
13838  		}
13839  
13840  		/* keep rtnl locked in successful case */
13841  		return 0;
13842  	}
13843  
13844  	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13845  	if (!attrbuf)
13846  		return -ENOMEM;
13847  
13848  	err = nlmsg_parse_deprecated(cb->nlh,
13849  				     GENL_HDRLEN + nl80211_fam.hdrsize,
13850  				     attrbuf, nl80211_fam.maxattr,
13851  				     nl80211_policy, NULL);
13852  	if (err)
13853  		goto out;
13854  
13855  	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13856  	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13857  		err = -EINVAL;
13858  		goto out;
13859  	}
13860  
13861  	*wdev = __cfg80211_wdev_from_attrs(NULL, sock_net(skb->sk), attrbuf);
13862  	if (IS_ERR(*wdev))
13863  		*wdev = NULL;
13864  
13865  	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13866  	if (IS_ERR(*rdev)) {
13867  		err = PTR_ERR(*rdev);
13868  		goto out;
13869  	}
13870  
13871  	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13872  	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13873  
13874  	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13875  		const struct wiphy_vendor_command *vcmd;
13876  
13877  		vcmd = &(*rdev)->wiphy.vendor_commands[i];
13878  
13879  		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13880  			continue;
13881  
13882  		if (!vcmd->dumpit) {
13883  			err = -EOPNOTSUPP;
13884  			goto out;
13885  		}
13886  
13887  		vcmd_idx = i;
13888  		break;
13889  	}
13890  
13891  	if (vcmd_idx < 0) {
13892  		err = -EOPNOTSUPP;
13893  		goto out;
13894  	}
13895  
13896  	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13897  		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13898  		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13899  
13900  		err = nl80211_vendor_check_policy(
13901  				&(*rdev)->wiphy.vendor_commands[vcmd_idx],
13902  				attrbuf[NL80211_ATTR_VENDOR_DATA],
13903  				cb->extack);
13904  		if (err)
13905  			goto out;
13906  	}
13907  
13908  	/* 0 is the first index - add 1 to parse only once */
13909  	cb->args[0] = (*rdev)->wiphy_idx + 1;
13910  	/* add 1 to know if it was NULL */
13911  	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13912  	cb->args[2] = vcmd_idx;
13913  	cb->args[3] = (unsigned long)data;
13914  	cb->args[4] = data_len;
13915  
13916  	/* keep rtnl locked in successful case */
13917  	err = 0;
13918  out:
13919  	kfree(attrbuf);
13920  	return err;
13921  }
13922  
13923  static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13924  				   struct netlink_callback *cb)
13925  {
13926  	struct cfg80211_registered_device *rdev;
13927  	struct wireless_dev *wdev;
13928  	unsigned int vcmd_idx;
13929  	const struct wiphy_vendor_command *vcmd;
13930  	void *data;
13931  	int data_len;
13932  	int err;
13933  	struct nlattr *vendor_data;
13934  
13935  	rtnl_lock();
13936  	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13937  	if (err)
13938  		goto out;
13939  
13940  	vcmd_idx = cb->args[2];
13941  	data = (void *)cb->args[3];
13942  	data_len = cb->args[4];
13943  	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13944  
13945  	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13946  			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13947  		if (!wdev) {
13948  			err = -EINVAL;
13949  			goto out;
13950  		}
13951  		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13952  		    !wdev->netdev) {
13953  			err = -EINVAL;
13954  			goto out;
13955  		}
13956  
13957  		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13958  			if (!wdev_running(wdev)) {
13959  				err = -ENETDOWN;
13960  				goto out;
13961  			}
13962  		}
13963  	}
13964  
13965  	while (1) {
13966  		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13967  					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
13968  					   NL80211_CMD_VENDOR);
13969  		if (!hdr)
13970  			break;
13971  
13972  		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13973  		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13974  					       wdev_id(wdev),
13975  					       NL80211_ATTR_PAD))) {
13976  			genlmsg_cancel(skb, hdr);
13977  			break;
13978  		}
13979  
13980  		vendor_data = nla_nest_start_noflag(skb,
13981  						    NL80211_ATTR_VENDOR_DATA);
13982  		if (!vendor_data) {
13983  			genlmsg_cancel(skb, hdr);
13984  			break;
13985  		}
13986  
13987  		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
13988  				   (unsigned long *)&cb->args[5]);
13989  		nla_nest_end(skb, vendor_data);
13990  
13991  		if (err == -ENOBUFS || err == -ENOENT) {
13992  			genlmsg_cancel(skb, hdr);
13993  			break;
13994  		} else if (err <= 0) {
13995  			genlmsg_cancel(skb, hdr);
13996  			goto out;
13997  		}
13998  
13999  		genlmsg_end(skb, hdr);
14000  	}
14001  
14002  	err = skb->len;
14003   out:
14004  	rtnl_unlock();
14005  	return err;
14006  }
14007  
14008  struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
14009  					   enum nl80211_commands cmd,
14010  					   enum nl80211_attrs attr,
14011  					   int approxlen)
14012  {
14013  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14014  
14015  	if (WARN_ON(!rdev->cur_cmd_info))
14016  		return NULL;
14017  
14018  	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
14019  					   rdev->cur_cmd_info->snd_portid,
14020  					   rdev->cur_cmd_info->snd_seq,
14021  					   cmd, attr, NULL, GFP_KERNEL);
14022  }
14023  EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
14024  
14025  int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
14026  {
14027  	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
14028  	void *hdr = ((void **)skb->cb)[1];
14029  	struct nlattr *data = ((void **)skb->cb)[2];
14030  
14031  	/* clear CB data for netlink core to own from now on */
14032  	memset(skb->cb, 0, sizeof(skb->cb));
14033  
14034  	if (WARN_ON(!rdev->cur_cmd_info)) {
14035  		kfree_skb(skb);
14036  		return -EINVAL;
14037  	}
14038  
14039  	nla_nest_end(skb, data);
14040  	genlmsg_end(skb, hdr);
14041  	return genlmsg_reply(skb, rdev->cur_cmd_info);
14042  }
14043  EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
14044  
14045  unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
14046  {
14047  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14048  
14049  	if (WARN_ON(!rdev->cur_cmd_info))
14050  		return 0;
14051  
14052  	return rdev->cur_cmd_info->snd_portid;
14053  }
14054  EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
14055  
14056  static int nl80211_set_qos_map(struct sk_buff *skb,
14057  			       struct genl_info *info)
14058  {
14059  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14060  	struct cfg80211_qos_map *qos_map = NULL;
14061  	struct net_device *dev = info->user_ptr[1];
14062  	u8 *pos, len, num_des, des_len, des;
14063  	int ret;
14064  
14065  	if (!rdev->ops->set_qos_map)
14066  		return -EOPNOTSUPP;
14067  
14068  	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
14069  		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
14070  		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
14071  
14072  		if (len % 2)
14073  			return -EINVAL;
14074  
14075  		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
14076  		if (!qos_map)
14077  			return -ENOMEM;
14078  
14079  		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
14080  		if (num_des) {
14081  			des_len = num_des *
14082  				sizeof(struct cfg80211_dscp_exception);
14083  			memcpy(qos_map->dscp_exception, pos, des_len);
14084  			qos_map->num_des = num_des;
14085  			for (des = 0; des < num_des; des++) {
14086  				if (qos_map->dscp_exception[des].up > 7) {
14087  					kfree(qos_map);
14088  					return -EINVAL;
14089  				}
14090  			}
14091  			pos += des_len;
14092  		}
14093  		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
14094  	}
14095  
14096  	wdev_lock(dev->ieee80211_ptr);
14097  	ret = nl80211_key_allowed(dev->ieee80211_ptr);
14098  	if (!ret)
14099  		ret = rdev_set_qos_map(rdev, dev, qos_map);
14100  	wdev_unlock(dev->ieee80211_ptr);
14101  
14102  	kfree(qos_map);
14103  	return ret;
14104  }
14105  
14106  static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
14107  {
14108  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14109  	struct net_device *dev = info->user_ptr[1];
14110  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14111  	const u8 *peer;
14112  	u8 tsid, up;
14113  	u16 admitted_time = 0;
14114  	int err;
14115  
14116  	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
14117  		return -EOPNOTSUPP;
14118  
14119  	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
14120  	    !info->attrs[NL80211_ATTR_USER_PRIO])
14121  		return -EINVAL;
14122  
14123  	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
14124  	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
14125  
14126  	/* WMM uses TIDs 0-7 even for TSPEC */
14127  	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
14128  		/* TODO: handle 802.11 TSPEC/admission control
14129  		 * need more attributes for that (e.g. BA session requirement);
14130  		 * change the WMM adminssion test above to allow both then
14131  		 */
14132  		return -EINVAL;
14133  	}
14134  
14135  	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14136  
14137  	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
14138  		admitted_time =
14139  			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
14140  		if (!admitted_time)
14141  			return -EINVAL;
14142  	}
14143  
14144  	wdev_lock(wdev);
14145  	switch (wdev->iftype) {
14146  	case NL80211_IFTYPE_STATION:
14147  	case NL80211_IFTYPE_P2P_CLIENT:
14148  		if (wdev->current_bss)
14149  			break;
14150  		err = -ENOTCONN;
14151  		goto out;
14152  	default:
14153  		err = -EOPNOTSUPP;
14154  		goto out;
14155  	}
14156  
14157  	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
14158  
14159   out:
14160  	wdev_unlock(wdev);
14161  	return err;
14162  }
14163  
14164  static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
14165  {
14166  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14167  	struct net_device *dev = info->user_ptr[1];
14168  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14169  	const u8 *peer;
14170  	u8 tsid;
14171  	int err;
14172  
14173  	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
14174  		return -EINVAL;
14175  
14176  	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
14177  	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14178  
14179  	wdev_lock(wdev);
14180  	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
14181  	wdev_unlock(wdev);
14182  
14183  	return err;
14184  }
14185  
14186  static int nl80211_tdls_channel_switch(struct sk_buff *skb,
14187  				       struct genl_info *info)
14188  {
14189  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14190  	struct net_device *dev = info->user_ptr[1];
14191  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14192  	struct cfg80211_chan_def chandef = {};
14193  	const u8 *addr;
14194  	u8 oper_class;
14195  	int err;
14196  
14197  	if (!rdev->ops->tdls_channel_switch ||
14198  	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14199  		return -EOPNOTSUPP;
14200  
14201  	switch (dev->ieee80211_ptr->iftype) {
14202  	case NL80211_IFTYPE_STATION:
14203  	case NL80211_IFTYPE_P2P_CLIENT:
14204  		break;
14205  	default:
14206  		return -EOPNOTSUPP;
14207  	}
14208  
14209  	if (!info->attrs[NL80211_ATTR_MAC] ||
14210  	    !info->attrs[NL80211_ATTR_OPER_CLASS])
14211  		return -EINVAL;
14212  
14213  	err = nl80211_parse_chandef(rdev, info, &chandef);
14214  	if (err)
14215  		return err;
14216  
14217  	/*
14218  	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
14219  	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
14220  	 * specification is not defined for them.
14221  	 */
14222  	if (chandef.chan->band == NL80211_BAND_2GHZ &&
14223  	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
14224  	    chandef.width != NL80211_CHAN_WIDTH_20)
14225  		return -EINVAL;
14226  
14227  	/* we will be active on the TDLS link */
14228  	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
14229  					   wdev->iftype))
14230  		return -EINVAL;
14231  
14232  	/* don't allow switching to DFS channels */
14233  	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
14234  		return -EINVAL;
14235  
14236  	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14237  	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
14238  
14239  	wdev_lock(wdev);
14240  	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
14241  	wdev_unlock(wdev);
14242  
14243  	return err;
14244  }
14245  
14246  static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
14247  					      struct genl_info *info)
14248  {
14249  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14250  	struct net_device *dev = info->user_ptr[1];
14251  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14252  	const u8 *addr;
14253  
14254  	if (!rdev->ops->tdls_channel_switch ||
14255  	    !rdev->ops->tdls_cancel_channel_switch ||
14256  	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
14257  		return -EOPNOTSUPP;
14258  
14259  	switch (dev->ieee80211_ptr->iftype) {
14260  	case NL80211_IFTYPE_STATION:
14261  	case NL80211_IFTYPE_P2P_CLIENT:
14262  		break;
14263  	default:
14264  		return -EOPNOTSUPP;
14265  	}
14266  
14267  	if (!info->attrs[NL80211_ATTR_MAC])
14268  		return -EINVAL;
14269  
14270  	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
14271  
14272  	wdev_lock(wdev);
14273  	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
14274  	wdev_unlock(wdev);
14275  
14276  	return 0;
14277  }
14278  
14279  static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
14280  					    struct genl_info *info)
14281  {
14282  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14283  	struct net_device *dev = info->user_ptr[1];
14284  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14285  	const struct nlattr *nla;
14286  	bool enabled;
14287  
14288  	if (!rdev->ops->set_multicast_to_unicast)
14289  		return -EOPNOTSUPP;
14290  
14291  	if (wdev->iftype != NL80211_IFTYPE_AP &&
14292  	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
14293  		return -EOPNOTSUPP;
14294  
14295  	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
14296  	enabled = nla_get_flag(nla);
14297  
14298  	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
14299  }
14300  
14301  static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
14302  {
14303  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14304  	struct net_device *dev = info->user_ptr[1];
14305  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14306  	struct cfg80211_pmk_conf pmk_conf = {};
14307  	int ret;
14308  
14309  	if (wdev->iftype != NL80211_IFTYPE_STATION &&
14310  	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14311  		return -EOPNOTSUPP;
14312  
14313  	if (!wiphy_ext_feature_isset(&rdev->wiphy,
14314  				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14315  		return -EOPNOTSUPP;
14316  
14317  	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
14318  		return -EINVAL;
14319  
14320  	wdev_lock(wdev);
14321  	if (!wdev->current_bss) {
14322  		ret = -ENOTCONN;
14323  		goto out;
14324  	}
14325  
14326  	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14327  	if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
14328  		ret = -EINVAL;
14329  		goto out;
14330  	}
14331  
14332  	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
14333  	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
14334  	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
14335  	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
14336  		ret = -EINVAL;
14337  		goto out;
14338  	}
14339  
14340  	if (info->attrs[NL80211_ATTR_PMKR0_NAME])
14341  		pmk_conf.pmk_r0_name =
14342  			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
14343  
14344  	ret = rdev_set_pmk(rdev, dev, &pmk_conf);
14345  out:
14346  	wdev_unlock(wdev);
14347  	return ret;
14348  }
14349  
14350  static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
14351  {
14352  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14353  	struct net_device *dev = info->user_ptr[1];
14354  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14355  	const u8 *aa;
14356  	int ret;
14357  
14358  	if (wdev->iftype != NL80211_IFTYPE_STATION &&
14359  	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
14360  		return -EOPNOTSUPP;
14361  
14362  	if (!wiphy_ext_feature_isset(&rdev->wiphy,
14363  				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
14364  		return -EOPNOTSUPP;
14365  
14366  	if (!info->attrs[NL80211_ATTR_MAC])
14367  		return -EINVAL;
14368  
14369  	wdev_lock(wdev);
14370  	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
14371  	ret = rdev_del_pmk(rdev, dev, aa);
14372  	wdev_unlock(wdev);
14373  
14374  	return ret;
14375  }
14376  
14377  static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
14378  {
14379  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14380  	struct net_device *dev = info->user_ptr[1];
14381  	struct cfg80211_external_auth_params params;
14382  
14383  	if (!rdev->ops->external_auth)
14384  		return -EOPNOTSUPP;
14385  
14386  	if (!info->attrs[NL80211_ATTR_SSID] &&
14387  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
14388  	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
14389  		return -EINVAL;
14390  
14391  	if (!info->attrs[NL80211_ATTR_BSSID])
14392  		return -EINVAL;
14393  
14394  	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
14395  		return -EINVAL;
14396  
14397  	memset(&params, 0, sizeof(params));
14398  
14399  	if (info->attrs[NL80211_ATTR_SSID]) {
14400  		params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
14401  		if (params.ssid.ssid_len == 0)
14402  			return -EINVAL;
14403  		memcpy(params.ssid.ssid,
14404  		       nla_data(info->attrs[NL80211_ATTR_SSID]),
14405  		       params.ssid.ssid_len);
14406  	}
14407  
14408  	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
14409  	       ETH_ALEN);
14410  
14411  	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14412  
14413  	if (info->attrs[NL80211_ATTR_PMKID])
14414  		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
14415  
14416  	return rdev_external_auth(rdev, dev, &params);
14417  }
14418  
14419  static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
14420  {
14421  	bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
14422  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14423  	struct net_device *dev = info->user_ptr[1];
14424  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14425  	const u8 *buf;
14426  	size_t len;
14427  	u8 *dest;
14428  	u16 proto;
14429  	bool noencrypt;
14430  	u64 cookie = 0;
14431  	int err;
14432  
14433  	if (!wiphy_ext_feature_isset(&rdev->wiphy,
14434  				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
14435  		return -EOPNOTSUPP;
14436  
14437  	if (!rdev->ops->tx_control_port)
14438  		return -EOPNOTSUPP;
14439  
14440  	if (!info->attrs[NL80211_ATTR_FRAME] ||
14441  	    !info->attrs[NL80211_ATTR_MAC] ||
14442  	    !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
14443  		GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
14444  		return -EINVAL;
14445  	}
14446  
14447  	wdev_lock(wdev);
14448  
14449  	switch (wdev->iftype) {
14450  	case NL80211_IFTYPE_AP:
14451  	case NL80211_IFTYPE_P2P_GO:
14452  	case NL80211_IFTYPE_MESH_POINT:
14453  		break;
14454  	case NL80211_IFTYPE_ADHOC:
14455  	case NL80211_IFTYPE_STATION:
14456  	case NL80211_IFTYPE_P2P_CLIENT:
14457  		if (wdev->current_bss)
14458  			break;
14459  		err = -ENOTCONN;
14460  		goto out;
14461  	default:
14462  		err = -EOPNOTSUPP;
14463  		goto out;
14464  	}
14465  
14466  	wdev_unlock(wdev);
14467  
14468  	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14469  	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14470  	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14471  	proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
14472  	noencrypt =
14473  		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
14474  
14475  	err = rdev_tx_control_port(rdev, dev, buf, len,
14476  				   dest, cpu_to_be16(proto), noencrypt,
14477  				   dont_wait_for_ack ? NULL : &cookie);
14478  	if (!err && !dont_wait_for_ack)
14479  		nl_set_extack_cookie_u64(info->extack, cookie);
14480  	return err;
14481   out:
14482  	wdev_unlock(wdev);
14483  	return err;
14484  }
14485  
14486  static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
14487  					   struct genl_info *info)
14488  {
14489  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14490  	struct net_device *dev = info->user_ptr[1];
14491  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14492  	struct cfg80211_ftm_responder_stats ftm_stats = {};
14493  	struct sk_buff *msg;
14494  	void *hdr;
14495  	struct nlattr *ftm_stats_attr;
14496  	int err;
14497  
14498  	if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
14499  		return -EOPNOTSUPP;
14500  
14501  	err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
14502  	if (err)
14503  		return err;
14504  
14505  	if (!ftm_stats.filled)
14506  		return -ENODATA;
14507  
14508  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14509  	if (!msg)
14510  		return -ENOMEM;
14511  
14512  	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
14513  			     NL80211_CMD_GET_FTM_RESPONDER_STATS);
14514  	if (!hdr)
14515  		goto nla_put_failure;
14516  
14517  	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
14518  		goto nla_put_failure;
14519  
14520  	ftm_stats_attr = nla_nest_start_noflag(msg,
14521  					       NL80211_ATTR_FTM_RESPONDER_STATS);
14522  	if (!ftm_stats_attr)
14523  		goto nla_put_failure;
14524  
14525  #define SET_FTM(field, name, type)					 \
14526  	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14527  	    nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,		 \
14528  			     ftm_stats.field))				 \
14529  		goto nla_put_failure; } while (0)
14530  #define SET_FTM_U64(field, name)					 \
14531  	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
14532  	    nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,		 \
14533  			      ftm_stats.field, NL80211_FTM_STATS_PAD))	 \
14534  		goto nla_put_failure; } while (0)
14535  
14536  	SET_FTM(success_num, SUCCESS_NUM, u32);
14537  	SET_FTM(partial_num, PARTIAL_NUM, u32);
14538  	SET_FTM(failed_num, FAILED_NUM, u32);
14539  	SET_FTM(asap_num, ASAP_NUM, u32);
14540  	SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
14541  	SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
14542  	SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
14543  	SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
14544  	SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
14545  #undef SET_FTM
14546  
14547  	nla_nest_end(msg, ftm_stats_attr);
14548  
14549  	genlmsg_end(msg, hdr);
14550  	return genlmsg_reply(msg, info);
14551  
14552  nla_put_failure:
14553  	nlmsg_free(msg);
14554  	return -ENOBUFS;
14555  }
14556  
14557  static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
14558  {
14559  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14560  	struct cfg80211_update_owe_info owe_info;
14561  	struct net_device *dev = info->user_ptr[1];
14562  
14563  	if (!rdev->ops->update_owe_info)
14564  		return -EOPNOTSUPP;
14565  
14566  	if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
14567  	    !info->attrs[NL80211_ATTR_MAC])
14568  		return -EINVAL;
14569  
14570  	memset(&owe_info, 0, sizeof(owe_info));
14571  	owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
14572  	nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
14573  
14574  	if (info->attrs[NL80211_ATTR_IE]) {
14575  		owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
14576  		owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
14577  	}
14578  
14579  	return rdev_update_owe_info(rdev, dev, &owe_info);
14580  }
14581  
14582  static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
14583  {
14584  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14585  	struct net_device *dev = info->user_ptr[1];
14586  	struct wireless_dev *wdev = dev->ieee80211_ptr;
14587  	struct station_info sinfo = {};
14588  	const u8 *buf;
14589  	size_t len;
14590  	u8 *dest;
14591  	int err;
14592  
14593  	if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
14594  		return -EOPNOTSUPP;
14595  
14596  	if (!info->attrs[NL80211_ATTR_MAC] ||
14597  	    !info->attrs[NL80211_ATTR_FRAME]) {
14598  		GENL_SET_ERR_MSG(info, "Frame or MAC missing");
14599  		return -EINVAL;
14600  	}
14601  
14602  	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
14603  		return -EOPNOTSUPP;
14604  
14605  	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
14606  	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
14607  	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
14608  
14609  	if (len < sizeof(struct ethhdr))
14610  		return -EINVAL;
14611  
14612  	if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
14613  	    !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
14614  		return -EINVAL;
14615  
14616  	err = rdev_get_station(rdev, dev, dest, &sinfo);
14617  	if (err)
14618  		return err;
14619  
14620  	cfg80211_sinfo_release_content(&sinfo);
14621  
14622  	return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
14623  }
14624  
14625  static int parse_tid_conf(struct cfg80211_registered_device *rdev,
14626  			  struct nlattr *attrs[], struct net_device *dev,
14627  			  struct cfg80211_tid_cfg *tid_conf,
14628  			  struct genl_info *info, const u8 *peer)
14629  {
14630  	struct netlink_ext_ack *extack = info->extack;
14631  	u64 mask;
14632  	int err;
14633  
14634  	if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
14635  		return -EINVAL;
14636  
14637  	tid_conf->config_override =
14638  			nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
14639  	tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
14640  
14641  	if (tid_conf->config_override) {
14642  		if (rdev->ops->reset_tid_config) {
14643  			err = rdev_reset_tid_config(rdev, dev, peer,
14644  						    tid_conf->tids);
14645  			if (err)
14646  				return err;
14647  		} else {
14648  			return -EINVAL;
14649  		}
14650  	}
14651  
14652  	if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
14653  		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
14654  		tid_conf->noack =
14655  			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
14656  	}
14657  
14658  	if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
14659  		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
14660  		tid_conf->retry_short =
14661  			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
14662  
14663  		if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
14664  			return -EINVAL;
14665  	}
14666  
14667  	if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
14668  		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
14669  		tid_conf->retry_long =
14670  			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
14671  
14672  		if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
14673  			return -EINVAL;
14674  	}
14675  
14676  	if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
14677  		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
14678  		tid_conf->ampdu =
14679  			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
14680  	}
14681  
14682  	if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
14683  		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
14684  		tid_conf->rtscts =
14685  			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
14686  	}
14687  
14688  	if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
14689  		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
14690  		tid_conf->amsdu =
14691  			nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
14692  	}
14693  
14694  	if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
14695  		u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
14696  
14697  		tid_conf->txrate_type = nla_get_u8(attrs[idx]);
14698  
14699  		if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
14700  			attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
14701  			err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
14702  						    &tid_conf->txrate_mask, dev,
14703  						    true);
14704  			if (err)
14705  				return err;
14706  
14707  			tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
14708  		}
14709  		tid_conf->mask |= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
14710  	}
14711  
14712  	if (peer)
14713  		mask = rdev->wiphy.tid_config_support.peer;
14714  	else
14715  		mask = rdev->wiphy.tid_config_support.vif;
14716  
14717  	if (tid_conf->mask & ~mask) {
14718  		NL_SET_ERR_MSG(extack, "unsupported TID configuration");
14719  		return -ENOTSUPP;
14720  	}
14721  
14722  	return 0;
14723  }
14724  
14725  static int nl80211_set_tid_config(struct sk_buff *skb,
14726  				  struct genl_info *info)
14727  {
14728  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14729  	struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
14730  	struct net_device *dev = info->user_ptr[1];
14731  	struct cfg80211_tid_config *tid_config;
14732  	struct nlattr *tid;
14733  	int conf_idx = 0, rem_conf;
14734  	int ret = -EINVAL;
14735  	u32 num_conf = 0;
14736  
14737  	if (!info->attrs[NL80211_ATTR_TID_CONFIG])
14738  		return -EINVAL;
14739  
14740  	if (!rdev->ops->set_tid_config)
14741  		return -EOPNOTSUPP;
14742  
14743  	nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14744  			    rem_conf)
14745  		num_conf++;
14746  
14747  	tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
14748  			     GFP_KERNEL);
14749  	if (!tid_config)
14750  		return -ENOMEM;
14751  
14752  	tid_config->n_tid_conf = num_conf;
14753  
14754  	if (info->attrs[NL80211_ATTR_MAC])
14755  		tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
14756  
14757  	nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
14758  			    rem_conf) {
14759  		ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
14760  				       tid, NULL, NULL);
14761  
14762  		if (ret)
14763  			goto bad_tid_conf;
14764  
14765  		ret = parse_tid_conf(rdev, attrs, dev,
14766  				     &tid_config->tid_conf[conf_idx],
14767  				     info, tid_config->peer);
14768  		if (ret)
14769  			goto bad_tid_conf;
14770  
14771  		conf_idx++;
14772  	}
14773  
14774  	ret = rdev_set_tid_config(rdev, dev, tid_config);
14775  
14776  bad_tid_conf:
14777  	kfree(tid_config);
14778  	return ret;
14779  }
14780  
14781  #define NL80211_FLAG_NEED_WIPHY		0x01
14782  #define NL80211_FLAG_NEED_NETDEV	0x02
14783  #define NL80211_FLAG_NEED_RTNL		0x04
14784  #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
14785  #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
14786  					 NL80211_FLAG_CHECK_NETDEV_UP)
14787  #define NL80211_FLAG_NEED_WDEV		0x10
14788  /* If a netdev is associated, it must be UP, P2P must be started */
14789  #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
14790  					 NL80211_FLAG_CHECK_NETDEV_UP)
14791  #define NL80211_FLAG_CLEAR_SKB		0x20
14792  
14793  static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
14794  			    struct genl_info *info)
14795  {
14796  	struct cfg80211_registered_device *rdev = NULL;
14797  	struct wireless_dev *wdev;
14798  	struct net_device *dev;
14799  
14800  	rtnl_lock();
14801  	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
14802  		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
14803  		if (IS_ERR(rdev)) {
14804  			rtnl_unlock();
14805  			return PTR_ERR(rdev);
14806  		}
14807  		info->user_ptr[0] = rdev;
14808  	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
14809  		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14810  		wdev = __cfg80211_wdev_from_attrs(NULL, genl_info_net(info),
14811  						  info->attrs);
14812  		if (IS_ERR(wdev)) {
14813  			rtnl_unlock();
14814  			return PTR_ERR(wdev);
14815  		}
14816  
14817  		dev = wdev->netdev;
14818  		rdev = wiphy_to_rdev(wdev->wiphy);
14819  
14820  		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
14821  			if (!dev) {
14822  				rtnl_unlock();
14823  				return -EINVAL;
14824  			}
14825  
14826  			info->user_ptr[1] = dev;
14827  		} else {
14828  			info->user_ptr[1] = wdev;
14829  		}
14830  
14831  		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
14832  		    !wdev_running(wdev)) {
14833  			rtnl_unlock();
14834  			return -ENETDOWN;
14835  		}
14836  
14837  		if (dev)
14838  			dev_hold(dev);
14839  
14840  		info->user_ptr[0] = rdev;
14841  	}
14842  
14843  	if (rdev) {
14844  		wiphy_lock(&rdev->wiphy);
14845  		/* we keep the mutex locked until post_doit */
14846  		__release(&rdev->wiphy.mtx);
14847  	}
14848  	if (!(ops->internal_flags & NL80211_FLAG_NEED_RTNL))
14849  		rtnl_unlock();
14850  
14851  	return 0;
14852  }
14853  
14854  static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
14855  			      struct genl_info *info)
14856  {
14857  	if (info->user_ptr[1]) {
14858  		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
14859  			struct wireless_dev *wdev = info->user_ptr[1];
14860  
14861  			if (wdev->netdev)
14862  				dev_put(wdev->netdev);
14863  		} else {
14864  			dev_put(info->user_ptr[1]);
14865  		}
14866  	}
14867  
14868  	if (info->user_ptr[0]) {
14869  		struct cfg80211_registered_device *rdev = info->user_ptr[0];
14870  
14871  		/* we kept the mutex locked since pre_doit */
14872  		__acquire(&rdev->wiphy.mtx);
14873  		wiphy_unlock(&rdev->wiphy);
14874  	}
14875  
14876  	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
14877  		rtnl_unlock();
14878  
14879  	/* If needed, clear the netlink message payload from the SKB
14880  	 * as it might contain key data that shouldn't stick around on
14881  	 * the heap after the SKB is freed. The netlink message header
14882  	 * is still needed for further processing, so leave it intact.
14883  	 */
14884  	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
14885  		struct nlmsghdr *nlh = nlmsg_hdr(skb);
14886  
14887  		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
14888  	}
14889  }
14890  
14891  static int nl80211_set_sar_sub_specs(struct cfg80211_registered_device *rdev,
14892  				     struct cfg80211_sar_specs *sar_specs,
14893  				     struct nlattr *spec[], int index)
14894  {
14895  	u32 range_index, i;
14896  
14897  	if (!sar_specs || !spec)
14898  		return -EINVAL;
14899  
14900  	if (!spec[NL80211_SAR_ATTR_SPECS_POWER] ||
14901  	    !spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX])
14902  		return -EINVAL;
14903  
14904  	range_index = nla_get_u32(spec[NL80211_SAR_ATTR_SPECS_RANGE_INDEX]);
14905  
14906  	/* check if range_index exceeds num_freq_ranges */
14907  	if (range_index >= rdev->wiphy.sar_capa->num_freq_ranges)
14908  		return -EINVAL;
14909  
14910  	/* check if range_index duplicates */
14911  	for (i = 0; i < index; i++) {
14912  		if (sar_specs->sub_specs[i].freq_range_index == range_index)
14913  			return -EINVAL;
14914  	}
14915  
14916  	sar_specs->sub_specs[index].power =
14917  		nla_get_s32(spec[NL80211_SAR_ATTR_SPECS_POWER]);
14918  
14919  	sar_specs->sub_specs[index].freq_range_index = range_index;
14920  
14921  	return 0;
14922  }
14923  
14924  static int nl80211_set_sar_specs(struct sk_buff *skb, struct genl_info *info)
14925  {
14926  	struct cfg80211_registered_device *rdev = info->user_ptr[0];
14927  	struct nlattr *spec[NL80211_SAR_ATTR_SPECS_MAX + 1];
14928  	struct nlattr *tb[NL80211_SAR_ATTR_MAX + 1];
14929  	struct cfg80211_sar_specs *sar_spec;
14930  	enum nl80211_sar_type type;
14931  	struct nlattr *spec_list;
14932  	u32 specs;
14933  	int rem, err;
14934  
14935  	if (!rdev->wiphy.sar_capa || !rdev->ops->set_sar_specs)
14936  		return -EOPNOTSUPP;
14937  
14938  	if (!info->attrs[NL80211_ATTR_SAR_SPEC])
14939  		return -EINVAL;
14940  
14941  	nla_parse_nested(tb, NL80211_SAR_ATTR_MAX,
14942  			 info->attrs[NL80211_ATTR_SAR_SPEC],
14943  			 NULL, NULL);
14944  
14945  	if (!tb[NL80211_SAR_ATTR_TYPE] || !tb[NL80211_SAR_ATTR_SPECS])
14946  		return -EINVAL;
14947  
14948  	type = nla_get_u32(tb[NL80211_SAR_ATTR_TYPE]);
14949  	if (type != rdev->wiphy.sar_capa->type)
14950  		return -EINVAL;
14951  
14952  	specs = 0;
14953  	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem)
14954  		specs++;
14955  
14956  	if (specs > rdev->wiphy.sar_capa->num_freq_ranges)
14957  		return -EINVAL;
14958  
14959  	sar_spec = kzalloc(sizeof(*sar_spec) +
14960  			   specs * sizeof(struct cfg80211_sar_sub_specs),
14961  			   GFP_KERNEL);
14962  	if (!sar_spec)
14963  		return -ENOMEM;
14964  
14965  	sar_spec->type = type;
14966  	specs = 0;
14967  	nla_for_each_nested(spec_list, tb[NL80211_SAR_ATTR_SPECS], rem) {
14968  		nla_parse_nested(spec, NL80211_SAR_ATTR_SPECS_MAX,
14969  				 spec_list, NULL, NULL);
14970  
14971  		switch (type) {
14972  		case NL80211_SAR_TYPE_POWER:
14973  			if (nl80211_set_sar_sub_specs(rdev, sar_spec,
14974  						      spec, specs)) {
14975  				err = -EINVAL;
14976  				goto error;
14977  			}
14978  			break;
14979  		default:
14980  			err = -EINVAL;
14981  			goto error;
14982  		}
14983  		specs++;
14984  	}
14985  
14986  	sar_spec->num_sub_specs = specs;
14987  
14988  	rdev->cur_cmd_info = info;
14989  	err = rdev_set_sar_specs(rdev, sar_spec);
14990  	rdev->cur_cmd_info = NULL;
14991  error:
14992  	kfree(sar_spec);
14993  	return err;
14994  }
14995  
14996  static const struct genl_ops nl80211_ops[] = {
14997  	{
14998  		.cmd = NL80211_CMD_GET_WIPHY,
14999  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15000  		.doit = nl80211_get_wiphy,
15001  		.dumpit = nl80211_dump_wiphy,
15002  		.done = nl80211_dump_wiphy_done,
15003  		/* can be retrieved by unprivileged users */
15004  		.internal_flags = NL80211_FLAG_NEED_WIPHY,
15005  	},
15006  };
15007  
15008  static const struct genl_small_ops nl80211_small_ops[] = {
15009  	{
15010  		.cmd = NL80211_CMD_SET_WIPHY,
15011  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15012  		.doit = nl80211_set_wiphy,
15013  		.flags = GENL_UNS_ADMIN_PERM,
15014  	},
15015  	{
15016  		.cmd = NL80211_CMD_GET_INTERFACE,
15017  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15018  		.doit = nl80211_get_interface,
15019  		.dumpit = nl80211_dump_interface,
15020  		/* can be retrieved by unprivileged users */
15021  		.internal_flags = NL80211_FLAG_NEED_WDEV,
15022  	},
15023  	{
15024  		.cmd = NL80211_CMD_SET_INTERFACE,
15025  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15026  		.doit = nl80211_set_interface,
15027  		.flags = GENL_UNS_ADMIN_PERM,
15028  		.internal_flags = NL80211_FLAG_NEED_NETDEV |
15029  				  NL80211_FLAG_NEED_RTNL,
15030  	},
15031  	{
15032  		.cmd = NL80211_CMD_NEW_INTERFACE,
15033  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15034  		.doit = nl80211_new_interface,
15035  		.flags = GENL_UNS_ADMIN_PERM,
15036  		.internal_flags = NL80211_FLAG_NEED_WIPHY |
15037  				  NL80211_FLAG_NEED_RTNL,
15038  	},
15039  	{
15040  		.cmd = NL80211_CMD_DEL_INTERFACE,
15041  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15042  		.doit = nl80211_del_interface,
15043  		.flags = GENL_UNS_ADMIN_PERM,
15044  		.internal_flags = NL80211_FLAG_NEED_WDEV |
15045  				  NL80211_FLAG_NEED_RTNL,
15046  	},
15047  	{
15048  		.cmd = NL80211_CMD_GET_KEY,
15049  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15050  		.doit = nl80211_get_key,
15051  		.flags = GENL_UNS_ADMIN_PERM,
15052  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15053  	},
15054  	{
15055  		.cmd = NL80211_CMD_SET_KEY,
15056  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15057  		.doit = nl80211_set_key,
15058  		.flags = GENL_UNS_ADMIN_PERM,
15059  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15060  				  NL80211_FLAG_CLEAR_SKB,
15061  	},
15062  	{
15063  		.cmd = NL80211_CMD_NEW_KEY,
15064  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15065  		.doit = nl80211_new_key,
15066  		.flags = GENL_UNS_ADMIN_PERM,
15067  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15068  				  NL80211_FLAG_CLEAR_SKB,
15069  	},
15070  	{
15071  		.cmd = NL80211_CMD_DEL_KEY,
15072  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15073  		.doit = nl80211_del_key,
15074  		.flags = GENL_UNS_ADMIN_PERM,
15075  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15076  	},
15077  	{
15078  		.cmd = NL80211_CMD_SET_BEACON,
15079  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15080  		.flags = GENL_UNS_ADMIN_PERM,
15081  		.doit = nl80211_set_beacon,
15082  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15083  	},
15084  	{
15085  		.cmd = NL80211_CMD_START_AP,
15086  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15087  		.flags = GENL_UNS_ADMIN_PERM,
15088  		.doit = nl80211_start_ap,
15089  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15090  	},
15091  	{
15092  		.cmd = NL80211_CMD_STOP_AP,
15093  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15094  		.flags = GENL_UNS_ADMIN_PERM,
15095  		.doit = nl80211_stop_ap,
15096  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15097  	},
15098  	{
15099  		.cmd = NL80211_CMD_GET_STATION,
15100  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15101  		.doit = nl80211_get_station,
15102  		.dumpit = nl80211_dump_station,
15103  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15104  	},
15105  	{
15106  		.cmd = NL80211_CMD_SET_STATION,
15107  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15108  		.doit = nl80211_set_station,
15109  		.flags = GENL_UNS_ADMIN_PERM,
15110  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15111  	},
15112  	{
15113  		.cmd = NL80211_CMD_NEW_STATION,
15114  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15115  		.doit = nl80211_new_station,
15116  		.flags = GENL_UNS_ADMIN_PERM,
15117  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15118  	},
15119  	{
15120  		.cmd = NL80211_CMD_DEL_STATION,
15121  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15122  		.doit = nl80211_del_station,
15123  		.flags = GENL_UNS_ADMIN_PERM,
15124  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15125  	},
15126  	{
15127  		.cmd = NL80211_CMD_GET_MPATH,
15128  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15129  		.doit = nl80211_get_mpath,
15130  		.dumpit = nl80211_dump_mpath,
15131  		.flags = GENL_UNS_ADMIN_PERM,
15132  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15133  	},
15134  	{
15135  		.cmd = NL80211_CMD_GET_MPP,
15136  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15137  		.doit = nl80211_get_mpp,
15138  		.dumpit = nl80211_dump_mpp,
15139  		.flags = GENL_UNS_ADMIN_PERM,
15140  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15141  	},
15142  	{
15143  		.cmd = NL80211_CMD_SET_MPATH,
15144  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15145  		.doit = nl80211_set_mpath,
15146  		.flags = GENL_UNS_ADMIN_PERM,
15147  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15148  	},
15149  	{
15150  		.cmd = NL80211_CMD_NEW_MPATH,
15151  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15152  		.doit = nl80211_new_mpath,
15153  		.flags = GENL_UNS_ADMIN_PERM,
15154  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15155  	},
15156  	{
15157  		.cmd = NL80211_CMD_DEL_MPATH,
15158  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15159  		.doit = nl80211_del_mpath,
15160  		.flags = GENL_UNS_ADMIN_PERM,
15161  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15162  	},
15163  	{
15164  		.cmd = NL80211_CMD_SET_BSS,
15165  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15166  		.doit = nl80211_set_bss,
15167  		.flags = GENL_UNS_ADMIN_PERM,
15168  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15169  	},
15170  	{
15171  		.cmd = NL80211_CMD_GET_REG,
15172  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15173  		.doit = nl80211_get_reg_do,
15174  		.dumpit = nl80211_get_reg_dump,
15175  		.internal_flags = 0,
15176  		/* can be retrieved by unprivileged users */
15177  	},
15178  #ifdef CONFIG_CFG80211_CRDA_SUPPORT
15179  	{
15180  		.cmd = NL80211_CMD_SET_REG,
15181  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15182  		.doit = nl80211_set_reg,
15183  		.flags = GENL_ADMIN_PERM,
15184  		.internal_flags = 0,
15185  	},
15186  #endif
15187  	{
15188  		.cmd = NL80211_CMD_REQ_SET_REG,
15189  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15190  		.doit = nl80211_req_set_reg,
15191  		.flags = GENL_ADMIN_PERM,
15192  	},
15193  	{
15194  		.cmd = NL80211_CMD_RELOAD_REGDB,
15195  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15196  		.doit = nl80211_reload_regdb,
15197  		.flags = GENL_ADMIN_PERM,
15198  	},
15199  	{
15200  		.cmd = NL80211_CMD_GET_MESH_CONFIG,
15201  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15202  		.doit = nl80211_get_mesh_config,
15203  		/* can be retrieved by unprivileged users */
15204  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15205  	},
15206  	{
15207  		.cmd = NL80211_CMD_SET_MESH_CONFIG,
15208  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15209  		.doit = nl80211_update_mesh_config,
15210  		.flags = GENL_UNS_ADMIN_PERM,
15211  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15212  	},
15213  	{
15214  		.cmd = NL80211_CMD_TRIGGER_SCAN,
15215  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15216  		.doit = nl80211_trigger_scan,
15217  		.flags = GENL_UNS_ADMIN_PERM,
15218  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15219  	},
15220  	{
15221  		.cmd = NL80211_CMD_ABORT_SCAN,
15222  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15223  		.doit = nl80211_abort_scan,
15224  		.flags = GENL_UNS_ADMIN_PERM,
15225  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15226  	},
15227  	{
15228  		.cmd = NL80211_CMD_GET_SCAN,
15229  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15230  		.dumpit = nl80211_dump_scan,
15231  	},
15232  	{
15233  		.cmd = NL80211_CMD_START_SCHED_SCAN,
15234  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15235  		.doit = nl80211_start_sched_scan,
15236  		.flags = GENL_UNS_ADMIN_PERM,
15237  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15238  	},
15239  	{
15240  		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
15241  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15242  		.doit = nl80211_stop_sched_scan,
15243  		.flags = GENL_UNS_ADMIN_PERM,
15244  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15245  	},
15246  	{
15247  		.cmd = NL80211_CMD_AUTHENTICATE,
15248  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15249  		.doit = nl80211_authenticate,
15250  		.flags = GENL_UNS_ADMIN_PERM,
15251  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15252  				  0 |
15253  				  NL80211_FLAG_CLEAR_SKB,
15254  	},
15255  	{
15256  		.cmd = NL80211_CMD_ASSOCIATE,
15257  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15258  		.doit = nl80211_associate,
15259  		.flags = GENL_UNS_ADMIN_PERM,
15260  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15261  				  0 |
15262  				  NL80211_FLAG_CLEAR_SKB,
15263  	},
15264  	{
15265  		.cmd = NL80211_CMD_DEAUTHENTICATE,
15266  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15267  		.doit = nl80211_deauthenticate,
15268  		.flags = GENL_UNS_ADMIN_PERM,
15269  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15270  	},
15271  	{
15272  		.cmd = NL80211_CMD_DISASSOCIATE,
15273  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15274  		.doit = nl80211_disassociate,
15275  		.flags = GENL_UNS_ADMIN_PERM,
15276  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15277  	},
15278  	{
15279  		.cmd = NL80211_CMD_JOIN_IBSS,
15280  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15281  		.doit = nl80211_join_ibss,
15282  		.flags = GENL_UNS_ADMIN_PERM,
15283  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15284  	},
15285  	{
15286  		.cmd = NL80211_CMD_LEAVE_IBSS,
15287  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15288  		.doit = nl80211_leave_ibss,
15289  		.flags = GENL_UNS_ADMIN_PERM,
15290  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15291  	},
15292  #ifdef CONFIG_NL80211_TESTMODE
15293  	{
15294  		.cmd = NL80211_CMD_TESTMODE,
15295  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15296  		.doit = nl80211_testmode_do,
15297  		.dumpit = nl80211_testmode_dump,
15298  		.flags = GENL_UNS_ADMIN_PERM,
15299  		.internal_flags = NL80211_FLAG_NEED_WIPHY,
15300  	},
15301  #endif
15302  	{
15303  		.cmd = NL80211_CMD_CONNECT,
15304  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15305  		.doit = nl80211_connect,
15306  		.flags = GENL_UNS_ADMIN_PERM,
15307  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15308  				  0 |
15309  				  NL80211_FLAG_CLEAR_SKB,
15310  	},
15311  	{
15312  		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
15313  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15314  		.doit = nl80211_update_connect_params,
15315  		.flags = GENL_ADMIN_PERM,
15316  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15317  				  0 |
15318  				  NL80211_FLAG_CLEAR_SKB,
15319  	},
15320  	{
15321  		.cmd = NL80211_CMD_DISCONNECT,
15322  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15323  		.doit = nl80211_disconnect,
15324  		.flags = GENL_UNS_ADMIN_PERM,
15325  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15326  	},
15327  	{
15328  		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
15329  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15330  		.doit = nl80211_wiphy_netns,
15331  		.flags = GENL_UNS_ADMIN_PERM,
15332  		.internal_flags = NL80211_FLAG_NEED_WIPHY,
15333  	},
15334  	{
15335  		.cmd = NL80211_CMD_GET_SURVEY,
15336  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15337  		.dumpit = nl80211_dump_survey,
15338  	},
15339  	{
15340  		.cmd = NL80211_CMD_SET_PMKSA,
15341  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15342  		.doit = nl80211_setdel_pmksa,
15343  		.flags = GENL_UNS_ADMIN_PERM,
15344  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15345  				  0 |
15346  				  NL80211_FLAG_CLEAR_SKB,
15347  	},
15348  	{
15349  		.cmd = NL80211_CMD_DEL_PMKSA,
15350  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15351  		.doit = nl80211_setdel_pmksa,
15352  		.flags = GENL_UNS_ADMIN_PERM,
15353  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15354  	},
15355  	{
15356  		.cmd = NL80211_CMD_FLUSH_PMKSA,
15357  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15358  		.doit = nl80211_flush_pmksa,
15359  		.flags = GENL_UNS_ADMIN_PERM,
15360  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15361  	},
15362  	{
15363  		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
15364  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15365  		.doit = nl80211_remain_on_channel,
15366  		.flags = GENL_UNS_ADMIN_PERM,
15367  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15368  	},
15369  	{
15370  		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15371  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15372  		.doit = nl80211_cancel_remain_on_channel,
15373  		.flags = GENL_UNS_ADMIN_PERM,
15374  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15375  	},
15376  	{
15377  		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
15378  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15379  		.doit = nl80211_set_tx_bitrate_mask,
15380  		.flags = GENL_UNS_ADMIN_PERM,
15381  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15382  	},
15383  	{
15384  		.cmd = NL80211_CMD_REGISTER_FRAME,
15385  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15386  		.doit = nl80211_register_mgmt,
15387  		.flags = GENL_UNS_ADMIN_PERM,
15388  		.internal_flags = NL80211_FLAG_NEED_WDEV,
15389  	},
15390  	{
15391  		.cmd = NL80211_CMD_FRAME,
15392  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15393  		.doit = nl80211_tx_mgmt,
15394  		.flags = GENL_UNS_ADMIN_PERM,
15395  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15396  	},
15397  	{
15398  		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
15399  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15400  		.doit = nl80211_tx_mgmt_cancel_wait,
15401  		.flags = GENL_UNS_ADMIN_PERM,
15402  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15403  	},
15404  	{
15405  		.cmd = NL80211_CMD_SET_POWER_SAVE,
15406  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15407  		.doit = nl80211_set_power_save,
15408  		.flags = GENL_UNS_ADMIN_PERM,
15409  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15410  	},
15411  	{
15412  		.cmd = NL80211_CMD_GET_POWER_SAVE,
15413  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15414  		.doit = nl80211_get_power_save,
15415  		/* can be retrieved by unprivileged users */
15416  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15417  	},
15418  	{
15419  		.cmd = NL80211_CMD_SET_CQM,
15420  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15421  		.doit = nl80211_set_cqm,
15422  		.flags = GENL_UNS_ADMIN_PERM,
15423  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15424  	},
15425  	{
15426  		.cmd = NL80211_CMD_SET_CHANNEL,
15427  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15428  		.doit = nl80211_set_channel,
15429  		.flags = GENL_UNS_ADMIN_PERM,
15430  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15431  	},
15432  	{
15433  		.cmd = NL80211_CMD_JOIN_MESH,
15434  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15435  		.doit = nl80211_join_mesh,
15436  		.flags = GENL_UNS_ADMIN_PERM,
15437  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15438  	},
15439  	{
15440  		.cmd = NL80211_CMD_LEAVE_MESH,
15441  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15442  		.doit = nl80211_leave_mesh,
15443  		.flags = GENL_UNS_ADMIN_PERM,
15444  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15445  	},
15446  	{
15447  		.cmd = NL80211_CMD_JOIN_OCB,
15448  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15449  		.doit = nl80211_join_ocb,
15450  		.flags = GENL_UNS_ADMIN_PERM,
15451  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15452  	},
15453  	{
15454  		.cmd = NL80211_CMD_LEAVE_OCB,
15455  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15456  		.doit = nl80211_leave_ocb,
15457  		.flags = GENL_UNS_ADMIN_PERM,
15458  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15459  	},
15460  #ifdef CONFIG_PM
15461  	{
15462  		.cmd = NL80211_CMD_GET_WOWLAN,
15463  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15464  		.doit = nl80211_get_wowlan,
15465  		/* can be retrieved by unprivileged users */
15466  		.internal_flags = NL80211_FLAG_NEED_WIPHY,
15467  	},
15468  	{
15469  		.cmd = NL80211_CMD_SET_WOWLAN,
15470  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15471  		.doit = nl80211_set_wowlan,
15472  		.flags = GENL_UNS_ADMIN_PERM,
15473  		.internal_flags = NL80211_FLAG_NEED_WIPHY,
15474  	},
15475  #endif
15476  	{
15477  		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
15478  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15479  		.doit = nl80211_set_rekey_data,
15480  		.flags = GENL_UNS_ADMIN_PERM,
15481  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15482  				  0 |
15483  				  NL80211_FLAG_CLEAR_SKB,
15484  	},
15485  	{
15486  		.cmd = NL80211_CMD_TDLS_MGMT,
15487  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15488  		.doit = nl80211_tdls_mgmt,
15489  		.flags = GENL_UNS_ADMIN_PERM,
15490  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15491  	},
15492  	{
15493  		.cmd = NL80211_CMD_TDLS_OPER,
15494  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15495  		.doit = nl80211_tdls_oper,
15496  		.flags = GENL_UNS_ADMIN_PERM,
15497  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15498  	},
15499  	{
15500  		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
15501  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15502  		.doit = nl80211_register_unexpected_frame,
15503  		.flags = GENL_UNS_ADMIN_PERM,
15504  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15505  	},
15506  	{
15507  		.cmd = NL80211_CMD_PROBE_CLIENT,
15508  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15509  		.doit = nl80211_probe_client,
15510  		.flags = GENL_UNS_ADMIN_PERM,
15511  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15512  	},
15513  	{
15514  		.cmd = NL80211_CMD_REGISTER_BEACONS,
15515  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15516  		.doit = nl80211_register_beacons,
15517  		.flags = GENL_UNS_ADMIN_PERM,
15518  		.internal_flags = NL80211_FLAG_NEED_WIPHY,
15519  	},
15520  	{
15521  		.cmd = NL80211_CMD_SET_NOACK_MAP,
15522  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15523  		.doit = nl80211_set_noack_map,
15524  		.flags = GENL_UNS_ADMIN_PERM,
15525  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15526  	},
15527  	{
15528  		.cmd = NL80211_CMD_START_P2P_DEVICE,
15529  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15530  		.doit = nl80211_start_p2p_device,
15531  		.flags = GENL_UNS_ADMIN_PERM,
15532  		.internal_flags = NL80211_FLAG_NEED_WDEV |
15533  				  NL80211_FLAG_NEED_RTNL,
15534  	},
15535  	{
15536  		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
15537  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15538  		.doit = nl80211_stop_p2p_device,
15539  		.flags = GENL_UNS_ADMIN_PERM,
15540  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15541  				  NL80211_FLAG_NEED_RTNL,
15542  	},
15543  	{
15544  		.cmd = NL80211_CMD_START_NAN,
15545  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15546  		.doit = nl80211_start_nan,
15547  		.flags = GENL_ADMIN_PERM,
15548  		.internal_flags = NL80211_FLAG_NEED_WDEV |
15549  				  NL80211_FLAG_NEED_RTNL,
15550  	},
15551  	{
15552  		.cmd = NL80211_CMD_STOP_NAN,
15553  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15554  		.doit = nl80211_stop_nan,
15555  		.flags = GENL_ADMIN_PERM,
15556  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
15557  				  NL80211_FLAG_NEED_RTNL,
15558  	},
15559  	{
15560  		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
15561  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15562  		.doit = nl80211_nan_add_func,
15563  		.flags = GENL_ADMIN_PERM,
15564  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15565  	},
15566  	{
15567  		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
15568  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15569  		.doit = nl80211_nan_del_func,
15570  		.flags = GENL_ADMIN_PERM,
15571  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15572  	},
15573  	{
15574  		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
15575  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15576  		.doit = nl80211_nan_change_config,
15577  		.flags = GENL_ADMIN_PERM,
15578  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15579  	},
15580  	{
15581  		.cmd = NL80211_CMD_SET_MCAST_RATE,
15582  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15583  		.doit = nl80211_set_mcast_rate,
15584  		.flags = GENL_UNS_ADMIN_PERM,
15585  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15586  	},
15587  	{
15588  		.cmd = NL80211_CMD_SET_MAC_ACL,
15589  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15590  		.doit = nl80211_set_mac_acl,
15591  		.flags = GENL_UNS_ADMIN_PERM,
15592  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15593  	},
15594  	{
15595  		.cmd = NL80211_CMD_RADAR_DETECT,
15596  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15597  		.doit = nl80211_start_radar_detection,
15598  		.flags = GENL_UNS_ADMIN_PERM,
15599  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15600  	},
15601  	{
15602  		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
15603  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15604  		.doit = nl80211_get_protocol_features,
15605  	},
15606  	{
15607  		.cmd = NL80211_CMD_UPDATE_FT_IES,
15608  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15609  		.doit = nl80211_update_ft_ies,
15610  		.flags = GENL_UNS_ADMIN_PERM,
15611  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15612  	},
15613  	{
15614  		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
15615  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15616  		.doit = nl80211_crit_protocol_start,
15617  		.flags = GENL_UNS_ADMIN_PERM,
15618  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15619  	},
15620  	{
15621  		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
15622  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15623  		.doit = nl80211_crit_protocol_stop,
15624  		.flags = GENL_UNS_ADMIN_PERM,
15625  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15626  	},
15627  	{
15628  		.cmd = NL80211_CMD_GET_COALESCE,
15629  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15630  		.doit = nl80211_get_coalesce,
15631  		.internal_flags = NL80211_FLAG_NEED_WIPHY,
15632  	},
15633  	{
15634  		.cmd = NL80211_CMD_SET_COALESCE,
15635  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15636  		.doit = nl80211_set_coalesce,
15637  		.flags = GENL_UNS_ADMIN_PERM,
15638  		.internal_flags = NL80211_FLAG_NEED_WIPHY,
15639  	},
15640  	{
15641  		.cmd = NL80211_CMD_CHANNEL_SWITCH,
15642  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15643  		.doit = nl80211_channel_switch,
15644  		.flags = GENL_UNS_ADMIN_PERM,
15645  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15646  	},
15647  	{
15648  		.cmd = NL80211_CMD_VENDOR,
15649  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15650  		.doit = nl80211_vendor_cmd,
15651  		.dumpit = nl80211_vendor_cmd_dump,
15652  		.flags = GENL_UNS_ADMIN_PERM,
15653  		.internal_flags = NL80211_FLAG_NEED_WIPHY |
15654  				  0 |
15655  				  NL80211_FLAG_CLEAR_SKB,
15656  	},
15657  	{
15658  		.cmd = NL80211_CMD_SET_QOS_MAP,
15659  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15660  		.doit = nl80211_set_qos_map,
15661  		.flags = GENL_UNS_ADMIN_PERM,
15662  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15663  	},
15664  	{
15665  		.cmd = NL80211_CMD_ADD_TX_TS,
15666  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15667  		.doit = nl80211_add_tx_ts,
15668  		.flags = GENL_UNS_ADMIN_PERM,
15669  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15670  	},
15671  	{
15672  		.cmd = NL80211_CMD_DEL_TX_TS,
15673  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15674  		.doit = nl80211_del_tx_ts,
15675  		.flags = GENL_UNS_ADMIN_PERM,
15676  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15677  	},
15678  	{
15679  		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
15680  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15681  		.doit = nl80211_tdls_channel_switch,
15682  		.flags = GENL_UNS_ADMIN_PERM,
15683  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15684  	},
15685  	{
15686  		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
15687  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15688  		.doit = nl80211_tdls_cancel_channel_switch,
15689  		.flags = GENL_UNS_ADMIN_PERM,
15690  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15691  	},
15692  	{
15693  		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
15694  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15695  		.doit = nl80211_set_multicast_to_unicast,
15696  		.flags = GENL_UNS_ADMIN_PERM,
15697  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15698  	},
15699  	{
15700  		.cmd = NL80211_CMD_SET_PMK,
15701  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15702  		.doit = nl80211_set_pmk,
15703  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
15704  				  0 |
15705  				  NL80211_FLAG_CLEAR_SKB,
15706  	},
15707  	{
15708  		.cmd = NL80211_CMD_DEL_PMK,
15709  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15710  		.doit = nl80211_del_pmk,
15711  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15712  	},
15713  	{
15714  		.cmd = NL80211_CMD_EXTERNAL_AUTH,
15715  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15716  		.doit = nl80211_external_auth,
15717  		.flags = GENL_ADMIN_PERM,
15718  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15719  	},
15720  	{
15721  		.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
15722  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15723  		.doit = nl80211_tx_control_port,
15724  		.flags = GENL_UNS_ADMIN_PERM,
15725  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15726  	},
15727  	{
15728  		.cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
15729  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15730  		.doit = nl80211_get_ftm_responder_stats,
15731  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15732  	},
15733  	{
15734  		.cmd = NL80211_CMD_PEER_MEASUREMENT_START,
15735  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15736  		.doit = nl80211_pmsr_start,
15737  		.flags = GENL_UNS_ADMIN_PERM,
15738  		.internal_flags = NL80211_FLAG_NEED_WDEV_UP,
15739  	},
15740  	{
15741  		.cmd = NL80211_CMD_NOTIFY_RADAR,
15742  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15743  		.doit = nl80211_notify_radar_detection,
15744  		.flags = GENL_UNS_ADMIN_PERM,
15745  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15746  	},
15747  	{
15748  		.cmd = NL80211_CMD_UPDATE_OWE_INFO,
15749  		.doit = nl80211_update_owe_info,
15750  		.flags = GENL_ADMIN_PERM,
15751  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15752  	},
15753  	{
15754  		.cmd = NL80211_CMD_PROBE_MESH_LINK,
15755  		.doit = nl80211_probe_mesh_link,
15756  		.flags = GENL_UNS_ADMIN_PERM,
15757  		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP,
15758  	},
15759  	{
15760  		.cmd = NL80211_CMD_SET_TID_CONFIG,
15761  		.doit = nl80211_set_tid_config,
15762  		.flags = GENL_UNS_ADMIN_PERM,
15763  		.internal_flags = NL80211_FLAG_NEED_NETDEV,
15764  	},
15765  	{
15766  		.cmd = NL80211_CMD_SET_SAR_SPECS,
15767  		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
15768  		.doit = nl80211_set_sar_specs,
15769  		.flags = GENL_UNS_ADMIN_PERM,
15770  		.internal_flags = NL80211_FLAG_NEED_WIPHY |
15771  				  NL80211_FLAG_NEED_RTNL,
15772  	},
15773  };
15774  
15775  static struct genl_family nl80211_fam __ro_after_init = {
15776  	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
15777  	.hdrsize = 0,			/* no private header */
15778  	.version = 1,			/* no particular meaning now */
15779  	.maxattr = NL80211_ATTR_MAX,
15780  	.policy = nl80211_policy,
15781  	.netnsok = true,
15782  	.pre_doit = nl80211_pre_doit,
15783  	.post_doit = nl80211_post_doit,
15784  	.module = THIS_MODULE,
15785  	.ops = nl80211_ops,
15786  	.n_ops = ARRAY_SIZE(nl80211_ops),
15787  	.small_ops = nl80211_small_ops,
15788  	.n_small_ops = ARRAY_SIZE(nl80211_small_ops),
15789  	.mcgrps = nl80211_mcgrps,
15790  	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
15791  	.parallel_ops = true,
15792  };
15793  
15794  /* notification functions */
15795  
15796  void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
15797  			  enum nl80211_commands cmd)
15798  {
15799  	struct sk_buff *msg;
15800  	struct nl80211_dump_wiphy_state state = {};
15801  
15802  	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
15803  		cmd != NL80211_CMD_DEL_WIPHY);
15804  
15805  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15806  	if (!msg)
15807  		return;
15808  
15809  	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
15810  		nlmsg_free(msg);
15811  		return;
15812  	}
15813  
15814  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15815  				NL80211_MCGRP_CONFIG, GFP_KERNEL);
15816  }
15817  
15818  void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
15819  				struct wireless_dev *wdev,
15820  				enum nl80211_commands cmd)
15821  {
15822  	struct sk_buff *msg;
15823  
15824  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15825  	if (!msg)
15826  		return;
15827  
15828  	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
15829  		nlmsg_free(msg);
15830  		return;
15831  	}
15832  
15833  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15834  				NL80211_MCGRP_CONFIG, GFP_KERNEL);
15835  }
15836  
15837  static int nl80211_add_scan_req(struct sk_buff *msg,
15838  				struct cfg80211_registered_device *rdev)
15839  {
15840  	struct cfg80211_scan_request *req = rdev->scan_req;
15841  	struct nlattr *nest;
15842  	int i;
15843  	struct cfg80211_scan_info *info;
15844  
15845  	if (WARN_ON(!req))
15846  		return 0;
15847  
15848  	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
15849  	if (!nest)
15850  		goto nla_put_failure;
15851  	for (i = 0; i < req->n_ssids; i++) {
15852  		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
15853  			goto nla_put_failure;
15854  	}
15855  	nla_nest_end(msg, nest);
15856  
15857  	if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
15858  		nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
15859  		if (!nest)
15860  			goto nla_put_failure;
15861  		for (i = 0; i < req->n_channels; i++) {
15862  			if (nla_put_u32(msg, i,
15863  				   ieee80211_channel_to_khz(req->channels[i])))
15864  				goto nla_put_failure;
15865  		}
15866  		nla_nest_end(msg, nest);
15867  	} else {
15868  		nest = nla_nest_start_noflag(msg,
15869  					     NL80211_ATTR_SCAN_FREQUENCIES);
15870  		if (!nest)
15871  			goto nla_put_failure;
15872  		for (i = 0; i < req->n_channels; i++) {
15873  			if (nla_put_u32(msg, i, req->channels[i]->center_freq))
15874  				goto nla_put_failure;
15875  		}
15876  		nla_nest_end(msg, nest);
15877  	}
15878  
15879  	if (req->ie &&
15880  	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
15881  		goto nla_put_failure;
15882  
15883  	if (req->flags &&
15884  	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
15885  		goto nla_put_failure;
15886  
15887  	info = rdev->int_scan_req ? &rdev->int_scan_req->info :
15888  		&rdev->scan_req->info;
15889  	if (info->scan_start_tsf &&
15890  	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
15891  			       info->scan_start_tsf, NL80211_BSS_PAD) ||
15892  	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
15893  		     info->tsf_bssid)))
15894  		goto nla_put_failure;
15895  
15896  	return 0;
15897   nla_put_failure:
15898  	return -ENOBUFS;
15899  }
15900  
15901  static int nl80211_prep_scan_msg(struct sk_buff *msg,
15902  				 struct cfg80211_registered_device *rdev,
15903  				 struct wireless_dev *wdev,
15904  				 u32 portid, u32 seq, int flags,
15905  				 u32 cmd)
15906  {
15907  	void *hdr;
15908  
15909  	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
15910  	if (!hdr)
15911  		return -1;
15912  
15913  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15914  	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15915  					 wdev->netdev->ifindex)) ||
15916  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15917  			      NL80211_ATTR_PAD))
15918  		goto nla_put_failure;
15919  
15920  	/* ignore errors and send incomplete event anyway */
15921  	nl80211_add_scan_req(msg, rdev);
15922  
15923  	genlmsg_end(msg, hdr);
15924  	return 0;
15925  
15926   nla_put_failure:
15927  	genlmsg_cancel(msg, hdr);
15928  	return -EMSGSIZE;
15929  }
15930  
15931  static int
15932  nl80211_prep_sched_scan_msg(struct sk_buff *msg,
15933  			    struct cfg80211_sched_scan_request *req, u32 cmd)
15934  {
15935  	void *hdr;
15936  
15937  	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15938  	if (!hdr)
15939  		return -1;
15940  
15941  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
15942  			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
15943  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
15944  	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
15945  			      NL80211_ATTR_PAD))
15946  		goto nla_put_failure;
15947  
15948  	genlmsg_end(msg, hdr);
15949  	return 0;
15950  
15951   nla_put_failure:
15952  	genlmsg_cancel(msg, hdr);
15953  	return -EMSGSIZE;
15954  }
15955  
15956  void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
15957  			     struct wireless_dev *wdev)
15958  {
15959  	struct sk_buff *msg;
15960  
15961  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15962  	if (!msg)
15963  		return;
15964  
15965  	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15966  				  NL80211_CMD_TRIGGER_SCAN) < 0) {
15967  		nlmsg_free(msg);
15968  		return;
15969  	}
15970  
15971  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15972  				NL80211_MCGRP_SCAN, GFP_KERNEL);
15973  }
15974  
15975  struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
15976  				       struct wireless_dev *wdev, bool aborted)
15977  {
15978  	struct sk_buff *msg;
15979  
15980  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15981  	if (!msg)
15982  		return NULL;
15983  
15984  	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
15985  				  aborted ? NL80211_CMD_SCAN_ABORTED :
15986  					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
15987  		nlmsg_free(msg);
15988  		return NULL;
15989  	}
15990  
15991  	return msg;
15992  }
15993  
15994  /* send message created by nl80211_build_scan_msg() */
15995  void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
15996  			   struct sk_buff *msg)
15997  {
15998  	if (!msg)
15999  		return;
16000  
16001  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16002  				NL80211_MCGRP_SCAN, GFP_KERNEL);
16003  }
16004  
16005  void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
16006  {
16007  	struct sk_buff *msg;
16008  
16009  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16010  	if (!msg)
16011  		return;
16012  
16013  	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
16014  		nlmsg_free(msg);
16015  		return;
16016  	}
16017  
16018  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
16019  				NL80211_MCGRP_SCAN, GFP_KERNEL);
16020  }
16021  
16022  static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
16023  					  struct regulatory_request *request)
16024  {
16025  	/* Userspace can always count this one always being set */
16026  	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
16027  		goto nla_put_failure;
16028  
16029  	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
16030  		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16031  			       NL80211_REGDOM_TYPE_WORLD))
16032  			goto nla_put_failure;
16033  	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
16034  		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16035  			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
16036  			goto nla_put_failure;
16037  	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
16038  		   request->intersect) {
16039  		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16040  			       NL80211_REGDOM_TYPE_INTERSECTION))
16041  			goto nla_put_failure;
16042  	} else {
16043  		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
16044  			       NL80211_REGDOM_TYPE_COUNTRY) ||
16045  		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
16046  				   request->alpha2))
16047  			goto nla_put_failure;
16048  	}
16049  
16050  	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
16051  		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
16052  
16053  		if (wiphy &&
16054  		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
16055  			goto nla_put_failure;
16056  
16057  		if (wiphy &&
16058  		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
16059  		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
16060  			goto nla_put_failure;
16061  	}
16062  
16063  	return true;
16064  
16065  nla_put_failure:
16066  	return false;
16067  }
16068  
16069  /*
16070   * This can happen on global regulatory changes or device specific settings
16071   * based on custom regulatory domains.
16072   */
16073  void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
16074  				     struct regulatory_request *request)
16075  {
16076  	struct sk_buff *msg;
16077  	void *hdr;
16078  
16079  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16080  	if (!msg)
16081  		return;
16082  
16083  	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
16084  	if (!hdr)
16085  		goto nla_put_failure;
16086  
16087  	if (!nl80211_reg_change_event_fill(msg, request))
16088  		goto nla_put_failure;
16089  
16090  	genlmsg_end(msg, hdr);
16091  
16092  	rcu_read_lock();
16093  	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16094  				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16095  	rcu_read_unlock();
16096  
16097  	return;
16098  
16099  nla_put_failure:
16100  	nlmsg_free(msg);
16101  }
16102  
16103  static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
16104  				    struct net_device *netdev,
16105  				    const u8 *buf, size_t len,
16106  				    enum nl80211_commands cmd, gfp_t gfp,
16107  				    int uapsd_queues, const u8 *req_ies,
16108  				    size_t req_ies_len, bool reconnect)
16109  {
16110  	struct sk_buff *msg;
16111  	void *hdr;
16112  
16113  	msg = nlmsg_new(100 + len + req_ies_len, gfp);
16114  	if (!msg)
16115  		return;
16116  
16117  	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16118  	if (!hdr) {
16119  		nlmsg_free(msg);
16120  		return;
16121  	}
16122  
16123  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16124  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16125  	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16126  	    (req_ies &&
16127  	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
16128  		goto nla_put_failure;
16129  
16130  	if (reconnect && nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
16131  		goto nla_put_failure;
16132  
16133  	if (uapsd_queues >= 0) {
16134  		struct nlattr *nla_wmm =
16135  			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
16136  		if (!nla_wmm)
16137  			goto nla_put_failure;
16138  
16139  		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
16140  			       uapsd_queues))
16141  			goto nla_put_failure;
16142  
16143  		nla_nest_end(msg, nla_wmm);
16144  	}
16145  
16146  	genlmsg_end(msg, hdr);
16147  
16148  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16149  				NL80211_MCGRP_MLME, gfp);
16150  	return;
16151  
16152   nla_put_failure:
16153  	nlmsg_free(msg);
16154  }
16155  
16156  void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
16157  			  struct net_device *netdev, const u8 *buf,
16158  			  size_t len, gfp_t gfp)
16159  {
16160  	nl80211_send_mlme_event(rdev, netdev, buf, len,
16161  				NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0,
16162  				false);
16163  }
16164  
16165  void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
16166  			   struct net_device *netdev, const u8 *buf,
16167  			   size_t len, gfp_t gfp, int uapsd_queues,
16168  			   const u8 *req_ies, size_t req_ies_len)
16169  {
16170  	nl80211_send_mlme_event(rdev, netdev, buf, len,
16171  				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
16172  				req_ies, req_ies_len, false);
16173  }
16174  
16175  void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
16176  			 struct net_device *netdev, const u8 *buf,
16177  			 size_t len, bool reconnect, gfp_t gfp)
16178  {
16179  	nl80211_send_mlme_event(rdev, netdev, buf, len,
16180  				NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0,
16181  				reconnect);
16182  }
16183  
16184  void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
16185  			   struct net_device *netdev, const u8 *buf,
16186  			   size_t len, bool reconnect, gfp_t gfp)
16187  {
16188  	nl80211_send_mlme_event(rdev, netdev, buf, len,
16189  				NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0,
16190  				reconnect);
16191  }
16192  
16193  void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
16194  				  size_t len)
16195  {
16196  	struct wireless_dev *wdev = dev->ieee80211_ptr;
16197  	struct wiphy *wiphy = wdev->wiphy;
16198  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16199  	const struct ieee80211_mgmt *mgmt = (void *)buf;
16200  	u32 cmd;
16201  
16202  	if (WARN_ON(len < 2))
16203  		return;
16204  
16205  	if (ieee80211_is_deauth(mgmt->frame_control)) {
16206  		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
16207  	} else if (ieee80211_is_disassoc(mgmt->frame_control)) {
16208  		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
16209  	} else if (ieee80211_is_beacon(mgmt->frame_control)) {
16210  		if (wdev->unprot_beacon_reported &&
16211  		    elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
16212  			return;
16213  		cmd = NL80211_CMD_UNPROT_BEACON;
16214  		wdev->unprot_beacon_reported = jiffies;
16215  	} else {
16216  		return;
16217  	}
16218  
16219  	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
16220  	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
16221  				NULL, 0, false);
16222  }
16223  EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
16224  
16225  static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
16226  				      struct net_device *netdev, int cmd,
16227  				      const u8 *addr, gfp_t gfp)
16228  {
16229  	struct sk_buff *msg;
16230  	void *hdr;
16231  
16232  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16233  	if (!msg)
16234  		return;
16235  
16236  	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16237  	if (!hdr) {
16238  		nlmsg_free(msg);
16239  		return;
16240  	}
16241  
16242  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16243  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16244  	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16245  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16246  		goto nla_put_failure;
16247  
16248  	genlmsg_end(msg, hdr);
16249  
16250  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16251  				NL80211_MCGRP_MLME, gfp);
16252  	return;
16253  
16254   nla_put_failure:
16255  	nlmsg_free(msg);
16256  }
16257  
16258  void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
16259  			       struct net_device *netdev, const u8 *addr,
16260  			       gfp_t gfp)
16261  {
16262  	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
16263  				  addr, gfp);
16264  }
16265  
16266  void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
16267  				struct net_device *netdev, const u8 *addr,
16268  				gfp_t gfp)
16269  {
16270  	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
16271  				  addr, gfp);
16272  }
16273  
16274  void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
16275  				 struct net_device *netdev,
16276  				 struct cfg80211_connect_resp_params *cr,
16277  				 gfp_t gfp)
16278  {
16279  	struct sk_buff *msg;
16280  	void *hdr;
16281  
16282  	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
16283  			cr->fils.kek_len + cr->fils.pmk_len +
16284  			(cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16285  	if (!msg)
16286  		return;
16287  
16288  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
16289  	if (!hdr) {
16290  		nlmsg_free(msg);
16291  		return;
16292  	}
16293  
16294  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16295  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16296  	    (cr->bssid &&
16297  	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
16298  	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
16299  			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
16300  			cr->status) ||
16301  	    (cr->status < 0 &&
16302  	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
16303  	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
16304  			  cr->timeout_reason))) ||
16305  	    (cr->req_ie &&
16306  	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
16307  	    (cr->resp_ie &&
16308  	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
16309  		     cr->resp_ie)) ||
16310  	    (cr->fils.update_erp_next_seq_num &&
16311  	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16312  			 cr->fils.erp_next_seq_num)) ||
16313  	    (cr->status == WLAN_STATUS_SUCCESS &&
16314  	     ((cr->fils.kek &&
16315  	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
16316  		       cr->fils.kek)) ||
16317  	      (cr->fils.pmk &&
16318  	       nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
16319  	      (cr->fils.pmkid &&
16320  	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
16321  		goto nla_put_failure;
16322  
16323  	genlmsg_end(msg, hdr);
16324  
16325  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16326  				NL80211_MCGRP_MLME, gfp);
16327  	return;
16328  
16329   nla_put_failure:
16330  	nlmsg_free(msg);
16331  }
16332  
16333  void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
16334  			 struct net_device *netdev,
16335  			 struct cfg80211_roam_info *info, gfp_t gfp)
16336  {
16337  	struct sk_buff *msg;
16338  	void *hdr;
16339  	const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
16340  
16341  	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
16342  			info->fils.kek_len + info->fils.pmk_len +
16343  			(info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
16344  	if (!msg)
16345  		return;
16346  
16347  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
16348  	if (!hdr) {
16349  		nlmsg_free(msg);
16350  		return;
16351  	}
16352  
16353  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16354  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16355  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
16356  	    (info->req_ie &&
16357  	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
16358  		     info->req_ie)) ||
16359  	    (info->resp_ie &&
16360  	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
16361  		     info->resp_ie)) ||
16362  	    (info->fils.update_erp_next_seq_num &&
16363  	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
16364  			 info->fils.erp_next_seq_num)) ||
16365  	    (info->fils.kek &&
16366  	     nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
16367  		     info->fils.kek)) ||
16368  	    (info->fils.pmk &&
16369  	     nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
16370  	    (info->fils.pmkid &&
16371  	     nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
16372  		goto nla_put_failure;
16373  
16374  	genlmsg_end(msg, hdr);
16375  
16376  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16377  				NL80211_MCGRP_MLME, gfp);
16378  	return;
16379  
16380   nla_put_failure:
16381  	nlmsg_free(msg);
16382  }
16383  
16384  void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
16385  				  struct net_device *netdev, const u8 *bssid)
16386  {
16387  	struct sk_buff *msg;
16388  	void *hdr;
16389  
16390  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16391  	if (!msg)
16392  		return;
16393  
16394  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
16395  	if (!hdr) {
16396  		nlmsg_free(msg);
16397  		return;
16398  	}
16399  
16400  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16401  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16402  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16403  		goto nla_put_failure;
16404  
16405  	genlmsg_end(msg, hdr);
16406  
16407  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16408  				NL80211_MCGRP_MLME, GFP_KERNEL);
16409  	return;
16410  
16411   nla_put_failure:
16412  	nlmsg_free(msg);
16413  }
16414  
16415  void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
16416  			       struct net_device *netdev, u16 reason,
16417  			       const u8 *ie, size_t ie_len, bool from_ap)
16418  {
16419  	struct sk_buff *msg;
16420  	void *hdr;
16421  
16422  	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
16423  	if (!msg)
16424  		return;
16425  
16426  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
16427  	if (!hdr) {
16428  		nlmsg_free(msg);
16429  		return;
16430  	}
16431  
16432  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16433  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16434  	    (reason &&
16435  	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
16436  	    (from_ap &&
16437  	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
16438  	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
16439  		goto nla_put_failure;
16440  
16441  	genlmsg_end(msg, hdr);
16442  
16443  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16444  				NL80211_MCGRP_MLME, GFP_KERNEL);
16445  	return;
16446  
16447   nla_put_failure:
16448  	nlmsg_free(msg);
16449  }
16450  
16451  void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
16452  			     struct net_device *netdev, const u8 *bssid,
16453  			     gfp_t gfp)
16454  {
16455  	struct sk_buff *msg;
16456  	void *hdr;
16457  
16458  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16459  	if (!msg)
16460  		return;
16461  
16462  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
16463  	if (!hdr) {
16464  		nlmsg_free(msg);
16465  		return;
16466  	}
16467  
16468  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16469  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16470  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16471  		goto nla_put_failure;
16472  
16473  	genlmsg_end(msg, hdr);
16474  
16475  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16476  				NL80211_MCGRP_MLME, gfp);
16477  	return;
16478  
16479   nla_put_failure:
16480  	nlmsg_free(msg);
16481  }
16482  
16483  void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
16484  					const u8 *ie, u8 ie_len,
16485  					int sig_dbm, gfp_t gfp)
16486  {
16487  	struct wireless_dev *wdev = dev->ieee80211_ptr;
16488  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16489  	struct sk_buff *msg;
16490  	void *hdr;
16491  
16492  	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
16493  		return;
16494  
16495  	trace_cfg80211_notify_new_peer_candidate(dev, addr);
16496  
16497  	msg = nlmsg_new(100 + ie_len, gfp);
16498  	if (!msg)
16499  		return;
16500  
16501  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
16502  	if (!hdr) {
16503  		nlmsg_free(msg);
16504  		return;
16505  	}
16506  
16507  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16508  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16509  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16510  	    (ie_len && ie &&
16511  	     nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
16512  	    (sig_dbm &&
16513  	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
16514  		goto nla_put_failure;
16515  
16516  	genlmsg_end(msg, hdr);
16517  
16518  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16519  				NL80211_MCGRP_MLME, gfp);
16520  	return;
16521  
16522   nla_put_failure:
16523  	nlmsg_free(msg);
16524  }
16525  EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
16526  
16527  void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
16528  				 struct net_device *netdev, const u8 *addr,
16529  				 enum nl80211_key_type key_type, int key_id,
16530  				 const u8 *tsc, gfp_t gfp)
16531  {
16532  	struct sk_buff *msg;
16533  	void *hdr;
16534  
16535  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16536  	if (!msg)
16537  		return;
16538  
16539  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
16540  	if (!hdr) {
16541  		nlmsg_free(msg);
16542  		return;
16543  	}
16544  
16545  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16546  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16547  	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
16548  	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
16549  	    (key_id != -1 &&
16550  	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
16551  	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
16552  		goto nla_put_failure;
16553  
16554  	genlmsg_end(msg, hdr);
16555  
16556  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16557  				NL80211_MCGRP_MLME, gfp);
16558  	return;
16559  
16560   nla_put_failure:
16561  	nlmsg_free(msg);
16562  }
16563  
16564  void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
16565  				    struct ieee80211_channel *channel_before,
16566  				    struct ieee80211_channel *channel_after)
16567  {
16568  	struct sk_buff *msg;
16569  	void *hdr;
16570  	struct nlattr *nl_freq;
16571  
16572  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
16573  	if (!msg)
16574  		return;
16575  
16576  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
16577  	if (!hdr) {
16578  		nlmsg_free(msg);
16579  		return;
16580  	}
16581  
16582  	/*
16583  	 * Since we are applying the beacon hint to a wiphy we know its
16584  	 * wiphy_idx is valid
16585  	 */
16586  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
16587  		goto nla_put_failure;
16588  
16589  	/* Before */
16590  	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
16591  	if (!nl_freq)
16592  		goto nla_put_failure;
16593  
16594  	if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
16595  		goto nla_put_failure;
16596  	nla_nest_end(msg, nl_freq);
16597  
16598  	/* After */
16599  	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
16600  	if (!nl_freq)
16601  		goto nla_put_failure;
16602  
16603  	if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
16604  		goto nla_put_failure;
16605  	nla_nest_end(msg, nl_freq);
16606  
16607  	genlmsg_end(msg, hdr);
16608  
16609  	rcu_read_lock();
16610  	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
16611  				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
16612  	rcu_read_unlock();
16613  
16614  	return;
16615  
16616  nla_put_failure:
16617  	nlmsg_free(msg);
16618  }
16619  
16620  static void nl80211_send_remain_on_chan_event(
16621  	int cmd, struct cfg80211_registered_device *rdev,
16622  	struct wireless_dev *wdev, u64 cookie,
16623  	struct ieee80211_channel *chan,
16624  	unsigned int duration, gfp_t gfp)
16625  {
16626  	struct sk_buff *msg;
16627  	void *hdr;
16628  
16629  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16630  	if (!msg)
16631  		return;
16632  
16633  	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16634  	if (!hdr) {
16635  		nlmsg_free(msg);
16636  		return;
16637  	}
16638  
16639  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16640  	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16641  					 wdev->netdev->ifindex)) ||
16642  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16643  			      NL80211_ATTR_PAD) ||
16644  	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
16645  	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
16646  			NL80211_CHAN_NO_HT) ||
16647  	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16648  			      NL80211_ATTR_PAD))
16649  		goto nla_put_failure;
16650  
16651  	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
16652  	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
16653  		goto nla_put_failure;
16654  
16655  	genlmsg_end(msg, hdr);
16656  
16657  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16658  				NL80211_MCGRP_MLME, gfp);
16659  	return;
16660  
16661   nla_put_failure:
16662  	nlmsg_free(msg);
16663  }
16664  
16665  void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
16666  			       struct ieee80211_channel *chan,
16667  			       unsigned int duration, gfp_t gfp)
16668  {
16669  	struct wiphy *wiphy = wdev->wiphy;
16670  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16671  
16672  	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
16673  	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
16674  					  rdev, wdev, cookie, chan,
16675  					  duration, gfp);
16676  }
16677  EXPORT_SYMBOL(cfg80211_ready_on_channel);
16678  
16679  void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
16680  					struct ieee80211_channel *chan,
16681  					gfp_t gfp)
16682  {
16683  	struct wiphy *wiphy = wdev->wiphy;
16684  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16685  
16686  	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
16687  	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
16688  					  rdev, wdev, cookie, chan, 0, gfp);
16689  }
16690  EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
16691  
16692  void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
16693  					struct ieee80211_channel *chan,
16694  					gfp_t gfp)
16695  {
16696  	struct wiphy *wiphy = wdev->wiphy;
16697  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16698  
16699  	trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
16700  	nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
16701  					  rdev, wdev, cookie, chan, 0, gfp);
16702  }
16703  EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
16704  
16705  void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
16706  		      struct station_info *sinfo, gfp_t gfp)
16707  {
16708  	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16709  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16710  	struct sk_buff *msg;
16711  
16712  	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
16713  
16714  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16715  	if (!msg)
16716  		return;
16717  
16718  	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
16719  				 rdev, dev, mac_addr, sinfo) < 0) {
16720  		nlmsg_free(msg);
16721  		return;
16722  	}
16723  
16724  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16725  				NL80211_MCGRP_MLME, gfp);
16726  }
16727  EXPORT_SYMBOL(cfg80211_new_sta);
16728  
16729  void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
16730  			    struct station_info *sinfo, gfp_t gfp)
16731  {
16732  	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16733  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16734  	struct sk_buff *msg;
16735  	struct station_info empty_sinfo = {};
16736  
16737  	if (!sinfo)
16738  		sinfo = &empty_sinfo;
16739  
16740  	trace_cfg80211_del_sta(dev, mac_addr);
16741  
16742  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16743  	if (!msg) {
16744  		cfg80211_sinfo_release_content(sinfo);
16745  		return;
16746  	}
16747  
16748  	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
16749  				 rdev, dev, mac_addr, sinfo) < 0) {
16750  		nlmsg_free(msg);
16751  		return;
16752  	}
16753  
16754  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16755  				NL80211_MCGRP_MLME, gfp);
16756  }
16757  EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
16758  
16759  void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
16760  			  enum nl80211_connect_failed_reason reason,
16761  			  gfp_t gfp)
16762  {
16763  	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
16764  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16765  	struct sk_buff *msg;
16766  	void *hdr;
16767  
16768  	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
16769  	if (!msg)
16770  		return;
16771  
16772  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
16773  	if (!hdr) {
16774  		nlmsg_free(msg);
16775  		return;
16776  	}
16777  
16778  	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16779  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
16780  	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
16781  		goto nla_put_failure;
16782  
16783  	genlmsg_end(msg, hdr);
16784  
16785  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16786  				NL80211_MCGRP_MLME, gfp);
16787  	return;
16788  
16789   nla_put_failure:
16790  	nlmsg_free(msg);
16791  }
16792  EXPORT_SYMBOL(cfg80211_conn_failed);
16793  
16794  static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
16795  				       const u8 *addr, gfp_t gfp)
16796  {
16797  	struct wireless_dev *wdev = dev->ieee80211_ptr;
16798  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16799  	struct sk_buff *msg;
16800  	void *hdr;
16801  	u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
16802  
16803  	if (!nlportid)
16804  		return false;
16805  
16806  	msg = nlmsg_new(100, gfp);
16807  	if (!msg)
16808  		return true;
16809  
16810  	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
16811  	if (!hdr) {
16812  		nlmsg_free(msg);
16813  		return true;
16814  	}
16815  
16816  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16817  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16818  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
16819  		goto nla_put_failure;
16820  
16821  	genlmsg_end(msg, hdr);
16822  	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16823  	return true;
16824  
16825   nla_put_failure:
16826  	nlmsg_free(msg);
16827  	return true;
16828  }
16829  
16830  bool cfg80211_rx_spurious_frame(struct net_device *dev,
16831  				const u8 *addr, gfp_t gfp)
16832  {
16833  	struct wireless_dev *wdev = dev->ieee80211_ptr;
16834  	bool ret;
16835  
16836  	trace_cfg80211_rx_spurious_frame(dev, addr);
16837  
16838  	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16839  		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
16840  		trace_cfg80211_return_bool(false);
16841  		return false;
16842  	}
16843  	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
16844  					 addr, gfp);
16845  	trace_cfg80211_return_bool(ret);
16846  	return ret;
16847  }
16848  EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
16849  
16850  bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
16851  					const u8 *addr, gfp_t gfp)
16852  {
16853  	struct wireless_dev *wdev = dev->ieee80211_ptr;
16854  	bool ret;
16855  
16856  	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
16857  
16858  	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
16859  		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
16860  		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
16861  		trace_cfg80211_return_bool(false);
16862  		return false;
16863  	}
16864  	ret = __nl80211_unexpected_frame(dev,
16865  					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
16866  					 addr, gfp);
16867  	trace_cfg80211_return_bool(ret);
16868  	return ret;
16869  }
16870  EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
16871  
16872  int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
16873  		      struct wireless_dev *wdev, u32 nlportid,
16874  		      int freq, int sig_dbm,
16875  		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
16876  {
16877  	struct net_device *netdev = wdev->netdev;
16878  	struct sk_buff *msg;
16879  	void *hdr;
16880  
16881  	msg = nlmsg_new(100 + len, gfp);
16882  	if (!msg)
16883  		return -ENOMEM;
16884  
16885  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16886  	if (!hdr) {
16887  		nlmsg_free(msg);
16888  		return -ENOMEM;
16889  	}
16890  
16891  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16892  	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16893  					netdev->ifindex)) ||
16894  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16895  			      NL80211_ATTR_PAD) ||
16896  	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(freq)) ||
16897  	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, freq % 1000) ||
16898  	    (sig_dbm &&
16899  	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16900  	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16901  	    (flags &&
16902  	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
16903  		goto nla_put_failure;
16904  
16905  	genlmsg_end(msg, hdr);
16906  
16907  	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16908  
16909   nla_put_failure:
16910  	nlmsg_free(msg);
16911  	return -ENOBUFS;
16912  }
16913  
16914  static void nl80211_frame_tx_status(struct wireless_dev *wdev, u64 cookie,
16915  				    const u8 *buf, size_t len, bool ack,
16916  				    gfp_t gfp, enum nl80211_commands command)
16917  {
16918  	struct wiphy *wiphy = wdev->wiphy;
16919  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16920  	struct net_device *netdev = wdev->netdev;
16921  	struct sk_buff *msg;
16922  	void *hdr;
16923  
16924  	if (command == NL80211_CMD_FRAME_TX_STATUS)
16925  		trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
16926  	else
16927  		trace_cfg80211_control_port_tx_status(wdev, cookie, ack);
16928  
16929  	msg = nlmsg_new(100 + len, gfp);
16930  	if (!msg)
16931  		return;
16932  
16933  	hdr = nl80211hdr_put(msg, 0, 0, 0, command);
16934  	if (!hdr) {
16935  		nlmsg_free(msg);
16936  		return;
16937  	}
16938  
16939  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16940  	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16941  				   netdev->ifindex)) ||
16942  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16943  			      NL80211_ATTR_PAD) ||
16944  	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
16945  	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16946  			      NL80211_ATTR_PAD) ||
16947  	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
16948  		goto nla_put_failure;
16949  
16950  	genlmsg_end(msg, hdr);
16951  
16952  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16953  				NL80211_MCGRP_MLME, gfp);
16954  	return;
16955  
16956  nla_put_failure:
16957  	nlmsg_free(msg);
16958  }
16959  
16960  void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
16961  				     const u8 *buf, size_t len, bool ack,
16962  				     gfp_t gfp)
16963  {
16964  	nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
16965  				NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
16966  }
16967  EXPORT_SYMBOL(cfg80211_control_port_tx_status);
16968  
16969  void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
16970  			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
16971  {
16972  	nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
16973  				NL80211_CMD_FRAME_TX_STATUS);
16974  }
16975  EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
16976  
16977  static int __nl80211_rx_control_port(struct net_device *dev,
16978  				     struct sk_buff *skb,
16979  				     bool unencrypted, gfp_t gfp)
16980  {
16981  	struct wireless_dev *wdev = dev->ieee80211_ptr;
16982  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16983  	struct ethhdr *ehdr = eth_hdr(skb);
16984  	const u8 *addr = ehdr->h_source;
16985  	u16 proto = be16_to_cpu(skb->protocol);
16986  	struct sk_buff *msg;
16987  	void *hdr;
16988  	struct nlattr *frame;
16989  
16990  	u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
16991  
16992  	if (!nlportid)
16993  		return -ENOENT;
16994  
16995  	msg = nlmsg_new(100 + skb->len, gfp);
16996  	if (!msg)
16997  		return -ENOMEM;
16998  
16999  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
17000  	if (!hdr) {
17001  		nlmsg_free(msg);
17002  		return -ENOBUFS;
17003  	}
17004  
17005  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17006  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17007  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17008  			      NL80211_ATTR_PAD) ||
17009  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
17010  	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
17011  	    (unencrypted && nla_put_flag(msg,
17012  					 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
17013  		goto nla_put_failure;
17014  
17015  	frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
17016  	if (!frame)
17017  		goto nla_put_failure;
17018  
17019  	skb_copy_bits(skb, 0, nla_data(frame), skb->len);
17020  	genlmsg_end(msg, hdr);
17021  
17022  	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17023  
17024   nla_put_failure:
17025  	nlmsg_free(msg);
17026  	return -ENOBUFS;
17027  }
17028  
17029  bool cfg80211_rx_control_port(struct net_device *dev,
17030  			      struct sk_buff *skb, bool unencrypted)
17031  {
17032  	int ret;
17033  
17034  	trace_cfg80211_rx_control_port(dev, skb, unencrypted);
17035  	ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
17036  	trace_cfg80211_return_bool(ret == 0);
17037  	return ret == 0;
17038  }
17039  EXPORT_SYMBOL(cfg80211_rx_control_port);
17040  
17041  static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
17042  					    const char *mac, gfp_t gfp)
17043  {
17044  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17045  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17046  	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17047  	void **cb;
17048  
17049  	if (!msg)
17050  		return NULL;
17051  
17052  	cb = (void **)msg->cb;
17053  
17054  	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
17055  	if (!cb[0]) {
17056  		nlmsg_free(msg);
17057  		return NULL;
17058  	}
17059  
17060  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17061  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17062  		goto nla_put_failure;
17063  
17064  	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
17065  		goto nla_put_failure;
17066  
17067  	cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
17068  	if (!cb[1])
17069  		goto nla_put_failure;
17070  
17071  	cb[2] = rdev;
17072  
17073  	return msg;
17074   nla_put_failure:
17075  	nlmsg_free(msg);
17076  	return NULL;
17077  }
17078  
17079  static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
17080  {
17081  	void **cb = (void **)msg->cb;
17082  	struct cfg80211_registered_device *rdev = cb[2];
17083  
17084  	nla_nest_end(msg, cb[1]);
17085  	genlmsg_end(msg, cb[0]);
17086  
17087  	memset(msg->cb, 0, sizeof(msg->cb));
17088  
17089  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17090  				NL80211_MCGRP_MLME, gfp);
17091  }
17092  
17093  void cfg80211_cqm_rssi_notify(struct net_device *dev,
17094  			      enum nl80211_cqm_rssi_threshold_event rssi_event,
17095  			      s32 rssi_level, gfp_t gfp)
17096  {
17097  	struct sk_buff *msg;
17098  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17099  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17100  
17101  	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
17102  
17103  	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
17104  		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
17105  		return;
17106  
17107  	if (wdev->cqm_config) {
17108  		wdev->cqm_config->last_rssi_event_value = rssi_level;
17109  
17110  		cfg80211_cqm_rssi_update(rdev, dev);
17111  
17112  		if (rssi_level == 0)
17113  			rssi_level = wdev->cqm_config->last_rssi_event_value;
17114  	}
17115  
17116  	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
17117  	if (!msg)
17118  		return;
17119  
17120  	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
17121  			rssi_event))
17122  		goto nla_put_failure;
17123  
17124  	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
17125  				      rssi_level))
17126  		goto nla_put_failure;
17127  
17128  	cfg80211_send_cqm(msg, gfp);
17129  
17130  	return;
17131  
17132   nla_put_failure:
17133  	nlmsg_free(msg);
17134  }
17135  EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
17136  
17137  void cfg80211_cqm_txe_notify(struct net_device *dev,
17138  			     const u8 *peer, u32 num_packets,
17139  			     u32 rate, u32 intvl, gfp_t gfp)
17140  {
17141  	struct sk_buff *msg;
17142  
17143  	msg = cfg80211_prepare_cqm(dev, peer, gfp);
17144  	if (!msg)
17145  		return;
17146  
17147  	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
17148  		goto nla_put_failure;
17149  
17150  	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
17151  		goto nla_put_failure;
17152  
17153  	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
17154  		goto nla_put_failure;
17155  
17156  	cfg80211_send_cqm(msg, gfp);
17157  	return;
17158  
17159   nla_put_failure:
17160  	nlmsg_free(msg);
17161  }
17162  EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
17163  
17164  void cfg80211_cqm_pktloss_notify(struct net_device *dev,
17165  				 const u8 *peer, u32 num_packets, gfp_t gfp)
17166  {
17167  	struct sk_buff *msg;
17168  
17169  	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
17170  
17171  	msg = cfg80211_prepare_cqm(dev, peer, gfp);
17172  	if (!msg)
17173  		return;
17174  
17175  	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
17176  		goto nla_put_failure;
17177  
17178  	cfg80211_send_cqm(msg, gfp);
17179  	return;
17180  
17181   nla_put_failure:
17182  	nlmsg_free(msg);
17183  }
17184  EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
17185  
17186  void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
17187  {
17188  	struct sk_buff *msg;
17189  
17190  	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
17191  	if (!msg)
17192  		return;
17193  
17194  	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
17195  		goto nla_put_failure;
17196  
17197  	cfg80211_send_cqm(msg, gfp);
17198  	return;
17199  
17200   nla_put_failure:
17201  	nlmsg_free(msg);
17202  }
17203  EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
17204  
17205  static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
17206  				     struct net_device *netdev, const u8 *bssid,
17207  				     const u8 *replay_ctr, gfp_t gfp)
17208  {
17209  	struct sk_buff *msg;
17210  	struct nlattr *rekey_attr;
17211  	void *hdr;
17212  
17213  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17214  	if (!msg)
17215  		return;
17216  
17217  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
17218  	if (!hdr) {
17219  		nlmsg_free(msg);
17220  		return;
17221  	}
17222  
17223  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17224  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17225  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
17226  		goto nla_put_failure;
17227  
17228  	rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
17229  	if (!rekey_attr)
17230  		goto nla_put_failure;
17231  
17232  	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
17233  		    NL80211_REPLAY_CTR_LEN, replay_ctr))
17234  		goto nla_put_failure;
17235  
17236  	nla_nest_end(msg, rekey_attr);
17237  
17238  	genlmsg_end(msg, hdr);
17239  
17240  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17241  				NL80211_MCGRP_MLME, gfp);
17242  	return;
17243  
17244   nla_put_failure:
17245  	nlmsg_free(msg);
17246  }
17247  
17248  void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
17249  			       const u8 *replay_ctr, gfp_t gfp)
17250  {
17251  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17252  	struct wiphy *wiphy = wdev->wiphy;
17253  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17254  
17255  	trace_cfg80211_gtk_rekey_notify(dev, bssid);
17256  	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
17257  }
17258  EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
17259  
17260  static void
17261  nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
17262  			       struct net_device *netdev, int index,
17263  			       const u8 *bssid, bool preauth, gfp_t gfp)
17264  {
17265  	struct sk_buff *msg;
17266  	struct nlattr *attr;
17267  	void *hdr;
17268  
17269  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17270  	if (!msg)
17271  		return;
17272  
17273  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
17274  	if (!hdr) {
17275  		nlmsg_free(msg);
17276  		return;
17277  	}
17278  
17279  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17280  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17281  		goto nla_put_failure;
17282  
17283  	attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
17284  	if (!attr)
17285  		goto nla_put_failure;
17286  
17287  	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
17288  	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
17289  	    (preauth &&
17290  	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
17291  		goto nla_put_failure;
17292  
17293  	nla_nest_end(msg, attr);
17294  
17295  	genlmsg_end(msg, hdr);
17296  
17297  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17298  				NL80211_MCGRP_MLME, gfp);
17299  	return;
17300  
17301   nla_put_failure:
17302  	nlmsg_free(msg);
17303  }
17304  
17305  void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
17306  				     const u8 *bssid, bool preauth, gfp_t gfp)
17307  {
17308  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17309  	struct wiphy *wiphy = wdev->wiphy;
17310  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17311  
17312  	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
17313  	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
17314  }
17315  EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
17316  
17317  static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
17318  				     struct net_device *netdev,
17319  				     struct cfg80211_chan_def *chandef,
17320  				     gfp_t gfp,
17321  				     enum nl80211_commands notif,
17322  				     u8 count, bool quiet)
17323  {
17324  	struct sk_buff *msg;
17325  	void *hdr;
17326  
17327  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17328  	if (!msg)
17329  		return;
17330  
17331  	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
17332  	if (!hdr) {
17333  		nlmsg_free(msg);
17334  		return;
17335  	}
17336  
17337  	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
17338  		goto nla_put_failure;
17339  
17340  	if (nl80211_send_chandef(msg, chandef))
17341  		goto nla_put_failure;
17342  
17343  	if (notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) {
17344  		if (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count))
17345  			goto nla_put_failure;
17346  		if (quiet &&
17347  		    nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX))
17348  			goto nla_put_failure;
17349  	}
17350  
17351  	genlmsg_end(msg, hdr);
17352  
17353  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17354  				NL80211_MCGRP_MLME, gfp);
17355  	return;
17356  
17357   nla_put_failure:
17358  	nlmsg_free(msg);
17359  }
17360  
17361  void cfg80211_ch_switch_notify(struct net_device *dev,
17362  			       struct cfg80211_chan_def *chandef)
17363  {
17364  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17365  	struct wiphy *wiphy = wdev->wiphy;
17366  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17367  
17368  	ASSERT_WDEV_LOCK(wdev);
17369  
17370  	trace_cfg80211_ch_switch_notify(dev, chandef);
17371  
17372  	wdev->chandef = *chandef;
17373  	wdev->preset_chandef = *chandef;
17374  
17375  	if (wdev->iftype == NL80211_IFTYPE_STATION &&
17376  	    !WARN_ON(!wdev->current_bss))
17377  		cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
17378  
17379  	cfg80211_sched_dfs_chan_update(rdev);
17380  
17381  	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17382  				 NL80211_CMD_CH_SWITCH_NOTIFY, 0, false);
17383  }
17384  EXPORT_SYMBOL(cfg80211_ch_switch_notify);
17385  
17386  void cfg80211_ch_switch_started_notify(struct net_device *dev,
17387  				       struct cfg80211_chan_def *chandef,
17388  				       u8 count, bool quiet)
17389  {
17390  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17391  	struct wiphy *wiphy = wdev->wiphy;
17392  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17393  
17394  	trace_cfg80211_ch_switch_started_notify(dev, chandef);
17395  
17396  	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
17397  				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY,
17398  				 count, quiet);
17399  }
17400  EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
17401  
17402  void
17403  nl80211_radar_notify(struct cfg80211_registered_device *rdev,
17404  		     const struct cfg80211_chan_def *chandef,
17405  		     enum nl80211_radar_event event,
17406  		     struct net_device *netdev, gfp_t gfp)
17407  {
17408  	struct sk_buff *msg;
17409  	void *hdr;
17410  
17411  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17412  	if (!msg)
17413  		return;
17414  
17415  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
17416  	if (!hdr) {
17417  		nlmsg_free(msg);
17418  		return;
17419  	}
17420  
17421  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17422  		goto nla_put_failure;
17423  
17424  	/* NOP and radar events don't need a netdev parameter */
17425  	if (netdev) {
17426  		struct wireless_dev *wdev = netdev->ieee80211_ptr;
17427  
17428  		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17429  		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17430  				      NL80211_ATTR_PAD))
17431  			goto nla_put_failure;
17432  	}
17433  
17434  	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
17435  		goto nla_put_failure;
17436  
17437  	if (nl80211_send_chandef(msg, chandef))
17438  		goto nla_put_failure;
17439  
17440  	genlmsg_end(msg, hdr);
17441  
17442  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17443  				NL80211_MCGRP_MLME, gfp);
17444  	return;
17445  
17446   nla_put_failure:
17447  	nlmsg_free(msg);
17448  }
17449  
17450  void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
17451  				       struct sta_opmode_info *sta_opmode,
17452  				       gfp_t gfp)
17453  {
17454  	struct sk_buff *msg;
17455  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17456  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17457  	void *hdr;
17458  
17459  	if (WARN_ON(!mac))
17460  		return;
17461  
17462  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17463  	if (!msg)
17464  		return;
17465  
17466  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
17467  	if (!hdr) {
17468  		nlmsg_free(msg);
17469  		return;
17470  	}
17471  
17472  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
17473  		goto nla_put_failure;
17474  
17475  	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
17476  		goto nla_put_failure;
17477  
17478  	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
17479  		goto nla_put_failure;
17480  
17481  	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
17482  	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
17483  		goto nla_put_failure;
17484  
17485  	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
17486  	    nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
17487  		goto nla_put_failure;
17488  
17489  	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
17490  	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
17491  		goto nla_put_failure;
17492  
17493  	genlmsg_end(msg, hdr);
17494  
17495  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17496  				NL80211_MCGRP_MLME, gfp);
17497  
17498  	return;
17499  
17500  nla_put_failure:
17501  	nlmsg_free(msg);
17502  }
17503  EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
17504  
17505  void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
17506  			   u64 cookie, bool acked, s32 ack_signal,
17507  			   bool is_valid_ack_signal, gfp_t gfp)
17508  {
17509  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17510  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17511  	struct sk_buff *msg;
17512  	void *hdr;
17513  
17514  	trace_cfg80211_probe_status(dev, addr, cookie, acked);
17515  
17516  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17517  
17518  	if (!msg)
17519  		return;
17520  
17521  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
17522  	if (!hdr) {
17523  		nlmsg_free(msg);
17524  		return;
17525  	}
17526  
17527  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17528  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17529  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
17530  	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
17531  			      NL80211_ATTR_PAD) ||
17532  	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
17533  	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
17534  						ack_signal)))
17535  		goto nla_put_failure;
17536  
17537  	genlmsg_end(msg, hdr);
17538  
17539  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17540  				NL80211_MCGRP_MLME, gfp);
17541  	return;
17542  
17543   nla_put_failure:
17544  	nlmsg_free(msg);
17545  }
17546  EXPORT_SYMBOL(cfg80211_probe_status);
17547  
17548  void cfg80211_report_obss_beacon_khz(struct wiphy *wiphy, const u8 *frame,
17549  				     size_t len, int freq, int sig_dbm)
17550  {
17551  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17552  	struct sk_buff *msg;
17553  	void *hdr;
17554  	struct cfg80211_beacon_registration *reg;
17555  
17556  	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
17557  
17558  	spin_lock_bh(&rdev->beacon_registrations_lock);
17559  	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
17560  		msg = nlmsg_new(len + 100, GFP_ATOMIC);
17561  		if (!msg) {
17562  			spin_unlock_bh(&rdev->beacon_registrations_lock);
17563  			return;
17564  		}
17565  
17566  		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
17567  		if (!hdr)
17568  			goto nla_put_failure;
17569  
17570  		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17571  		    (freq &&
17572  		     (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
17573  				  KHZ_TO_MHZ(freq)) ||
17574  		      nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
17575  				  freq % 1000))) ||
17576  		    (sig_dbm &&
17577  		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
17578  		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
17579  			goto nla_put_failure;
17580  
17581  		genlmsg_end(msg, hdr);
17582  
17583  		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
17584  	}
17585  	spin_unlock_bh(&rdev->beacon_registrations_lock);
17586  	return;
17587  
17588   nla_put_failure:
17589  	spin_unlock_bh(&rdev->beacon_registrations_lock);
17590  	nlmsg_free(msg);
17591  }
17592  EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
17593  
17594  #ifdef CONFIG_PM
17595  static int cfg80211_net_detect_results(struct sk_buff *msg,
17596  				       struct cfg80211_wowlan_wakeup *wakeup)
17597  {
17598  	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
17599  	struct nlattr *nl_results, *nl_match, *nl_freqs;
17600  	int i, j;
17601  
17602  	nl_results = nla_nest_start_noflag(msg,
17603  					   NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
17604  	if (!nl_results)
17605  		return -EMSGSIZE;
17606  
17607  	for (i = 0; i < nd->n_matches; i++) {
17608  		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
17609  
17610  		nl_match = nla_nest_start_noflag(msg, i);
17611  		if (!nl_match)
17612  			break;
17613  
17614  		/* The SSID attribute is optional in nl80211, but for
17615  		 * simplicity reasons it's always present in the
17616  		 * cfg80211 structure.  If a driver can't pass the
17617  		 * SSID, that needs to be changed.  A zero length SSID
17618  		 * is still a valid SSID (wildcard), so it cannot be
17619  		 * used for this purpose.
17620  		 */
17621  		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
17622  			    match->ssid.ssid)) {
17623  			nla_nest_cancel(msg, nl_match);
17624  			goto out;
17625  		}
17626  
17627  		if (match->n_channels) {
17628  			nl_freqs = nla_nest_start_noflag(msg,
17629  							 NL80211_ATTR_SCAN_FREQUENCIES);
17630  			if (!nl_freqs) {
17631  				nla_nest_cancel(msg, nl_match);
17632  				goto out;
17633  			}
17634  
17635  			for (j = 0; j < match->n_channels; j++) {
17636  				if (nla_put_u32(msg, j, match->channels[j])) {
17637  					nla_nest_cancel(msg, nl_freqs);
17638  					nla_nest_cancel(msg, nl_match);
17639  					goto out;
17640  				}
17641  			}
17642  
17643  			nla_nest_end(msg, nl_freqs);
17644  		}
17645  
17646  		nla_nest_end(msg, nl_match);
17647  	}
17648  
17649  out:
17650  	nla_nest_end(msg, nl_results);
17651  	return 0;
17652  }
17653  
17654  void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
17655  				   struct cfg80211_wowlan_wakeup *wakeup,
17656  				   gfp_t gfp)
17657  {
17658  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17659  	struct sk_buff *msg;
17660  	void *hdr;
17661  	int size = 200;
17662  
17663  	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
17664  
17665  	if (wakeup)
17666  		size += wakeup->packet_present_len;
17667  
17668  	msg = nlmsg_new(size, gfp);
17669  	if (!msg)
17670  		return;
17671  
17672  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
17673  	if (!hdr)
17674  		goto free_msg;
17675  
17676  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17677  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17678  			      NL80211_ATTR_PAD))
17679  		goto free_msg;
17680  
17681  	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
17682  					wdev->netdev->ifindex))
17683  		goto free_msg;
17684  
17685  	if (wakeup) {
17686  		struct nlattr *reasons;
17687  
17688  		reasons = nla_nest_start_noflag(msg,
17689  						NL80211_ATTR_WOWLAN_TRIGGERS);
17690  		if (!reasons)
17691  			goto free_msg;
17692  
17693  		if (wakeup->disconnect &&
17694  		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
17695  			goto free_msg;
17696  		if (wakeup->magic_pkt &&
17697  		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
17698  			goto free_msg;
17699  		if (wakeup->gtk_rekey_failure &&
17700  		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
17701  			goto free_msg;
17702  		if (wakeup->eap_identity_req &&
17703  		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
17704  			goto free_msg;
17705  		if (wakeup->four_way_handshake &&
17706  		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
17707  			goto free_msg;
17708  		if (wakeup->rfkill_release &&
17709  		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
17710  			goto free_msg;
17711  
17712  		if (wakeup->pattern_idx >= 0 &&
17713  		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
17714  				wakeup->pattern_idx))
17715  			goto free_msg;
17716  
17717  		if (wakeup->tcp_match &&
17718  		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
17719  			goto free_msg;
17720  
17721  		if (wakeup->tcp_connlost &&
17722  		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
17723  			goto free_msg;
17724  
17725  		if (wakeup->tcp_nomoretokens &&
17726  		    nla_put_flag(msg,
17727  				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
17728  			goto free_msg;
17729  
17730  		if (wakeup->packet) {
17731  			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
17732  			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
17733  
17734  			if (!wakeup->packet_80211) {
17735  				pkt_attr =
17736  					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
17737  				len_attr =
17738  					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
17739  			}
17740  
17741  			if (wakeup->packet_len &&
17742  			    nla_put_u32(msg, len_attr, wakeup->packet_len))
17743  				goto free_msg;
17744  
17745  			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
17746  				    wakeup->packet))
17747  				goto free_msg;
17748  		}
17749  
17750  		if (wakeup->net_detect &&
17751  		    cfg80211_net_detect_results(msg, wakeup))
17752  				goto free_msg;
17753  
17754  		nla_nest_end(msg, reasons);
17755  	}
17756  
17757  	genlmsg_end(msg, hdr);
17758  
17759  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17760  				NL80211_MCGRP_MLME, gfp);
17761  	return;
17762  
17763   free_msg:
17764  	nlmsg_free(msg);
17765  }
17766  EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
17767  #endif
17768  
17769  void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
17770  				enum nl80211_tdls_operation oper,
17771  				u16 reason_code, gfp_t gfp)
17772  {
17773  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17774  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17775  	struct sk_buff *msg;
17776  	void *hdr;
17777  
17778  	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
17779  					 reason_code);
17780  
17781  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17782  	if (!msg)
17783  		return;
17784  
17785  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
17786  	if (!hdr) {
17787  		nlmsg_free(msg);
17788  		return;
17789  	}
17790  
17791  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17792  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
17793  	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
17794  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
17795  	    (reason_code > 0 &&
17796  	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
17797  		goto nla_put_failure;
17798  
17799  	genlmsg_end(msg, hdr);
17800  
17801  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17802  				NL80211_MCGRP_MLME, gfp);
17803  	return;
17804  
17805   nla_put_failure:
17806  	nlmsg_free(msg);
17807  }
17808  EXPORT_SYMBOL(cfg80211_tdls_oper_request);
17809  
17810  static int nl80211_netlink_notify(struct notifier_block * nb,
17811  				  unsigned long state,
17812  				  void *_notify)
17813  {
17814  	struct netlink_notify *notify = _notify;
17815  	struct cfg80211_registered_device *rdev;
17816  	struct wireless_dev *wdev;
17817  	struct cfg80211_beacon_registration *reg, *tmp;
17818  
17819  	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
17820  		return NOTIFY_DONE;
17821  
17822  	rcu_read_lock();
17823  
17824  	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
17825  		struct cfg80211_sched_scan_request *sched_scan_req;
17826  
17827  		list_for_each_entry_rcu(sched_scan_req,
17828  					&rdev->sched_scan_req_list,
17829  					list) {
17830  			if (sched_scan_req->owner_nlportid == notify->portid) {
17831  				sched_scan_req->nl_owner_dead = true;
17832  				schedule_work(&rdev->sched_scan_stop_wk);
17833  			}
17834  		}
17835  
17836  		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
17837  			cfg80211_mlme_unregister_socket(wdev, notify->portid);
17838  
17839  			if (wdev->owner_nlportid == notify->portid) {
17840  				wdev->nl_owner_dead = true;
17841  				schedule_work(&rdev->destroy_work);
17842  			} else if (wdev->conn_owner_nlportid == notify->portid) {
17843  				schedule_work(&wdev->disconnect_wk);
17844  			}
17845  
17846  			cfg80211_release_pmsr(wdev, notify->portid);
17847  		}
17848  
17849  		spin_lock_bh(&rdev->beacon_registrations_lock);
17850  		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
17851  					 list) {
17852  			if (reg->nlportid == notify->portid) {
17853  				list_del(&reg->list);
17854  				kfree(reg);
17855  				break;
17856  			}
17857  		}
17858  		spin_unlock_bh(&rdev->beacon_registrations_lock);
17859  	}
17860  
17861  	rcu_read_unlock();
17862  
17863  	/*
17864  	 * It is possible that the user space process that is controlling the
17865  	 * indoor setting disappeared, so notify the regulatory core.
17866  	 */
17867  	regulatory_netlink_notify(notify->portid);
17868  	return NOTIFY_OK;
17869  }
17870  
17871  static struct notifier_block nl80211_netlink_notifier = {
17872  	.notifier_call = nl80211_netlink_notify,
17873  };
17874  
17875  void cfg80211_ft_event(struct net_device *netdev,
17876  		       struct cfg80211_ft_event_params *ft_event)
17877  {
17878  	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
17879  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17880  	struct sk_buff *msg;
17881  	void *hdr;
17882  
17883  	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
17884  
17885  	if (!ft_event->target_ap)
17886  		return;
17887  
17888  	msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
17889  			GFP_KERNEL);
17890  	if (!msg)
17891  		return;
17892  
17893  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
17894  	if (!hdr)
17895  		goto out;
17896  
17897  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17898  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
17899  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
17900  		goto out;
17901  
17902  	if (ft_event->ies &&
17903  	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
17904  		goto out;
17905  	if (ft_event->ric_ies &&
17906  	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
17907  		    ft_event->ric_ies))
17908  		goto out;
17909  
17910  	genlmsg_end(msg, hdr);
17911  
17912  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
17913  				NL80211_MCGRP_MLME, GFP_KERNEL);
17914  	return;
17915   out:
17916  	nlmsg_free(msg);
17917  }
17918  EXPORT_SYMBOL(cfg80211_ft_event);
17919  
17920  void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
17921  {
17922  	struct cfg80211_registered_device *rdev;
17923  	struct sk_buff *msg;
17924  	void *hdr;
17925  	u32 nlportid;
17926  
17927  	rdev = wiphy_to_rdev(wdev->wiphy);
17928  	if (!rdev->crit_proto_nlportid)
17929  		return;
17930  
17931  	nlportid = rdev->crit_proto_nlportid;
17932  	rdev->crit_proto_nlportid = 0;
17933  
17934  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
17935  	if (!msg)
17936  		return;
17937  
17938  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
17939  	if (!hdr)
17940  		goto nla_put_failure;
17941  
17942  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17943  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17944  			      NL80211_ATTR_PAD))
17945  		goto nla_put_failure;
17946  
17947  	genlmsg_end(msg, hdr);
17948  
17949  	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
17950  	return;
17951  
17952   nla_put_failure:
17953  	nlmsg_free(msg);
17954  }
17955  EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
17956  
17957  void nl80211_send_ap_stopped(struct wireless_dev *wdev)
17958  {
17959  	struct wiphy *wiphy = wdev->wiphy;
17960  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
17961  	struct sk_buff *msg;
17962  	void *hdr;
17963  
17964  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
17965  	if (!msg)
17966  		return;
17967  
17968  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
17969  	if (!hdr)
17970  		goto out;
17971  
17972  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
17973  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
17974  	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
17975  			      NL80211_ATTR_PAD))
17976  		goto out;
17977  
17978  	genlmsg_end(msg, hdr);
17979  
17980  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
17981  				NL80211_MCGRP_MLME, GFP_KERNEL);
17982  	return;
17983   out:
17984  	nlmsg_free(msg);
17985  }
17986  
17987  int cfg80211_external_auth_request(struct net_device *dev,
17988  				   struct cfg80211_external_auth_params *params,
17989  				   gfp_t gfp)
17990  {
17991  	struct wireless_dev *wdev = dev->ieee80211_ptr;
17992  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
17993  	struct sk_buff *msg;
17994  	void *hdr;
17995  
17996  	if (!wdev->conn_owner_nlportid)
17997  		return -EINVAL;
17998  
17999  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18000  	if (!msg)
18001  		return -ENOMEM;
18002  
18003  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
18004  	if (!hdr)
18005  		goto nla_put_failure;
18006  
18007  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18008  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
18009  	    nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
18010  	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
18011  			params->action) ||
18012  	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
18013  	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
18014  		    params->ssid.ssid))
18015  		goto nla_put_failure;
18016  
18017  	genlmsg_end(msg, hdr);
18018  	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
18019  			wdev->conn_owner_nlportid);
18020  	return 0;
18021  
18022   nla_put_failure:
18023  	nlmsg_free(msg);
18024  	return -ENOBUFS;
18025  }
18026  EXPORT_SYMBOL(cfg80211_external_auth_request);
18027  
18028  void cfg80211_update_owe_info_event(struct net_device *netdev,
18029  				    struct cfg80211_update_owe_info *owe_info,
18030  				    gfp_t gfp)
18031  {
18032  	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
18033  	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
18034  	struct sk_buff *msg;
18035  	void *hdr;
18036  
18037  	trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
18038  
18039  	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
18040  	if (!msg)
18041  		return;
18042  
18043  	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
18044  	if (!hdr)
18045  		goto nla_put_failure;
18046  
18047  	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
18048  	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
18049  	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
18050  		goto nla_put_failure;
18051  
18052  	if (!owe_info->ie_len ||
18053  	    nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
18054  		goto nla_put_failure;
18055  
18056  	genlmsg_end(msg, hdr);
18057  
18058  	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
18059  				NL80211_MCGRP_MLME, gfp);
18060  	return;
18061  
18062  nla_put_failure:
18063  	genlmsg_cancel(msg, hdr);
18064  	nlmsg_free(msg);
18065  }
18066  EXPORT_SYMBOL(cfg80211_update_owe_info_event);
18067  
18068  /* initialisation/exit functions */
18069  
18070  int __init nl80211_init(void)
18071  {
18072  	int err;
18073  
18074  	err = genl_register_family(&nl80211_fam);
18075  	if (err)
18076  		return err;
18077  
18078  	err = netlink_register_notifier(&nl80211_netlink_notifier);
18079  	if (err)
18080  		goto err_out;
18081  
18082  	return 0;
18083   err_out:
18084  	genl_unregister_family(&nl80211_fam);
18085  	return err;
18086  }
18087  
18088  void nl80211_exit(void)
18089  {
18090  	netlink_unregister_notifier(&nl80211_netlink_notifier);
18091  	genl_unregister_family(&nl80211_fam);
18092  }
18093