xref: /openbmc/linux/net/wireless/nl80211.c (revision 87fcfa7b7fe6bf819033fe827a27f710e38639b5) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This is the new netlink-based wireless configuration interface.
4  *
5  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
6  * Copyright 2013-2014  Intel Mobile Communications GmbH
7  * Copyright 2015-2017	Intel Deutschland GmbH
8  * Copyright (C) 2018-2019 Intel Corporation
9  */
10 
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <net/net_namespace.h>
24 #include <net/genetlink.h>
25 #include <net/cfg80211.h>
26 #include <net/sock.h>
27 #include <net/inet_connection_sock.h>
28 #include "core.h"
29 #include "nl80211.h"
30 #include "reg.h"
31 #include "rdev-ops.h"
32 
33 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
34 				   struct genl_info *info,
35 				   struct cfg80211_crypto_settings *settings,
36 				   int cipher_limit);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam;
40 
41 /* multicast groups */
42 enum nl80211_multicast_groups {
43 	NL80211_MCGRP_CONFIG,
44 	NL80211_MCGRP_SCAN,
45 	NL80211_MCGRP_REGULATORY,
46 	NL80211_MCGRP_MLME,
47 	NL80211_MCGRP_VENDOR,
48 	NL80211_MCGRP_NAN,
49 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
50 };
51 
52 static const struct genl_multicast_group nl80211_mcgrps[] = {
53 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
54 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
55 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
56 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
57 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
58 	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
59 #ifdef CONFIG_NL80211_TESTMODE
60 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
61 #endif
62 };
63 
64 /* returns ERR_PTR values */
65 static struct wireless_dev *
66 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
67 {
68 	struct cfg80211_registered_device *rdev;
69 	struct wireless_dev *result = NULL;
70 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
71 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
72 	u64 wdev_id;
73 	int wiphy_idx = -1;
74 	int ifidx = -1;
75 
76 	ASSERT_RTNL();
77 
78 	if (!have_ifidx && !have_wdev_id)
79 		return ERR_PTR(-EINVAL);
80 
81 	if (have_ifidx)
82 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
83 	if (have_wdev_id) {
84 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
85 		wiphy_idx = wdev_id >> 32;
86 	}
87 
88 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
89 		struct wireless_dev *wdev;
90 
91 		if (wiphy_net(&rdev->wiphy) != netns)
92 			continue;
93 
94 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
95 			continue;
96 
97 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
98 			if (have_ifidx && wdev->netdev &&
99 			    wdev->netdev->ifindex == ifidx) {
100 				result = wdev;
101 				break;
102 			}
103 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
104 				result = wdev;
105 				break;
106 			}
107 		}
108 
109 		if (result)
110 			break;
111 	}
112 
113 	if (result)
114 		return result;
115 	return ERR_PTR(-ENODEV);
116 }
117 
118 static struct cfg80211_registered_device *
119 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
120 {
121 	struct cfg80211_registered_device *rdev = NULL, *tmp;
122 	struct net_device *netdev;
123 
124 	ASSERT_RTNL();
125 
126 	if (!attrs[NL80211_ATTR_WIPHY] &&
127 	    !attrs[NL80211_ATTR_IFINDEX] &&
128 	    !attrs[NL80211_ATTR_WDEV])
129 		return ERR_PTR(-EINVAL);
130 
131 	if (attrs[NL80211_ATTR_WIPHY])
132 		rdev = cfg80211_rdev_by_wiphy_idx(
133 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
134 
135 	if (attrs[NL80211_ATTR_WDEV]) {
136 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
137 		struct wireless_dev *wdev;
138 		bool found = false;
139 
140 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
141 		if (tmp) {
142 			/* make sure wdev exists */
143 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
144 				if (wdev->identifier != (u32)wdev_id)
145 					continue;
146 				found = true;
147 				break;
148 			}
149 
150 			if (!found)
151 				tmp = NULL;
152 
153 			if (rdev && tmp != rdev)
154 				return ERR_PTR(-EINVAL);
155 			rdev = tmp;
156 		}
157 	}
158 
159 	if (attrs[NL80211_ATTR_IFINDEX]) {
160 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
161 
162 		netdev = __dev_get_by_index(netns, ifindex);
163 		if (netdev) {
164 			if (netdev->ieee80211_ptr)
165 				tmp = wiphy_to_rdev(
166 					netdev->ieee80211_ptr->wiphy);
167 			else
168 				tmp = NULL;
169 
170 			/* not wireless device -- return error */
171 			if (!tmp)
172 				return ERR_PTR(-EINVAL);
173 
174 			/* mismatch -- return error */
175 			if (rdev && tmp != rdev)
176 				return ERR_PTR(-EINVAL);
177 
178 			rdev = tmp;
179 		}
180 	}
181 
182 	if (!rdev)
183 		return ERR_PTR(-ENODEV);
184 
185 	if (netns != wiphy_net(&rdev->wiphy))
186 		return ERR_PTR(-ENODEV);
187 
188 	return rdev;
189 }
190 
191 /*
192  * This function returns a pointer to the driver
193  * that the genl_info item that is passed refers to.
194  *
195  * The result of this can be a PTR_ERR and hence must
196  * be checked with IS_ERR() for errors.
197  */
198 static struct cfg80211_registered_device *
199 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
200 {
201 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
202 }
203 
204 static int validate_beacon_head(const struct nlattr *attr,
205 				struct netlink_ext_ack *extack)
206 {
207 	const u8 *data = nla_data(attr);
208 	unsigned int len = nla_len(attr);
209 	const struct element *elem;
210 	const struct ieee80211_mgmt *mgmt = (void *)data;
211 	unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
212 					 u.beacon.variable);
213 
214 	if (len < fixedlen)
215 		goto err;
216 
217 	if (ieee80211_hdrlen(mgmt->frame_control) !=
218 	    offsetof(struct ieee80211_mgmt, u.beacon))
219 		goto err;
220 
221 	data += fixedlen;
222 	len -= fixedlen;
223 
224 	for_each_element(elem, data, len) {
225 		/* nothing */
226 	}
227 
228 	if (for_each_element_completed(elem, data, len))
229 		return 0;
230 
231 err:
232 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed beacon head");
233 	return -EINVAL;
234 }
235 
236 static int validate_ie_attr(const struct nlattr *attr,
237 			    struct netlink_ext_ack *extack)
238 {
239 	const u8 *data = nla_data(attr);
240 	unsigned int len = nla_len(attr);
241 	const struct element *elem;
242 
243 	for_each_element(elem, data, len) {
244 		/* nothing */
245 	}
246 
247 	if (for_each_element_completed(elem, data, len))
248 		return 0;
249 
250 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
251 	return -EINVAL;
252 }
253 
254 /* policy for the attributes */
255 static const struct nla_policy
256 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
257 	[NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
258 	[NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
259 					.len = U8_MAX },
260 	[NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
261 					     .len = U8_MAX },
262 };
263 
264 static const struct nla_policy
265 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
266 	[NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
267 	[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
268 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
269 		NLA_POLICY_MAX(NLA_U8, 15),
270 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
271 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
272 		NLA_POLICY_MAX(NLA_U8, 15),
273 	[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
274 		NLA_POLICY_MAX(NLA_U8, 31),
275 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
276 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
277 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
278 };
279 
280 static const struct nla_policy
281 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
282 	[NL80211_PMSR_TYPE_FTM] =
283 		NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
284 };
285 
286 static const struct nla_policy
287 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
288 	[NL80211_PMSR_REQ_ATTR_DATA] =
289 		NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
290 	[NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
291 };
292 
293 static const struct nla_policy
294 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
295 	[NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
296 	/*
297 	 * we could specify this again to be the top-level policy,
298 	 * but that would open us up to recursion problems ...
299 	 */
300 	[NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
301 	[NL80211_PMSR_PEER_ATTR_REQ] =
302 		NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
303 	[NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
304 };
305 
306 static const struct nla_policy
307 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
308 	[NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
309 	[NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
310 	[NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
311 	[NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
312 	[NL80211_PMSR_ATTR_PEERS] =
313 		NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
314 };
315 
316 static const struct nla_policy
317 he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
318 	[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
319 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
320 	[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
321 		NLA_POLICY_RANGE(NLA_U8, 1, 20),
322 };
323 
324 const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
325 	[0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
326 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
327 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
328 				      .len = 20-1 },
329 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
330 
331 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
332 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
333 	[NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
334 						NL80211_EDMG_CHANNELS_MIN,
335 						NL80211_EDMG_CHANNELS_MAX),
336 	[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
337 						NL80211_EDMG_BW_CONFIG_MIN,
338 						NL80211_EDMG_BW_CONFIG_MAX),
339 
340 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
341 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
342 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
343 
344 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
345 	[NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
346 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
347 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
348 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
349 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
350 
351 	[NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
352 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
353 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
354 
355 	[NL80211_ATTR_MAC] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
356 	[NL80211_ATTR_PREV_BSSID] = {
357 		.type = NLA_EXACT_LEN_WARN,
358 		.len = ETH_ALEN
359 	},
360 
361 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
362 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
363 				    .len = WLAN_MAX_KEY_LEN },
364 	[NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 5),
365 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
366 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
367 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
368 	[NL80211_ATTR_KEY_TYPE] =
369 		NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
370 
371 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
372 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
373 	[NL80211_ATTR_BEACON_HEAD] =
374 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
375 				       IEEE80211_MAX_DATA_LEN),
376 	[NL80211_ATTR_BEACON_TAIL] =
377 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
378 				       IEEE80211_MAX_DATA_LEN),
379 	[NL80211_ATTR_STA_AID] =
380 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
381 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
382 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
383 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
384 					       .len = NL80211_MAX_SUPP_RATES },
385 	[NL80211_ATTR_STA_PLINK_ACTION] =
386 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
387 	[NL80211_ATTR_STA_TX_POWER_SETTING] =
388 		NLA_POLICY_RANGE(NLA_U8,
389 				 NL80211_TX_POWER_AUTOMATIC,
390 				 NL80211_TX_POWER_FIXED),
391 	[NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
392 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
393 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
394 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
395 				   .len = IEEE80211_MAX_MESH_ID_LEN },
396 	[NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
397 
398 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
399 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
400 
401 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
402 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
403 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
404 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
405 					   .len = NL80211_MAX_SUPP_RATES },
406 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
407 
408 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
409 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
410 
411 	[NL80211_ATTR_HT_CAPABILITY] = {
412 		.type = NLA_EXACT_LEN_WARN,
413 		.len = NL80211_HT_CAPABILITY_LEN
414 	},
415 
416 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
417 	[NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
418 						   validate_ie_attr,
419 						   IEEE80211_MAX_DATA_LEN),
420 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
421 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
422 
423 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
424 				.len = IEEE80211_MAX_SSID_LEN },
425 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
426 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
427 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
428 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
429 	[NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
430 						  NL80211_MFP_NO,
431 						  NL80211_MFP_OPTIONAL),
432 	[NL80211_ATTR_STA_FLAGS2] = {
433 		.len = sizeof(struct nl80211_sta_flag_update),
434 	},
435 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
436 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
437 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
438 	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
439 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
440 	[NL80211_ATTR_STATUS_CODE] = { .type = NLA_U16 },
441 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
442 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
443 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
444 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
445 	[NL80211_ATTR_PMKID] = {
446 		.type = NLA_EXACT_LEN_WARN,
447 		.len = WLAN_PMKID_LEN
448 	},
449 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
450 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
451 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
452 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
453 				 .len = IEEE80211_MAX_DATA_LEN },
454 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
455 	[NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
456 						   NL80211_PS_DISABLED,
457 						   NL80211_PS_ENABLED),
458 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
459 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
460 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
461 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
462 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
463 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
464 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
465 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
466 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
467 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
468 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
469 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
470 	[NL80211_ATTR_STA_PLINK_STATE] =
471 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
472 	[NL80211_ATTR_MESH_PEER_AID] =
473 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
474 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
475 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
476 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
477 	[NL80211_ATTR_HIDDEN_SSID] =
478 		NLA_POLICY_RANGE(NLA_U32,
479 				 NL80211_HIDDEN_SSID_NOT_IN_USE,
480 				 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
481 	[NL80211_ATTR_IE_PROBE_RESP] =
482 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
483 				       IEEE80211_MAX_DATA_LEN),
484 	[NL80211_ATTR_IE_ASSOC_RESP] =
485 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
486 				       IEEE80211_MAX_DATA_LEN),
487 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
488 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
489 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
490 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
491 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
492 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
493 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
494 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
495 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
496 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
497 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
498 				      .len = IEEE80211_MAX_DATA_LEN },
499 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
500 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
501 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
502 		.len = NL80211_HT_CAPABILITY_LEN
503 	},
504 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
505 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
506 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
507 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
508 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
509 	[NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
510 	[NL80211_ATTR_VHT_CAPABILITY] = {
511 		.type = NLA_EXACT_LEN_WARN,
512 		.len = NL80211_VHT_CAPABILITY_LEN
513 	},
514 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
515 	[NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
516 	[NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
517 	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
518 		NLA_POLICY_RANGE(NLA_U32,
519 				 NL80211_MESH_POWER_UNKNOWN + 1,
520 				 NL80211_MESH_POWER_MAX),
521 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
522 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
523 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
524 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
525 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
526 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
527 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
528 		.len = NL80211_VHT_CAPABILITY_LEN,
529 	},
530 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
531 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
532 				  .len = IEEE80211_MAX_DATA_LEN },
533 	[NL80211_ATTR_PEER_AID] =
534 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
535 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
536 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
537 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
538 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
539 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
540 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
541 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
542 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
543 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
544 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
545 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
546 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
547 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
548 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
549 	[NL80211_ATTR_MAC_HINT] = {
550 		.type = NLA_EXACT_LEN_WARN,
551 		.len = ETH_ALEN
552 	},
553 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
554 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
555 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
556 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
557 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
558 	[NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
559 	[NL80211_ATTR_USER_PRIO] =
560 		NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
561 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
562 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
563 	[NL80211_ATTR_MAC_MASK] = {
564 		.type = NLA_EXACT_LEN_WARN,
565 		.len = ETH_ALEN
566 	},
567 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
568 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
569 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
570 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
571 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
572 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
573 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] =
574 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
575 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
576 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
577 	},
578 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = {
579 		.type = NLA_EXACT_LEN_WARN,
580 		.len = ETH_ALEN
581 	},
582 	[NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
583 	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
584 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
585 	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
586 				    .len = FILS_MAX_KEK_LEN },
587 	[NL80211_ATTR_FILS_NONCES] = {
588 		.type = NLA_EXACT_LEN_WARN,
589 		.len = 2 * FILS_NONCE_LEN
590 	},
591 	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
592 	[NL80211_ATTR_BSSID] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
593 	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
594 	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
595 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
596 	},
597 	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
598 	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
599 					     .len = FILS_ERP_MAX_USERNAME_LEN },
600 	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
601 					  .len = FILS_ERP_MAX_REALM_LEN },
602 	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
603 	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
604 					.len = FILS_ERP_MAX_RRK_LEN },
605 	[NL80211_ATTR_FILS_CACHE_ID] = { .type = NLA_EXACT_LEN_WARN, .len = 2 },
606 	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
607 	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
608 	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
609 
610 	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
611 	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
612 	[NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
613 	[NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
614 					 .len = NL80211_HE_MAX_CAPABILITY_LEN },
615 
616 	[NL80211_ATTR_FTM_RESPONDER] = {
617 		.type = NLA_NESTED,
618 		.validation_data = nl80211_ftm_responder_policy,
619 	},
620 	[NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
621 	[NL80211_ATTR_PEER_MEASUREMENTS] =
622 		NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
623 	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
624 	[NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
625 					.len = SAE_PASSWORD_MAX_LEN },
626 	[NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
627 	[NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
628 	[NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
629 };
630 
631 /* policy for the key attributes */
632 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
633 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
634 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
635 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
636 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
637 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
638 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
639 	[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
640 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
641 	[NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
642 };
643 
644 /* policy for the key default flags */
645 static const struct nla_policy
646 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
647 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
648 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
649 };
650 
651 #ifdef CONFIG_PM
652 /* policy for WoWLAN attributes */
653 static const struct nla_policy
654 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
655 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
656 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
657 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
658 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
659 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
660 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
661 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
662 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
663 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
664 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
665 };
666 
667 static const struct nla_policy
668 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
669 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
670 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
671 	[NL80211_WOWLAN_TCP_DST_MAC] = {
672 		.type = NLA_EXACT_LEN_WARN,
673 		.len = ETH_ALEN
674 	},
675 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
676 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
677 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
678 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
679 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
680 	},
681 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
682 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
683 	},
684 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
685 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
686 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .type = NLA_MIN_LEN, .len = 1 },
687 };
688 #endif /* CONFIG_PM */
689 
690 /* policy for coalesce rule attributes */
691 static const struct nla_policy
692 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
693 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
694 	[NL80211_ATTR_COALESCE_RULE_CONDITION] =
695 		NLA_POLICY_RANGE(NLA_U32,
696 				 NL80211_COALESCE_CONDITION_MATCH,
697 				 NL80211_COALESCE_CONDITION_NO_MATCH),
698 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
699 };
700 
701 /* policy for GTK rekey offload attributes */
702 static const struct nla_policy
703 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
704 	[NL80211_REKEY_DATA_KEK] = {
705 		.type = NLA_EXACT_LEN_WARN,
706 		.len = NL80211_KEK_LEN,
707 	},
708 	[NL80211_REKEY_DATA_KCK] = {
709 		.type = NLA_EXACT_LEN_WARN,
710 		.len = NL80211_KCK_LEN,
711 	},
712 	[NL80211_REKEY_DATA_REPLAY_CTR] = {
713 		.type = NLA_EXACT_LEN_WARN,
714 		.len = NL80211_REPLAY_CTR_LEN
715 	},
716 };
717 
718 static const struct nla_policy
719 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
720 	[NL80211_BAND_2GHZ] = { .type = NLA_S32 },
721 	[NL80211_BAND_5GHZ] = { .type = NLA_S32 },
722 	[NL80211_BAND_6GHZ] = { .type = NLA_S32 },
723 	[NL80211_BAND_60GHZ] = { .type = NLA_S32 },
724 };
725 
726 static const struct nla_policy
727 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
728 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
729 						 .len = IEEE80211_MAX_SSID_LEN },
730 	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = {
731 		.type = NLA_EXACT_LEN_WARN,
732 		.len = ETH_ALEN
733 	},
734 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
735 	[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
736 		NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
737 };
738 
739 static const struct nla_policy
740 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
741 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
742 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
743 };
744 
745 static const struct nla_policy
746 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
747 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
748 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
749 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
750 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
751 	},
752 };
753 
754 /* policy for NAN function attributes */
755 static const struct nla_policy
756 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
757 	[NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
758 	[NL80211_NAN_FUNC_SERVICE_ID] = {
759 				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
760 	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
761 	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
762 	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
763 	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
764 	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
765 	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = {
766 		.type = NLA_EXACT_LEN_WARN,
767 		.len = ETH_ALEN
768 	},
769 	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
770 	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
771 	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
772 			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
773 	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
774 	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
775 	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
776 	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
777 	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
778 };
779 
780 /* policy for Service Response Filter attributes */
781 static const struct nla_policy
782 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
783 	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
784 	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
785 				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
786 	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
787 	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
788 };
789 
790 /* policy for packet pattern attributes */
791 static const struct nla_policy
792 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
793 	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
794 	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
795 	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
796 };
797 
798 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
799 			      struct cfg80211_registered_device **rdev,
800 			      struct wireless_dev **wdev)
801 {
802 	int err;
803 
804 	if (!cb->args[0]) {
805 		struct nlattr **attrbuf;
806 
807 		attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
808 				  GFP_KERNEL);
809 		if (!attrbuf)
810 			return -ENOMEM;
811 
812 		err = nlmsg_parse_deprecated(cb->nlh,
813 					     GENL_HDRLEN + nl80211_fam.hdrsize,
814 					     attrbuf, nl80211_fam.maxattr,
815 					     nl80211_policy, NULL);
816 		if (err) {
817 			kfree(attrbuf);
818 			return err;
819 		}
820 
821 		*wdev = __cfg80211_wdev_from_attrs(sock_net(cb->skb->sk),
822 						   attrbuf);
823 		kfree(attrbuf);
824 		if (IS_ERR(*wdev))
825 			return PTR_ERR(*wdev);
826 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
827 		/* 0 is the first index - add 1 to parse only once */
828 		cb->args[0] = (*rdev)->wiphy_idx + 1;
829 		cb->args[1] = (*wdev)->identifier;
830 	} else {
831 		/* subtract the 1 again here */
832 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
833 		struct wireless_dev *tmp;
834 
835 		if (!wiphy)
836 			return -ENODEV;
837 		*rdev = wiphy_to_rdev(wiphy);
838 		*wdev = NULL;
839 
840 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
841 			if (tmp->identifier == cb->args[1]) {
842 				*wdev = tmp;
843 				break;
844 			}
845 		}
846 
847 		if (!*wdev)
848 			return -ENODEV;
849 	}
850 
851 	return 0;
852 }
853 
854 /* message building helper */
855 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
856 		     int flags, u8 cmd)
857 {
858 	/* since there is no private header just add the generic one */
859 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
860 }
861 
862 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
863 				     const struct ieee80211_reg_rule *rule)
864 {
865 	int j;
866 	struct nlattr *nl_wmm_rules =
867 		nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
868 
869 	if (!nl_wmm_rules)
870 		goto nla_put_failure;
871 
872 	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
873 		struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
874 
875 		if (!nl_wmm_rule)
876 			goto nla_put_failure;
877 
878 		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
879 				rule->wmm_rule.client[j].cw_min) ||
880 		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,
881 				rule->wmm_rule.client[j].cw_max) ||
882 		    nla_put_u8(msg, NL80211_WMMR_AIFSN,
883 			       rule->wmm_rule.client[j].aifsn) ||
884 		    nla_put_u16(msg, NL80211_WMMR_TXOP,
885 			        rule->wmm_rule.client[j].cot))
886 			goto nla_put_failure;
887 
888 		nla_nest_end(msg, nl_wmm_rule);
889 	}
890 	nla_nest_end(msg, nl_wmm_rules);
891 
892 	return 0;
893 
894 nla_put_failure:
895 	return -ENOBUFS;
896 }
897 
898 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
899 				   struct ieee80211_channel *chan,
900 				   bool large)
901 {
902 	/* Some channels must be completely excluded from the
903 	 * list to protect old user-space tools from breaking
904 	 */
905 	if (!large && chan->flags &
906 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
907 		return 0;
908 
909 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
910 			chan->center_freq))
911 		goto nla_put_failure;
912 
913 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
914 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
915 		goto nla_put_failure;
916 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
917 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
918 			goto nla_put_failure;
919 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
920 			goto nla_put_failure;
921 	}
922 	if (chan->flags & IEEE80211_CHAN_RADAR) {
923 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
924 			goto nla_put_failure;
925 		if (large) {
926 			u32 time;
927 
928 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
929 
930 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
931 					chan->dfs_state))
932 				goto nla_put_failure;
933 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
934 					time))
935 				goto nla_put_failure;
936 			if (nla_put_u32(msg,
937 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
938 					chan->dfs_cac_ms))
939 				goto nla_put_failure;
940 		}
941 	}
942 
943 	if (large) {
944 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
945 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
946 			goto nla_put_failure;
947 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
948 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
949 			goto nla_put_failure;
950 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
951 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
952 			goto nla_put_failure;
953 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
954 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
955 			goto nla_put_failure;
956 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
957 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
958 			goto nla_put_failure;
959 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
960 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
961 			goto nla_put_failure;
962 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
963 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
964 			goto nla_put_failure;
965 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
966 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
967 			goto nla_put_failure;
968 	}
969 
970 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
971 			DBM_TO_MBM(chan->max_power)))
972 		goto nla_put_failure;
973 
974 	if (large) {
975 		const struct ieee80211_reg_rule *rule =
976 			freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
977 
978 		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
979 			if (nl80211_msg_put_wmm_rules(msg, rule))
980 				goto nla_put_failure;
981 		}
982 	}
983 
984 	return 0;
985 
986  nla_put_failure:
987 	return -ENOBUFS;
988 }
989 
990 static bool nl80211_put_txq_stats(struct sk_buff *msg,
991 				  struct cfg80211_txq_stats *txqstats,
992 				  int attrtype)
993 {
994 	struct nlattr *txqattr;
995 
996 #define PUT_TXQVAL_U32(attr, memb) do {					  \
997 	if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&	  \
998 	    nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
999 		return false;						  \
1000 	} while (0)
1001 
1002 	txqattr = nla_nest_start_noflag(msg, attrtype);
1003 	if (!txqattr)
1004 		return false;
1005 
1006 	PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
1007 	PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
1008 	PUT_TXQVAL_U32(FLOWS, flows);
1009 	PUT_TXQVAL_U32(DROPS, drops);
1010 	PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
1011 	PUT_TXQVAL_U32(OVERLIMIT, overlimit);
1012 	PUT_TXQVAL_U32(OVERMEMORY, overmemory);
1013 	PUT_TXQVAL_U32(COLLISIONS, collisions);
1014 	PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
1015 	PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
1016 	PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
1017 	nla_nest_end(msg, txqattr);
1018 
1019 #undef PUT_TXQVAL_U32
1020 	return true;
1021 }
1022 
1023 /* netlink command implementations */
1024 
1025 struct key_parse {
1026 	struct key_params p;
1027 	int idx;
1028 	int type;
1029 	bool def, defmgmt;
1030 	bool def_uni, def_multi;
1031 };
1032 
1033 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
1034 				 struct key_parse *k)
1035 {
1036 	struct nlattr *tb[NL80211_KEY_MAX + 1];
1037 	int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
1038 					      nl80211_key_policy,
1039 					      info->extack);
1040 	if (err)
1041 		return err;
1042 
1043 	k->def = !!tb[NL80211_KEY_DEFAULT];
1044 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
1045 
1046 	if (k->def) {
1047 		k->def_uni = true;
1048 		k->def_multi = true;
1049 	}
1050 	if (k->defmgmt)
1051 		k->def_multi = true;
1052 
1053 	if (tb[NL80211_KEY_IDX])
1054 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
1055 
1056 	if (tb[NL80211_KEY_DATA]) {
1057 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
1058 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
1059 	}
1060 
1061 	if (tb[NL80211_KEY_SEQ]) {
1062 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1063 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1064 	}
1065 
1066 	if (tb[NL80211_KEY_CIPHER])
1067 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1068 
1069 	if (tb[NL80211_KEY_TYPE])
1070 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1071 
1072 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1073 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1074 
1075 		err = nla_parse_nested_deprecated(kdt,
1076 						  NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1077 						  tb[NL80211_KEY_DEFAULT_TYPES],
1078 						  nl80211_key_default_policy,
1079 						  info->extack);
1080 		if (err)
1081 			return err;
1082 
1083 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1084 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1085 	}
1086 
1087 	if (tb[NL80211_KEY_MODE])
1088 		k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1089 
1090 	return 0;
1091 }
1092 
1093 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1094 {
1095 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1096 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1097 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1098 	}
1099 
1100 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1101 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1102 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1103 	}
1104 
1105 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1106 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1107 
1108 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1109 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1110 
1111 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1112 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1113 
1114 	if (k->def) {
1115 		k->def_uni = true;
1116 		k->def_multi = true;
1117 	}
1118 	if (k->defmgmt)
1119 		k->def_multi = true;
1120 
1121 	if (info->attrs[NL80211_ATTR_KEY_TYPE])
1122 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1123 
1124 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1125 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1126 		int err = nla_parse_nested_deprecated(kdt,
1127 						      NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1128 						      info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1129 						      nl80211_key_default_policy,
1130 						      info->extack);
1131 		if (err)
1132 			return err;
1133 
1134 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1135 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1136 	}
1137 
1138 	return 0;
1139 }
1140 
1141 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1142 {
1143 	int err;
1144 
1145 	memset(k, 0, sizeof(*k));
1146 	k->idx = -1;
1147 	k->type = -1;
1148 
1149 	if (info->attrs[NL80211_ATTR_KEY])
1150 		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1151 	else
1152 		err = nl80211_parse_key_old(info, k);
1153 
1154 	if (err)
1155 		return err;
1156 
1157 	if (k->def && k->defmgmt) {
1158 		GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
1159 		return -EINVAL;
1160 	}
1161 
1162 	if (k->defmgmt) {
1163 		if (k->def_uni || !k->def_multi) {
1164 			GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
1165 			return -EINVAL;
1166 		}
1167 	}
1168 
1169 	if (k->idx != -1) {
1170 		if (k->defmgmt) {
1171 			if (k->idx < 4 || k->idx > 5) {
1172 				GENL_SET_ERR_MSG(info,
1173 						 "defmgmt key idx not 4 or 5");
1174 				return -EINVAL;
1175 			}
1176 		} else if (k->def) {
1177 			if (k->idx < 0 || k->idx > 3) {
1178 				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1179 				return -EINVAL;
1180 			}
1181 		} else {
1182 			if (k->idx < 0 || k->idx > 5) {
1183 				GENL_SET_ERR_MSG(info, "key idx not 0-5");
1184 				return -EINVAL;
1185 			}
1186 		}
1187 	}
1188 
1189 	return 0;
1190 }
1191 
1192 static struct cfg80211_cached_keys *
1193 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1194 		       struct genl_info *info, bool *no_ht)
1195 {
1196 	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1197 	struct key_parse parse;
1198 	struct nlattr *key;
1199 	struct cfg80211_cached_keys *result;
1200 	int rem, err, def = 0;
1201 	bool have_key = false;
1202 
1203 	nla_for_each_nested(key, keys, rem) {
1204 		have_key = true;
1205 		break;
1206 	}
1207 
1208 	if (!have_key)
1209 		return NULL;
1210 
1211 	result = kzalloc(sizeof(*result), GFP_KERNEL);
1212 	if (!result)
1213 		return ERR_PTR(-ENOMEM);
1214 
1215 	result->def = -1;
1216 
1217 	nla_for_each_nested(key, keys, rem) {
1218 		memset(&parse, 0, sizeof(parse));
1219 		parse.idx = -1;
1220 
1221 		err = nl80211_parse_key_new(info, key, &parse);
1222 		if (err)
1223 			goto error;
1224 		err = -EINVAL;
1225 		if (!parse.p.key)
1226 			goto error;
1227 		if (parse.idx < 0 || parse.idx > 3) {
1228 			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1229 			goto error;
1230 		}
1231 		if (parse.def) {
1232 			if (def) {
1233 				GENL_SET_ERR_MSG(info,
1234 						 "only one key can be default");
1235 				goto error;
1236 			}
1237 			def = 1;
1238 			result->def = parse.idx;
1239 			if (!parse.def_uni || !parse.def_multi)
1240 				goto error;
1241 		} else if (parse.defmgmt)
1242 			goto error;
1243 		err = cfg80211_validate_key_settings(rdev, &parse.p,
1244 						     parse.idx, false, NULL);
1245 		if (err)
1246 			goto error;
1247 		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1248 		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1249 			GENL_SET_ERR_MSG(info, "connect key must be WEP");
1250 			err = -EINVAL;
1251 			goto error;
1252 		}
1253 		result->params[parse.idx].cipher = parse.p.cipher;
1254 		result->params[parse.idx].key_len = parse.p.key_len;
1255 		result->params[parse.idx].key = result->data[parse.idx];
1256 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1257 
1258 		/* must be WEP key if we got here */
1259 		if (no_ht)
1260 			*no_ht = true;
1261 	}
1262 
1263 	if (result->def < 0) {
1264 		err = -EINVAL;
1265 		GENL_SET_ERR_MSG(info, "need a default/TX key");
1266 		goto error;
1267 	}
1268 
1269 	return result;
1270  error:
1271 	kfree(result);
1272 	return ERR_PTR(err);
1273 }
1274 
1275 static int nl80211_key_allowed(struct wireless_dev *wdev)
1276 {
1277 	ASSERT_WDEV_LOCK(wdev);
1278 
1279 	switch (wdev->iftype) {
1280 	case NL80211_IFTYPE_AP:
1281 	case NL80211_IFTYPE_AP_VLAN:
1282 	case NL80211_IFTYPE_P2P_GO:
1283 	case NL80211_IFTYPE_MESH_POINT:
1284 		break;
1285 	case NL80211_IFTYPE_ADHOC:
1286 	case NL80211_IFTYPE_STATION:
1287 	case NL80211_IFTYPE_P2P_CLIENT:
1288 		if (!wdev->current_bss)
1289 			return -ENOLINK;
1290 		break;
1291 	case NL80211_IFTYPE_UNSPECIFIED:
1292 	case NL80211_IFTYPE_OCB:
1293 	case NL80211_IFTYPE_MONITOR:
1294 	case NL80211_IFTYPE_NAN:
1295 	case NL80211_IFTYPE_P2P_DEVICE:
1296 	case NL80211_IFTYPE_WDS:
1297 	case NUM_NL80211_IFTYPES:
1298 		return -EINVAL;
1299 	}
1300 
1301 	return 0;
1302 }
1303 
1304 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1305 							struct nlattr *tb)
1306 {
1307 	struct ieee80211_channel *chan;
1308 
1309 	if (tb == NULL)
1310 		return NULL;
1311 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1312 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1313 		return NULL;
1314 	return chan;
1315 }
1316 
1317 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1318 {
1319 	struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1320 	int i;
1321 
1322 	if (!nl_modes)
1323 		goto nla_put_failure;
1324 
1325 	i = 0;
1326 	while (ifmodes) {
1327 		if ((ifmodes & 1) && nla_put_flag(msg, i))
1328 			goto nla_put_failure;
1329 		ifmodes >>= 1;
1330 		i++;
1331 	}
1332 
1333 	nla_nest_end(msg, nl_modes);
1334 	return 0;
1335 
1336 nla_put_failure:
1337 	return -ENOBUFS;
1338 }
1339 
1340 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1341 					  struct sk_buff *msg,
1342 					  bool large)
1343 {
1344 	struct nlattr *nl_combis;
1345 	int i, j;
1346 
1347 	nl_combis = nla_nest_start_noflag(msg,
1348 					  NL80211_ATTR_INTERFACE_COMBINATIONS);
1349 	if (!nl_combis)
1350 		goto nla_put_failure;
1351 
1352 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
1353 		const struct ieee80211_iface_combination *c;
1354 		struct nlattr *nl_combi, *nl_limits;
1355 
1356 		c = &wiphy->iface_combinations[i];
1357 
1358 		nl_combi = nla_nest_start_noflag(msg, i + 1);
1359 		if (!nl_combi)
1360 			goto nla_put_failure;
1361 
1362 		nl_limits = nla_nest_start_noflag(msg,
1363 						  NL80211_IFACE_COMB_LIMITS);
1364 		if (!nl_limits)
1365 			goto nla_put_failure;
1366 
1367 		for (j = 0; j < c->n_limits; j++) {
1368 			struct nlattr *nl_limit;
1369 
1370 			nl_limit = nla_nest_start_noflag(msg, j + 1);
1371 			if (!nl_limit)
1372 				goto nla_put_failure;
1373 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1374 					c->limits[j].max))
1375 				goto nla_put_failure;
1376 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1377 						c->limits[j].types))
1378 				goto nla_put_failure;
1379 			nla_nest_end(msg, nl_limit);
1380 		}
1381 
1382 		nla_nest_end(msg, nl_limits);
1383 
1384 		if (c->beacon_int_infra_match &&
1385 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1386 			goto nla_put_failure;
1387 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1388 				c->num_different_channels) ||
1389 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1390 				c->max_interfaces))
1391 			goto nla_put_failure;
1392 		if (large &&
1393 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1394 				c->radar_detect_widths) ||
1395 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1396 				c->radar_detect_regions)))
1397 			goto nla_put_failure;
1398 		if (c->beacon_int_min_gcd &&
1399 		    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1400 				c->beacon_int_min_gcd))
1401 			goto nla_put_failure;
1402 
1403 		nla_nest_end(msg, nl_combi);
1404 	}
1405 
1406 	nla_nest_end(msg, nl_combis);
1407 
1408 	return 0;
1409 nla_put_failure:
1410 	return -ENOBUFS;
1411 }
1412 
1413 #ifdef CONFIG_PM
1414 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1415 					struct sk_buff *msg)
1416 {
1417 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1418 	struct nlattr *nl_tcp;
1419 
1420 	if (!tcp)
1421 		return 0;
1422 
1423 	nl_tcp = nla_nest_start_noflag(msg,
1424 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1425 	if (!nl_tcp)
1426 		return -ENOBUFS;
1427 
1428 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1429 			tcp->data_payload_max))
1430 		return -ENOBUFS;
1431 
1432 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1433 			tcp->data_payload_max))
1434 		return -ENOBUFS;
1435 
1436 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1437 		return -ENOBUFS;
1438 
1439 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1440 				sizeof(*tcp->tok), tcp->tok))
1441 		return -ENOBUFS;
1442 
1443 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1444 			tcp->data_interval_max))
1445 		return -ENOBUFS;
1446 
1447 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1448 			tcp->wake_payload_max))
1449 		return -ENOBUFS;
1450 
1451 	nla_nest_end(msg, nl_tcp);
1452 	return 0;
1453 }
1454 
1455 static int nl80211_send_wowlan(struct sk_buff *msg,
1456 			       struct cfg80211_registered_device *rdev,
1457 			       bool large)
1458 {
1459 	struct nlattr *nl_wowlan;
1460 
1461 	if (!rdev->wiphy.wowlan)
1462 		return 0;
1463 
1464 	nl_wowlan = nla_nest_start_noflag(msg,
1465 					  NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1466 	if (!nl_wowlan)
1467 		return -ENOBUFS;
1468 
1469 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1470 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1471 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1472 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1473 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1474 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1475 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1476 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1477 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1478 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1479 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1480 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1481 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1482 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1483 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1484 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1485 		return -ENOBUFS;
1486 
1487 	if (rdev->wiphy.wowlan->n_patterns) {
1488 		struct nl80211_pattern_support pat = {
1489 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1490 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1491 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1492 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1493 		};
1494 
1495 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1496 			    sizeof(pat), &pat))
1497 			return -ENOBUFS;
1498 	}
1499 
1500 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1501 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1502 			rdev->wiphy.wowlan->max_nd_match_sets))
1503 		return -ENOBUFS;
1504 
1505 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1506 		return -ENOBUFS;
1507 
1508 	nla_nest_end(msg, nl_wowlan);
1509 
1510 	return 0;
1511 }
1512 #endif
1513 
1514 static int nl80211_send_coalesce(struct sk_buff *msg,
1515 				 struct cfg80211_registered_device *rdev)
1516 {
1517 	struct nl80211_coalesce_rule_support rule;
1518 
1519 	if (!rdev->wiphy.coalesce)
1520 		return 0;
1521 
1522 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1523 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1524 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1525 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1526 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1527 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1528 
1529 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1530 		return -ENOBUFS;
1531 
1532 	return 0;
1533 }
1534 
1535 static int
1536 nl80211_send_iftype_data(struct sk_buff *msg,
1537 			 const struct ieee80211_sband_iftype_data *iftdata)
1538 {
1539 	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1540 
1541 	if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1542 				iftdata->types_mask))
1543 		return -ENOBUFS;
1544 
1545 	if (he_cap->has_he) {
1546 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1547 			    sizeof(he_cap->he_cap_elem.mac_cap_info),
1548 			    he_cap->he_cap_elem.mac_cap_info) ||
1549 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1550 			    sizeof(he_cap->he_cap_elem.phy_cap_info),
1551 			    he_cap->he_cap_elem.phy_cap_info) ||
1552 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1553 			    sizeof(he_cap->he_mcs_nss_supp),
1554 			    &he_cap->he_mcs_nss_supp) ||
1555 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1556 			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1557 			return -ENOBUFS;
1558 	}
1559 
1560 	return 0;
1561 }
1562 
1563 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1564 				      struct ieee80211_supported_band *sband)
1565 {
1566 	struct nlattr *nl_rates, *nl_rate;
1567 	struct ieee80211_rate *rate;
1568 	int i;
1569 
1570 	/* add HT info */
1571 	if (sband->ht_cap.ht_supported &&
1572 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1573 		     sizeof(sband->ht_cap.mcs),
1574 		     &sband->ht_cap.mcs) ||
1575 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1576 			 sband->ht_cap.cap) ||
1577 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1578 			sband->ht_cap.ampdu_factor) ||
1579 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1580 			sband->ht_cap.ampdu_density)))
1581 		return -ENOBUFS;
1582 
1583 	/* add VHT info */
1584 	if (sband->vht_cap.vht_supported &&
1585 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1586 		     sizeof(sband->vht_cap.vht_mcs),
1587 		     &sband->vht_cap.vht_mcs) ||
1588 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1589 			 sband->vht_cap.cap)))
1590 		return -ENOBUFS;
1591 
1592 	if (sband->n_iftype_data) {
1593 		struct nlattr *nl_iftype_data =
1594 			nla_nest_start_noflag(msg,
1595 					      NL80211_BAND_ATTR_IFTYPE_DATA);
1596 		int err;
1597 
1598 		if (!nl_iftype_data)
1599 			return -ENOBUFS;
1600 
1601 		for (i = 0; i < sband->n_iftype_data; i++) {
1602 			struct nlattr *iftdata;
1603 
1604 			iftdata = nla_nest_start_noflag(msg, i + 1);
1605 			if (!iftdata)
1606 				return -ENOBUFS;
1607 
1608 			err = nl80211_send_iftype_data(msg,
1609 						       &sband->iftype_data[i]);
1610 			if (err)
1611 				return err;
1612 
1613 			nla_nest_end(msg, iftdata);
1614 		}
1615 
1616 		nla_nest_end(msg, nl_iftype_data);
1617 	}
1618 
1619 	/* add EDMG info */
1620 	if (sband->edmg_cap.channels &&
1621 	    (nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1622 		       sband->edmg_cap.channels) ||
1623 	    nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
1624 		       sband->edmg_cap.bw_config)))
1625 
1626 		return -ENOBUFS;
1627 
1628 	/* add bitrates */
1629 	nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1630 	if (!nl_rates)
1631 		return -ENOBUFS;
1632 
1633 	for (i = 0; i < sband->n_bitrates; i++) {
1634 		nl_rate = nla_nest_start_noflag(msg, i);
1635 		if (!nl_rate)
1636 			return -ENOBUFS;
1637 
1638 		rate = &sband->bitrates[i];
1639 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1640 				rate->bitrate))
1641 			return -ENOBUFS;
1642 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1643 		    nla_put_flag(msg,
1644 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1645 			return -ENOBUFS;
1646 
1647 		nla_nest_end(msg, nl_rate);
1648 	}
1649 
1650 	nla_nest_end(msg, nl_rates);
1651 
1652 	return 0;
1653 }
1654 
1655 static int
1656 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1657 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1658 {
1659 	u16 stypes;
1660 	struct nlattr *nl_ftypes, *nl_ifs;
1661 	enum nl80211_iftype ift;
1662 	int i;
1663 
1664 	if (!mgmt_stypes)
1665 		return 0;
1666 
1667 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1668 	if (!nl_ifs)
1669 		return -ENOBUFS;
1670 
1671 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1672 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1673 		if (!nl_ftypes)
1674 			return -ENOBUFS;
1675 		i = 0;
1676 		stypes = mgmt_stypes[ift].tx;
1677 		while (stypes) {
1678 			if ((stypes & 1) &&
1679 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1680 					(i << 4) | IEEE80211_FTYPE_MGMT))
1681 				return -ENOBUFS;
1682 			stypes >>= 1;
1683 			i++;
1684 		}
1685 		nla_nest_end(msg, nl_ftypes);
1686 	}
1687 
1688 	nla_nest_end(msg, nl_ifs);
1689 
1690 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1691 	if (!nl_ifs)
1692 		return -ENOBUFS;
1693 
1694 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1695 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1696 		if (!nl_ftypes)
1697 			return -ENOBUFS;
1698 		i = 0;
1699 		stypes = mgmt_stypes[ift].rx;
1700 		while (stypes) {
1701 			if ((stypes & 1) &&
1702 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1703 					(i << 4) | IEEE80211_FTYPE_MGMT))
1704 				return -ENOBUFS;
1705 			stypes >>= 1;
1706 			i++;
1707 		}
1708 		nla_nest_end(msg, nl_ftypes);
1709 	}
1710 	nla_nest_end(msg, nl_ifs);
1711 
1712 	return 0;
1713 }
1714 
1715 #define CMD(op, n)							\
1716 	 do {								\
1717 		if (rdev->ops->op) {					\
1718 			i++;						\
1719 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
1720 				goto nla_put_failure;			\
1721 		}							\
1722 	} while (0)
1723 
1724 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1725 					struct sk_buff *msg)
1726 {
1727 	int i = 0;
1728 
1729 	/*
1730 	 * do *NOT* add anything into this function, new things need to be
1731 	 * advertised only to new versions of userspace that can deal with
1732 	 * the split (and they can't possibly care about new features...
1733 	 */
1734 	CMD(add_virtual_intf, NEW_INTERFACE);
1735 	CMD(change_virtual_intf, SET_INTERFACE);
1736 	CMD(add_key, NEW_KEY);
1737 	CMD(start_ap, START_AP);
1738 	CMD(add_station, NEW_STATION);
1739 	CMD(add_mpath, NEW_MPATH);
1740 	CMD(update_mesh_config, SET_MESH_CONFIG);
1741 	CMD(change_bss, SET_BSS);
1742 	CMD(auth, AUTHENTICATE);
1743 	CMD(assoc, ASSOCIATE);
1744 	CMD(deauth, DEAUTHENTICATE);
1745 	CMD(disassoc, DISASSOCIATE);
1746 	CMD(join_ibss, JOIN_IBSS);
1747 	CMD(join_mesh, JOIN_MESH);
1748 	CMD(set_pmksa, SET_PMKSA);
1749 	CMD(del_pmksa, DEL_PMKSA);
1750 	CMD(flush_pmksa, FLUSH_PMKSA);
1751 	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1752 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1753 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1754 	CMD(mgmt_tx, FRAME);
1755 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1756 	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1757 		i++;
1758 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1759 			goto nla_put_failure;
1760 	}
1761 	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1762 	    rdev->ops->join_mesh) {
1763 		i++;
1764 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1765 			goto nla_put_failure;
1766 	}
1767 	CMD(set_wds_peer, SET_WDS_PEER);
1768 	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1769 		CMD(tdls_mgmt, TDLS_MGMT);
1770 		CMD(tdls_oper, TDLS_OPER);
1771 	}
1772 	if (rdev->wiphy.max_sched_scan_reqs)
1773 		CMD(sched_scan_start, START_SCHED_SCAN);
1774 	CMD(probe_client, PROBE_CLIENT);
1775 	CMD(set_noack_map, SET_NOACK_MAP);
1776 	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1777 		i++;
1778 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1779 			goto nla_put_failure;
1780 	}
1781 	CMD(start_p2p_device, START_P2P_DEVICE);
1782 	CMD(set_mcast_rate, SET_MCAST_RATE);
1783 #ifdef CONFIG_NL80211_TESTMODE
1784 	CMD(testmode_cmd, TESTMODE);
1785 #endif
1786 
1787 	if (rdev->ops->connect || rdev->ops->auth) {
1788 		i++;
1789 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1790 			goto nla_put_failure;
1791 	}
1792 
1793 	if (rdev->ops->disconnect || rdev->ops->deauth) {
1794 		i++;
1795 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1796 			goto nla_put_failure;
1797 	}
1798 
1799 	return i;
1800  nla_put_failure:
1801 	return -ENOBUFS;
1802 }
1803 
1804 static int
1805 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1806 			   struct sk_buff *msg)
1807 {
1808 	struct nlattr *ftm;
1809 
1810 	if (!cap->ftm.supported)
1811 		return 0;
1812 
1813 	ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1814 	if (!ftm)
1815 		return -ENOBUFS;
1816 
1817 	if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1818 		return -ENOBUFS;
1819 	if (cap->ftm.non_asap &&
1820 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1821 		return -ENOBUFS;
1822 	if (cap->ftm.request_lci &&
1823 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1824 		return -ENOBUFS;
1825 	if (cap->ftm.request_civicloc &&
1826 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1827 		return -ENOBUFS;
1828 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1829 			cap->ftm.preambles))
1830 		return -ENOBUFS;
1831 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1832 			cap->ftm.bandwidths))
1833 		return -ENOBUFS;
1834 	if (cap->ftm.max_bursts_exponent >= 0 &&
1835 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1836 			cap->ftm.max_bursts_exponent))
1837 		return -ENOBUFS;
1838 	if (cap->ftm.max_ftms_per_burst &&
1839 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1840 			cap->ftm.max_ftms_per_burst))
1841 		return -ENOBUFS;
1842 
1843 	nla_nest_end(msg, ftm);
1844 	return 0;
1845 }
1846 
1847 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1848 				  struct sk_buff *msg)
1849 {
1850 	const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1851 	struct nlattr *pmsr, *caps;
1852 
1853 	if (!cap)
1854 		return 0;
1855 
1856 	/*
1857 	 * we don't need to clean up anything here since the caller
1858 	 * will genlmsg_cancel() if we fail
1859 	 */
1860 
1861 	pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1862 	if (!pmsr)
1863 		return -ENOBUFS;
1864 
1865 	if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1866 		return -ENOBUFS;
1867 
1868 	if (cap->report_ap_tsf &&
1869 	    nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1870 		return -ENOBUFS;
1871 
1872 	if (cap->randomize_mac_addr &&
1873 	    nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1874 		return -ENOBUFS;
1875 
1876 	caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1877 	if (!caps)
1878 		return -ENOBUFS;
1879 
1880 	if (nl80211_send_pmsr_ftm_capa(cap, msg))
1881 		return -ENOBUFS;
1882 
1883 	nla_nest_end(msg, caps);
1884 	nla_nest_end(msg, pmsr);
1885 
1886 	return 0;
1887 }
1888 
1889 struct nl80211_dump_wiphy_state {
1890 	s64 filter_wiphy;
1891 	long start;
1892 	long split_start, band_start, chan_start, capa_start;
1893 	bool split;
1894 };
1895 
1896 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1897 			      enum nl80211_commands cmd,
1898 			      struct sk_buff *msg, u32 portid, u32 seq,
1899 			      int flags, struct nl80211_dump_wiphy_state *state)
1900 {
1901 	void *hdr;
1902 	struct nlattr *nl_bands, *nl_band;
1903 	struct nlattr *nl_freqs, *nl_freq;
1904 	struct nlattr *nl_cmds;
1905 	enum nl80211_band band;
1906 	struct ieee80211_channel *chan;
1907 	int i;
1908 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1909 				rdev->wiphy.mgmt_stypes;
1910 	u32 features;
1911 
1912 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1913 	if (!hdr)
1914 		return -ENOBUFS;
1915 
1916 	if (WARN_ON(!state))
1917 		return -EINVAL;
1918 
1919 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1920 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1921 			   wiphy_name(&rdev->wiphy)) ||
1922 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1923 			cfg80211_rdev_list_generation))
1924 		goto nla_put_failure;
1925 
1926 	if (cmd != NL80211_CMD_NEW_WIPHY)
1927 		goto finish;
1928 
1929 	switch (state->split_start) {
1930 	case 0:
1931 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1932 			       rdev->wiphy.retry_short) ||
1933 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1934 			       rdev->wiphy.retry_long) ||
1935 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1936 				rdev->wiphy.frag_threshold) ||
1937 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1938 				rdev->wiphy.rts_threshold) ||
1939 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1940 			       rdev->wiphy.coverage_class) ||
1941 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1942 			       rdev->wiphy.max_scan_ssids) ||
1943 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1944 			       rdev->wiphy.max_sched_scan_ssids) ||
1945 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1946 				rdev->wiphy.max_scan_ie_len) ||
1947 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1948 				rdev->wiphy.max_sched_scan_ie_len) ||
1949 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1950 			       rdev->wiphy.max_match_sets) ||
1951 		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1952 				rdev->wiphy.max_sched_scan_plans) ||
1953 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1954 				rdev->wiphy.max_sched_scan_plan_interval) ||
1955 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1956 				rdev->wiphy.max_sched_scan_plan_iterations))
1957 			goto nla_put_failure;
1958 
1959 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1960 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1961 			goto nla_put_failure;
1962 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1963 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1964 			goto nla_put_failure;
1965 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1966 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1967 			goto nla_put_failure;
1968 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1969 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1970 			goto nla_put_failure;
1971 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1972 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1973 			goto nla_put_failure;
1974 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1975 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1976 			goto nla_put_failure;
1977 		state->split_start++;
1978 		if (state->split)
1979 			break;
1980 		/* fall through */
1981 	case 1:
1982 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1983 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1984 			    rdev->wiphy.cipher_suites))
1985 			goto nla_put_failure;
1986 
1987 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1988 			       rdev->wiphy.max_num_pmkids))
1989 			goto nla_put_failure;
1990 
1991 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1992 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1993 			goto nla_put_failure;
1994 
1995 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1996 				rdev->wiphy.available_antennas_tx) ||
1997 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1998 				rdev->wiphy.available_antennas_rx))
1999 			goto nla_put_failure;
2000 
2001 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
2002 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
2003 				rdev->wiphy.probe_resp_offload))
2004 			goto nla_put_failure;
2005 
2006 		if ((rdev->wiphy.available_antennas_tx ||
2007 		     rdev->wiphy.available_antennas_rx) &&
2008 		    rdev->ops->get_antenna) {
2009 			u32 tx_ant = 0, rx_ant = 0;
2010 			int res;
2011 
2012 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
2013 			if (!res) {
2014 				if (nla_put_u32(msg,
2015 						NL80211_ATTR_WIPHY_ANTENNA_TX,
2016 						tx_ant) ||
2017 				    nla_put_u32(msg,
2018 						NL80211_ATTR_WIPHY_ANTENNA_RX,
2019 						rx_ant))
2020 					goto nla_put_failure;
2021 			}
2022 		}
2023 
2024 		state->split_start++;
2025 		if (state->split)
2026 			break;
2027 		/* fall through */
2028 	case 2:
2029 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
2030 					rdev->wiphy.interface_modes))
2031 				goto nla_put_failure;
2032 		state->split_start++;
2033 		if (state->split)
2034 			break;
2035 		/* fall through */
2036 	case 3:
2037 		nl_bands = nla_nest_start_noflag(msg,
2038 						 NL80211_ATTR_WIPHY_BANDS);
2039 		if (!nl_bands)
2040 			goto nla_put_failure;
2041 
2042 		for (band = state->band_start;
2043 		     band < NUM_NL80211_BANDS; band++) {
2044 			struct ieee80211_supported_band *sband;
2045 
2046 			sband = rdev->wiphy.bands[band];
2047 
2048 			if (!sband)
2049 				continue;
2050 
2051 			nl_band = nla_nest_start_noflag(msg, band);
2052 			if (!nl_band)
2053 				goto nla_put_failure;
2054 
2055 			switch (state->chan_start) {
2056 			case 0:
2057 				if (nl80211_send_band_rateinfo(msg, sband))
2058 					goto nla_put_failure;
2059 				state->chan_start++;
2060 				if (state->split)
2061 					break;
2062 				/* fall through */
2063 			default:
2064 				/* add frequencies */
2065 				nl_freqs = nla_nest_start_noflag(msg,
2066 								 NL80211_BAND_ATTR_FREQS);
2067 				if (!nl_freqs)
2068 					goto nla_put_failure;
2069 
2070 				for (i = state->chan_start - 1;
2071 				     i < sband->n_channels;
2072 				     i++) {
2073 					nl_freq = nla_nest_start_noflag(msg,
2074 									i);
2075 					if (!nl_freq)
2076 						goto nla_put_failure;
2077 
2078 					chan = &sband->channels[i];
2079 
2080 					if (nl80211_msg_put_channel(
2081 							msg, &rdev->wiphy, chan,
2082 							state->split))
2083 						goto nla_put_failure;
2084 
2085 					nla_nest_end(msg, nl_freq);
2086 					if (state->split)
2087 						break;
2088 				}
2089 				if (i < sband->n_channels)
2090 					state->chan_start = i + 2;
2091 				else
2092 					state->chan_start = 0;
2093 				nla_nest_end(msg, nl_freqs);
2094 			}
2095 
2096 			nla_nest_end(msg, nl_band);
2097 
2098 			if (state->split) {
2099 				/* start again here */
2100 				if (state->chan_start)
2101 					band--;
2102 				break;
2103 			}
2104 		}
2105 		nla_nest_end(msg, nl_bands);
2106 
2107 		if (band < NUM_NL80211_BANDS)
2108 			state->band_start = band + 1;
2109 		else
2110 			state->band_start = 0;
2111 
2112 		/* if bands & channels are done, continue outside */
2113 		if (state->band_start == 0 && state->chan_start == 0)
2114 			state->split_start++;
2115 		if (state->split)
2116 			break;
2117 		/* fall through */
2118 	case 4:
2119 		nl_cmds = nla_nest_start_noflag(msg,
2120 						NL80211_ATTR_SUPPORTED_COMMANDS);
2121 		if (!nl_cmds)
2122 			goto nla_put_failure;
2123 
2124 		i = nl80211_add_commands_unsplit(rdev, msg);
2125 		if (i < 0)
2126 			goto nla_put_failure;
2127 		if (state->split) {
2128 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
2129 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2130 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2131 				CMD(channel_switch, CHANNEL_SWITCH);
2132 			CMD(set_qos_map, SET_QOS_MAP);
2133 			if (rdev->wiphy.features &
2134 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2135 				CMD(add_tx_ts, ADD_TX_TS);
2136 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2137 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2138 			CMD(update_ft_ies, UPDATE_FT_IES);
2139 		}
2140 #undef CMD
2141 
2142 		nla_nest_end(msg, nl_cmds);
2143 		state->split_start++;
2144 		if (state->split)
2145 			break;
2146 		/* fall through */
2147 	case 5:
2148 		if (rdev->ops->remain_on_channel &&
2149 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2150 		    nla_put_u32(msg,
2151 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2152 				rdev->wiphy.max_remain_on_channel_duration))
2153 			goto nla_put_failure;
2154 
2155 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2156 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2157 			goto nla_put_failure;
2158 
2159 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2160 			goto nla_put_failure;
2161 		state->split_start++;
2162 		if (state->split)
2163 			break;
2164 		/* fall through */
2165 	case 6:
2166 #ifdef CONFIG_PM
2167 		if (nl80211_send_wowlan(msg, rdev, state->split))
2168 			goto nla_put_failure;
2169 		state->split_start++;
2170 		if (state->split)
2171 			break;
2172 #else
2173 		state->split_start++;
2174 #endif
2175 		/* fall through */
2176 	case 7:
2177 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2178 					rdev->wiphy.software_iftypes))
2179 			goto nla_put_failure;
2180 
2181 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2182 						   state->split))
2183 			goto nla_put_failure;
2184 
2185 		state->split_start++;
2186 		if (state->split)
2187 			break;
2188 		/* fall through */
2189 	case 8:
2190 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2191 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2192 				rdev->wiphy.ap_sme_capa))
2193 			goto nla_put_failure;
2194 
2195 		features = rdev->wiphy.features;
2196 		/*
2197 		 * We can only add the per-channel limit information if the
2198 		 * dump is split, otherwise it makes it too big. Therefore
2199 		 * only advertise it in that case.
2200 		 */
2201 		if (state->split)
2202 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2203 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2204 			goto nla_put_failure;
2205 
2206 		if (rdev->wiphy.ht_capa_mod_mask &&
2207 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2208 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
2209 			    rdev->wiphy.ht_capa_mod_mask))
2210 			goto nla_put_failure;
2211 
2212 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2213 		    rdev->wiphy.max_acl_mac_addrs &&
2214 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2215 				rdev->wiphy.max_acl_mac_addrs))
2216 			goto nla_put_failure;
2217 
2218 		/*
2219 		 * Any information below this point is only available to
2220 		 * applications that can deal with it being split. This
2221 		 * helps ensure that newly added capabilities don't break
2222 		 * older tools by overrunning their buffers.
2223 		 *
2224 		 * We still increment split_start so that in the split
2225 		 * case we'll continue with more data in the next round,
2226 		 * but break unconditionally so unsplit data stops here.
2227 		 */
2228 		state->split_start++;
2229 		break;
2230 	case 9:
2231 		if (rdev->wiphy.extended_capabilities &&
2232 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2233 			     rdev->wiphy.extended_capabilities_len,
2234 			     rdev->wiphy.extended_capabilities) ||
2235 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2236 			     rdev->wiphy.extended_capabilities_len,
2237 			     rdev->wiphy.extended_capabilities_mask)))
2238 			goto nla_put_failure;
2239 
2240 		if (rdev->wiphy.vht_capa_mod_mask &&
2241 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2242 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
2243 			    rdev->wiphy.vht_capa_mod_mask))
2244 			goto nla_put_failure;
2245 
2246 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
2247 			    rdev->wiphy.perm_addr))
2248 			goto nla_put_failure;
2249 
2250 		if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
2251 		    nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
2252 			    rdev->wiphy.addr_mask))
2253 			goto nla_put_failure;
2254 
2255 		if (rdev->wiphy.n_addresses > 1) {
2256 			void *attr;
2257 
2258 			attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
2259 			if (!attr)
2260 				goto nla_put_failure;
2261 
2262 			for (i = 0; i < rdev->wiphy.n_addresses; i++)
2263 				if (nla_put(msg, i + 1, ETH_ALEN,
2264 					    rdev->wiphy.addresses[i].addr))
2265 					goto nla_put_failure;
2266 
2267 			nla_nest_end(msg, attr);
2268 		}
2269 
2270 		state->split_start++;
2271 		break;
2272 	case 10:
2273 		if (nl80211_send_coalesce(msg, rdev))
2274 			goto nla_put_failure;
2275 
2276 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2277 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2278 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2279 			goto nla_put_failure;
2280 
2281 		if (rdev->wiphy.max_ap_assoc_sta &&
2282 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2283 				rdev->wiphy.max_ap_assoc_sta))
2284 			goto nla_put_failure;
2285 
2286 		state->split_start++;
2287 		break;
2288 	case 11:
2289 		if (rdev->wiphy.n_vendor_commands) {
2290 			const struct nl80211_vendor_cmd_info *info;
2291 			struct nlattr *nested;
2292 
2293 			nested = nla_nest_start_noflag(msg,
2294 						       NL80211_ATTR_VENDOR_DATA);
2295 			if (!nested)
2296 				goto nla_put_failure;
2297 
2298 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2299 				info = &rdev->wiphy.vendor_commands[i].info;
2300 				if (nla_put(msg, i + 1, sizeof(*info), info))
2301 					goto nla_put_failure;
2302 			}
2303 			nla_nest_end(msg, nested);
2304 		}
2305 
2306 		if (rdev->wiphy.n_vendor_events) {
2307 			const struct nl80211_vendor_cmd_info *info;
2308 			struct nlattr *nested;
2309 
2310 			nested = nla_nest_start_noflag(msg,
2311 						       NL80211_ATTR_VENDOR_EVENTS);
2312 			if (!nested)
2313 				goto nla_put_failure;
2314 
2315 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2316 				info = &rdev->wiphy.vendor_events[i];
2317 				if (nla_put(msg, i + 1, sizeof(*info), info))
2318 					goto nla_put_failure;
2319 			}
2320 			nla_nest_end(msg, nested);
2321 		}
2322 		state->split_start++;
2323 		break;
2324 	case 12:
2325 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2326 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2327 			       rdev->wiphy.max_num_csa_counters))
2328 			goto nla_put_failure;
2329 
2330 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2331 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2332 			goto nla_put_failure;
2333 
2334 		if (rdev->wiphy.max_sched_scan_reqs &&
2335 		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2336 				rdev->wiphy.max_sched_scan_reqs))
2337 			goto nla_put_failure;
2338 
2339 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2340 			    sizeof(rdev->wiphy.ext_features),
2341 			    rdev->wiphy.ext_features))
2342 			goto nla_put_failure;
2343 
2344 		if (rdev->wiphy.bss_select_support) {
2345 			struct nlattr *nested;
2346 			u32 bss_select_support = rdev->wiphy.bss_select_support;
2347 
2348 			nested = nla_nest_start_noflag(msg,
2349 						       NL80211_ATTR_BSS_SELECT);
2350 			if (!nested)
2351 				goto nla_put_failure;
2352 
2353 			i = 0;
2354 			while (bss_select_support) {
2355 				if ((bss_select_support & 1) &&
2356 				    nla_put_flag(msg, i))
2357 					goto nla_put_failure;
2358 				i++;
2359 				bss_select_support >>= 1;
2360 			}
2361 			nla_nest_end(msg, nested);
2362 		}
2363 
2364 		state->split_start++;
2365 		break;
2366 	case 13:
2367 		if (rdev->wiphy.num_iftype_ext_capab &&
2368 		    rdev->wiphy.iftype_ext_capab) {
2369 			struct nlattr *nested_ext_capab, *nested;
2370 
2371 			nested = nla_nest_start_noflag(msg,
2372 						       NL80211_ATTR_IFTYPE_EXT_CAPA);
2373 			if (!nested)
2374 				goto nla_put_failure;
2375 
2376 			for (i = state->capa_start;
2377 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
2378 				const struct wiphy_iftype_ext_capab *capab;
2379 
2380 				capab = &rdev->wiphy.iftype_ext_capab[i];
2381 
2382 				nested_ext_capab = nla_nest_start_noflag(msg,
2383 									 i);
2384 				if (!nested_ext_capab ||
2385 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2386 						capab->iftype) ||
2387 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
2388 					    capab->extended_capabilities_len,
2389 					    capab->extended_capabilities) ||
2390 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2391 					    capab->extended_capabilities_len,
2392 					    capab->extended_capabilities_mask))
2393 					goto nla_put_failure;
2394 
2395 				nla_nest_end(msg, nested_ext_capab);
2396 				if (state->split)
2397 					break;
2398 			}
2399 			nla_nest_end(msg, nested);
2400 			if (i < rdev->wiphy.num_iftype_ext_capab) {
2401 				state->capa_start = i + 1;
2402 				break;
2403 			}
2404 		}
2405 
2406 		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2407 				rdev->wiphy.nan_supported_bands))
2408 			goto nla_put_failure;
2409 
2410 		if (wiphy_ext_feature_isset(&rdev->wiphy,
2411 					    NL80211_EXT_FEATURE_TXQS)) {
2412 			struct cfg80211_txq_stats txqstats = {};
2413 			int res;
2414 
2415 			res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2416 			if (!res &&
2417 			    !nl80211_put_txq_stats(msg, &txqstats,
2418 						   NL80211_ATTR_TXQ_STATS))
2419 				goto nla_put_failure;
2420 
2421 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2422 					rdev->wiphy.txq_limit))
2423 				goto nla_put_failure;
2424 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2425 					rdev->wiphy.txq_memory_limit))
2426 				goto nla_put_failure;
2427 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2428 					rdev->wiphy.txq_quantum))
2429 				goto nla_put_failure;
2430 		}
2431 
2432 		state->split_start++;
2433 		break;
2434 	case 14:
2435 		if (nl80211_send_pmsr_capa(rdev, msg))
2436 			goto nla_put_failure;
2437 
2438 		state->split_start++;
2439 		break;
2440 	case 15:
2441 		if (rdev->wiphy.akm_suites &&
2442 		    nla_put(msg, NL80211_ATTR_AKM_SUITES,
2443 			    sizeof(u32) * rdev->wiphy.n_akm_suites,
2444 			    rdev->wiphy.akm_suites))
2445 			goto nla_put_failure;
2446 
2447 		/* done */
2448 		state->split_start = 0;
2449 		break;
2450 	}
2451  finish:
2452 	genlmsg_end(msg, hdr);
2453 	return 0;
2454 
2455  nla_put_failure:
2456 	genlmsg_cancel(msg, hdr);
2457 	return -EMSGSIZE;
2458 }
2459 
2460 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2461 				    struct netlink_callback *cb,
2462 				    struct nl80211_dump_wiphy_state *state)
2463 {
2464 	struct nlattr **tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
2465 	int ret;
2466 
2467 	if (!tb)
2468 		return -ENOMEM;
2469 
2470 	ret = nlmsg_parse_deprecated(cb->nlh,
2471 				     GENL_HDRLEN + nl80211_fam.hdrsize,
2472 				     tb, nl80211_fam.maxattr,
2473 				     nl80211_policy, NULL);
2474 	/* ignore parse errors for backward compatibility */
2475 	if (ret) {
2476 		ret = 0;
2477 		goto out;
2478 	}
2479 
2480 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2481 	if (tb[NL80211_ATTR_WIPHY])
2482 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2483 	if (tb[NL80211_ATTR_WDEV])
2484 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2485 	if (tb[NL80211_ATTR_IFINDEX]) {
2486 		struct net_device *netdev;
2487 		struct cfg80211_registered_device *rdev;
2488 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2489 
2490 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2491 		if (!netdev) {
2492 			ret = -ENODEV;
2493 			goto out;
2494 		}
2495 		if (netdev->ieee80211_ptr) {
2496 			rdev = wiphy_to_rdev(
2497 				netdev->ieee80211_ptr->wiphy);
2498 			state->filter_wiphy = rdev->wiphy_idx;
2499 		}
2500 	}
2501 
2502 	ret = 0;
2503 out:
2504 	kfree(tb);
2505 	return ret;
2506 }
2507 
2508 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2509 {
2510 	int idx = 0, ret;
2511 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2512 	struct cfg80211_registered_device *rdev;
2513 
2514 	rtnl_lock();
2515 	if (!state) {
2516 		state = kzalloc(sizeof(*state), GFP_KERNEL);
2517 		if (!state) {
2518 			rtnl_unlock();
2519 			return -ENOMEM;
2520 		}
2521 		state->filter_wiphy = -1;
2522 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
2523 		if (ret) {
2524 			kfree(state);
2525 			rtnl_unlock();
2526 			return ret;
2527 		}
2528 		cb->args[0] = (long)state;
2529 	}
2530 
2531 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2532 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2533 			continue;
2534 		if (++idx <= state->start)
2535 			continue;
2536 		if (state->filter_wiphy != -1 &&
2537 		    state->filter_wiphy != rdev->wiphy_idx)
2538 			continue;
2539 		/* attempt to fit multiple wiphy data chunks into the skb */
2540 		do {
2541 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2542 						 skb,
2543 						 NETLINK_CB(cb->skb).portid,
2544 						 cb->nlh->nlmsg_seq,
2545 						 NLM_F_MULTI, state);
2546 			if (ret < 0) {
2547 				/*
2548 				 * If sending the wiphy data didn't fit (ENOBUFS
2549 				 * or EMSGSIZE returned), this SKB is still
2550 				 * empty (so it's not too big because another
2551 				 * wiphy dataset is already in the skb) and
2552 				 * we've not tried to adjust the dump allocation
2553 				 * yet ... then adjust the alloc size to be
2554 				 * bigger, and return 1 but with the empty skb.
2555 				 * This results in an empty message being RX'ed
2556 				 * in userspace, but that is ignored.
2557 				 *
2558 				 * We can then retry with the larger buffer.
2559 				 */
2560 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2561 				    !skb->len && !state->split &&
2562 				    cb->min_dump_alloc < 4096) {
2563 					cb->min_dump_alloc = 4096;
2564 					state->split_start = 0;
2565 					rtnl_unlock();
2566 					return 1;
2567 				}
2568 				idx--;
2569 				break;
2570 			}
2571 		} while (state->split_start > 0);
2572 		break;
2573 	}
2574 	rtnl_unlock();
2575 
2576 	state->start = idx;
2577 
2578 	return skb->len;
2579 }
2580 
2581 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2582 {
2583 	kfree((void *)cb->args[0]);
2584 	return 0;
2585 }
2586 
2587 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2588 {
2589 	struct sk_buff *msg;
2590 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2591 	struct nl80211_dump_wiphy_state state = {};
2592 
2593 	msg = nlmsg_new(4096, GFP_KERNEL);
2594 	if (!msg)
2595 		return -ENOMEM;
2596 
2597 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2598 			       info->snd_portid, info->snd_seq, 0,
2599 			       &state) < 0) {
2600 		nlmsg_free(msg);
2601 		return -ENOBUFS;
2602 	}
2603 
2604 	return genlmsg_reply(msg, info);
2605 }
2606 
2607 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2608 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
2609 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
2610 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
2611 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
2612 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
2613 };
2614 
2615 static int parse_txq_params(struct nlattr *tb[],
2616 			    struct ieee80211_txq_params *txq_params)
2617 {
2618 	u8 ac;
2619 
2620 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2621 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2622 	    !tb[NL80211_TXQ_ATTR_AIFS])
2623 		return -EINVAL;
2624 
2625 	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2626 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2627 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2628 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2629 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2630 
2631 	if (ac >= NL80211_NUM_ACS)
2632 		return -EINVAL;
2633 	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2634 	return 0;
2635 }
2636 
2637 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2638 {
2639 	/*
2640 	 * You can only set the channel explicitly for WDS interfaces,
2641 	 * all others have their channel managed via their respective
2642 	 * "establish a connection" command (connect, join, ...)
2643 	 *
2644 	 * For AP/GO and mesh mode, the channel can be set with the
2645 	 * channel userspace API, but is only stored and passed to the
2646 	 * low-level driver when the AP starts or the mesh is joined.
2647 	 * This is for backward compatibility, userspace can also give
2648 	 * the channel in the start-ap or join-mesh commands instead.
2649 	 *
2650 	 * Monitors are special as they are normally slaved to
2651 	 * whatever else is going on, so they have their own special
2652 	 * operation to set the monitor channel if possible.
2653 	 */
2654 	return !wdev ||
2655 		wdev->iftype == NL80211_IFTYPE_AP ||
2656 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2657 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
2658 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
2659 }
2660 
2661 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2662 			  struct genl_info *info,
2663 			  struct cfg80211_chan_def *chandef)
2664 {
2665 	struct netlink_ext_ack *extack = info->extack;
2666 	struct nlattr **attrs = info->attrs;
2667 	u32 control_freq;
2668 
2669 	if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2670 		return -EINVAL;
2671 
2672 	control_freq = nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]);
2673 
2674 	memset(chandef, 0, sizeof(*chandef));
2675 
2676 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2677 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2678 	chandef->center_freq1 = control_freq;
2679 	chandef->center_freq2 = 0;
2680 
2681 	/* Primary channel not allowed */
2682 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2683 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2684 				    "Channel is disabled");
2685 		return -EINVAL;
2686 	}
2687 
2688 	if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2689 		enum nl80211_channel_type chantype;
2690 
2691 		chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2692 
2693 		switch (chantype) {
2694 		case NL80211_CHAN_NO_HT:
2695 		case NL80211_CHAN_HT20:
2696 		case NL80211_CHAN_HT40PLUS:
2697 		case NL80211_CHAN_HT40MINUS:
2698 			cfg80211_chandef_create(chandef, chandef->chan,
2699 						chantype);
2700 			/* user input for center_freq is incorrect */
2701 			if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2702 			    chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2703 				NL_SET_ERR_MSG_ATTR(extack,
2704 						    attrs[NL80211_ATTR_CENTER_FREQ1],
2705 						    "bad center frequency 1");
2706 				return -EINVAL;
2707 			}
2708 			/* center_freq2 must be zero */
2709 			if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2710 			    nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2711 				NL_SET_ERR_MSG_ATTR(extack,
2712 						    attrs[NL80211_ATTR_CENTER_FREQ2],
2713 						    "center frequency 2 can't be used");
2714 				return -EINVAL;
2715 			}
2716 			break;
2717 		default:
2718 			NL_SET_ERR_MSG_ATTR(extack,
2719 					    attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2720 					    "invalid channel type");
2721 			return -EINVAL;
2722 		}
2723 	} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2724 		chandef->width =
2725 			nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2726 		if (attrs[NL80211_ATTR_CENTER_FREQ1])
2727 			chandef->center_freq1 =
2728 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2729 		if (attrs[NL80211_ATTR_CENTER_FREQ2])
2730 			chandef->center_freq2 =
2731 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2732 	}
2733 
2734 	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
2735 		chandef->edmg.channels =
2736 		      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
2737 
2738 		if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
2739 			chandef->edmg.bw_config =
2740 		     nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
2741 	} else {
2742 		chandef->edmg.bw_config = 0;
2743 		chandef->edmg.channels = 0;
2744 	}
2745 
2746 	if (!cfg80211_chandef_valid(chandef)) {
2747 		NL_SET_ERR_MSG(extack, "invalid channel definition");
2748 		return -EINVAL;
2749 	}
2750 
2751 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2752 				     IEEE80211_CHAN_DISABLED)) {
2753 		NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2754 		return -EINVAL;
2755 	}
2756 
2757 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2758 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
2759 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2760 		NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2761 		return -EINVAL;
2762 	}
2763 
2764 	return 0;
2765 }
2766 
2767 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2768 				 struct net_device *dev,
2769 				 struct genl_info *info)
2770 {
2771 	struct cfg80211_chan_def chandef;
2772 	int result;
2773 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2774 	struct wireless_dev *wdev = NULL;
2775 
2776 	if (dev)
2777 		wdev = dev->ieee80211_ptr;
2778 	if (!nl80211_can_set_dev_channel(wdev))
2779 		return -EOPNOTSUPP;
2780 	if (wdev)
2781 		iftype = wdev->iftype;
2782 
2783 	result = nl80211_parse_chandef(rdev, info, &chandef);
2784 	if (result)
2785 		return result;
2786 
2787 	switch (iftype) {
2788 	case NL80211_IFTYPE_AP:
2789 	case NL80211_IFTYPE_P2P_GO:
2790 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2791 						   iftype)) {
2792 			result = -EINVAL;
2793 			break;
2794 		}
2795 		if (wdev->beacon_interval) {
2796 			if (!dev || !rdev->ops->set_ap_chanwidth ||
2797 			    !(rdev->wiphy.features &
2798 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2799 				result = -EBUSY;
2800 				break;
2801 			}
2802 
2803 			/* Only allow dynamic channel width changes */
2804 			if (chandef.chan != wdev->preset_chandef.chan) {
2805 				result = -EBUSY;
2806 				break;
2807 			}
2808 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2809 			if (result)
2810 				break;
2811 		}
2812 		wdev->preset_chandef = chandef;
2813 		result = 0;
2814 		break;
2815 	case NL80211_IFTYPE_MESH_POINT:
2816 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2817 		break;
2818 	case NL80211_IFTYPE_MONITOR:
2819 		result = cfg80211_set_monitor_channel(rdev, &chandef);
2820 		break;
2821 	default:
2822 		result = -EINVAL;
2823 	}
2824 
2825 	return result;
2826 }
2827 
2828 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2829 {
2830 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2831 	struct net_device *netdev = info->user_ptr[1];
2832 
2833 	return __nl80211_set_channel(rdev, netdev, info);
2834 }
2835 
2836 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2837 {
2838 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2839 	struct net_device *dev = info->user_ptr[1];
2840 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2841 	const u8 *bssid;
2842 
2843 	if (!info->attrs[NL80211_ATTR_MAC])
2844 		return -EINVAL;
2845 
2846 	if (netif_running(dev))
2847 		return -EBUSY;
2848 
2849 	if (!rdev->ops->set_wds_peer)
2850 		return -EOPNOTSUPP;
2851 
2852 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2853 		return -EOPNOTSUPP;
2854 
2855 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2856 	return rdev_set_wds_peer(rdev, dev, bssid);
2857 }
2858 
2859 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2860 {
2861 	struct cfg80211_registered_device *rdev;
2862 	struct net_device *netdev = NULL;
2863 	struct wireless_dev *wdev;
2864 	int result = 0, rem_txq_params = 0;
2865 	struct nlattr *nl_txq_params;
2866 	u32 changed;
2867 	u8 retry_short = 0, retry_long = 0;
2868 	u32 frag_threshold = 0, rts_threshold = 0;
2869 	u8 coverage_class = 0;
2870 	u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2871 
2872 	ASSERT_RTNL();
2873 
2874 	/*
2875 	 * Try to find the wiphy and netdev. Normally this
2876 	 * function shouldn't need the netdev, but this is
2877 	 * done for backward compatibility -- previously
2878 	 * setting the channel was done per wiphy, but now
2879 	 * it is per netdev. Previous userland like hostapd
2880 	 * also passed a netdev to set_wiphy, so that it is
2881 	 * possible to let that go to the right netdev!
2882 	 */
2883 
2884 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2885 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2886 
2887 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2888 		if (netdev && netdev->ieee80211_ptr)
2889 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2890 		else
2891 			netdev = NULL;
2892 	}
2893 
2894 	if (!netdev) {
2895 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2896 						  info->attrs);
2897 		if (IS_ERR(rdev))
2898 			return PTR_ERR(rdev);
2899 		wdev = NULL;
2900 		netdev = NULL;
2901 		result = 0;
2902 	} else
2903 		wdev = netdev->ieee80211_ptr;
2904 
2905 	/*
2906 	 * end workaround code, by now the rdev is available
2907 	 * and locked, and wdev may or may not be NULL.
2908 	 */
2909 
2910 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2911 		result = cfg80211_dev_rename(
2912 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2913 
2914 	if (result)
2915 		return result;
2916 
2917 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2918 		struct ieee80211_txq_params txq_params;
2919 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2920 
2921 		if (!rdev->ops->set_txq_params)
2922 			return -EOPNOTSUPP;
2923 
2924 		if (!netdev)
2925 			return -EINVAL;
2926 
2927 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2928 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2929 			return -EINVAL;
2930 
2931 		if (!netif_running(netdev))
2932 			return -ENETDOWN;
2933 
2934 		nla_for_each_nested(nl_txq_params,
2935 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2936 				    rem_txq_params) {
2937 			result = nla_parse_nested_deprecated(tb,
2938 							     NL80211_TXQ_ATTR_MAX,
2939 							     nl_txq_params,
2940 							     txq_params_policy,
2941 							     info->extack);
2942 			if (result)
2943 				return result;
2944 			result = parse_txq_params(tb, &txq_params);
2945 			if (result)
2946 				return result;
2947 
2948 			result = rdev_set_txq_params(rdev, netdev,
2949 						     &txq_params);
2950 			if (result)
2951 				return result;
2952 		}
2953 	}
2954 
2955 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2956 		result = __nl80211_set_channel(
2957 			rdev,
2958 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2959 			info);
2960 		if (result)
2961 			return result;
2962 	}
2963 
2964 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2965 		struct wireless_dev *txp_wdev = wdev;
2966 		enum nl80211_tx_power_setting type;
2967 		int idx, mbm = 0;
2968 
2969 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2970 			txp_wdev = NULL;
2971 
2972 		if (!rdev->ops->set_tx_power)
2973 			return -EOPNOTSUPP;
2974 
2975 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2976 		type = nla_get_u32(info->attrs[idx]);
2977 
2978 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2979 		    (type != NL80211_TX_POWER_AUTOMATIC))
2980 			return -EINVAL;
2981 
2982 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2983 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2984 			mbm = nla_get_u32(info->attrs[idx]);
2985 		}
2986 
2987 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2988 		if (result)
2989 			return result;
2990 	}
2991 
2992 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2993 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2994 		u32 tx_ant, rx_ant;
2995 
2996 		if ((!rdev->wiphy.available_antennas_tx &&
2997 		     !rdev->wiphy.available_antennas_rx) ||
2998 		    !rdev->ops->set_antenna)
2999 			return -EOPNOTSUPP;
3000 
3001 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
3002 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
3003 
3004 		/* reject antenna configurations which don't match the
3005 		 * available antenna masks, except for the "all" mask */
3006 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
3007 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
3008 			return -EINVAL;
3009 
3010 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
3011 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
3012 
3013 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
3014 		if (result)
3015 			return result;
3016 	}
3017 
3018 	changed = 0;
3019 
3020 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
3021 		retry_short = nla_get_u8(
3022 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
3023 
3024 		changed |= WIPHY_PARAM_RETRY_SHORT;
3025 	}
3026 
3027 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
3028 		retry_long = nla_get_u8(
3029 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
3030 
3031 		changed |= WIPHY_PARAM_RETRY_LONG;
3032 	}
3033 
3034 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
3035 		frag_threshold = nla_get_u32(
3036 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
3037 		if (frag_threshold < 256)
3038 			return -EINVAL;
3039 
3040 		if (frag_threshold != (u32) -1) {
3041 			/*
3042 			 * Fragments (apart from the last one) are required to
3043 			 * have even length. Make the fragmentation code
3044 			 * simpler by stripping LSB should someone try to use
3045 			 * odd threshold value.
3046 			 */
3047 			frag_threshold &= ~0x1;
3048 		}
3049 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
3050 	}
3051 
3052 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
3053 		rts_threshold = nla_get_u32(
3054 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
3055 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
3056 	}
3057 
3058 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
3059 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
3060 			return -EINVAL;
3061 
3062 		coverage_class = nla_get_u8(
3063 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
3064 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
3065 	}
3066 
3067 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
3068 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
3069 			return -EOPNOTSUPP;
3070 
3071 		changed |= WIPHY_PARAM_DYN_ACK;
3072 	}
3073 
3074 	if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
3075 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3076 					     NL80211_EXT_FEATURE_TXQS))
3077 			return -EOPNOTSUPP;
3078 		txq_limit = nla_get_u32(
3079 			info->attrs[NL80211_ATTR_TXQ_LIMIT]);
3080 		changed |= WIPHY_PARAM_TXQ_LIMIT;
3081 	}
3082 
3083 	if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
3084 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3085 					     NL80211_EXT_FEATURE_TXQS))
3086 			return -EOPNOTSUPP;
3087 		txq_memory_limit = nla_get_u32(
3088 			info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
3089 		changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
3090 	}
3091 
3092 	if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
3093 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
3094 					     NL80211_EXT_FEATURE_TXQS))
3095 			return -EOPNOTSUPP;
3096 		txq_quantum = nla_get_u32(
3097 			info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
3098 		changed |= WIPHY_PARAM_TXQ_QUANTUM;
3099 	}
3100 
3101 	if (changed) {
3102 		u8 old_retry_short, old_retry_long;
3103 		u32 old_frag_threshold, old_rts_threshold;
3104 		u8 old_coverage_class;
3105 		u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
3106 
3107 		if (!rdev->ops->set_wiphy_params)
3108 			return -EOPNOTSUPP;
3109 
3110 		old_retry_short = rdev->wiphy.retry_short;
3111 		old_retry_long = rdev->wiphy.retry_long;
3112 		old_frag_threshold = rdev->wiphy.frag_threshold;
3113 		old_rts_threshold = rdev->wiphy.rts_threshold;
3114 		old_coverage_class = rdev->wiphy.coverage_class;
3115 		old_txq_limit = rdev->wiphy.txq_limit;
3116 		old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
3117 		old_txq_quantum = rdev->wiphy.txq_quantum;
3118 
3119 		if (changed & WIPHY_PARAM_RETRY_SHORT)
3120 			rdev->wiphy.retry_short = retry_short;
3121 		if (changed & WIPHY_PARAM_RETRY_LONG)
3122 			rdev->wiphy.retry_long = retry_long;
3123 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3124 			rdev->wiphy.frag_threshold = frag_threshold;
3125 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3126 			rdev->wiphy.rts_threshold = rts_threshold;
3127 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3128 			rdev->wiphy.coverage_class = coverage_class;
3129 		if (changed & WIPHY_PARAM_TXQ_LIMIT)
3130 			rdev->wiphy.txq_limit = txq_limit;
3131 		if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3132 			rdev->wiphy.txq_memory_limit = txq_memory_limit;
3133 		if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3134 			rdev->wiphy.txq_quantum = txq_quantum;
3135 
3136 		result = rdev_set_wiphy_params(rdev, changed);
3137 		if (result) {
3138 			rdev->wiphy.retry_short = old_retry_short;
3139 			rdev->wiphy.retry_long = old_retry_long;
3140 			rdev->wiphy.frag_threshold = old_frag_threshold;
3141 			rdev->wiphy.rts_threshold = old_rts_threshold;
3142 			rdev->wiphy.coverage_class = old_coverage_class;
3143 			rdev->wiphy.txq_limit = old_txq_limit;
3144 			rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3145 			rdev->wiphy.txq_quantum = old_txq_quantum;
3146 			return result;
3147 		}
3148 	}
3149 	return 0;
3150 }
3151 
3152 static int nl80211_send_chandef(struct sk_buff *msg,
3153 				const struct cfg80211_chan_def *chandef)
3154 {
3155 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3156 		return -EINVAL;
3157 
3158 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3159 			chandef->chan->center_freq))
3160 		return -ENOBUFS;
3161 	switch (chandef->width) {
3162 	case NL80211_CHAN_WIDTH_20_NOHT:
3163 	case NL80211_CHAN_WIDTH_20:
3164 	case NL80211_CHAN_WIDTH_40:
3165 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3166 				cfg80211_get_chandef_type(chandef)))
3167 			return -ENOBUFS;
3168 		break;
3169 	default:
3170 		break;
3171 	}
3172 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3173 		return -ENOBUFS;
3174 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3175 		return -ENOBUFS;
3176 	if (chandef->center_freq2 &&
3177 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3178 		return -ENOBUFS;
3179 	return 0;
3180 }
3181 
3182 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3183 			      struct cfg80211_registered_device *rdev,
3184 			      struct wireless_dev *wdev,
3185 			      enum nl80211_commands cmd)
3186 {
3187 	struct net_device *dev = wdev->netdev;
3188 	void *hdr;
3189 
3190 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3191 		cmd != NL80211_CMD_DEL_INTERFACE &&
3192 		cmd != NL80211_CMD_SET_INTERFACE);
3193 
3194 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3195 	if (!hdr)
3196 		return -1;
3197 
3198 	if (dev &&
3199 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3200 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3201 		goto nla_put_failure;
3202 
3203 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3204 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3205 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3206 			      NL80211_ATTR_PAD) ||
3207 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3208 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
3209 			rdev->devlist_generation ^
3210 			(cfg80211_rdev_list_generation << 2)) ||
3211 	    nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3212 		goto nla_put_failure;
3213 
3214 	if (rdev->ops->get_channel) {
3215 		int ret;
3216 		struct cfg80211_chan_def chandef = {};
3217 
3218 		ret = rdev_get_channel(rdev, wdev, &chandef);
3219 		if (ret == 0) {
3220 			if (nl80211_send_chandef(msg, &chandef))
3221 				goto nla_put_failure;
3222 		}
3223 	}
3224 
3225 	if (rdev->ops->get_tx_power) {
3226 		int dbm, ret;
3227 
3228 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
3229 		if (ret == 0 &&
3230 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3231 				DBM_TO_MBM(dbm)))
3232 			goto nla_put_failure;
3233 	}
3234 
3235 	wdev_lock(wdev);
3236 	switch (wdev->iftype) {
3237 	case NL80211_IFTYPE_AP:
3238 		if (wdev->ssid_len &&
3239 		    nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3240 			goto nla_put_failure_locked;
3241 		break;
3242 	case NL80211_IFTYPE_STATION:
3243 	case NL80211_IFTYPE_P2P_CLIENT:
3244 	case NL80211_IFTYPE_ADHOC: {
3245 		const u8 *ssid_ie;
3246 		if (!wdev->current_bss)
3247 			break;
3248 		rcu_read_lock();
3249 		ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3250 					       WLAN_EID_SSID);
3251 		if (ssid_ie &&
3252 		    nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3253 			goto nla_put_failure_rcu_locked;
3254 		rcu_read_unlock();
3255 		break;
3256 		}
3257 	default:
3258 		/* nothing */
3259 		break;
3260 	}
3261 	wdev_unlock(wdev);
3262 
3263 	if (rdev->ops->get_txq_stats) {
3264 		struct cfg80211_txq_stats txqstats = {};
3265 		int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3266 
3267 		if (ret == 0 &&
3268 		    !nl80211_put_txq_stats(msg, &txqstats,
3269 					   NL80211_ATTR_TXQ_STATS))
3270 			goto nla_put_failure;
3271 	}
3272 
3273 	genlmsg_end(msg, hdr);
3274 	return 0;
3275 
3276  nla_put_failure_rcu_locked:
3277 	rcu_read_unlock();
3278  nla_put_failure_locked:
3279 	wdev_unlock(wdev);
3280  nla_put_failure:
3281 	genlmsg_cancel(msg, hdr);
3282 	return -EMSGSIZE;
3283 }
3284 
3285 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3286 {
3287 	int wp_idx = 0;
3288 	int if_idx = 0;
3289 	int wp_start = cb->args[0];
3290 	int if_start = cb->args[1];
3291 	int filter_wiphy = -1;
3292 	struct cfg80211_registered_device *rdev;
3293 	struct wireless_dev *wdev;
3294 	int ret;
3295 
3296 	rtnl_lock();
3297 	if (!cb->args[2]) {
3298 		struct nl80211_dump_wiphy_state state = {
3299 			.filter_wiphy = -1,
3300 		};
3301 
3302 		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3303 		if (ret)
3304 			goto out_unlock;
3305 
3306 		filter_wiphy = state.filter_wiphy;
3307 
3308 		/*
3309 		 * if filtering, set cb->args[2] to +1 since 0 is the default
3310 		 * value needed to determine that parsing is necessary.
3311 		 */
3312 		if (filter_wiphy >= 0)
3313 			cb->args[2] = filter_wiphy + 1;
3314 		else
3315 			cb->args[2] = -1;
3316 	} else if (cb->args[2] > 0) {
3317 		filter_wiphy = cb->args[2] - 1;
3318 	}
3319 
3320 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3321 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3322 			continue;
3323 		if (wp_idx < wp_start) {
3324 			wp_idx++;
3325 			continue;
3326 		}
3327 
3328 		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3329 			continue;
3330 
3331 		if_idx = 0;
3332 
3333 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3334 			if (if_idx < if_start) {
3335 				if_idx++;
3336 				continue;
3337 			}
3338 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3339 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3340 					       rdev, wdev,
3341 					       NL80211_CMD_NEW_INTERFACE) < 0) {
3342 				goto out;
3343 			}
3344 			if_idx++;
3345 		}
3346 
3347 		wp_idx++;
3348 	}
3349  out:
3350 	cb->args[0] = wp_idx;
3351 	cb->args[1] = if_idx;
3352 
3353 	ret = skb->len;
3354  out_unlock:
3355 	rtnl_unlock();
3356 
3357 	return ret;
3358 }
3359 
3360 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3361 {
3362 	struct sk_buff *msg;
3363 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3364 	struct wireless_dev *wdev = info->user_ptr[1];
3365 
3366 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3367 	if (!msg)
3368 		return -ENOMEM;
3369 
3370 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3371 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3372 		nlmsg_free(msg);
3373 		return -ENOBUFS;
3374 	}
3375 
3376 	return genlmsg_reply(msg, info);
3377 }
3378 
3379 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3380 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3381 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3382 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3383 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3384 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3385 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3386 };
3387 
3388 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3389 {
3390 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3391 	int flag;
3392 
3393 	*mntrflags = 0;
3394 
3395 	if (!nla)
3396 		return -EINVAL;
3397 
3398 	if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3399 		return -EINVAL;
3400 
3401 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3402 		if (flags[flag])
3403 			*mntrflags |= (1<<flag);
3404 
3405 	*mntrflags |= MONITOR_FLAG_CHANGED;
3406 
3407 	return 0;
3408 }
3409 
3410 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3411 				     enum nl80211_iftype type,
3412 				     struct genl_info *info,
3413 				     struct vif_params *params)
3414 {
3415 	bool change = false;
3416 	int err;
3417 
3418 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3419 		if (type != NL80211_IFTYPE_MONITOR)
3420 			return -EINVAL;
3421 
3422 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3423 					  &params->flags);
3424 		if (err)
3425 			return err;
3426 
3427 		change = true;
3428 	}
3429 
3430 	if (params->flags & MONITOR_FLAG_ACTIVE &&
3431 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3432 		return -EOPNOTSUPP;
3433 
3434 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3435 		const u8 *mumimo_groups;
3436 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3437 
3438 		if (type != NL80211_IFTYPE_MONITOR)
3439 			return -EINVAL;
3440 
3441 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3442 			return -EOPNOTSUPP;
3443 
3444 		mumimo_groups =
3445 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3446 
3447 		/* bits 0 and 63 are reserved and must be zero */
3448 		if ((mumimo_groups[0] & BIT(0)) ||
3449 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3450 			return -EINVAL;
3451 
3452 		params->vht_mumimo_groups = mumimo_groups;
3453 		change = true;
3454 	}
3455 
3456 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3457 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3458 
3459 		if (type != NL80211_IFTYPE_MONITOR)
3460 			return -EINVAL;
3461 
3462 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3463 			return -EOPNOTSUPP;
3464 
3465 		params->vht_mumimo_follow_addr =
3466 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3467 		change = true;
3468 	}
3469 
3470 	return change ? 1 : 0;
3471 }
3472 
3473 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3474 			       struct net_device *netdev, u8 use_4addr,
3475 			       enum nl80211_iftype iftype)
3476 {
3477 	if (!use_4addr) {
3478 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3479 			return -EBUSY;
3480 		return 0;
3481 	}
3482 
3483 	switch (iftype) {
3484 	case NL80211_IFTYPE_AP_VLAN:
3485 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3486 			return 0;
3487 		break;
3488 	case NL80211_IFTYPE_STATION:
3489 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3490 			return 0;
3491 		break;
3492 	default:
3493 		break;
3494 	}
3495 
3496 	return -EOPNOTSUPP;
3497 }
3498 
3499 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3500 {
3501 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3502 	struct vif_params params;
3503 	int err;
3504 	enum nl80211_iftype otype, ntype;
3505 	struct net_device *dev = info->user_ptr[1];
3506 	bool change = false;
3507 
3508 	memset(&params, 0, sizeof(params));
3509 
3510 	otype = ntype = dev->ieee80211_ptr->iftype;
3511 
3512 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
3513 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3514 		if (otype != ntype)
3515 			change = true;
3516 	}
3517 
3518 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
3519 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3520 
3521 		if (ntype != NL80211_IFTYPE_MESH_POINT)
3522 			return -EINVAL;
3523 		if (netif_running(dev))
3524 			return -EBUSY;
3525 
3526 		wdev_lock(wdev);
3527 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3528 			     IEEE80211_MAX_MESH_ID_LEN);
3529 		wdev->mesh_id_up_len =
3530 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3531 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3532 		       wdev->mesh_id_up_len);
3533 		wdev_unlock(wdev);
3534 	}
3535 
3536 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3537 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3538 		change = true;
3539 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3540 		if (err)
3541 			return err;
3542 	} else {
3543 		params.use_4addr = -1;
3544 	}
3545 
3546 	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3547 	if (err < 0)
3548 		return err;
3549 	if (err > 0)
3550 		change = true;
3551 
3552 	if (change)
3553 		err = cfg80211_change_iface(rdev, dev, ntype, &params);
3554 	else
3555 		err = 0;
3556 
3557 	if (!err && params.use_4addr != -1)
3558 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
3559 
3560 	if (change && !err) {
3561 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3562 
3563 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3564 	}
3565 
3566 	return err;
3567 }
3568 
3569 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3570 {
3571 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3572 	struct vif_params params;
3573 	struct wireless_dev *wdev;
3574 	struct sk_buff *msg;
3575 	int err;
3576 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3577 
3578 	/* to avoid failing a new interface creation due to pending removal */
3579 	cfg80211_destroy_ifaces(rdev);
3580 
3581 	memset(&params, 0, sizeof(params));
3582 
3583 	if (!info->attrs[NL80211_ATTR_IFNAME])
3584 		return -EINVAL;
3585 
3586 	if (info->attrs[NL80211_ATTR_IFTYPE])
3587 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3588 
3589 	if (!rdev->ops->add_virtual_intf)
3590 		return -EOPNOTSUPP;
3591 
3592 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3593 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3594 	    info->attrs[NL80211_ATTR_MAC]) {
3595 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3596 			   ETH_ALEN);
3597 		if (!is_valid_ether_addr(params.macaddr))
3598 			return -EADDRNOTAVAIL;
3599 	}
3600 
3601 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3602 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3603 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3604 		if (err)
3605 			return err;
3606 	}
3607 
3608 	if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3609 		return -EOPNOTSUPP;
3610 
3611 	err = nl80211_parse_mon_options(rdev, type, info, &params);
3612 	if (err < 0)
3613 		return err;
3614 
3615 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3616 	if (!msg)
3617 		return -ENOMEM;
3618 
3619 	wdev = rdev_add_virtual_intf(rdev,
3620 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3621 				NET_NAME_USER, type, &params);
3622 	if (WARN_ON(!wdev)) {
3623 		nlmsg_free(msg);
3624 		return -EPROTO;
3625 	} else if (IS_ERR(wdev)) {
3626 		nlmsg_free(msg);
3627 		return PTR_ERR(wdev);
3628 	}
3629 
3630 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3631 		wdev->owner_nlportid = info->snd_portid;
3632 
3633 	switch (type) {
3634 	case NL80211_IFTYPE_MESH_POINT:
3635 		if (!info->attrs[NL80211_ATTR_MESH_ID])
3636 			break;
3637 		wdev_lock(wdev);
3638 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3639 			     IEEE80211_MAX_MESH_ID_LEN);
3640 		wdev->mesh_id_up_len =
3641 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3642 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3643 		       wdev->mesh_id_up_len);
3644 		wdev_unlock(wdev);
3645 		break;
3646 	case NL80211_IFTYPE_NAN:
3647 	case NL80211_IFTYPE_P2P_DEVICE:
3648 		/*
3649 		 * P2P Device and NAN do not have a netdev, so don't go
3650 		 * through the netdev notifier and must be added here
3651 		 */
3652 		cfg80211_init_wdev(rdev, wdev);
3653 		break;
3654 	default:
3655 		break;
3656 	}
3657 
3658 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3659 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3660 		nlmsg_free(msg);
3661 		return -ENOBUFS;
3662 	}
3663 
3664 	return genlmsg_reply(msg, info);
3665 }
3666 
3667 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3668 {
3669 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3670 	struct wireless_dev *wdev = info->user_ptr[1];
3671 
3672 	if (!rdev->ops->del_virtual_intf)
3673 		return -EOPNOTSUPP;
3674 
3675 	/*
3676 	 * If we remove a wireless device without a netdev then clear
3677 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
3678 	 * to check if it needs to do dev_put(). Otherwise it crashes
3679 	 * since the wdev has been freed, unlike with a netdev where
3680 	 * we need the dev_put() for the netdev to really be freed.
3681 	 */
3682 	if (!wdev->netdev)
3683 		info->user_ptr[1] = NULL;
3684 
3685 	return rdev_del_virtual_intf(rdev, wdev);
3686 }
3687 
3688 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3689 {
3690 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3691 	struct net_device *dev = info->user_ptr[1];
3692 	u16 noack_map;
3693 
3694 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3695 		return -EINVAL;
3696 
3697 	if (!rdev->ops->set_noack_map)
3698 		return -EOPNOTSUPP;
3699 
3700 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3701 
3702 	return rdev_set_noack_map(rdev, dev, noack_map);
3703 }
3704 
3705 struct get_key_cookie {
3706 	struct sk_buff *msg;
3707 	int error;
3708 	int idx;
3709 };
3710 
3711 static void get_key_callback(void *c, struct key_params *params)
3712 {
3713 	struct nlattr *key;
3714 	struct get_key_cookie *cookie = c;
3715 
3716 	if ((params->key &&
3717 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3718 		     params->key_len, params->key)) ||
3719 	    (params->seq &&
3720 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3721 		     params->seq_len, params->seq)) ||
3722 	    (params->cipher &&
3723 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3724 			 params->cipher)))
3725 		goto nla_put_failure;
3726 
3727 	key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3728 	if (!key)
3729 		goto nla_put_failure;
3730 
3731 	if ((params->key &&
3732 	     nla_put(cookie->msg, NL80211_KEY_DATA,
3733 		     params->key_len, params->key)) ||
3734 	    (params->seq &&
3735 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
3736 		     params->seq_len, params->seq)) ||
3737 	    (params->cipher &&
3738 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3739 			 params->cipher)))
3740 		goto nla_put_failure;
3741 
3742 	if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3743 		goto nla_put_failure;
3744 
3745 	nla_nest_end(cookie->msg, key);
3746 
3747 	return;
3748  nla_put_failure:
3749 	cookie->error = 1;
3750 }
3751 
3752 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3753 {
3754 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3755 	int err;
3756 	struct net_device *dev = info->user_ptr[1];
3757 	u8 key_idx = 0;
3758 	const u8 *mac_addr = NULL;
3759 	bool pairwise;
3760 	struct get_key_cookie cookie = {
3761 		.error = 0,
3762 	};
3763 	void *hdr;
3764 	struct sk_buff *msg;
3765 
3766 	if (info->attrs[NL80211_ATTR_KEY_IDX])
3767 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3768 
3769 	if (info->attrs[NL80211_ATTR_MAC])
3770 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3771 
3772 	pairwise = !!mac_addr;
3773 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3774 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3775 
3776 		if (kt != NL80211_KEYTYPE_GROUP &&
3777 		    kt != NL80211_KEYTYPE_PAIRWISE)
3778 			return -EINVAL;
3779 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3780 	}
3781 
3782 	if (!rdev->ops->get_key)
3783 		return -EOPNOTSUPP;
3784 
3785 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3786 		return -ENOENT;
3787 
3788 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3789 	if (!msg)
3790 		return -ENOMEM;
3791 
3792 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3793 			     NL80211_CMD_NEW_KEY);
3794 	if (!hdr)
3795 		goto nla_put_failure;
3796 
3797 	cookie.msg = msg;
3798 	cookie.idx = key_idx;
3799 
3800 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3801 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3802 		goto nla_put_failure;
3803 	if (mac_addr &&
3804 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3805 		goto nla_put_failure;
3806 
3807 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3808 			   get_key_callback);
3809 
3810 	if (err)
3811 		goto free_msg;
3812 
3813 	if (cookie.error)
3814 		goto nla_put_failure;
3815 
3816 	genlmsg_end(msg, hdr);
3817 	return genlmsg_reply(msg, info);
3818 
3819  nla_put_failure:
3820 	err = -ENOBUFS;
3821  free_msg:
3822 	nlmsg_free(msg);
3823 	return err;
3824 }
3825 
3826 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3827 {
3828 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3829 	struct key_parse key;
3830 	int err;
3831 	struct net_device *dev = info->user_ptr[1];
3832 
3833 	err = nl80211_parse_key(info, &key);
3834 	if (err)
3835 		return err;
3836 
3837 	if (key.idx < 0)
3838 		return -EINVAL;
3839 
3840 	/* Only support setting default key and
3841 	 * Extended Key ID action NL80211_KEY_SET_TX.
3842 	 */
3843 	if (!key.def && !key.defmgmt &&
3844 	    !(key.p.mode == NL80211_KEY_SET_TX))
3845 		return -EINVAL;
3846 
3847 	wdev_lock(dev->ieee80211_ptr);
3848 
3849 	if (key.def) {
3850 		if (!rdev->ops->set_default_key) {
3851 			err = -EOPNOTSUPP;
3852 			goto out;
3853 		}
3854 
3855 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3856 		if (err)
3857 			goto out;
3858 
3859 		err = rdev_set_default_key(rdev, dev, key.idx,
3860 						 key.def_uni, key.def_multi);
3861 
3862 		if (err)
3863 			goto out;
3864 
3865 #ifdef CONFIG_CFG80211_WEXT
3866 		dev->ieee80211_ptr->wext.default_key = key.idx;
3867 #endif
3868 	} else if (key.defmgmt) {
3869 		if (key.def_uni || !key.def_multi) {
3870 			err = -EINVAL;
3871 			goto out;
3872 		}
3873 
3874 		if (!rdev->ops->set_default_mgmt_key) {
3875 			err = -EOPNOTSUPP;
3876 			goto out;
3877 		}
3878 
3879 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3880 		if (err)
3881 			goto out;
3882 
3883 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3884 		if (err)
3885 			goto out;
3886 
3887 #ifdef CONFIG_CFG80211_WEXT
3888 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3889 #endif
3890 	} else if (key.p.mode == NL80211_KEY_SET_TX &&
3891 		   wiphy_ext_feature_isset(&rdev->wiphy,
3892 					   NL80211_EXT_FEATURE_EXT_KEY_ID)) {
3893 		u8 *mac_addr = NULL;
3894 
3895 		if (info->attrs[NL80211_ATTR_MAC])
3896 			mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3897 
3898 		if (!mac_addr || key.idx < 0 || key.idx > 1) {
3899 			err = -EINVAL;
3900 			goto out;
3901 		}
3902 
3903 		err = rdev_add_key(rdev, dev, key.idx,
3904 				   NL80211_KEYTYPE_PAIRWISE,
3905 				   mac_addr, &key.p);
3906 	} else {
3907 		err = -EINVAL;
3908 	}
3909  out:
3910 	wdev_unlock(dev->ieee80211_ptr);
3911 
3912 	return err;
3913 }
3914 
3915 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3916 {
3917 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3918 	int err;
3919 	struct net_device *dev = info->user_ptr[1];
3920 	struct key_parse key;
3921 	const u8 *mac_addr = NULL;
3922 
3923 	err = nl80211_parse_key(info, &key);
3924 	if (err)
3925 		return err;
3926 
3927 	if (!key.p.key)
3928 		return -EINVAL;
3929 
3930 	if (info->attrs[NL80211_ATTR_MAC])
3931 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3932 
3933 	if (key.type == -1) {
3934 		if (mac_addr)
3935 			key.type = NL80211_KEYTYPE_PAIRWISE;
3936 		else
3937 			key.type = NL80211_KEYTYPE_GROUP;
3938 	}
3939 
3940 	/* for now */
3941 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3942 	    key.type != NL80211_KEYTYPE_GROUP)
3943 		return -EINVAL;
3944 
3945 	if (key.type == NL80211_KEYTYPE_GROUP &&
3946 	    info->attrs[NL80211_ATTR_VLAN_ID])
3947 		key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
3948 
3949 	if (!rdev->ops->add_key)
3950 		return -EOPNOTSUPP;
3951 
3952 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3953 					   key.type == NL80211_KEYTYPE_PAIRWISE,
3954 					   mac_addr))
3955 		return -EINVAL;
3956 
3957 	wdev_lock(dev->ieee80211_ptr);
3958 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3959 	if (!err)
3960 		err = rdev_add_key(rdev, dev, key.idx,
3961 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3962 				    mac_addr, &key.p);
3963 	wdev_unlock(dev->ieee80211_ptr);
3964 
3965 	return err;
3966 }
3967 
3968 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3969 {
3970 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3971 	int err;
3972 	struct net_device *dev = info->user_ptr[1];
3973 	u8 *mac_addr = NULL;
3974 	struct key_parse key;
3975 
3976 	err = nl80211_parse_key(info, &key);
3977 	if (err)
3978 		return err;
3979 
3980 	if (info->attrs[NL80211_ATTR_MAC])
3981 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3982 
3983 	if (key.type == -1) {
3984 		if (mac_addr)
3985 			key.type = NL80211_KEYTYPE_PAIRWISE;
3986 		else
3987 			key.type = NL80211_KEYTYPE_GROUP;
3988 	}
3989 
3990 	/* for now */
3991 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3992 	    key.type != NL80211_KEYTYPE_GROUP)
3993 		return -EINVAL;
3994 
3995 	if (!rdev->ops->del_key)
3996 		return -EOPNOTSUPP;
3997 
3998 	wdev_lock(dev->ieee80211_ptr);
3999 	err = nl80211_key_allowed(dev->ieee80211_ptr);
4000 
4001 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
4002 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
4003 		err = -ENOENT;
4004 
4005 	if (!err)
4006 		err = rdev_del_key(rdev, dev, key.idx,
4007 				   key.type == NL80211_KEYTYPE_PAIRWISE,
4008 				   mac_addr);
4009 
4010 #ifdef CONFIG_CFG80211_WEXT
4011 	if (!err) {
4012 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
4013 			dev->ieee80211_ptr->wext.default_key = -1;
4014 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
4015 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
4016 	}
4017 #endif
4018 	wdev_unlock(dev->ieee80211_ptr);
4019 
4020 	return err;
4021 }
4022 
4023 /* This function returns an error or the number of nested attributes */
4024 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
4025 {
4026 	struct nlattr *attr;
4027 	int n_entries = 0, tmp;
4028 
4029 	nla_for_each_nested(attr, nl_attr, tmp) {
4030 		if (nla_len(attr) != ETH_ALEN)
4031 			return -EINVAL;
4032 
4033 		n_entries++;
4034 	}
4035 
4036 	return n_entries;
4037 }
4038 
4039 /*
4040  * This function parses ACL information and allocates memory for ACL data.
4041  * On successful return, the calling function is responsible to free the
4042  * ACL buffer returned by this function.
4043  */
4044 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
4045 						struct genl_info *info)
4046 {
4047 	enum nl80211_acl_policy acl_policy;
4048 	struct nlattr *attr;
4049 	struct cfg80211_acl_data *acl;
4050 	int i = 0, n_entries, tmp;
4051 
4052 	if (!wiphy->max_acl_mac_addrs)
4053 		return ERR_PTR(-EOPNOTSUPP);
4054 
4055 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
4056 		return ERR_PTR(-EINVAL);
4057 
4058 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
4059 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
4060 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
4061 		return ERR_PTR(-EINVAL);
4062 
4063 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
4064 		return ERR_PTR(-EINVAL);
4065 
4066 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
4067 	if (n_entries < 0)
4068 		return ERR_PTR(n_entries);
4069 
4070 	if (n_entries > wiphy->max_acl_mac_addrs)
4071 		return ERR_PTR(-ENOTSUPP);
4072 
4073 	acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
4074 	if (!acl)
4075 		return ERR_PTR(-ENOMEM);
4076 
4077 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
4078 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
4079 		i++;
4080 	}
4081 
4082 	acl->n_acl_entries = n_entries;
4083 	acl->acl_policy = acl_policy;
4084 
4085 	return acl;
4086 }
4087 
4088 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
4089 {
4090 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4091 	struct net_device *dev = info->user_ptr[1];
4092 	struct cfg80211_acl_data *acl;
4093 	int err;
4094 
4095 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4096 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4097 		return -EOPNOTSUPP;
4098 
4099 	if (!dev->ieee80211_ptr->beacon_interval)
4100 		return -EINVAL;
4101 
4102 	acl = parse_acl_data(&rdev->wiphy, info);
4103 	if (IS_ERR(acl))
4104 		return PTR_ERR(acl);
4105 
4106 	err = rdev_set_mac_acl(rdev, dev, acl);
4107 
4108 	kfree(acl);
4109 
4110 	return err;
4111 }
4112 
4113 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4114 			   u8 *rates, u8 rates_len)
4115 {
4116 	u8 i;
4117 	u32 mask = 0;
4118 
4119 	for (i = 0; i < rates_len; i++) {
4120 		int rate = (rates[i] & 0x7f) * 5;
4121 		int ridx;
4122 
4123 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4124 			struct ieee80211_rate *srate =
4125 				&sband->bitrates[ridx];
4126 			if (rate == srate->bitrate) {
4127 				mask |= 1 << ridx;
4128 				break;
4129 			}
4130 		}
4131 		if (ridx == sband->n_bitrates)
4132 			return 0; /* rate not found */
4133 	}
4134 
4135 	return mask;
4136 }
4137 
4138 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4139 			       u8 *rates, u8 rates_len,
4140 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4141 {
4142 	u8 i;
4143 
4144 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4145 
4146 	for (i = 0; i < rates_len; i++) {
4147 		int ridx, rbit;
4148 
4149 		ridx = rates[i] / 8;
4150 		rbit = BIT(rates[i] % 8);
4151 
4152 		/* check validity */
4153 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4154 			return false;
4155 
4156 		/* check availability */
4157 		ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4158 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4159 			mcs[ridx] |= rbit;
4160 		else
4161 			return false;
4162 	}
4163 
4164 	return true;
4165 }
4166 
4167 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4168 {
4169 	u16 mcs_mask = 0;
4170 
4171 	switch (vht_mcs_map) {
4172 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4173 		break;
4174 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
4175 		mcs_mask = 0x00FF;
4176 		break;
4177 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
4178 		mcs_mask = 0x01FF;
4179 		break;
4180 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
4181 		mcs_mask = 0x03FF;
4182 		break;
4183 	default:
4184 		break;
4185 	}
4186 
4187 	return mcs_mask;
4188 }
4189 
4190 static void vht_build_mcs_mask(u16 vht_mcs_map,
4191 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4192 {
4193 	u8 nss;
4194 
4195 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4196 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4197 		vht_mcs_map >>= 2;
4198 	}
4199 }
4200 
4201 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4202 			     struct nl80211_txrate_vht *txrate,
4203 			     u16 mcs[NL80211_VHT_NSS_MAX])
4204 {
4205 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4206 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4207 	u8 i;
4208 
4209 	if (!sband->vht_cap.vht_supported)
4210 		return false;
4211 
4212 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4213 
4214 	/* Build vht_mcs_mask from VHT capabilities */
4215 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4216 
4217 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4218 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4219 			mcs[i] = txrate->mcs[i];
4220 		else
4221 			return false;
4222 	}
4223 
4224 	return true;
4225 }
4226 
4227 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4228 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4229 				    .len = NL80211_MAX_SUPP_RATES },
4230 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
4231 				.len = NL80211_MAX_SUPP_HT_RATES },
4232 	[NL80211_TXRATE_VHT] = {
4233 		.type = NLA_EXACT_LEN_WARN,
4234 		.len = sizeof(struct nl80211_txrate_vht),
4235 	},
4236 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
4237 };
4238 
4239 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4240 					 struct cfg80211_bitrate_mask *mask)
4241 {
4242 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4243 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4244 	int rem, i;
4245 	struct nlattr *tx_rates;
4246 	struct ieee80211_supported_band *sband;
4247 	u16 vht_tx_mcs_map;
4248 
4249 	memset(mask, 0, sizeof(*mask));
4250 	/* Default to all rates enabled */
4251 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
4252 		sband = rdev->wiphy.bands[i];
4253 
4254 		if (!sband)
4255 			continue;
4256 
4257 		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4258 		memcpy(mask->control[i].ht_mcs,
4259 		       sband->ht_cap.mcs.rx_mask,
4260 		       sizeof(mask->control[i].ht_mcs));
4261 
4262 		if (!sband->vht_cap.vht_supported)
4263 			continue;
4264 
4265 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4266 		vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4267 	}
4268 
4269 	/* if no rates are given set it back to the defaults */
4270 	if (!info->attrs[NL80211_ATTR_TX_RATES])
4271 		goto out;
4272 
4273 	/* The nested attribute uses enum nl80211_band as the index. This maps
4274 	 * directly to the enum nl80211_band values used in cfg80211.
4275 	 */
4276 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4277 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
4278 		enum nl80211_band band = nla_type(tx_rates);
4279 		int err;
4280 
4281 		if (band < 0 || band >= NUM_NL80211_BANDS)
4282 			return -EINVAL;
4283 		sband = rdev->wiphy.bands[band];
4284 		if (sband == NULL)
4285 			return -EINVAL;
4286 		err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4287 						  tx_rates,
4288 						  nl80211_txattr_policy,
4289 						  info->extack);
4290 		if (err)
4291 			return err;
4292 		if (tb[NL80211_TXRATE_LEGACY]) {
4293 			mask->control[band].legacy = rateset_to_mask(
4294 				sband,
4295 				nla_data(tb[NL80211_TXRATE_LEGACY]),
4296 				nla_len(tb[NL80211_TXRATE_LEGACY]));
4297 			if ((mask->control[band].legacy == 0) &&
4298 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
4299 				return -EINVAL;
4300 		}
4301 		if (tb[NL80211_TXRATE_HT]) {
4302 			if (!ht_rateset_to_mask(
4303 					sband,
4304 					nla_data(tb[NL80211_TXRATE_HT]),
4305 					nla_len(tb[NL80211_TXRATE_HT]),
4306 					mask->control[band].ht_mcs))
4307 				return -EINVAL;
4308 		}
4309 		if (tb[NL80211_TXRATE_VHT]) {
4310 			if (!vht_set_mcs_mask(
4311 					sband,
4312 					nla_data(tb[NL80211_TXRATE_VHT]),
4313 					mask->control[band].vht_mcs))
4314 				return -EINVAL;
4315 		}
4316 		if (tb[NL80211_TXRATE_GI]) {
4317 			mask->control[band].gi =
4318 				nla_get_u8(tb[NL80211_TXRATE_GI]);
4319 			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4320 				return -EINVAL;
4321 		}
4322 
4323 		if (mask->control[band].legacy == 0) {
4324 			/* don't allow empty legacy rates if HT or VHT
4325 			 * are not even supported.
4326 			 */
4327 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4328 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
4329 				return -EINVAL;
4330 
4331 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4332 				if (mask->control[band].ht_mcs[i])
4333 					goto out;
4334 
4335 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4336 				if (mask->control[band].vht_mcs[i])
4337 					goto out;
4338 
4339 			/* legacy and mcs rates may not be both empty */
4340 			return -EINVAL;
4341 		}
4342 	}
4343 
4344 out:
4345 	return 0;
4346 }
4347 
4348 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4349 				   enum nl80211_band band,
4350 				   struct cfg80211_bitrate_mask *beacon_rate)
4351 {
4352 	u32 count_ht, count_vht, i;
4353 	u32 rate = beacon_rate->control[band].legacy;
4354 
4355 	/* Allow only one rate */
4356 	if (hweight32(rate) > 1)
4357 		return -EINVAL;
4358 
4359 	count_ht = 0;
4360 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4361 		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4362 			return -EINVAL;
4363 		} else if (beacon_rate->control[band].ht_mcs[i]) {
4364 			count_ht++;
4365 			if (count_ht > 1)
4366 				return -EINVAL;
4367 		}
4368 		if (count_ht && rate)
4369 			return -EINVAL;
4370 	}
4371 
4372 	count_vht = 0;
4373 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4374 		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4375 			return -EINVAL;
4376 		} else if (beacon_rate->control[band].vht_mcs[i]) {
4377 			count_vht++;
4378 			if (count_vht > 1)
4379 				return -EINVAL;
4380 		}
4381 		if (count_vht && rate)
4382 			return -EINVAL;
4383 	}
4384 
4385 	if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4386 		return -EINVAL;
4387 
4388 	if (rate &&
4389 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4390 				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4391 		return -EINVAL;
4392 	if (count_ht &&
4393 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4394 				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
4395 		return -EINVAL;
4396 	if (count_vht &&
4397 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4398 				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4399 		return -EINVAL;
4400 
4401 	return 0;
4402 }
4403 
4404 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4405 				struct nlattr *attrs[],
4406 				struct cfg80211_beacon_data *bcn)
4407 {
4408 	bool haveinfo = false;
4409 	int err;
4410 
4411 	memset(bcn, 0, sizeof(*bcn));
4412 
4413 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4414 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4415 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4416 		if (!bcn->head_len)
4417 			return -EINVAL;
4418 		haveinfo = true;
4419 	}
4420 
4421 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4422 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4423 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4424 		haveinfo = true;
4425 	}
4426 
4427 	if (!haveinfo)
4428 		return -EINVAL;
4429 
4430 	if (attrs[NL80211_ATTR_IE]) {
4431 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4432 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4433 	}
4434 
4435 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4436 		bcn->proberesp_ies =
4437 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4438 		bcn->proberesp_ies_len =
4439 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4440 	}
4441 
4442 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4443 		bcn->assocresp_ies =
4444 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4445 		bcn->assocresp_ies_len =
4446 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4447 	}
4448 
4449 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
4450 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4451 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4452 	}
4453 
4454 	if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4455 		struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4456 
4457 		err = nla_parse_nested_deprecated(tb,
4458 						  NL80211_FTM_RESP_ATTR_MAX,
4459 						  attrs[NL80211_ATTR_FTM_RESPONDER],
4460 						  NULL, NULL);
4461 		if (err)
4462 			return err;
4463 
4464 		if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4465 		    wiphy_ext_feature_isset(&rdev->wiphy,
4466 					    NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4467 			bcn->ftm_responder = 1;
4468 		else
4469 			return -EOPNOTSUPP;
4470 
4471 		if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4472 			bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4473 			bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4474 		}
4475 
4476 		if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4477 			bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4478 			bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4479 		}
4480 	} else {
4481 		bcn->ftm_responder = -1;
4482 	}
4483 
4484 	return 0;
4485 }
4486 
4487 static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
4488 				    struct ieee80211_he_obss_pd *he_obss_pd)
4489 {
4490 	struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
4491 	int err;
4492 
4493 	err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
4494 			       he_obss_pd_policy, NULL);
4495 	if (err)
4496 		return err;
4497 
4498 	if (!tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] ||
4499 	    !tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
4500 		return -EINVAL;
4501 
4502 	he_obss_pd->min_offset =
4503 		nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
4504 	he_obss_pd->max_offset =
4505 		nla_get_u32(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
4506 
4507 	if (he_obss_pd->min_offset >= he_obss_pd->max_offset)
4508 		return -EINVAL;
4509 
4510 	he_obss_pd->enable = true;
4511 
4512 	return 0;
4513 }
4514 
4515 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4516 					    const u8 *rates)
4517 {
4518 	int i;
4519 
4520 	if (!rates)
4521 		return;
4522 
4523 	for (i = 0; i < rates[1]; i++) {
4524 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4525 			params->ht_required = true;
4526 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4527 			params->vht_required = true;
4528 	}
4529 }
4530 
4531 /*
4532  * Since the nl80211 API didn't include, from the beginning, attributes about
4533  * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4534  * benefit of drivers that rebuild IEs in the firmware.
4535  */
4536 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4537 {
4538 	const struct cfg80211_beacon_data *bcn = &params->beacon;
4539 	size_t ies_len = bcn->tail_len;
4540 	const u8 *ies = bcn->tail;
4541 	const u8 *rates;
4542 	const u8 *cap;
4543 
4544 	rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4545 	nl80211_check_ap_rate_selectors(params, rates);
4546 
4547 	rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4548 	nl80211_check_ap_rate_selectors(params, rates);
4549 
4550 	cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4551 	if (cap && cap[1] >= sizeof(*params->ht_cap))
4552 		params->ht_cap = (void *)(cap + 2);
4553 	cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4554 	if (cap && cap[1] >= sizeof(*params->vht_cap))
4555 		params->vht_cap = (void *)(cap + 2);
4556 	cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4557 	if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4558 		params->he_cap = (void *)(cap + 3);
4559 }
4560 
4561 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4562 				   struct cfg80211_ap_settings *params)
4563 {
4564 	struct wireless_dev *wdev;
4565 	bool ret = false;
4566 
4567 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4568 		if (wdev->iftype != NL80211_IFTYPE_AP &&
4569 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
4570 			continue;
4571 
4572 		if (!wdev->preset_chandef.chan)
4573 			continue;
4574 
4575 		params->chandef = wdev->preset_chandef;
4576 		ret = true;
4577 		break;
4578 	}
4579 
4580 	return ret;
4581 }
4582 
4583 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4584 				    enum nl80211_auth_type auth_type,
4585 				    enum nl80211_commands cmd)
4586 {
4587 	if (auth_type > NL80211_AUTHTYPE_MAX)
4588 		return false;
4589 
4590 	switch (cmd) {
4591 	case NL80211_CMD_AUTHENTICATE:
4592 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4593 		    auth_type == NL80211_AUTHTYPE_SAE)
4594 			return false;
4595 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
4596 					     NL80211_EXT_FEATURE_FILS_STA) &&
4597 		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4598 		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4599 		     auth_type == NL80211_AUTHTYPE_FILS_PK))
4600 			return false;
4601 		return true;
4602 	case NL80211_CMD_CONNECT:
4603 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4604 		    !wiphy_ext_feature_isset(&rdev->wiphy,
4605 					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4606 		    auth_type == NL80211_AUTHTYPE_SAE)
4607 			return false;
4608 
4609 		/* FILS with SK PFS or PK not supported yet */
4610 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4611 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4612 			return false;
4613 		if (!wiphy_ext_feature_isset(
4614 			    &rdev->wiphy,
4615 			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4616 		    auth_type == NL80211_AUTHTYPE_FILS_SK)
4617 			return false;
4618 		return true;
4619 	case NL80211_CMD_START_AP:
4620 		/* SAE not supported yet */
4621 		if (auth_type == NL80211_AUTHTYPE_SAE)
4622 			return false;
4623 		/* FILS not supported yet */
4624 		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4625 		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4626 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4627 			return false;
4628 		return true;
4629 	default:
4630 		return false;
4631 	}
4632 }
4633 
4634 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4635 {
4636 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4637 	struct net_device *dev = info->user_ptr[1];
4638 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4639 	struct cfg80211_ap_settings params;
4640 	int err;
4641 
4642 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4643 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4644 		return -EOPNOTSUPP;
4645 
4646 	if (!rdev->ops->start_ap)
4647 		return -EOPNOTSUPP;
4648 
4649 	if (wdev->beacon_interval)
4650 		return -EALREADY;
4651 
4652 	memset(&params, 0, sizeof(params));
4653 
4654 	/* these are required for START_AP */
4655 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4656 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4657 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
4658 		return -EINVAL;
4659 
4660 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
4661 	if (err)
4662 		return err;
4663 
4664 	params.beacon_interval =
4665 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4666 	params.dtim_period =
4667 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4668 
4669 	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4670 					   params.beacon_interval);
4671 	if (err)
4672 		return err;
4673 
4674 	/*
4675 	 * In theory, some of these attributes should be required here
4676 	 * but since they were not used when the command was originally
4677 	 * added, keep them optional for old user space programs to let
4678 	 * them continue to work with drivers that do not need the
4679 	 * additional information -- drivers must check!
4680 	 */
4681 	if (info->attrs[NL80211_ATTR_SSID]) {
4682 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4683 		params.ssid_len =
4684 			nla_len(info->attrs[NL80211_ATTR_SSID]);
4685 		if (params.ssid_len == 0 ||
4686 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
4687 			return -EINVAL;
4688 	}
4689 
4690 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4691 		params.hidden_ssid = nla_get_u32(
4692 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4693 
4694 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4695 
4696 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4697 		params.auth_type = nla_get_u32(
4698 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
4699 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
4700 					     NL80211_CMD_START_AP))
4701 			return -EINVAL;
4702 	} else
4703 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4704 
4705 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
4706 				      NL80211_MAX_NR_CIPHER_SUITES);
4707 	if (err)
4708 		return err;
4709 
4710 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4711 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4712 			return -EOPNOTSUPP;
4713 		params.inactivity_timeout = nla_get_u16(
4714 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4715 	}
4716 
4717 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4718 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4719 			return -EINVAL;
4720 		params.p2p_ctwindow =
4721 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4722 		if (params.p2p_ctwindow != 0 &&
4723 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4724 			return -EINVAL;
4725 	}
4726 
4727 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4728 		u8 tmp;
4729 
4730 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4731 			return -EINVAL;
4732 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4733 		params.p2p_opp_ps = tmp;
4734 		if (params.p2p_opp_ps != 0 &&
4735 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4736 			return -EINVAL;
4737 	}
4738 
4739 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4740 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
4741 		if (err)
4742 			return err;
4743 	} else if (wdev->preset_chandef.chan) {
4744 		params.chandef = wdev->preset_chandef;
4745 	} else if (!nl80211_get_ap_channel(rdev, &params))
4746 		return -EINVAL;
4747 
4748 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4749 					   wdev->iftype))
4750 		return -EINVAL;
4751 
4752 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
4753 		err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4754 		if (err)
4755 			return err;
4756 
4757 		err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4758 					      &params.beacon_rate);
4759 		if (err)
4760 			return err;
4761 	}
4762 
4763 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4764 		params.smps_mode =
4765 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4766 		switch (params.smps_mode) {
4767 		case NL80211_SMPS_OFF:
4768 			break;
4769 		case NL80211_SMPS_STATIC:
4770 			if (!(rdev->wiphy.features &
4771 			      NL80211_FEATURE_STATIC_SMPS))
4772 				return -EINVAL;
4773 			break;
4774 		case NL80211_SMPS_DYNAMIC:
4775 			if (!(rdev->wiphy.features &
4776 			      NL80211_FEATURE_DYNAMIC_SMPS))
4777 				return -EINVAL;
4778 			break;
4779 		default:
4780 			return -EINVAL;
4781 		}
4782 	} else {
4783 		params.smps_mode = NL80211_SMPS_OFF;
4784 	}
4785 
4786 	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4787 	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4788 		return -EOPNOTSUPP;
4789 
4790 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4791 		params.acl = parse_acl_data(&rdev->wiphy, info);
4792 		if (IS_ERR(params.acl))
4793 			return PTR_ERR(params.acl);
4794 	}
4795 
4796 	params.twt_responder =
4797 		    nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
4798 
4799 	if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
4800 		err = nl80211_parse_he_obss_pd(
4801 					info->attrs[NL80211_ATTR_HE_OBSS_PD],
4802 					&params.he_obss_pd);
4803 		if (err)
4804 			return err;
4805 	}
4806 
4807 	nl80211_calculate_ap_params(&params);
4808 
4809 	if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
4810 		params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
4811 
4812 	wdev_lock(wdev);
4813 	err = rdev_start_ap(rdev, dev, &params);
4814 	if (!err) {
4815 		wdev->preset_chandef = params.chandef;
4816 		wdev->beacon_interval = params.beacon_interval;
4817 		wdev->chandef = params.chandef;
4818 		wdev->ssid_len = params.ssid_len;
4819 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4820 
4821 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4822 			wdev->conn_owner_nlportid = info->snd_portid;
4823 	}
4824 	wdev_unlock(wdev);
4825 
4826 	kfree(params.acl);
4827 
4828 	return err;
4829 }
4830 
4831 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4832 {
4833 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4834 	struct net_device *dev = info->user_ptr[1];
4835 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4836 	struct cfg80211_beacon_data params;
4837 	int err;
4838 
4839 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4840 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4841 		return -EOPNOTSUPP;
4842 
4843 	if (!rdev->ops->change_beacon)
4844 		return -EOPNOTSUPP;
4845 
4846 	if (!wdev->beacon_interval)
4847 		return -EINVAL;
4848 
4849 	err = nl80211_parse_beacon(rdev, info->attrs, &params);
4850 	if (err)
4851 		return err;
4852 
4853 	wdev_lock(wdev);
4854 	err = rdev_change_beacon(rdev, dev, &params);
4855 	wdev_unlock(wdev);
4856 
4857 	return err;
4858 }
4859 
4860 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4861 {
4862 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4863 	struct net_device *dev = info->user_ptr[1];
4864 
4865 	return cfg80211_stop_ap(rdev, dev, false);
4866 }
4867 
4868 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4869 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4870 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4871 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4872 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4873 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4874 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4875 };
4876 
4877 static int parse_station_flags(struct genl_info *info,
4878 			       enum nl80211_iftype iftype,
4879 			       struct station_parameters *params)
4880 {
4881 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4882 	struct nlattr *nla;
4883 	int flag;
4884 
4885 	/*
4886 	 * Try parsing the new attribute first so userspace
4887 	 * can specify both for older kernels.
4888 	 */
4889 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4890 	if (nla) {
4891 		struct nl80211_sta_flag_update *sta_flags;
4892 
4893 		sta_flags = nla_data(nla);
4894 		params->sta_flags_mask = sta_flags->mask;
4895 		params->sta_flags_set = sta_flags->set;
4896 		params->sta_flags_set &= params->sta_flags_mask;
4897 		if ((params->sta_flags_mask |
4898 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4899 			return -EINVAL;
4900 		return 0;
4901 	}
4902 
4903 	/* if present, parse the old attribute */
4904 
4905 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4906 	if (!nla)
4907 		return 0;
4908 
4909 	if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
4910 		return -EINVAL;
4911 
4912 	/*
4913 	 * Only allow certain flags for interface types so that
4914 	 * other attributes are silently ignored. Remember that
4915 	 * this is backward compatibility code with old userspace
4916 	 * and shouldn't be hit in other cases anyway.
4917 	 */
4918 	switch (iftype) {
4919 	case NL80211_IFTYPE_AP:
4920 	case NL80211_IFTYPE_AP_VLAN:
4921 	case NL80211_IFTYPE_P2P_GO:
4922 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4923 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4924 					 BIT(NL80211_STA_FLAG_WME) |
4925 					 BIT(NL80211_STA_FLAG_MFP);
4926 		break;
4927 	case NL80211_IFTYPE_P2P_CLIENT:
4928 	case NL80211_IFTYPE_STATION:
4929 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4930 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
4931 		break;
4932 	case NL80211_IFTYPE_MESH_POINT:
4933 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4934 					 BIT(NL80211_STA_FLAG_MFP) |
4935 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
4936 		break;
4937 	default:
4938 		return -EINVAL;
4939 	}
4940 
4941 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4942 		if (flags[flag]) {
4943 			params->sta_flags_set |= (1<<flag);
4944 
4945 			/* no longer support new API additions in old API */
4946 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4947 				return -EINVAL;
4948 		}
4949 	}
4950 
4951 	return 0;
4952 }
4953 
4954 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
4955 {
4956 	struct nlattr *rate;
4957 	u32 bitrate;
4958 	u16 bitrate_compat;
4959 	enum nl80211_rate_info rate_flg;
4960 
4961 	rate = nla_nest_start_noflag(msg, attr);
4962 	if (!rate)
4963 		return false;
4964 
4965 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4966 	bitrate = cfg80211_calculate_bitrate(info);
4967 	/* report 16-bit bitrate only if we can */
4968 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4969 	if (bitrate > 0 &&
4970 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4971 		return false;
4972 	if (bitrate_compat > 0 &&
4973 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4974 		return false;
4975 
4976 	switch (info->bw) {
4977 	case RATE_INFO_BW_5:
4978 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4979 		break;
4980 	case RATE_INFO_BW_10:
4981 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4982 		break;
4983 	default:
4984 		WARN_ON(1);
4985 		/* fall through */
4986 	case RATE_INFO_BW_20:
4987 		rate_flg = 0;
4988 		break;
4989 	case RATE_INFO_BW_40:
4990 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4991 		break;
4992 	case RATE_INFO_BW_80:
4993 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4994 		break;
4995 	case RATE_INFO_BW_160:
4996 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4997 		break;
4998 	case RATE_INFO_BW_HE_RU:
4999 		rate_flg = 0;
5000 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
5001 	}
5002 
5003 	if (rate_flg && nla_put_flag(msg, rate_flg))
5004 		return false;
5005 
5006 	if (info->flags & RATE_INFO_FLAGS_MCS) {
5007 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
5008 			return false;
5009 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5010 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5011 			return false;
5012 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
5013 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
5014 			return false;
5015 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
5016 			return false;
5017 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
5018 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
5019 			return false;
5020 	} else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
5021 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
5022 			return false;
5023 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
5024 			return false;
5025 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
5026 			return false;
5027 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
5028 			return false;
5029 		if (info->bw == RATE_INFO_BW_HE_RU &&
5030 		    nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
5031 			       info->he_ru_alloc))
5032 			return false;
5033 	}
5034 
5035 	nla_nest_end(msg, rate);
5036 	return true;
5037 }
5038 
5039 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
5040 			       int id)
5041 {
5042 	void *attr;
5043 	int i = 0;
5044 
5045 	if (!mask)
5046 		return true;
5047 
5048 	attr = nla_nest_start_noflag(msg, id);
5049 	if (!attr)
5050 		return false;
5051 
5052 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
5053 		if (!(mask & BIT(i)))
5054 			continue;
5055 
5056 		if (nla_put_u8(msg, i, signal[i]))
5057 			return false;
5058 	}
5059 
5060 	nla_nest_end(msg, attr);
5061 
5062 	return true;
5063 }
5064 
5065 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
5066 				u32 seq, int flags,
5067 				struct cfg80211_registered_device *rdev,
5068 				struct net_device *dev,
5069 				const u8 *mac_addr, struct station_info *sinfo)
5070 {
5071 	void *hdr;
5072 	struct nlattr *sinfoattr, *bss_param;
5073 
5074 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
5075 	if (!hdr) {
5076 		cfg80211_sinfo_release_content(sinfo);
5077 		return -1;
5078 	}
5079 
5080 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5081 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
5082 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
5083 		goto nla_put_failure;
5084 
5085 	sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
5086 	if (!sinfoattr)
5087 		goto nla_put_failure;
5088 
5089 #define PUT_SINFO(attr, memb, type) do {				\
5090 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
5091 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
5092 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
5093 			     sinfo->memb))				\
5094 		goto nla_put_failure;					\
5095 	} while (0)
5096 #define PUT_SINFO_U64(attr, memb) do {					\
5097 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
5098 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
5099 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
5100 		goto nla_put_failure;					\
5101 	} while (0)
5102 
5103 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
5104 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
5105 	PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
5106 
5107 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
5108 			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
5109 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
5110 			(u32)sinfo->rx_bytes))
5111 		goto nla_put_failure;
5112 
5113 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
5114 			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
5115 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
5116 			(u32)sinfo->tx_bytes))
5117 		goto nla_put_failure;
5118 
5119 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
5120 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
5121 	PUT_SINFO(LLID, llid, u16);
5122 	PUT_SINFO(PLID, plid, u16);
5123 	PUT_SINFO(PLINK_STATE, plink_state, u8);
5124 	PUT_SINFO_U64(RX_DURATION, rx_duration);
5125 	PUT_SINFO_U64(TX_DURATION, tx_duration);
5126 
5127 	if (wiphy_ext_feature_isset(&rdev->wiphy,
5128 				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5129 		PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
5130 
5131 	switch (rdev->wiphy.signal_type) {
5132 	case CFG80211_SIGNAL_TYPE_MBM:
5133 		PUT_SINFO(SIGNAL, signal, u8);
5134 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
5135 		break;
5136 	default:
5137 		break;
5138 	}
5139 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
5140 		if (!nl80211_put_signal(msg, sinfo->chains,
5141 					sinfo->chain_signal,
5142 					NL80211_STA_INFO_CHAIN_SIGNAL))
5143 			goto nla_put_failure;
5144 	}
5145 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
5146 		if (!nl80211_put_signal(msg, sinfo->chains,
5147 					sinfo->chain_signal_avg,
5148 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
5149 			goto nla_put_failure;
5150 	}
5151 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
5152 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
5153 					  NL80211_STA_INFO_TX_BITRATE))
5154 			goto nla_put_failure;
5155 	}
5156 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
5157 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
5158 					  NL80211_STA_INFO_RX_BITRATE))
5159 			goto nla_put_failure;
5160 	}
5161 
5162 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
5163 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
5164 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
5165 	PUT_SINFO(TX_FAILED, tx_failed, u32);
5166 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5167 	PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5168 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5169 	PUT_SINFO(LOCAL_PM, local_pm, u32);
5170 	PUT_SINFO(PEER_PM, peer_pm, u32);
5171 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5172 	PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5173 
5174 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5175 		bss_param = nla_nest_start_noflag(msg,
5176 						  NL80211_STA_INFO_BSS_PARAM);
5177 		if (!bss_param)
5178 			goto nla_put_failure;
5179 
5180 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5181 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5182 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5183 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5184 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5185 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5186 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5187 			       sinfo->bss_param.dtim_period) ||
5188 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5189 				sinfo->bss_param.beacon_interval))
5190 			goto nla_put_failure;
5191 
5192 		nla_nest_end(msg, bss_param);
5193 	}
5194 	if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5195 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5196 		    sizeof(struct nl80211_sta_flag_update),
5197 		    &sinfo->sta_flags))
5198 		goto nla_put_failure;
5199 
5200 	PUT_SINFO_U64(T_OFFSET, t_offset);
5201 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5202 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
5203 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5204 	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5205 	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5206 	if (wiphy_ext_feature_isset(&rdev->wiphy,
5207 				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5208 		PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5209 		PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5210 	}
5211 
5212 #undef PUT_SINFO
5213 #undef PUT_SINFO_U64
5214 
5215 	if (sinfo->pertid) {
5216 		struct nlattr *tidsattr;
5217 		int tid;
5218 
5219 		tidsattr = nla_nest_start_noflag(msg,
5220 						 NL80211_STA_INFO_TID_STATS);
5221 		if (!tidsattr)
5222 			goto nla_put_failure;
5223 
5224 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5225 			struct cfg80211_tid_stats *tidstats;
5226 			struct nlattr *tidattr;
5227 
5228 			tidstats = &sinfo->pertid[tid];
5229 
5230 			if (!tidstats->filled)
5231 				continue;
5232 
5233 			tidattr = nla_nest_start_noflag(msg, tid + 1);
5234 			if (!tidattr)
5235 				goto nla_put_failure;
5236 
5237 #define PUT_TIDVAL_U64(attr, memb) do {					\
5238 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
5239 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
5240 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
5241 		goto nla_put_failure;					\
5242 	} while (0)
5243 
5244 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5245 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5246 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5247 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5248 
5249 #undef PUT_TIDVAL_U64
5250 			if ((tidstats->filled &
5251 			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5252 			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5253 						   NL80211_TID_STATS_TXQ_STATS))
5254 				goto nla_put_failure;
5255 
5256 			nla_nest_end(msg, tidattr);
5257 		}
5258 
5259 		nla_nest_end(msg, tidsattr);
5260 	}
5261 
5262 	nla_nest_end(msg, sinfoattr);
5263 
5264 	if (sinfo->assoc_req_ies_len &&
5265 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5266 		    sinfo->assoc_req_ies))
5267 		goto nla_put_failure;
5268 
5269 	cfg80211_sinfo_release_content(sinfo);
5270 	genlmsg_end(msg, hdr);
5271 	return 0;
5272 
5273  nla_put_failure:
5274 	cfg80211_sinfo_release_content(sinfo);
5275 	genlmsg_cancel(msg, hdr);
5276 	return -EMSGSIZE;
5277 }
5278 
5279 static int nl80211_dump_station(struct sk_buff *skb,
5280 				struct netlink_callback *cb)
5281 {
5282 	struct station_info sinfo;
5283 	struct cfg80211_registered_device *rdev;
5284 	struct wireless_dev *wdev;
5285 	u8 mac_addr[ETH_ALEN];
5286 	int sta_idx = cb->args[2];
5287 	int err;
5288 
5289 	rtnl_lock();
5290 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5291 	if (err)
5292 		goto out_err;
5293 
5294 	if (!wdev->netdev) {
5295 		err = -EINVAL;
5296 		goto out_err;
5297 	}
5298 
5299 	if (!rdev->ops->dump_station) {
5300 		err = -EOPNOTSUPP;
5301 		goto out_err;
5302 	}
5303 
5304 	while (1) {
5305 		memset(&sinfo, 0, sizeof(sinfo));
5306 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5307 					mac_addr, &sinfo);
5308 		if (err == -ENOENT)
5309 			break;
5310 		if (err)
5311 			goto out_err;
5312 
5313 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5314 				NETLINK_CB(cb->skb).portid,
5315 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5316 				rdev, wdev->netdev, mac_addr,
5317 				&sinfo) < 0)
5318 			goto out;
5319 
5320 		sta_idx++;
5321 	}
5322 
5323  out:
5324 	cb->args[2] = sta_idx;
5325 	err = skb->len;
5326  out_err:
5327 	rtnl_unlock();
5328 
5329 	return err;
5330 }
5331 
5332 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5333 {
5334 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5335 	struct net_device *dev = info->user_ptr[1];
5336 	struct station_info sinfo;
5337 	struct sk_buff *msg;
5338 	u8 *mac_addr = NULL;
5339 	int err;
5340 
5341 	memset(&sinfo, 0, sizeof(sinfo));
5342 
5343 	if (!info->attrs[NL80211_ATTR_MAC])
5344 		return -EINVAL;
5345 
5346 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5347 
5348 	if (!rdev->ops->get_station)
5349 		return -EOPNOTSUPP;
5350 
5351 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5352 	if (err)
5353 		return err;
5354 
5355 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5356 	if (!msg) {
5357 		cfg80211_sinfo_release_content(&sinfo);
5358 		return -ENOMEM;
5359 	}
5360 
5361 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5362 				 info->snd_portid, info->snd_seq, 0,
5363 				 rdev, dev, mac_addr, &sinfo) < 0) {
5364 		nlmsg_free(msg);
5365 		return -ENOBUFS;
5366 	}
5367 
5368 	return genlmsg_reply(msg, info);
5369 }
5370 
5371 int cfg80211_check_station_change(struct wiphy *wiphy,
5372 				  struct station_parameters *params,
5373 				  enum cfg80211_station_type statype)
5374 {
5375 	if (params->listen_interval != -1 &&
5376 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5377 		return -EINVAL;
5378 
5379 	if (params->support_p2p_ps != -1 &&
5380 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5381 		return -EINVAL;
5382 
5383 	if (params->aid &&
5384 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5385 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5386 		return -EINVAL;
5387 
5388 	/* When you run into this, adjust the code below for the new flag */
5389 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5390 
5391 	switch (statype) {
5392 	case CFG80211_STA_MESH_PEER_KERNEL:
5393 	case CFG80211_STA_MESH_PEER_USER:
5394 		/*
5395 		 * No ignoring the TDLS flag here -- the userspace mesh
5396 		 * code doesn't have the bug of including TDLS in the
5397 		 * mask everywhere.
5398 		 */
5399 		if (params->sta_flags_mask &
5400 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5401 				  BIT(NL80211_STA_FLAG_MFP) |
5402 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
5403 			return -EINVAL;
5404 		break;
5405 	case CFG80211_STA_TDLS_PEER_SETUP:
5406 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5407 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5408 			return -EINVAL;
5409 		/* ignore since it can't change */
5410 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5411 		break;
5412 	default:
5413 		/* disallow mesh-specific things */
5414 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5415 			return -EINVAL;
5416 		if (params->local_pm)
5417 			return -EINVAL;
5418 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5419 			return -EINVAL;
5420 	}
5421 
5422 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5423 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5424 		/* TDLS can't be set, ... */
5425 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5426 			return -EINVAL;
5427 		/*
5428 		 * ... but don't bother the driver with it. This works around
5429 		 * a hostapd/wpa_supplicant issue -- it always includes the
5430 		 * TLDS_PEER flag in the mask even for AP mode.
5431 		 */
5432 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5433 	}
5434 
5435 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5436 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5437 		/* reject other things that can't change */
5438 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5439 			return -EINVAL;
5440 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5441 			return -EINVAL;
5442 		if (params->supported_rates)
5443 			return -EINVAL;
5444 		if (params->ext_capab || params->ht_capa || params->vht_capa ||
5445 		    params->he_capa)
5446 			return -EINVAL;
5447 	}
5448 
5449 	if (statype != CFG80211_STA_AP_CLIENT &&
5450 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5451 		if (params->vlan)
5452 			return -EINVAL;
5453 	}
5454 
5455 	switch (statype) {
5456 	case CFG80211_STA_AP_MLME_CLIENT:
5457 		/* Use this only for authorizing/unauthorizing a station */
5458 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5459 			return -EOPNOTSUPP;
5460 		break;
5461 	case CFG80211_STA_AP_CLIENT:
5462 	case CFG80211_STA_AP_CLIENT_UNASSOC:
5463 		/* accept only the listed bits */
5464 		if (params->sta_flags_mask &
5465 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5466 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5467 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
5468 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5469 				  BIT(NL80211_STA_FLAG_WME) |
5470 				  BIT(NL80211_STA_FLAG_MFP)))
5471 			return -EINVAL;
5472 
5473 		/* but authenticated/associated only if driver handles it */
5474 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5475 		    params->sta_flags_mask &
5476 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5477 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5478 			return -EINVAL;
5479 		break;
5480 	case CFG80211_STA_IBSS:
5481 	case CFG80211_STA_AP_STA:
5482 		/* reject any changes other than AUTHORIZED */
5483 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5484 			return -EINVAL;
5485 		break;
5486 	case CFG80211_STA_TDLS_PEER_SETUP:
5487 		/* reject any changes other than AUTHORIZED or WME */
5488 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5489 					       BIT(NL80211_STA_FLAG_WME)))
5490 			return -EINVAL;
5491 		/* force (at least) rates when authorizing */
5492 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5493 		    !params->supported_rates)
5494 			return -EINVAL;
5495 		break;
5496 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5497 		/* reject any changes */
5498 		return -EINVAL;
5499 	case CFG80211_STA_MESH_PEER_KERNEL:
5500 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5501 			return -EINVAL;
5502 		break;
5503 	case CFG80211_STA_MESH_PEER_USER:
5504 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5505 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5506 			return -EINVAL;
5507 		break;
5508 	}
5509 
5510 	/*
5511 	 * Older kernel versions ignored this attribute entirely, so don't
5512 	 * reject attempts to update it but mark it as unused instead so the
5513 	 * driver won't look at the data.
5514 	 */
5515 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5516 	    statype != CFG80211_STA_TDLS_PEER_SETUP)
5517 		params->opmode_notif_used = false;
5518 
5519 	return 0;
5520 }
5521 EXPORT_SYMBOL(cfg80211_check_station_change);
5522 
5523 /*
5524  * Get vlan interface making sure it is running and on the right wiphy.
5525  */
5526 static struct net_device *get_vlan(struct genl_info *info,
5527 				   struct cfg80211_registered_device *rdev)
5528 {
5529 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5530 	struct net_device *v;
5531 	int ret;
5532 
5533 	if (!vlanattr)
5534 		return NULL;
5535 
5536 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5537 	if (!v)
5538 		return ERR_PTR(-ENODEV);
5539 
5540 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5541 		ret = -EINVAL;
5542 		goto error;
5543 	}
5544 
5545 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5546 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5547 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5548 		ret = -EINVAL;
5549 		goto error;
5550 	}
5551 
5552 	if (!netif_running(v)) {
5553 		ret = -ENETDOWN;
5554 		goto error;
5555 	}
5556 
5557 	return v;
5558  error:
5559 	dev_put(v);
5560 	return ERR_PTR(ret);
5561 }
5562 
5563 static const struct nla_policy
5564 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5565 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5566 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5567 };
5568 
5569 static int nl80211_parse_sta_wme(struct genl_info *info,
5570 				 struct station_parameters *params)
5571 {
5572 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5573 	struct nlattr *nla;
5574 	int err;
5575 
5576 	/* parse WME attributes if present */
5577 	if (!info->attrs[NL80211_ATTR_STA_WME])
5578 		return 0;
5579 
5580 	nla = info->attrs[NL80211_ATTR_STA_WME];
5581 	err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
5582 					  nl80211_sta_wme_policy,
5583 					  info->extack);
5584 	if (err)
5585 		return err;
5586 
5587 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5588 		params->uapsd_queues = nla_get_u8(
5589 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
5590 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5591 		return -EINVAL;
5592 
5593 	if (tb[NL80211_STA_WME_MAX_SP])
5594 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5595 
5596 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5597 		return -EINVAL;
5598 
5599 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5600 
5601 	return 0;
5602 }
5603 
5604 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5605 				      struct station_parameters *params)
5606 {
5607 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5608 		params->supported_channels =
5609 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5610 		params->supported_channels_len =
5611 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5612 		/*
5613 		 * Need to include at least one (first channel, number of
5614 		 * channels) tuple for each subband, and must have proper
5615 		 * tuples for the rest of the data as well.
5616 		 */
5617 		if (params->supported_channels_len < 2)
5618 			return -EINVAL;
5619 		if (params->supported_channels_len % 2)
5620 			return -EINVAL;
5621 	}
5622 
5623 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5624 		params->supported_oper_classes =
5625 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5626 		params->supported_oper_classes_len =
5627 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5628 		/*
5629 		 * The value of the Length field of the Supported Operating
5630 		 * Classes element is between 2 and 253.
5631 		 */
5632 		if (params->supported_oper_classes_len < 2 ||
5633 		    params->supported_oper_classes_len > 253)
5634 			return -EINVAL;
5635 	}
5636 	return 0;
5637 }
5638 
5639 static int nl80211_set_station_tdls(struct genl_info *info,
5640 				    struct station_parameters *params)
5641 {
5642 	int err;
5643 	/* Dummy STA entry gets updated once the peer capabilities are known */
5644 	if (info->attrs[NL80211_ATTR_PEER_AID])
5645 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5646 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5647 		params->ht_capa =
5648 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5649 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5650 		params->vht_capa =
5651 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5652 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5653 		params->he_capa =
5654 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5655 		params->he_capa_len =
5656 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5657 
5658 		if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5659 			return -EINVAL;
5660 	}
5661 
5662 	err = nl80211_parse_sta_channel_info(info, params);
5663 	if (err)
5664 		return err;
5665 
5666 	return nl80211_parse_sta_wme(info, params);
5667 }
5668 
5669 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
5670 					     struct station_parameters *params)
5671 {
5672 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5673 	int idx;
5674 
5675 	if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
5676 		if (!rdev->ops->set_tx_power ||
5677 		    !wiphy_ext_feature_isset(&rdev->wiphy,
5678 					 NL80211_EXT_FEATURE_STA_TX_PWR))
5679 			return -EOPNOTSUPP;
5680 
5681 		idx = NL80211_ATTR_STA_TX_POWER_SETTING;
5682 		params->txpwr.type = nla_get_u8(info->attrs[idx]);
5683 
5684 		if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
5685 			idx = NL80211_ATTR_STA_TX_POWER;
5686 
5687 			if (info->attrs[idx])
5688 				params->txpwr.power =
5689 					nla_get_s16(info->attrs[idx]);
5690 			else
5691 				return -EINVAL;
5692 		}
5693 		params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
5694 	}
5695 
5696 	return 0;
5697 }
5698 
5699 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5700 {
5701 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5702 	struct net_device *dev = info->user_ptr[1];
5703 	struct station_parameters params;
5704 	u8 *mac_addr;
5705 	int err;
5706 
5707 	memset(&params, 0, sizeof(params));
5708 
5709 	if (!rdev->ops->change_station)
5710 		return -EOPNOTSUPP;
5711 
5712 	/*
5713 	 * AID and listen_interval properties can be set only for unassociated
5714 	 * station. Include these parameters here and will check them in
5715 	 * cfg80211_check_station_change().
5716 	 */
5717 	if (info->attrs[NL80211_ATTR_STA_AID])
5718 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5719 
5720 	if (info->attrs[NL80211_ATTR_VLAN_ID])
5721 		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
5722 
5723 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5724 		params.listen_interval =
5725 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5726 	else
5727 		params.listen_interval = -1;
5728 
5729 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5730 		params.support_p2p_ps =
5731 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5732 	else
5733 		params.support_p2p_ps = -1;
5734 
5735 	if (!info->attrs[NL80211_ATTR_MAC])
5736 		return -EINVAL;
5737 
5738 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5739 
5740 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5741 		params.supported_rates =
5742 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5743 		params.supported_rates_len =
5744 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5745 	}
5746 
5747 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5748 		params.capability =
5749 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5750 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5751 	}
5752 
5753 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5754 		params.ext_capab =
5755 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5756 		params.ext_capab_len =
5757 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5758 	}
5759 
5760 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5761 		return -EINVAL;
5762 
5763 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5764 		params.plink_action =
5765 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5766 
5767 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5768 		params.plink_state =
5769 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5770 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5771 			params.peer_aid = nla_get_u16(
5772 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5773 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5774 	}
5775 
5776 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
5777 		params.local_pm = nla_get_u32(
5778 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5779 
5780 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5781 		params.opmode_notif_used = true;
5782 		params.opmode_notif =
5783 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5784 	}
5785 
5786 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5787 		params.airtime_weight =
5788 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5789 
5790 	if (params.airtime_weight &&
5791 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5792 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5793 		return -EOPNOTSUPP;
5794 
5795 	err = nl80211_parse_sta_txpower_setting(info, &params);
5796 	if (err)
5797 		return err;
5798 
5799 	/* Include parameters for TDLS peer (will check later) */
5800 	err = nl80211_set_station_tdls(info, &params);
5801 	if (err)
5802 		return err;
5803 
5804 	params.vlan = get_vlan(info, rdev);
5805 	if (IS_ERR(params.vlan))
5806 		return PTR_ERR(params.vlan);
5807 
5808 	switch (dev->ieee80211_ptr->iftype) {
5809 	case NL80211_IFTYPE_AP:
5810 	case NL80211_IFTYPE_AP_VLAN:
5811 	case NL80211_IFTYPE_P2P_GO:
5812 	case NL80211_IFTYPE_P2P_CLIENT:
5813 	case NL80211_IFTYPE_STATION:
5814 	case NL80211_IFTYPE_ADHOC:
5815 	case NL80211_IFTYPE_MESH_POINT:
5816 		break;
5817 	default:
5818 		err = -EOPNOTSUPP;
5819 		goto out_put_vlan;
5820 	}
5821 
5822 	/* driver will call cfg80211_check_station_change() */
5823 	err = rdev_change_station(rdev, dev, mac_addr, &params);
5824 
5825  out_put_vlan:
5826 	if (params.vlan)
5827 		dev_put(params.vlan);
5828 
5829 	return err;
5830 }
5831 
5832 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5833 {
5834 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5835 	int err;
5836 	struct net_device *dev = info->user_ptr[1];
5837 	struct station_parameters params;
5838 	u8 *mac_addr = NULL;
5839 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5840 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
5841 
5842 	memset(&params, 0, sizeof(params));
5843 
5844 	if (!rdev->ops->add_station)
5845 		return -EOPNOTSUPP;
5846 
5847 	if (!info->attrs[NL80211_ATTR_MAC])
5848 		return -EINVAL;
5849 
5850 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5851 		return -EINVAL;
5852 
5853 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5854 		return -EINVAL;
5855 
5856 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
5857 	    !info->attrs[NL80211_ATTR_PEER_AID])
5858 		return -EINVAL;
5859 
5860 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5861 	params.supported_rates =
5862 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5863 	params.supported_rates_len =
5864 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5865 	params.listen_interval =
5866 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5867 
5868 	if (info->attrs[NL80211_ATTR_VLAN_ID])
5869 		params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
5870 
5871 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5872 		params.support_p2p_ps =
5873 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5874 	} else {
5875 		/*
5876 		 * if not specified, assume it's supported for P2P GO interface,
5877 		 * and is NOT supported for AP interface
5878 		 */
5879 		params.support_p2p_ps =
5880 			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5881 	}
5882 
5883 	if (info->attrs[NL80211_ATTR_PEER_AID])
5884 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5885 	else
5886 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5887 
5888 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5889 		params.capability =
5890 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5891 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5892 	}
5893 
5894 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5895 		params.ext_capab =
5896 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5897 		params.ext_capab_len =
5898 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5899 	}
5900 
5901 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5902 		params.ht_capa =
5903 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5904 
5905 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5906 		params.vht_capa =
5907 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5908 
5909 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5910 		params.he_capa =
5911 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5912 		params.he_capa_len =
5913 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5914 
5915 		/* max len is validated in nla policy */
5916 		if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5917 			return -EINVAL;
5918 	}
5919 
5920 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5921 		params.opmode_notif_used = true;
5922 		params.opmode_notif =
5923 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5924 	}
5925 
5926 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5927 		params.plink_action =
5928 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5929 
5930 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5931 		params.airtime_weight =
5932 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5933 
5934 	if (params.airtime_weight &&
5935 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5936 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5937 		return -EOPNOTSUPP;
5938 
5939 	err = nl80211_parse_sta_txpower_setting(info, &params);
5940 	if (err)
5941 		return err;
5942 
5943 	err = nl80211_parse_sta_channel_info(info, &params);
5944 	if (err)
5945 		return err;
5946 
5947 	err = nl80211_parse_sta_wme(info, &params);
5948 	if (err)
5949 		return err;
5950 
5951 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5952 		return -EINVAL;
5953 
5954 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5955 	 * as userspace might just pass through the capabilities from the IEs
5956 	 * directly, rather than enforcing this restriction and returning an
5957 	 * error in this case.
5958 	 */
5959 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5960 		params.ht_capa = NULL;
5961 		params.vht_capa = NULL;
5962 
5963 		/* HE requires WME */
5964 		if (params.he_capa_len)
5965 			return -EINVAL;
5966 	}
5967 
5968 	/* When you run into this, adjust the code below for the new flag */
5969 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5970 
5971 	switch (dev->ieee80211_ptr->iftype) {
5972 	case NL80211_IFTYPE_AP:
5973 	case NL80211_IFTYPE_AP_VLAN:
5974 	case NL80211_IFTYPE_P2P_GO:
5975 		/* ignore WME attributes if iface/sta is not capable */
5976 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5977 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5978 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5979 
5980 		/* TDLS peers cannot be added */
5981 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5982 		    info->attrs[NL80211_ATTR_PEER_AID])
5983 			return -EINVAL;
5984 		/* but don't bother the driver with it */
5985 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5986 
5987 		/* allow authenticated/associated only if driver handles it */
5988 		if (!(rdev->wiphy.features &
5989 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5990 		    params.sta_flags_mask & auth_assoc)
5991 			return -EINVAL;
5992 
5993 		/* Older userspace, or userspace wanting to be compatible with
5994 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5995 		 * and assoc flags in the mask, but assumes the station will be
5996 		 * added as associated anyway since this was the required driver
5997 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5998 		 * introduced.
5999 		 * In order to not bother drivers with this quirk in the API
6000 		 * set the flags in both the mask and set for new stations in
6001 		 * this case.
6002 		 */
6003 		if (!(params.sta_flags_mask & auth_assoc)) {
6004 			params.sta_flags_mask |= auth_assoc;
6005 			params.sta_flags_set |= auth_assoc;
6006 		}
6007 
6008 		/* must be last in here for error handling */
6009 		params.vlan = get_vlan(info, rdev);
6010 		if (IS_ERR(params.vlan))
6011 			return PTR_ERR(params.vlan);
6012 		break;
6013 	case NL80211_IFTYPE_MESH_POINT:
6014 		/* ignore uAPSD data */
6015 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6016 
6017 		/* associated is disallowed */
6018 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
6019 			return -EINVAL;
6020 		/* TDLS peers cannot be added */
6021 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
6022 		    info->attrs[NL80211_ATTR_PEER_AID])
6023 			return -EINVAL;
6024 		break;
6025 	case NL80211_IFTYPE_STATION:
6026 	case NL80211_IFTYPE_P2P_CLIENT:
6027 		/* ignore uAPSD data */
6028 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
6029 
6030 		/* these are disallowed */
6031 		if (params.sta_flags_mask &
6032 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
6033 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
6034 			return -EINVAL;
6035 		/* Only TDLS peers can be added */
6036 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
6037 			return -EINVAL;
6038 		/* Can only add if TDLS ... */
6039 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
6040 			return -EOPNOTSUPP;
6041 		/* ... with external setup is supported */
6042 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
6043 			return -EOPNOTSUPP;
6044 		/*
6045 		 * Older wpa_supplicant versions always mark the TDLS peer
6046 		 * as authorized, but it shouldn't yet be.
6047 		 */
6048 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
6049 		break;
6050 	default:
6051 		return -EOPNOTSUPP;
6052 	}
6053 
6054 	/* be aware of params.vlan when changing code here */
6055 
6056 	err = rdev_add_station(rdev, dev, mac_addr, &params);
6057 
6058 	if (params.vlan)
6059 		dev_put(params.vlan);
6060 	return err;
6061 }
6062 
6063 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
6064 {
6065 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6066 	struct net_device *dev = info->user_ptr[1];
6067 	struct station_del_parameters params;
6068 
6069 	memset(&params, 0, sizeof(params));
6070 
6071 	if (info->attrs[NL80211_ATTR_MAC])
6072 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
6073 
6074 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6075 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
6076 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
6077 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6078 		return -EINVAL;
6079 
6080 	if (!rdev->ops->del_station)
6081 		return -EOPNOTSUPP;
6082 
6083 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
6084 		params.subtype =
6085 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
6086 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
6087 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
6088 			return -EINVAL;
6089 	} else {
6090 		/* Default to Deauthentication frame */
6091 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
6092 	}
6093 
6094 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
6095 		params.reason_code =
6096 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6097 		if (params.reason_code == 0)
6098 			return -EINVAL; /* 0 is reserved */
6099 	} else {
6100 		/* Default to reason code 2 */
6101 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
6102 	}
6103 
6104 	return rdev_del_station(rdev, dev, &params);
6105 }
6106 
6107 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
6108 				int flags, struct net_device *dev,
6109 				u8 *dst, u8 *next_hop,
6110 				struct mpath_info *pinfo)
6111 {
6112 	void *hdr;
6113 	struct nlattr *pinfoattr;
6114 
6115 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
6116 	if (!hdr)
6117 		return -1;
6118 
6119 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6120 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
6121 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
6122 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
6123 		goto nla_put_failure;
6124 
6125 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
6126 	if (!pinfoattr)
6127 		goto nla_put_failure;
6128 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
6129 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
6130 			pinfo->frame_qlen))
6131 		goto nla_put_failure;
6132 	if (((pinfo->filled & MPATH_INFO_SN) &&
6133 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
6134 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
6135 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
6136 			 pinfo->metric)) ||
6137 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
6138 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
6139 			 pinfo->exptime)) ||
6140 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
6141 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
6142 			pinfo->flags)) ||
6143 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
6144 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
6145 			 pinfo->discovery_timeout)) ||
6146 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
6147 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
6148 			pinfo->discovery_retries)) ||
6149 	    ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
6150 	     nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
6151 			pinfo->hop_count)) ||
6152 	    ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
6153 	     nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
6154 			 pinfo->path_change_count)))
6155 		goto nla_put_failure;
6156 
6157 	nla_nest_end(msg, pinfoattr);
6158 
6159 	genlmsg_end(msg, hdr);
6160 	return 0;
6161 
6162  nla_put_failure:
6163 	genlmsg_cancel(msg, hdr);
6164 	return -EMSGSIZE;
6165 }
6166 
6167 static int nl80211_dump_mpath(struct sk_buff *skb,
6168 			      struct netlink_callback *cb)
6169 {
6170 	struct mpath_info pinfo;
6171 	struct cfg80211_registered_device *rdev;
6172 	struct wireless_dev *wdev;
6173 	u8 dst[ETH_ALEN];
6174 	u8 next_hop[ETH_ALEN];
6175 	int path_idx = cb->args[2];
6176 	int err;
6177 
6178 	rtnl_lock();
6179 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6180 	if (err)
6181 		goto out_err;
6182 
6183 	if (!rdev->ops->dump_mpath) {
6184 		err = -EOPNOTSUPP;
6185 		goto out_err;
6186 	}
6187 
6188 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6189 		err = -EOPNOTSUPP;
6190 		goto out_err;
6191 	}
6192 
6193 	while (1) {
6194 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6195 				      next_hop, &pinfo);
6196 		if (err == -ENOENT)
6197 			break;
6198 		if (err)
6199 			goto out_err;
6200 
6201 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6202 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6203 				       wdev->netdev, dst, next_hop,
6204 				       &pinfo) < 0)
6205 			goto out;
6206 
6207 		path_idx++;
6208 	}
6209 
6210  out:
6211 	cb->args[2] = path_idx;
6212 	err = skb->len;
6213  out_err:
6214 	rtnl_unlock();
6215 	return err;
6216 }
6217 
6218 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6219 {
6220 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6221 	int err;
6222 	struct net_device *dev = info->user_ptr[1];
6223 	struct mpath_info pinfo;
6224 	struct sk_buff *msg;
6225 	u8 *dst = NULL;
6226 	u8 next_hop[ETH_ALEN];
6227 
6228 	memset(&pinfo, 0, sizeof(pinfo));
6229 
6230 	if (!info->attrs[NL80211_ATTR_MAC])
6231 		return -EINVAL;
6232 
6233 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6234 
6235 	if (!rdev->ops->get_mpath)
6236 		return -EOPNOTSUPP;
6237 
6238 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6239 		return -EOPNOTSUPP;
6240 
6241 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6242 	if (err)
6243 		return err;
6244 
6245 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6246 	if (!msg)
6247 		return -ENOMEM;
6248 
6249 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6250 				 dev, dst, next_hop, &pinfo) < 0) {
6251 		nlmsg_free(msg);
6252 		return -ENOBUFS;
6253 	}
6254 
6255 	return genlmsg_reply(msg, info);
6256 }
6257 
6258 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6259 {
6260 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6261 	struct net_device *dev = info->user_ptr[1];
6262 	u8 *dst = NULL;
6263 	u8 *next_hop = NULL;
6264 
6265 	if (!info->attrs[NL80211_ATTR_MAC])
6266 		return -EINVAL;
6267 
6268 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6269 		return -EINVAL;
6270 
6271 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6272 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6273 
6274 	if (!rdev->ops->change_mpath)
6275 		return -EOPNOTSUPP;
6276 
6277 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6278 		return -EOPNOTSUPP;
6279 
6280 	return rdev_change_mpath(rdev, dev, dst, next_hop);
6281 }
6282 
6283 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6284 {
6285 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6286 	struct net_device *dev = info->user_ptr[1];
6287 	u8 *dst = NULL;
6288 	u8 *next_hop = NULL;
6289 
6290 	if (!info->attrs[NL80211_ATTR_MAC])
6291 		return -EINVAL;
6292 
6293 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6294 		return -EINVAL;
6295 
6296 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6297 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6298 
6299 	if (!rdev->ops->add_mpath)
6300 		return -EOPNOTSUPP;
6301 
6302 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6303 		return -EOPNOTSUPP;
6304 
6305 	return rdev_add_mpath(rdev, dev, dst, next_hop);
6306 }
6307 
6308 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6309 {
6310 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6311 	struct net_device *dev = info->user_ptr[1];
6312 	u8 *dst = NULL;
6313 
6314 	if (info->attrs[NL80211_ATTR_MAC])
6315 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6316 
6317 	if (!rdev->ops->del_mpath)
6318 		return -EOPNOTSUPP;
6319 
6320 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6321 		return -EOPNOTSUPP;
6322 
6323 	return rdev_del_mpath(rdev, dev, dst);
6324 }
6325 
6326 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6327 {
6328 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6329 	int err;
6330 	struct net_device *dev = info->user_ptr[1];
6331 	struct mpath_info pinfo;
6332 	struct sk_buff *msg;
6333 	u8 *dst = NULL;
6334 	u8 mpp[ETH_ALEN];
6335 
6336 	memset(&pinfo, 0, sizeof(pinfo));
6337 
6338 	if (!info->attrs[NL80211_ATTR_MAC])
6339 		return -EINVAL;
6340 
6341 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6342 
6343 	if (!rdev->ops->get_mpp)
6344 		return -EOPNOTSUPP;
6345 
6346 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6347 		return -EOPNOTSUPP;
6348 
6349 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6350 	if (err)
6351 		return err;
6352 
6353 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6354 	if (!msg)
6355 		return -ENOMEM;
6356 
6357 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6358 			       dev, dst, mpp, &pinfo) < 0) {
6359 		nlmsg_free(msg);
6360 		return -ENOBUFS;
6361 	}
6362 
6363 	return genlmsg_reply(msg, info);
6364 }
6365 
6366 static int nl80211_dump_mpp(struct sk_buff *skb,
6367 			    struct netlink_callback *cb)
6368 {
6369 	struct mpath_info pinfo;
6370 	struct cfg80211_registered_device *rdev;
6371 	struct wireless_dev *wdev;
6372 	u8 dst[ETH_ALEN];
6373 	u8 mpp[ETH_ALEN];
6374 	int path_idx = cb->args[2];
6375 	int err;
6376 
6377 	rtnl_lock();
6378 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6379 	if (err)
6380 		goto out_err;
6381 
6382 	if (!rdev->ops->dump_mpp) {
6383 		err = -EOPNOTSUPP;
6384 		goto out_err;
6385 	}
6386 
6387 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6388 		err = -EOPNOTSUPP;
6389 		goto out_err;
6390 	}
6391 
6392 	while (1) {
6393 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6394 				    mpp, &pinfo);
6395 		if (err == -ENOENT)
6396 			break;
6397 		if (err)
6398 			goto out_err;
6399 
6400 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6401 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6402 				       wdev->netdev, dst, mpp,
6403 				       &pinfo) < 0)
6404 			goto out;
6405 
6406 		path_idx++;
6407 	}
6408 
6409  out:
6410 	cb->args[2] = path_idx;
6411 	err = skb->len;
6412  out_err:
6413 	rtnl_unlock();
6414 	return err;
6415 }
6416 
6417 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6418 {
6419 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6420 	struct net_device *dev = info->user_ptr[1];
6421 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6422 	struct bss_parameters params;
6423 	int err;
6424 
6425 	memset(&params, 0, sizeof(params));
6426 	/* default to not changing parameters */
6427 	params.use_cts_prot = -1;
6428 	params.use_short_preamble = -1;
6429 	params.use_short_slot_time = -1;
6430 	params.ap_isolate = -1;
6431 	params.ht_opmode = -1;
6432 	params.p2p_ctwindow = -1;
6433 	params.p2p_opp_ps = -1;
6434 
6435 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6436 		params.use_cts_prot =
6437 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6438 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6439 		params.use_short_preamble =
6440 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6441 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6442 		params.use_short_slot_time =
6443 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6444 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6445 		params.basic_rates =
6446 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6447 		params.basic_rates_len =
6448 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6449 	}
6450 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6451 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6452 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6453 		params.ht_opmode =
6454 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6455 
6456 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6457 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6458 			return -EINVAL;
6459 		params.p2p_ctwindow =
6460 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6461 		if (params.p2p_ctwindow != 0 &&
6462 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6463 			return -EINVAL;
6464 	}
6465 
6466 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6467 		u8 tmp;
6468 
6469 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6470 			return -EINVAL;
6471 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6472 		params.p2p_opp_ps = tmp;
6473 		if (params.p2p_opp_ps &&
6474 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6475 			return -EINVAL;
6476 	}
6477 
6478 	if (!rdev->ops->change_bss)
6479 		return -EOPNOTSUPP;
6480 
6481 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6482 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6483 		return -EOPNOTSUPP;
6484 
6485 	wdev_lock(wdev);
6486 	err = rdev_change_bss(rdev, dev, &params);
6487 	wdev_unlock(wdev);
6488 
6489 	return err;
6490 }
6491 
6492 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6493 {
6494 	char *data = NULL;
6495 	bool is_indoor;
6496 	enum nl80211_user_reg_hint_type user_reg_hint_type;
6497 	u32 owner_nlportid;
6498 
6499 	/*
6500 	 * You should only get this when cfg80211 hasn't yet initialized
6501 	 * completely when built-in to the kernel right between the time
6502 	 * window between nl80211_init() and regulatory_init(), if that is
6503 	 * even possible.
6504 	 */
6505 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6506 		return -EINPROGRESS;
6507 
6508 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6509 		user_reg_hint_type =
6510 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6511 	else
6512 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6513 
6514 	switch (user_reg_hint_type) {
6515 	case NL80211_USER_REG_HINT_USER:
6516 	case NL80211_USER_REG_HINT_CELL_BASE:
6517 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6518 			return -EINVAL;
6519 
6520 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6521 		return regulatory_hint_user(data, user_reg_hint_type);
6522 	case NL80211_USER_REG_HINT_INDOOR:
6523 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6524 			owner_nlportid = info->snd_portid;
6525 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6526 		} else {
6527 			owner_nlportid = 0;
6528 			is_indoor = true;
6529 		}
6530 
6531 		return regulatory_hint_indoor(is_indoor, owner_nlportid);
6532 	default:
6533 		return -EINVAL;
6534 	}
6535 }
6536 
6537 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6538 {
6539 	return reg_reload_regdb();
6540 }
6541 
6542 static int nl80211_get_mesh_config(struct sk_buff *skb,
6543 				   struct genl_info *info)
6544 {
6545 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6546 	struct net_device *dev = info->user_ptr[1];
6547 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6548 	struct mesh_config cur_params;
6549 	int err = 0;
6550 	void *hdr;
6551 	struct nlattr *pinfoattr;
6552 	struct sk_buff *msg;
6553 
6554 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6555 		return -EOPNOTSUPP;
6556 
6557 	if (!rdev->ops->get_mesh_config)
6558 		return -EOPNOTSUPP;
6559 
6560 	wdev_lock(wdev);
6561 	/* If not connected, get default parameters */
6562 	if (!wdev->mesh_id_len)
6563 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6564 	else
6565 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
6566 	wdev_unlock(wdev);
6567 
6568 	if (err)
6569 		return err;
6570 
6571 	/* Draw up a netlink message to send back */
6572 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6573 	if (!msg)
6574 		return -ENOMEM;
6575 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6576 			     NL80211_CMD_GET_MESH_CONFIG);
6577 	if (!hdr)
6578 		goto out;
6579 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6580 	if (!pinfoattr)
6581 		goto nla_put_failure;
6582 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6583 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6584 			cur_params.dot11MeshRetryTimeout) ||
6585 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6586 			cur_params.dot11MeshConfirmTimeout) ||
6587 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6588 			cur_params.dot11MeshHoldingTimeout) ||
6589 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6590 			cur_params.dot11MeshMaxPeerLinks) ||
6591 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6592 		       cur_params.dot11MeshMaxRetries) ||
6593 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
6594 		       cur_params.dot11MeshTTL) ||
6595 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6596 		       cur_params.element_ttl) ||
6597 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6598 		       cur_params.auto_open_plinks) ||
6599 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6600 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6601 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6602 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
6603 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6604 			cur_params.path_refresh_time) ||
6605 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6606 			cur_params.min_discovery_timeout) ||
6607 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6608 			cur_params.dot11MeshHWMPactivePathTimeout) ||
6609 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6610 			cur_params.dot11MeshHWMPpreqMinInterval) ||
6611 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6612 			cur_params.dot11MeshHWMPperrMinInterval) ||
6613 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6614 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6615 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6616 		       cur_params.dot11MeshHWMPRootMode) ||
6617 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6618 			cur_params.dot11MeshHWMPRannInterval) ||
6619 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6620 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
6621 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6622 		       cur_params.dot11MeshForwarding) ||
6623 	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6624 			cur_params.rssi_threshold) ||
6625 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6626 			cur_params.ht_opmode) ||
6627 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6628 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6629 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6630 			cur_params.dot11MeshHWMProotInterval) ||
6631 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6632 			cur_params.dot11MeshHWMPconfirmationInterval) ||
6633 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6634 			cur_params.power_mode) ||
6635 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6636 			cur_params.dot11MeshAwakeWindowDuration) ||
6637 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6638 			cur_params.plink_timeout) ||
6639 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6640 		       cur_params.dot11MeshConnectedToMeshGate))
6641 		goto nla_put_failure;
6642 	nla_nest_end(msg, pinfoattr);
6643 	genlmsg_end(msg, hdr);
6644 	return genlmsg_reply(msg, info);
6645 
6646  nla_put_failure:
6647  out:
6648 	nlmsg_free(msg);
6649 	return -ENOBUFS;
6650 }
6651 
6652 static const struct nla_policy
6653 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6654 	[NL80211_MESHCONF_RETRY_TIMEOUT] =
6655 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6656 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6657 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6658 	[NL80211_MESHCONF_HOLDING_TIMEOUT] =
6659 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6660 	[NL80211_MESHCONF_MAX_PEER_LINKS] =
6661 		NLA_POLICY_RANGE(NLA_U16, 0, 255),
6662 	[NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6663 	[NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6664 	[NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6665 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6666 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6667 		NLA_POLICY_RANGE(NLA_U32, 1, 255),
6668 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6669 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6670 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6671 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6672 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6673 		NLA_POLICY_MIN(NLA_U16, 1),
6674 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6675 		NLA_POLICY_MIN(NLA_U16, 1),
6676 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6677 		NLA_POLICY_MIN(NLA_U16, 1),
6678 	[NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6679 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6680 		NLA_POLICY_MIN(NLA_U16, 1),
6681 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6682 	[NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6683 	[NL80211_MESHCONF_RSSI_THRESHOLD] =
6684 		NLA_POLICY_RANGE(NLA_S32, -255, 0),
6685 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6686 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6687 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6688 		NLA_POLICY_MIN(NLA_U16, 1),
6689 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6690 		NLA_POLICY_MIN(NLA_U16, 1),
6691 	[NL80211_MESHCONF_POWER_MODE] =
6692 		NLA_POLICY_RANGE(NLA_U32,
6693 				 NL80211_MESH_POWER_ACTIVE,
6694 				 NL80211_MESH_POWER_MAX),
6695 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6696 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6697 	[NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6698 };
6699 
6700 static const struct nla_policy
6701 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6702 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6703 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6704 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6705 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6706 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6707 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6708 	[NL80211_MESH_SETUP_IE] =
6709 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6710 				       IEEE80211_MAX_DATA_LEN),
6711 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6712 };
6713 
6714 static int nl80211_parse_mesh_config(struct genl_info *info,
6715 				     struct mesh_config *cfg,
6716 				     u32 *mask_out)
6717 {
6718 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6719 	u32 mask = 0;
6720 	u16 ht_opmode;
6721 
6722 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)	\
6723 do {									\
6724 	if (tb[attr]) {							\
6725 		cfg->param = fn(tb[attr]);				\
6726 		mask |= BIT((attr) - 1);				\
6727 	}								\
6728 } while (0)
6729 
6730 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6731 		return -EINVAL;
6732 	if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6733 		return -EINVAL;
6734 
6735 	/* This makes sure that there aren't more than 32 mesh config
6736 	 * parameters (otherwise our bitfield scheme would not work.) */
6737 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6738 
6739 	/* Fill in the params struct */
6740 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6741 				  NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6742 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6743 				  NL80211_MESHCONF_CONFIRM_TIMEOUT,
6744 				  nla_get_u16);
6745 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
6746 				  NL80211_MESHCONF_HOLDING_TIMEOUT,
6747 				  nla_get_u16);
6748 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
6749 				  NL80211_MESHCONF_MAX_PEER_LINKS,
6750 				  nla_get_u16);
6751 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
6752 				  NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
6753 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
6754 				  NL80211_MESHCONF_TTL, nla_get_u8);
6755 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
6756 				  NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
6757 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
6758 				  NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6759 				  nla_get_u8);
6760 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6761 				  mask,
6762 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6763 				  nla_get_u32);
6764 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
6765 				  NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6766 				  nla_get_u8);
6767 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
6768 				  NL80211_MESHCONF_PATH_REFRESH_TIME,
6769 				  nla_get_u32);
6770 	if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
6771 	    (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
6772 		return -EINVAL;
6773 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
6774 				  NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6775 				  nla_get_u16);
6776 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6777 				  mask,
6778 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6779 				  nla_get_u32);
6780 	if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
6781 	    (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
6782 	     cfg->dot11MeshHWMPactivePathTimeout > 65535))
6783 		return -EINVAL;
6784 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
6785 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6786 				  nla_get_u16);
6787 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
6788 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6789 				  nla_get_u16);
6790 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6791 				  dot11MeshHWMPnetDiameterTraversalTime, mask,
6792 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6793 				  nla_get_u16);
6794 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
6795 				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
6796 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
6797 				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6798 				  nla_get_u16);
6799 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
6800 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6801 				  nla_get_u8);
6802 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
6803 				  NL80211_MESHCONF_FORWARDING, nla_get_u8);
6804 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
6805 				  NL80211_MESHCONF_RSSI_THRESHOLD,
6806 				  nla_get_s32);
6807 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
6808 				  NL80211_MESHCONF_CONNECTED_TO_GATE,
6809 				  nla_get_u8);
6810 	/*
6811 	 * Check HT operation mode based on
6812 	 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
6813 	 */
6814 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6815 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6816 
6817 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6818 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6819 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6820 			return -EINVAL;
6821 
6822 		/* NON_HT_STA bit is reserved, but some programs set it */
6823 		ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6824 
6825 		cfg->ht_opmode = ht_opmode;
6826 		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6827 	}
6828 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6829 				  dot11MeshHWMPactivePathToRootTimeout, mask,
6830 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6831 				  nla_get_u32);
6832 	if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
6833 	    (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
6834 	     cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
6835 		return -EINVAL;
6836 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
6837 				  NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6838 				  nla_get_u16);
6839 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
6840 				  mask,
6841 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6842 				  nla_get_u16);
6843 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
6844 				  NL80211_MESHCONF_POWER_MODE, nla_get_u32);
6845 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
6846 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
6847 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
6848 				  NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
6849 	if (mask_out)
6850 		*mask_out = mask;
6851 
6852 	return 0;
6853 
6854 #undef FILL_IN_MESH_PARAM_IF_SET
6855 }
6856 
6857 static int nl80211_parse_mesh_setup(struct genl_info *info,
6858 				     struct mesh_setup *setup)
6859 {
6860 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6861 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6862 
6863 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6864 		return -EINVAL;
6865 	if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
6866 		return -EINVAL;
6867 
6868 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6869 		setup->sync_method =
6870 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6871 		 IEEE80211_SYNC_METHOD_VENDOR :
6872 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6873 
6874 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6875 		setup->path_sel_proto =
6876 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6877 		 IEEE80211_PATH_PROTOCOL_VENDOR :
6878 		 IEEE80211_PATH_PROTOCOL_HWMP;
6879 
6880 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6881 		setup->path_metric =
6882 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6883 		 IEEE80211_PATH_METRIC_VENDOR :
6884 		 IEEE80211_PATH_METRIC_AIRTIME;
6885 
6886 	if (tb[NL80211_MESH_SETUP_IE]) {
6887 		struct nlattr *ieattr =
6888 			tb[NL80211_MESH_SETUP_IE];
6889 		setup->ie = nla_data(ieattr);
6890 		setup->ie_len = nla_len(ieattr);
6891 	}
6892 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6893 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6894 		return -EINVAL;
6895 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6896 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6897 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6898 	if (setup->is_secure)
6899 		setup->user_mpm = true;
6900 
6901 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6902 		if (!setup->user_mpm)
6903 			return -EINVAL;
6904 		setup->auth_id =
6905 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6906 	}
6907 
6908 	return 0;
6909 }
6910 
6911 static int nl80211_update_mesh_config(struct sk_buff *skb,
6912 				      struct genl_info *info)
6913 {
6914 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6915 	struct net_device *dev = info->user_ptr[1];
6916 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6917 	struct mesh_config cfg;
6918 	u32 mask;
6919 	int err;
6920 
6921 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6922 		return -EOPNOTSUPP;
6923 
6924 	if (!rdev->ops->update_mesh_config)
6925 		return -EOPNOTSUPP;
6926 
6927 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
6928 	if (err)
6929 		return err;
6930 
6931 	wdev_lock(wdev);
6932 	if (!wdev->mesh_id_len)
6933 		err = -ENOLINK;
6934 
6935 	if (!err)
6936 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6937 
6938 	wdev_unlock(wdev);
6939 
6940 	return err;
6941 }
6942 
6943 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6944 			      struct sk_buff *msg)
6945 {
6946 	struct nlattr *nl_reg_rules;
6947 	unsigned int i;
6948 
6949 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6950 	    (regdom->dfs_region &&
6951 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6952 		goto nla_put_failure;
6953 
6954 	nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
6955 	if (!nl_reg_rules)
6956 		goto nla_put_failure;
6957 
6958 	for (i = 0; i < regdom->n_reg_rules; i++) {
6959 		struct nlattr *nl_reg_rule;
6960 		const struct ieee80211_reg_rule *reg_rule;
6961 		const struct ieee80211_freq_range *freq_range;
6962 		const struct ieee80211_power_rule *power_rule;
6963 		unsigned int max_bandwidth_khz;
6964 
6965 		reg_rule = &regdom->reg_rules[i];
6966 		freq_range = &reg_rule->freq_range;
6967 		power_rule = &reg_rule->power_rule;
6968 
6969 		nl_reg_rule = nla_nest_start_noflag(msg, i);
6970 		if (!nl_reg_rule)
6971 			goto nla_put_failure;
6972 
6973 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
6974 		if (!max_bandwidth_khz)
6975 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6976 								  reg_rule);
6977 
6978 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6979 				reg_rule->flags) ||
6980 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6981 				freq_range->start_freq_khz) ||
6982 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6983 				freq_range->end_freq_khz) ||
6984 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6985 				max_bandwidth_khz) ||
6986 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6987 				power_rule->max_antenna_gain) ||
6988 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6989 				power_rule->max_eirp) ||
6990 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6991 				reg_rule->dfs_cac_ms))
6992 			goto nla_put_failure;
6993 
6994 		nla_nest_end(msg, nl_reg_rule);
6995 	}
6996 
6997 	nla_nest_end(msg, nl_reg_rules);
6998 	return 0;
6999 
7000 nla_put_failure:
7001 	return -EMSGSIZE;
7002 }
7003 
7004 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
7005 {
7006 	const struct ieee80211_regdomain *regdom = NULL;
7007 	struct cfg80211_registered_device *rdev;
7008 	struct wiphy *wiphy = NULL;
7009 	struct sk_buff *msg;
7010 	void *hdr;
7011 
7012 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7013 	if (!msg)
7014 		return -ENOBUFS;
7015 
7016 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7017 			     NL80211_CMD_GET_REG);
7018 	if (!hdr)
7019 		goto put_failure;
7020 
7021 	if (info->attrs[NL80211_ATTR_WIPHY]) {
7022 		bool self_managed;
7023 
7024 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
7025 		if (IS_ERR(rdev)) {
7026 			nlmsg_free(msg);
7027 			return PTR_ERR(rdev);
7028 		}
7029 
7030 		wiphy = &rdev->wiphy;
7031 		self_managed = wiphy->regulatory_flags &
7032 			       REGULATORY_WIPHY_SELF_MANAGED;
7033 		regdom = get_wiphy_regdom(wiphy);
7034 
7035 		/* a self-managed-reg device must have a private regdom */
7036 		if (WARN_ON(!regdom && self_managed)) {
7037 			nlmsg_free(msg);
7038 			return -EINVAL;
7039 		}
7040 
7041 		if (regdom &&
7042 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7043 			goto nla_put_failure;
7044 	}
7045 
7046 	if (!wiphy && reg_last_request_cell_base() &&
7047 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7048 			NL80211_USER_REG_HINT_CELL_BASE))
7049 		goto nla_put_failure;
7050 
7051 	rcu_read_lock();
7052 
7053 	if (!regdom)
7054 		regdom = rcu_dereference(cfg80211_regdomain);
7055 
7056 	if (nl80211_put_regdom(regdom, msg))
7057 		goto nla_put_failure_rcu;
7058 
7059 	rcu_read_unlock();
7060 
7061 	genlmsg_end(msg, hdr);
7062 	return genlmsg_reply(msg, info);
7063 
7064 nla_put_failure_rcu:
7065 	rcu_read_unlock();
7066 nla_put_failure:
7067 put_failure:
7068 	nlmsg_free(msg);
7069 	return -EMSGSIZE;
7070 }
7071 
7072 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
7073 			       u32 seq, int flags, struct wiphy *wiphy,
7074 			       const struct ieee80211_regdomain *regdom)
7075 {
7076 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
7077 				   NL80211_CMD_GET_REG);
7078 
7079 	if (!hdr)
7080 		return -1;
7081 
7082 	genl_dump_check_consistent(cb, hdr);
7083 
7084 	if (nl80211_put_regdom(regdom, msg))
7085 		goto nla_put_failure;
7086 
7087 	if (!wiphy && reg_last_request_cell_base() &&
7088 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
7089 			NL80211_USER_REG_HINT_CELL_BASE))
7090 		goto nla_put_failure;
7091 
7092 	if (wiphy &&
7093 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
7094 		goto nla_put_failure;
7095 
7096 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
7097 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
7098 		goto nla_put_failure;
7099 
7100 	genlmsg_end(msg, hdr);
7101 	return 0;
7102 
7103 nla_put_failure:
7104 	genlmsg_cancel(msg, hdr);
7105 	return -EMSGSIZE;
7106 }
7107 
7108 static int nl80211_get_reg_dump(struct sk_buff *skb,
7109 				struct netlink_callback *cb)
7110 {
7111 	const struct ieee80211_regdomain *regdom = NULL;
7112 	struct cfg80211_registered_device *rdev;
7113 	int err, reg_idx, start = cb->args[2];
7114 
7115 	rtnl_lock();
7116 
7117 	if (cfg80211_regdomain && start == 0) {
7118 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7119 					  NLM_F_MULTI, NULL,
7120 					  rtnl_dereference(cfg80211_regdomain));
7121 		if (err < 0)
7122 			goto out_err;
7123 	}
7124 
7125 	/* the global regdom is idx 0 */
7126 	reg_idx = 1;
7127 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
7128 		regdom = get_wiphy_regdom(&rdev->wiphy);
7129 		if (!regdom)
7130 			continue;
7131 
7132 		if (++reg_idx <= start)
7133 			continue;
7134 
7135 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
7136 					  NLM_F_MULTI, &rdev->wiphy, regdom);
7137 		if (err < 0) {
7138 			reg_idx--;
7139 			break;
7140 		}
7141 	}
7142 
7143 	cb->args[2] = reg_idx;
7144 	err = skb->len;
7145 out_err:
7146 	rtnl_unlock();
7147 	return err;
7148 }
7149 
7150 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
7151 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
7152 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
7153 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
7154 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
7155 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
7156 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
7157 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
7158 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
7159 };
7160 
7161 static int parse_reg_rule(struct nlattr *tb[],
7162 	struct ieee80211_reg_rule *reg_rule)
7163 {
7164 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
7165 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
7166 
7167 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
7168 		return -EINVAL;
7169 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
7170 		return -EINVAL;
7171 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7172 		return -EINVAL;
7173 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7174 		return -EINVAL;
7175 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7176 		return -EINVAL;
7177 
7178 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7179 
7180 	freq_range->start_freq_khz =
7181 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7182 	freq_range->end_freq_khz =
7183 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7184 	freq_range->max_bandwidth_khz =
7185 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7186 
7187 	power_rule->max_eirp =
7188 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7189 
7190 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7191 		power_rule->max_antenna_gain =
7192 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7193 
7194 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
7195 		reg_rule->dfs_cac_ms =
7196 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7197 
7198 	return 0;
7199 }
7200 
7201 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7202 {
7203 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7204 	struct nlattr *nl_reg_rule;
7205 	char *alpha2;
7206 	int rem_reg_rules, r;
7207 	u32 num_rules = 0, rule_idx = 0;
7208 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7209 	struct ieee80211_regdomain *rd;
7210 
7211 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7212 		return -EINVAL;
7213 
7214 	if (!info->attrs[NL80211_ATTR_REG_RULES])
7215 		return -EINVAL;
7216 
7217 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7218 
7219 	if (info->attrs[NL80211_ATTR_DFS_REGION])
7220 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7221 
7222 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7223 			    rem_reg_rules) {
7224 		num_rules++;
7225 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7226 			return -EINVAL;
7227 	}
7228 
7229 	if (!reg_is_valid_request(alpha2))
7230 		return -EINVAL;
7231 
7232 	rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7233 	if (!rd)
7234 		return -ENOMEM;
7235 
7236 	rd->n_reg_rules = num_rules;
7237 	rd->alpha2[0] = alpha2[0];
7238 	rd->alpha2[1] = alpha2[1];
7239 
7240 	/*
7241 	 * Disable DFS master mode if the DFS region was
7242 	 * not supported or known on this kernel.
7243 	 */
7244 	if (reg_supported_dfs_region(dfs_region))
7245 		rd->dfs_region = dfs_region;
7246 
7247 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7248 			    rem_reg_rules) {
7249 		r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7250 						nl_reg_rule, reg_rule_policy,
7251 						info->extack);
7252 		if (r)
7253 			goto bad_reg;
7254 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7255 		if (r)
7256 			goto bad_reg;
7257 
7258 		rule_idx++;
7259 
7260 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7261 			r = -EINVAL;
7262 			goto bad_reg;
7263 		}
7264 	}
7265 
7266 	/* set_regdom takes ownership of rd */
7267 	return set_regdom(rd, REGD_SOURCE_CRDA);
7268  bad_reg:
7269 	kfree(rd);
7270 	return r;
7271 }
7272 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7273 
7274 static int validate_scan_freqs(struct nlattr *freqs)
7275 {
7276 	struct nlattr *attr1, *attr2;
7277 	int n_channels = 0, tmp1, tmp2;
7278 
7279 	nla_for_each_nested(attr1, freqs, tmp1)
7280 		if (nla_len(attr1) != sizeof(u32))
7281 			return 0;
7282 
7283 	nla_for_each_nested(attr1, freqs, tmp1) {
7284 		n_channels++;
7285 		/*
7286 		 * Some hardware has a limited channel list for
7287 		 * scanning, and it is pretty much nonsensical
7288 		 * to scan for a channel twice, so disallow that
7289 		 * and don't require drivers to check that the
7290 		 * channel list they get isn't longer than what
7291 		 * they can scan, as long as they can scan all
7292 		 * the channels they registered at once.
7293 		 */
7294 		nla_for_each_nested(attr2, freqs, tmp2)
7295 			if (attr1 != attr2 &&
7296 			    nla_get_u32(attr1) == nla_get_u32(attr2))
7297 				return 0;
7298 	}
7299 
7300 	return n_channels;
7301 }
7302 
7303 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7304 {
7305 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
7306 }
7307 
7308 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7309 			    struct cfg80211_bss_selection *bss_select)
7310 {
7311 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7312 	struct nlattr *nest;
7313 	int err;
7314 	bool found = false;
7315 	int i;
7316 
7317 	/* only process one nested attribute */
7318 	nest = nla_data(nla);
7319 	if (!nla_ok(nest, nla_len(nest)))
7320 		return -EINVAL;
7321 
7322 	err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7323 					  nest, nl80211_bss_select_policy,
7324 					  NULL);
7325 	if (err)
7326 		return err;
7327 
7328 	/* only one attribute may be given */
7329 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7330 		if (attr[i]) {
7331 			if (found)
7332 				return -EINVAL;
7333 			found = true;
7334 		}
7335 	}
7336 
7337 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7338 
7339 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7340 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7341 
7342 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7343 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7344 		bss_select->param.band_pref =
7345 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7346 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
7347 			return -EINVAL;
7348 	}
7349 
7350 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7351 		struct nl80211_bss_select_rssi_adjust *adj_param;
7352 
7353 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7354 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7355 		bss_select->param.adjust.band = adj_param->band;
7356 		bss_select->param.adjust.delta = adj_param->delta;
7357 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7358 			return -EINVAL;
7359 	}
7360 
7361 	/* user-space did not provide behaviour attribute */
7362 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7363 		return -EINVAL;
7364 
7365 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7366 		return -EINVAL;
7367 
7368 	return 0;
7369 }
7370 
7371 int nl80211_parse_random_mac(struct nlattr **attrs,
7372 			     u8 *mac_addr, u8 *mac_addr_mask)
7373 {
7374 	int i;
7375 
7376 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7377 		eth_zero_addr(mac_addr);
7378 		eth_zero_addr(mac_addr_mask);
7379 		mac_addr[0] = 0x2;
7380 		mac_addr_mask[0] = 0x3;
7381 
7382 		return 0;
7383 	}
7384 
7385 	/* need both or none */
7386 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7387 		return -EINVAL;
7388 
7389 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7390 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7391 
7392 	/* don't allow or configure an mcast address */
7393 	if (!is_multicast_ether_addr(mac_addr_mask) ||
7394 	    is_multicast_ether_addr(mac_addr))
7395 		return -EINVAL;
7396 
7397 	/*
7398 	 * allow users to pass a MAC address that has bits set outside
7399 	 * of the mask, but don't bother drivers with having to deal
7400 	 * with such bits
7401 	 */
7402 	for (i = 0; i < ETH_ALEN; i++)
7403 		mac_addr[i] &= mac_addr_mask[i];
7404 
7405 	return 0;
7406 }
7407 
7408 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7409 {
7410 	ASSERT_WDEV_LOCK(wdev);
7411 
7412 	if (!cfg80211_beaconing_iface_active(wdev))
7413 		return true;
7414 
7415 	if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7416 		return true;
7417 
7418 	return regulatory_pre_cac_allowed(wdev->wiphy);
7419 }
7420 
7421 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7422 				    enum nl80211_ext_feature_index feat)
7423 {
7424 	if (!(flags & flag))
7425 		return true;
7426 	if (wiphy_ext_feature_isset(wiphy, feat))
7427 		return true;
7428 	return false;
7429 }
7430 
7431 static int
7432 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7433 			 void *request, struct nlattr **attrs,
7434 			 bool is_sched_scan)
7435 {
7436 	u8 *mac_addr, *mac_addr_mask;
7437 	u32 *flags;
7438 	enum nl80211_feature_flags randomness_flag;
7439 
7440 	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7441 		return 0;
7442 
7443 	if (is_sched_scan) {
7444 		struct cfg80211_sched_scan_request *req = request;
7445 
7446 		randomness_flag = wdev ?
7447 				  NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7448 				  NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7449 		flags = &req->flags;
7450 		mac_addr = req->mac_addr;
7451 		mac_addr_mask = req->mac_addr_mask;
7452 	} else {
7453 		struct cfg80211_scan_request *req = request;
7454 
7455 		randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7456 		flags = &req->flags;
7457 		mac_addr = req->mac_addr;
7458 		mac_addr_mask = req->mac_addr_mask;
7459 	}
7460 
7461 	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7462 
7463 	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7464 	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7465 	    !nl80211_check_scan_feat(wiphy, *flags,
7466 				     NL80211_SCAN_FLAG_LOW_SPAN,
7467 				     NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7468 	    !nl80211_check_scan_feat(wiphy, *flags,
7469 				     NL80211_SCAN_FLAG_LOW_POWER,
7470 				     NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7471 	    !nl80211_check_scan_feat(wiphy, *flags,
7472 				     NL80211_SCAN_FLAG_HIGH_ACCURACY,
7473 				     NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7474 	    !nl80211_check_scan_feat(wiphy, *flags,
7475 				     NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7476 				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7477 	    !nl80211_check_scan_feat(wiphy, *flags,
7478 				     NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7479 				     NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7480 	    !nl80211_check_scan_feat(wiphy, *flags,
7481 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7482 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7483 	    !nl80211_check_scan_feat(wiphy, *flags,
7484 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7485 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7486 	    !nl80211_check_scan_feat(wiphy, *flags,
7487 				     NL80211_SCAN_FLAG_RANDOM_SN,
7488 				     NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7489 	    !nl80211_check_scan_feat(wiphy, *flags,
7490 				     NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7491 				     NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7492 		return -EOPNOTSUPP;
7493 
7494 	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7495 		int err;
7496 
7497 		if (!(wiphy->features & randomness_flag) ||
7498 		    (wdev && wdev->current_bss))
7499 			return -EOPNOTSUPP;
7500 
7501 		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7502 		if (err)
7503 			return err;
7504 	}
7505 
7506 	return 0;
7507 }
7508 
7509 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7510 {
7511 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7512 	struct wireless_dev *wdev = info->user_ptr[1];
7513 	struct cfg80211_scan_request *request;
7514 	struct nlattr *attr;
7515 	struct wiphy *wiphy;
7516 	int err, tmp, n_ssids = 0, n_channels, i;
7517 	size_t ie_len;
7518 
7519 	wiphy = &rdev->wiphy;
7520 
7521 	if (wdev->iftype == NL80211_IFTYPE_NAN)
7522 		return -EOPNOTSUPP;
7523 
7524 	if (!rdev->ops->scan)
7525 		return -EOPNOTSUPP;
7526 
7527 	if (rdev->scan_req || rdev->scan_msg) {
7528 		err = -EBUSY;
7529 		goto unlock;
7530 	}
7531 
7532 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7533 		n_channels = validate_scan_freqs(
7534 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7535 		if (!n_channels) {
7536 			err = -EINVAL;
7537 			goto unlock;
7538 		}
7539 	} else {
7540 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7541 	}
7542 
7543 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7544 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7545 			n_ssids++;
7546 
7547 	if (n_ssids > wiphy->max_scan_ssids) {
7548 		err = -EINVAL;
7549 		goto unlock;
7550 	}
7551 
7552 	if (info->attrs[NL80211_ATTR_IE])
7553 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7554 	else
7555 		ie_len = 0;
7556 
7557 	if (ie_len > wiphy->max_scan_ie_len) {
7558 		err = -EINVAL;
7559 		goto unlock;
7560 	}
7561 
7562 	request = kzalloc(sizeof(*request)
7563 			+ sizeof(*request->ssids) * n_ssids
7564 			+ sizeof(*request->channels) * n_channels
7565 			+ ie_len, GFP_KERNEL);
7566 	if (!request) {
7567 		err = -ENOMEM;
7568 		goto unlock;
7569 	}
7570 
7571 	if (n_ssids)
7572 		request->ssids = (void *)&request->channels[n_channels];
7573 	request->n_ssids = n_ssids;
7574 	if (ie_len) {
7575 		if (n_ssids)
7576 			request->ie = (void *)(request->ssids + n_ssids);
7577 		else
7578 			request->ie = (void *)(request->channels + n_channels);
7579 	}
7580 
7581 	i = 0;
7582 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7583 		/* user specified, bail out if channel not found */
7584 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7585 			struct ieee80211_channel *chan;
7586 
7587 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7588 
7589 			if (!chan) {
7590 				err = -EINVAL;
7591 				goto out_free;
7592 			}
7593 
7594 			/* ignore disabled channels */
7595 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7596 				continue;
7597 
7598 			request->channels[i] = chan;
7599 			i++;
7600 		}
7601 	} else {
7602 		enum nl80211_band band;
7603 
7604 		/* all channels */
7605 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7606 			int j;
7607 
7608 			if (!wiphy->bands[band])
7609 				continue;
7610 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7611 				struct ieee80211_channel *chan;
7612 
7613 				chan = &wiphy->bands[band]->channels[j];
7614 
7615 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7616 					continue;
7617 
7618 				request->channels[i] = chan;
7619 				i++;
7620 			}
7621 		}
7622 	}
7623 
7624 	if (!i) {
7625 		err = -EINVAL;
7626 		goto out_free;
7627 	}
7628 
7629 	request->n_channels = i;
7630 
7631 	wdev_lock(wdev);
7632 	if (!cfg80211_off_channel_oper_allowed(wdev)) {
7633 		struct ieee80211_channel *chan;
7634 
7635 		if (request->n_channels != 1) {
7636 			wdev_unlock(wdev);
7637 			err = -EBUSY;
7638 			goto out_free;
7639 		}
7640 
7641 		chan = request->channels[0];
7642 		if (chan->center_freq != wdev->chandef.chan->center_freq) {
7643 			wdev_unlock(wdev);
7644 			err = -EBUSY;
7645 			goto out_free;
7646 		}
7647 	}
7648 	wdev_unlock(wdev);
7649 
7650 	i = 0;
7651 	if (n_ssids) {
7652 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7653 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7654 				err = -EINVAL;
7655 				goto out_free;
7656 			}
7657 			request->ssids[i].ssid_len = nla_len(attr);
7658 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7659 			i++;
7660 		}
7661 	}
7662 
7663 	if (info->attrs[NL80211_ATTR_IE]) {
7664 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7665 		memcpy((void *)request->ie,
7666 		       nla_data(info->attrs[NL80211_ATTR_IE]),
7667 		       request->ie_len);
7668 	}
7669 
7670 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7671 		if (wiphy->bands[i])
7672 			request->rates[i] =
7673 				(1 << wiphy->bands[i]->n_bitrates) - 1;
7674 
7675 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7676 		nla_for_each_nested(attr,
7677 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7678 				    tmp) {
7679 			enum nl80211_band band = nla_type(attr);
7680 
7681 			if (band < 0 || band >= NUM_NL80211_BANDS) {
7682 				err = -EINVAL;
7683 				goto out_free;
7684 			}
7685 
7686 			if (!wiphy->bands[band])
7687 				continue;
7688 
7689 			err = ieee80211_get_ratemask(wiphy->bands[band],
7690 						     nla_data(attr),
7691 						     nla_len(attr),
7692 						     &request->rates[band]);
7693 			if (err)
7694 				goto out_free;
7695 		}
7696 	}
7697 
7698 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7699 		if (!wiphy_ext_feature_isset(wiphy,
7700 					NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7701 			err = -EOPNOTSUPP;
7702 			goto out_free;
7703 		}
7704 
7705 		request->duration =
7706 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7707 		request->duration_mandatory =
7708 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7709 	}
7710 
7711 	err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7712 				       false);
7713 	if (err)
7714 		goto out_free;
7715 
7716 	request->no_cck =
7717 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7718 
7719 	/* Initial implementation used NL80211_ATTR_MAC to set the specific
7720 	 * BSSID to scan for. This was problematic because that same attribute
7721 	 * was already used for another purpose (local random MAC address). The
7722 	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7723 	 * compatibility with older userspace components, also use the
7724 	 * NL80211_ATTR_MAC value here if it can be determined to be used for
7725 	 * the specific BSSID use case instead of the random MAC address
7726 	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7727 	 */
7728 	if (info->attrs[NL80211_ATTR_BSSID])
7729 		memcpy(request->bssid,
7730 		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7731 	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7732 		 info->attrs[NL80211_ATTR_MAC])
7733 		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7734 		       ETH_ALEN);
7735 	else
7736 		eth_broadcast_addr(request->bssid);
7737 
7738 	request->wdev = wdev;
7739 	request->wiphy = &rdev->wiphy;
7740 	request->scan_start = jiffies;
7741 
7742 	rdev->scan_req = request;
7743 	err = rdev_scan(rdev, request);
7744 
7745 	if (!err) {
7746 		nl80211_send_scan_start(rdev, wdev);
7747 		if (wdev->netdev)
7748 			dev_hold(wdev->netdev);
7749 	} else {
7750  out_free:
7751 		rdev->scan_req = NULL;
7752 		kfree(request);
7753 	}
7754 
7755  unlock:
7756 	return err;
7757 }
7758 
7759 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7760 {
7761 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7762 	struct wireless_dev *wdev = info->user_ptr[1];
7763 
7764 	if (!rdev->ops->abort_scan)
7765 		return -EOPNOTSUPP;
7766 
7767 	if (rdev->scan_msg)
7768 		return 0;
7769 
7770 	if (!rdev->scan_req)
7771 		return -ENOENT;
7772 
7773 	rdev_abort_scan(rdev, wdev);
7774 	return 0;
7775 }
7776 
7777 static int
7778 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7779 			       struct cfg80211_sched_scan_request *request,
7780 			       struct nlattr **attrs)
7781 {
7782 	int tmp, err, i = 0;
7783 	struct nlattr *attr;
7784 
7785 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7786 		u32 interval;
7787 
7788 		/*
7789 		 * If scan plans are not specified,
7790 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7791 		 * case one scan plan will be set with the specified scan
7792 		 * interval and infinite number of iterations.
7793 		 */
7794 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7795 		if (!interval)
7796 			return -EINVAL;
7797 
7798 		request->scan_plans[0].interval =
7799 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
7800 		if (!request->scan_plans[0].interval)
7801 			return -EINVAL;
7802 
7803 		if (request->scan_plans[0].interval >
7804 		    wiphy->max_sched_scan_plan_interval)
7805 			request->scan_plans[0].interval =
7806 				wiphy->max_sched_scan_plan_interval;
7807 
7808 		return 0;
7809 	}
7810 
7811 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7812 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7813 
7814 		if (WARN_ON(i >= n_plans))
7815 			return -EINVAL;
7816 
7817 		err = nla_parse_nested_deprecated(plan,
7818 						  NL80211_SCHED_SCAN_PLAN_MAX,
7819 						  attr, nl80211_plan_policy,
7820 						  NULL);
7821 		if (err)
7822 			return err;
7823 
7824 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7825 			return -EINVAL;
7826 
7827 		request->scan_plans[i].interval =
7828 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7829 		if (!request->scan_plans[i].interval ||
7830 		    request->scan_plans[i].interval >
7831 		    wiphy->max_sched_scan_plan_interval)
7832 			return -EINVAL;
7833 
7834 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7835 			request->scan_plans[i].iterations =
7836 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7837 			if (!request->scan_plans[i].iterations ||
7838 			    (request->scan_plans[i].iterations >
7839 			     wiphy->max_sched_scan_plan_iterations))
7840 				return -EINVAL;
7841 		} else if (i < n_plans - 1) {
7842 			/*
7843 			 * All scan plans but the last one must specify
7844 			 * a finite number of iterations
7845 			 */
7846 			return -EINVAL;
7847 		}
7848 
7849 		i++;
7850 	}
7851 
7852 	/*
7853 	 * The last scan plan must not specify the number of
7854 	 * iterations, it is supposed to run infinitely
7855 	 */
7856 	if (request->scan_plans[n_plans - 1].iterations)
7857 		return  -EINVAL;
7858 
7859 	return 0;
7860 }
7861 
7862 static int
7863 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
7864 				       struct cfg80211_match_set *match_sets,
7865 				       struct nlattr *tb_band_rssi,
7866 				       s32 rssi_thold)
7867 {
7868 	struct nlattr *attr;
7869 	int i, tmp, ret = 0;
7870 
7871 	if (!wiphy_ext_feature_isset(wiphy,
7872 		    NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
7873 		if (tb_band_rssi)
7874 			ret = -EOPNOTSUPP;
7875 		else
7876 			for (i = 0; i < NUM_NL80211_BANDS; i++)
7877 				match_sets->per_band_rssi_thold[i] =
7878 					NL80211_SCAN_RSSI_THOLD_OFF;
7879 		return ret;
7880 	}
7881 
7882 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7883 		match_sets->per_band_rssi_thold[i] = rssi_thold;
7884 
7885 	nla_for_each_nested(attr, tb_band_rssi, tmp) {
7886 		enum nl80211_band band = nla_type(attr);
7887 
7888 		if (band < 0 || band >= NUM_NL80211_BANDS)
7889 			return -EINVAL;
7890 
7891 		match_sets->per_band_rssi_thold[band] =	nla_get_s32(attr);
7892 	}
7893 
7894 	return 0;
7895 }
7896 
7897 static struct cfg80211_sched_scan_request *
7898 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7899 			 struct nlattr **attrs, int max_match_sets)
7900 {
7901 	struct cfg80211_sched_scan_request *request;
7902 	struct nlattr *attr;
7903 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7904 	enum nl80211_band band;
7905 	size_t ie_len;
7906 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7907 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7908 
7909 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7910 		n_channels = validate_scan_freqs(
7911 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7912 		if (!n_channels)
7913 			return ERR_PTR(-EINVAL);
7914 	} else {
7915 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7916 	}
7917 
7918 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
7919 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7920 				    tmp)
7921 			n_ssids++;
7922 
7923 	if (n_ssids > wiphy->max_sched_scan_ssids)
7924 		return ERR_PTR(-EINVAL);
7925 
7926 	/*
7927 	 * First, count the number of 'real' matchsets. Due to an issue with
7928 	 * the old implementation, matchsets containing only the RSSI attribute
7929 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7930 	 * RSSI for all matchsets, rather than their own matchset for reporting
7931 	 * all APs with a strong RSSI. This is needed to be compatible with
7932 	 * older userspace that treated a matchset with only the RSSI as the
7933 	 * global RSSI for all other matchsets - if there are other matchsets.
7934 	 */
7935 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7936 		nla_for_each_nested(attr,
7937 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7938 				    tmp) {
7939 			struct nlattr *rssi;
7940 
7941 			err = nla_parse_nested_deprecated(tb,
7942 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7943 							  attr,
7944 							  nl80211_match_policy,
7945 							  NULL);
7946 			if (err)
7947 				return ERR_PTR(err);
7948 
7949 			/* SSID and BSSID are mutually exclusive */
7950 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7951 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7952 				return ERR_PTR(-EINVAL);
7953 
7954 			/* add other standalone attributes here */
7955 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7956 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7957 				n_match_sets++;
7958 				continue;
7959 			}
7960 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7961 			if (rssi)
7962 				default_match_rssi = nla_get_s32(rssi);
7963 		}
7964 	}
7965 
7966 	/* However, if there's no other matchset, add the RSSI one */
7967 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7968 		n_match_sets = 1;
7969 
7970 	if (n_match_sets > max_match_sets)
7971 		return ERR_PTR(-EINVAL);
7972 
7973 	if (attrs[NL80211_ATTR_IE])
7974 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7975 	else
7976 		ie_len = 0;
7977 
7978 	if (ie_len > wiphy->max_sched_scan_ie_len)
7979 		return ERR_PTR(-EINVAL);
7980 
7981 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7982 		/*
7983 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7984 		 * each scan plan already specifies its own interval
7985 		 */
7986 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7987 			return ERR_PTR(-EINVAL);
7988 
7989 		nla_for_each_nested(attr,
7990 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7991 			n_plans++;
7992 	} else {
7993 		/*
7994 		 * The scan interval attribute is kept for backward
7995 		 * compatibility. If no scan plans are specified and sched scan
7996 		 * interval is specified, one scan plan will be set with this
7997 		 * scan interval and infinite number of iterations.
7998 		 */
7999 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
8000 			return ERR_PTR(-EINVAL);
8001 
8002 		n_plans = 1;
8003 	}
8004 
8005 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
8006 		return ERR_PTR(-EINVAL);
8007 
8008 	if (!wiphy_ext_feature_isset(
8009 		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
8010 	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
8011 	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
8012 		return ERR_PTR(-EINVAL);
8013 
8014 	request = kzalloc(sizeof(*request)
8015 			+ sizeof(*request->ssids) * n_ssids
8016 			+ sizeof(*request->match_sets) * n_match_sets
8017 			+ sizeof(*request->scan_plans) * n_plans
8018 			+ sizeof(*request->channels) * n_channels
8019 			+ ie_len, GFP_KERNEL);
8020 	if (!request)
8021 		return ERR_PTR(-ENOMEM);
8022 
8023 	if (n_ssids)
8024 		request->ssids = (void *)&request->channels[n_channels];
8025 	request->n_ssids = n_ssids;
8026 	if (ie_len) {
8027 		if (n_ssids)
8028 			request->ie = (void *)(request->ssids + n_ssids);
8029 		else
8030 			request->ie = (void *)(request->channels + n_channels);
8031 	}
8032 
8033 	if (n_match_sets) {
8034 		if (request->ie)
8035 			request->match_sets = (void *)(request->ie + ie_len);
8036 		else if (n_ssids)
8037 			request->match_sets =
8038 				(void *)(request->ssids + n_ssids);
8039 		else
8040 			request->match_sets =
8041 				(void *)(request->channels + n_channels);
8042 	}
8043 	request->n_match_sets = n_match_sets;
8044 
8045 	if (n_match_sets)
8046 		request->scan_plans = (void *)(request->match_sets +
8047 					       n_match_sets);
8048 	else if (request->ie)
8049 		request->scan_plans = (void *)(request->ie + ie_len);
8050 	else if (n_ssids)
8051 		request->scan_plans = (void *)(request->ssids + n_ssids);
8052 	else
8053 		request->scan_plans = (void *)(request->channels + n_channels);
8054 
8055 	request->n_scan_plans = n_plans;
8056 
8057 	i = 0;
8058 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
8059 		/* user specified, bail out if channel not found */
8060 		nla_for_each_nested(attr,
8061 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
8062 				    tmp) {
8063 			struct ieee80211_channel *chan;
8064 
8065 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
8066 
8067 			if (!chan) {
8068 				err = -EINVAL;
8069 				goto out_free;
8070 			}
8071 
8072 			/* ignore disabled channels */
8073 			if (chan->flags & IEEE80211_CHAN_DISABLED)
8074 				continue;
8075 
8076 			request->channels[i] = chan;
8077 			i++;
8078 		}
8079 	} else {
8080 		/* all channels */
8081 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
8082 			int j;
8083 
8084 			if (!wiphy->bands[band])
8085 				continue;
8086 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
8087 				struct ieee80211_channel *chan;
8088 
8089 				chan = &wiphy->bands[band]->channels[j];
8090 
8091 				if (chan->flags & IEEE80211_CHAN_DISABLED)
8092 					continue;
8093 
8094 				request->channels[i] = chan;
8095 				i++;
8096 			}
8097 		}
8098 	}
8099 
8100 	if (!i) {
8101 		err = -EINVAL;
8102 		goto out_free;
8103 	}
8104 
8105 	request->n_channels = i;
8106 
8107 	i = 0;
8108 	if (n_ssids) {
8109 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
8110 				    tmp) {
8111 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
8112 				err = -EINVAL;
8113 				goto out_free;
8114 			}
8115 			request->ssids[i].ssid_len = nla_len(attr);
8116 			memcpy(request->ssids[i].ssid, nla_data(attr),
8117 			       nla_len(attr));
8118 			i++;
8119 		}
8120 	}
8121 
8122 	i = 0;
8123 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
8124 		nla_for_each_nested(attr,
8125 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
8126 				    tmp) {
8127 			struct nlattr *ssid, *bssid, *rssi;
8128 
8129 			err = nla_parse_nested_deprecated(tb,
8130 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
8131 							  attr,
8132 							  nl80211_match_policy,
8133 							  NULL);
8134 			if (err)
8135 				goto out_free;
8136 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
8137 			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
8138 
8139 			if (!ssid && !bssid) {
8140 				i++;
8141 				continue;
8142 			}
8143 
8144 			if (WARN_ON(i >= n_match_sets)) {
8145 				/* this indicates a programming error,
8146 				 * the loop above should have verified
8147 				 * things properly
8148 				 */
8149 				err = -EINVAL;
8150 				goto out_free;
8151 			}
8152 
8153 			if (ssid) {
8154 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
8155 					err = -EINVAL;
8156 					goto out_free;
8157 				}
8158 				memcpy(request->match_sets[i].ssid.ssid,
8159 				       nla_data(ssid), nla_len(ssid));
8160 				request->match_sets[i].ssid.ssid_len =
8161 					nla_len(ssid);
8162 			}
8163 			if (bssid) {
8164 				if (nla_len(bssid) != ETH_ALEN) {
8165 					err = -EINVAL;
8166 					goto out_free;
8167 				}
8168 				memcpy(request->match_sets[i].bssid,
8169 				       nla_data(bssid), ETH_ALEN);
8170 			}
8171 
8172 			/* special attribute - old implementation w/a */
8173 			request->match_sets[i].rssi_thold = default_match_rssi;
8174 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8175 			if (rssi)
8176 				request->match_sets[i].rssi_thold =
8177 					nla_get_s32(rssi);
8178 
8179 			/* Parse per band RSSI attribute */
8180 			err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8181 				&request->match_sets[i],
8182 				tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8183 				request->match_sets[i].rssi_thold);
8184 			if (err)
8185 				goto out_free;
8186 
8187 			i++;
8188 		}
8189 
8190 		/* there was no other matchset, so the RSSI one is alone */
8191 		if (i == 0 && n_match_sets)
8192 			request->match_sets[0].rssi_thold = default_match_rssi;
8193 
8194 		request->min_rssi_thold = INT_MAX;
8195 		for (i = 0; i < n_match_sets; i++)
8196 			request->min_rssi_thold =
8197 				min(request->match_sets[i].rssi_thold,
8198 				    request->min_rssi_thold);
8199 	} else {
8200 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8201 	}
8202 
8203 	if (ie_len) {
8204 		request->ie_len = ie_len;
8205 		memcpy((void *)request->ie,
8206 		       nla_data(attrs[NL80211_ATTR_IE]),
8207 		       request->ie_len);
8208 	}
8209 
8210 	err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8211 	if (err)
8212 		goto out_free;
8213 
8214 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8215 		request->delay =
8216 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8217 
8218 	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8219 		request->relative_rssi = nla_get_s8(
8220 			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8221 		request->relative_rssi_set = true;
8222 	}
8223 
8224 	if (request->relative_rssi_set &&
8225 	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8226 		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8227 
8228 		rssi_adjust = nla_data(
8229 			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8230 		request->rssi_adjust.band = rssi_adjust->band;
8231 		request->rssi_adjust.delta = rssi_adjust->delta;
8232 		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8233 			err = -EINVAL;
8234 			goto out_free;
8235 		}
8236 	}
8237 
8238 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8239 	if (err)
8240 		goto out_free;
8241 
8242 	request->scan_start = jiffies;
8243 
8244 	return request;
8245 
8246 out_free:
8247 	kfree(request);
8248 	return ERR_PTR(err);
8249 }
8250 
8251 static int nl80211_start_sched_scan(struct sk_buff *skb,
8252 				    struct genl_info *info)
8253 {
8254 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8255 	struct net_device *dev = info->user_ptr[1];
8256 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8257 	struct cfg80211_sched_scan_request *sched_scan_req;
8258 	bool want_multi;
8259 	int err;
8260 
8261 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8262 		return -EOPNOTSUPP;
8263 
8264 	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8265 	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8266 	if (err)
8267 		return err;
8268 
8269 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8270 						  info->attrs,
8271 						  rdev->wiphy.max_match_sets);
8272 
8273 	err = PTR_ERR_OR_ZERO(sched_scan_req);
8274 	if (err)
8275 		goto out_err;
8276 
8277 	/* leave request id zero for legacy request
8278 	 * or if driver does not support multi-scheduled scan
8279 	 */
8280 	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
8281 		sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8282 
8283 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8284 	if (err)
8285 		goto out_free;
8286 
8287 	sched_scan_req->dev = dev;
8288 	sched_scan_req->wiphy = &rdev->wiphy;
8289 
8290 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8291 		sched_scan_req->owner_nlportid = info->snd_portid;
8292 
8293 	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8294 
8295 	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8296 	return 0;
8297 
8298 out_free:
8299 	kfree(sched_scan_req);
8300 out_err:
8301 	return err;
8302 }
8303 
8304 static int nl80211_stop_sched_scan(struct sk_buff *skb,
8305 				   struct genl_info *info)
8306 {
8307 	struct cfg80211_sched_scan_request *req;
8308 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8309 	u64 cookie;
8310 
8311 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8312 		return -EOPNOTSUPP;
8313 
8314 	if (info->attrs[NL80211_ATTR_COOKIE]) {
8315 		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8316 		return __cfg80211_stop_sched_scan(rdev, cookie, false);
8317 	}
8318 
8319 	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8320 				     struct cfg80211_sched_scan_request,
8321 				     list);
8322 	if (!req || req->reqid ||
8323 	    (req->owner_nlportid &&
8324 	     req->owner_nlportid != info->snd_portid))
8325 		return -ENOENT;
8326 
8327 	return cfg80211_stop_sched_scan_req(rdev, req, false);
8328 }
8329 
8330 static int nl80211_start_radar_detection(struct sk_buff *skb,
8331 					 struct genl_info *info)
8332 {
8333 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8334 	struct net_device *dev = info->user_ptr[1];
8335 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8336 	struct wiphy *wiphy = wdev->wiphy;
8337 	struct cfg80211_chan_def chandef;
8338 	enum nl80211_dfs_regions dfs_region;
8339 	unsigned int cac_time_ms;
8340 	int err;
8341 
8342 	dfs_region = reg_get_dfs_region(wiphy);
8343 	if (dfs_region == NL80211_DFS_UNSET)
8344 		return -EINVAL;
8345 
8346 	err = nl80211_parse_chandef(rdev, info, &chandef);
8347 	if (err)
8348 		return err;
8349 
8350 	if (netif_carrier_ok(dev))
8351 		return -EBUSY;
8352 
8353 	if (wdev->cac_started)
8354 		return -EBUSY;
8355 
8356 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8357 	if (err < 0)
8358 		return err;
8359 
8360 	if (err == 0)
8361 		return -EINVAL;
8362 
8363 	if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8364 		return -EINVAL;
8365 
8366 	/* CAC start is offloaded to HW and can't be started manually */
8367 	if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8368 		return -EOPNOTSUPP;
8369 
8370 	if (!rdev->ops->start_radar_detection)
8371 		return -EOPNOTSUPP;
8372 
8373 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8374 	if (WARN_ON(!cac_time_ms))
8375 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8376 
8377 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8378 	if (!err) {
8379 		wdev->chandef = chandef;
8380 		wdev->cac_started = true;
8381 		wdev->cac_start_time = jiffies;
8382 		wdev->cac_time_ms = cac_time_ms;
8383 	}
8384 	return err;
8385 }
8386 
8387 static int nl80211_notify_radar_detection(struct sk_buff *skb,
8388 					  struct genl_info *info)
8389 {
8390 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8391 	struct net_device *dev = info->user_ptr[1];
8392 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8393 	struct wiphy *wiphy = wdev->wiphy;
8394 	struct cfg80211_chan_def chandef;
8395 	enum nl80211_dfs_regions dfs_region;
8396 	int err;
8397 
8398 	dfs_region = reg_get_dfs_region(wiphy);
8399 	if (dfs_region == NL80211_DFS_UNSET) {
8400 		GENL_SET_ERR_MSG(info,
8401 				 "DFS Region is not set. Unexpected Radar indication");
8402 		return -EINVAL;
8403 	}
8404 
8405 	err = nl80211_parse_chandef(rdev, info, &chandef);
8406 	if (err) {
8407 		GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8408 		return err;
8409 	}
8410 
8411 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8412 	if (err < 0) {
8413 		GENL_SET_ERR_MSG(info, "chandef is invalid");
8414 		return err;
8415 	}
8416 
8417 	if (err == 0) {
8418 		GENL_SET_ERR_MSG(info,
8419 				 "Unexpected Radar indication for chandef/iftype");
8420 		return -EINVAL;
8421 	}
8422 
8423 	/* Do not process this notification if radar is already detected
8424 	 * by kernel on this channel, and return success.
8425 	 */
8426 	if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8427 		return 0;
8428 
8429 	cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8430 
8431 	cfg80211_sched_dfs_chan_update(rdev);
8432 
8433 	rdev->radar_chandef = chandef;
8434 
8435 	/* Propagate this notification to other radios as well */
8436 	queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8437 
8438 	return 0;
8439 }
8440 
8441 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8442 {
8443 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8444 	struct net_device *dev = info->user_ptr[1];
8445 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8446 	struct cfg80211_csa_settings params;
8447 	/* csa_attrs is defined static to avoid waste of stack size - this
8448 	 * function is called under RTNL lock, so this should not be a problem.
8449 	 */
8450 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8451 	int err;
8452 	bool need_new_beacon = false;
8453 	bool need_handle_dfs_flag = true;
8454 	int len, i;
8455 	u32 cs_count;
8456 
8457 	if (!rdev->ops->channel_switch ||
8458 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8459 		return -EOPNOTSUPP;
8460 
8461 	switch (dev->ieee80211_ptr->iftype) {
8462 	case NL80211_IFTYPE_AP:
8463 	case NL80211_IFTYPE_P2P_GO:
8464 		need_new_beacon = true;
8465 		/* For all modes except AP the handle_dfs flag needs to be
8466 		 * supplied to tell the kernel that userspace will handle radar
8467 		 * events when they happen. Otherwise a switch to a channel
8468 		 * requiring DFS will be rejected.
8469 		 */
8470 		need_handle_dfs_flag = false;
8471 
8472 		/* useless if AP is not running */
8473 		if (!wdev->beacon_interval)
8474 			return -ENOTCONN;
8475 		break;
8476 	case NL80211_IFTYPE_ADHOC:
8477 		if (!wdev->ssid_len)
8478 			return -ENOTCONN;
8479 		break;
8480 	case NL80211_IFTYPE_MESH_POINT:
8481 		if (!wdev->mesh_id_len)
8482 			return -ENOTCONN;
8483 		break;
8484 	default:
8485 		return -EOPNOTSUPP;
8486 	}
8487 
8488 	memset(&params, 0, sizeof(params));
8489 	params.beacon_csa.ftm_responder = -1;
8490 
8491 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8492 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8493 		return -EINVAL;
8494 
8495 	/* only important for AP, IBSS and mesh create IEs internally */
8496 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8497 		return -EINVAL;
8498 
8499 	/* Even though the attribute is u32, the specification says
8500 	 * u8, so let's make sure we don't overflow.
8501 	 */
8502 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8503 	if (cs_count > 255)
8504 		return -EINVAL;
8505 
8506 	params.count = cs_count;
8507 
8508 	if (!need_new_beacon)
8509 		goto skip_beacons;
8510 
8511 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
8512 	if (err)
8513 		return err;
8514 
8515 	err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
8516 					  info->attrs[NL80211_ATTR_CSA_IES],
8517 					  nl80211_policy, info->extack);
8518 	if (err)
8519 		return err;
8520 
8521 	err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
8522 	if (err)
8523 		return err;
8524 
8525 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8526 		return -EINVAL;
8527 
8528 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8529 	if (!len || (len % sizeof(u16)))
8530 		return -EINVAL;
8531 
8532 	params.n_counter_offsets_beacon = len / sizeof(u16);
8533 	if (rdev->wiphy.max_num_csa_counters &&
8534 	    (params.n_counter_offsets_beacon >
8535 	     rdev->wiphy.max_num_csa_counters))
8536 		return -EINVAL;
8537 
8538 	params.counter_offsets_beacon =
8539 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8540 
8541 	/* sanity checks - counters should fit and be the same */
8542 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8543 		u16 offset = params.counter_offsets_beacon[i];
8544 
8545 		if (offset >= params.beacon_csa.tail_len)
8546 			return -EINVAL;
8547 
8548 		if (params.beacon_csa.tail[offset] != params.count)
8549 			return -EINVAL;
8550 	}
8551 
8552 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8553 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8554 		if (!len || (len % sizeof(u16)))
8555 			return -EINVAL;
8556 
8557 		params.n_counter_offsets_presp = len / sizeof(u16);
8558 		if (rdev->wiphy.max_num_csa_counters &&
8559 		    (params.n_counter_offsets_presp >
8560 		     rdev->wiphy.max_num_csa_counters))
8561 			return -EINVAL;
8562 
8563 		params.counter_offsets_presp =
8564 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8565 
8566 		/* sanity checks - counters should fit and be the same */
8567 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
8568 			u16 offset = params.counter_offsets_presp[i];
8569 
8570 			if (offset >= params.beacon_csa.probe_resp_len)
8571 				return -EINVAL;
8572 
8573 			if (params.beacon_csa.probe_resp[offset] !=
8574 			    params.count)
8575 				return -EINVAL;
8576 		}
8577 	}
8578 
8579 skip_beacons:
8580 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
8581 	if (err)
8582 		return err;
8583 
8584 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
8585 					   wdev->iftype))
8586 		return -EINVAL;
8587 
8588 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
8589 					    &params.chandef,
8590 					    wdev->iftype);
8591 	if (err < 0)
8592 		return err;
8593 
8594 	if (err > 0) {
8595 		params.radar_required = true;
8596 		if (need_handle_dfs_flag &&
8597 		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8598 			return -EINVAL;
8599 		}
8600 	}
8601 
8602 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8603 		params.block_tx = true;
8604 
8605 	wdev_lock(wdev);
8606 	err = rdev_channel_switch(rdev, dev, &params);
8607 	wdev_unlock(wdev);
8608 
8609 	return err;
8610 }
8611 
8612 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8613 			    u32 seq, int flags,
8614 			    struct cfg80211_registered_device *rdev,
8615 			    struct wireless_dev *wdev,
8616 			    struct cfg80211_internal_bss *intbss)
8617 {
8618 	struct cfg80211_bss *res = &intbss->pub;
8619 	const struct cfg80211_bss_ies *ies;
8620 	void *hdr;
8621 	struct nlattr *bss;
8622 
8623 	ASSERT_WDEV_LOCK(wdev);
8624 
8625 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8626 			     NL80211_CMD_NEW_SCAN_RESULTS);
8627 	if (!hdr)
8628 		return -1;
8629 
8630 	genl_dump_check_consistent(cb, hdr);
8631 
8632 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8633 		goto nla_put_failure;
8634 	if (wdev->netdev &&
8635 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8636 		goto nla_put_failure;
8637 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8638 			      NL80211_ATTR_PAD))
8639 		goto nla_put_failure;
8640 
8641 	bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8642 	if (!bss)
8643 		goto nla_put_failure;
8644 	if ((!is_zero_ether_addr(res->bssid) &&
8645 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8646 		goto nla_put_failure;
8647 
8648 	rcu_read_lock();
8649 	/* indicate whether we have probe response data or not */
8650 	if (rcu_access_pointer(res->proberesp_ies) &&
8651 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8652 		goto fail_unlock_rcu;
8653 
8654 	/* this pointer prefers to be pointed to probe response data
8655 	 * but is always valid
8656 	 */
8657 	ies = rcu_dereference(res->ies);
8658 	if (ies) {
8659 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8660 				      NL80211_BSS_PAD))
8661 			goto fail_unlock_rcu;
8662 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8663 					ies->len, ies->data))
8664 			goto fail_unlock_rcu;
8665 	}
8666 
8667 	/* and this pointer is always (unless driver didn't know) beacon data */
8668 	ies = rcu_dereference(res->beacon_ies);
8669 	if (ies && ies->from_beacon) {
8670 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8671 				      NL80211_BSS_PAD))
8672 			goto fail_unlock_rcu;
8673 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8674 					ies->len, ies->data))
8675 			goto fail_unlock_rcu;
8676 	}
8677 	rcu_read_unlock();
8678 
8679 	if (res->beacon_interval &&
8680 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8681 		goto nla_put_failure;
8682 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8683 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8684 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8685 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8686 			jiffies_to_msecs(jiffies - intbss->ts)))
8687 		goto nla_put_failure;
8688 
8689 	if (intbss->parent_tsf &&
8690 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8691 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
8692 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8693 		     intbss->parent_bssid)))
8694 		goto nla_put_failure;
8695 
8696 	if (intbss->ts_boottime &&
8697 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8698 			      intbss->ts_boottime, NL80211_BSS_PAD))
8699 		goto nla_put_failure;
8700 
8701 	if (!nl80211_put_signal(msg, intbss->pub.chains,
8702 				intbss->pub.chain_signal,
8703 				NL80211_BSS_CHAIN_SIGNAL))
8704 		goto nla_put_failure;
8705 
8706 	switch (rdev->wiphy.signal_type) {
8707 	case CFG80211_SIGNAL_TYPE_MBM:
8708 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8709 			goto nla_put_failure;
8710 		break;
8711 	case CFG80211_SIGNAL_TYPE_UNSPEC:
8712 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8713 			goto nla_put_failure;
8714 		break;
8715 	default:
8716 		break;
8717 	}
8718 
8719 	switch (wdev->iftype) {
8720 	case NL80211_IFTYPE_P2P_CLIENT:
8721 	case NL80211_IFTYPE_STATION:
8722 		if (intbss == wdev->current_bss &&
8723 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8724 				NL80211_BSS_STATUS_ASSOCIATED))
8725 			goto nla_put_failure;
8726 		break;
8727 	case NL80211_IFTYPE_ADHOC:
8728 		if (intbss == wdev->current_bss &&
8729 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8730 				NL80211_BSS_STATUS_IBSS_JOINED))
8731 			goto nla_put_failure;
8732 		break;
8733 	default:
8734 		break;
8735 	}
8736 
8737 	nla_nest_end(msg, bss);
8738 
8739 	genlmsg_end(msg, hdr);
8740 	return 0;
8741 
8742  fail_unlock_rcu:
8743 	rcu_read_unlock();
8744  nla_put_failure:
8745 	genlmsg_cancel(msg, hdr);
8746 	return -EMSGSIZE;
8747 }
8748 
8749 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8750 {
8751 	struct cfg80211_registered_device *rdev;
8752 	struct cfg80211_internal_bss *scan;
8753 	struct wireless_dev *wdev;
8754 	int start = cb->args[2], idx = 0;
8755 	int err;
8756 
8757 	rtnl_lock();
8758 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8759 	if (err) {
8760 		rtnl_unlock();
8761 		return err;
8762 	}
8763 
8764 	wdev_lock(wdev);
8765 	spin_lock_bh(&rdev->bss_lock);
8766 
8767 	/*
8768 	 * dump_scan will be called multiple times to break up the scan results
8769 	 * into multiple messages.  It is unlikely that any more bss-es will be
8770 	 * expired after the first call, so only call only call this on the
8771 	 * first dump_scan invocation.
8772 	 */
8773 	if (start == 0)
8774 		cfg80211_bss_expire(rdev);
8775 
8776 	cb->seq = rdev->bss_generation;
8777 
8778 	list_for_each_entry(scan, &rdev->bss_list, list) {
8779 		if (++idx <= start)
8780 			continue;
8781 		if (nl80211_send_bss(skb, cb,
8782 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8783 				rdev, wdev, scan) < 0) {
8784 			idx--;
8785 			break;
8786 		}
8787 	}
8788 
8789 	spin_unlock_bh(&rdev->bss_lock);
8790 	wdev_unlock(wdev);
8791 
8792 	cb->args[2] = idx;
8793 	rtnl_unlock();
8794 
8795 	return skb->len;
8796 }
8797 
8798 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
8799 			       int flags, struct net_device *dev,
8800 			       bool allow_radio_stats,
8801 			       struct survey_info *survey)
8802 {
8803 	void *hdr;
8804 	struct nlattr *infoattr;
8805 
8806 	/* skip radio stats if userspace didn't request them */
8807 	if (!survey->channel && !allow_radio_stats)
8808 		return 0;
8809 
8810 	hdr = nl80211hdr_put(msg, portid, seq, flags,
8811 			     NL80211_CMD_NEW_SURVEY_RESULTS);
8812 	if (!hdr)
8813 		return -ENOMEM;
8814 
8815 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
8816 		goto nla_put_failure;
8817 
8818 	infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
8819 	if (!infoattr)
8820 		goto nla_put_failure;
8821 
8822 	if (survey->channel &&
8823 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
8824 			survey->channel->center_freq))
8825 		goto nla_put_failure;
8826 
8827 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
8828 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
8829 		goto nla_put_failure;
8830 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
8831 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
8832 		goto nla_put_failure;
8833 	if ((survey->filled & SURVEY_INFO_TIME) &&
8834 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
8835 			survey->time, NL80211_SURVEY_INFO_PAD))
8836 		goto nla_put_failure;
8837 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
8838 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
8839 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
8840 		goto nla_put_failure;
8841 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
8842 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
8843 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
8844 		goto nla_put_failure;
8845 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
8846 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
8847 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
8848 		goto nla_put_failure;
8849 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
8850 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
8851 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
8852 		goto nla_put_failure;
8853 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
8854 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8855 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
8856 		goto nla_put_failure;
8857 	if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
8858 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
8859 			      survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
8860 		goto nla_put_failure;
8861 
8862 	nla_nest_end(msg, infoattr);
8863 
8864 	genlmsg_end(msg, hdr);
8865 	return 0;
8866 
8867  nla_put_failure:
8868 	genlmsg_cancel(msg, hdr);
8869 	return -EMSGSIZE;
8870 }
8871 
8872 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
8873 {
8874 	struct nlattr **attrbuf;
8875 	struct survey_info survey;
8876 	struct cfg80211_registered_device *rdev;
8877 	struct wireless_dev *wdev;
8878 	int survey_idx = cb->args[2];
8879 	int res;
8880 	bool radio_stats;
8881 
8882 	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
8883 	if (!attrbuf)
8884 		return -ENOMEM;
8885 
8886 	rtnl_lock();
8887 	res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8888 	if (res)
8889 		goto out_err;
8890 
8891 	/* prepare_wdev_dump parsed the attributes */
8892 	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
8893 
8894 	if (!wdev->netdev) {
8895 		res = -EINVAL;
8896 		goto out_err;
8897 	}
8898 
8899 	if (!rdev->ops->dump_survey) {
8900 		res = -EOPNOTSUPP;
8901 		goto out_err;
8902 	}
8903 
8904 	while (1) {
8905 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8906 		if (res == -ENOENT)
8907 			break;
8908 		if (res)
8909 			goto out_err;
8910 
8911 		/* don't send disabled channels, but do send non-channel data */
8912 		if (survey.channel &&
8913 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8914 			survey_idx++;
8915 			continue;
8916 		}
8917 
8918 		if (nl80211_send_survey(skb,
8919 				NETLINK_CB(cb->skb).portid,
8920 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8921 				wdev->netdev, radio_stats, &survey) < 0)
8922 			goto out;
8923 		survey_idx++;
8924 	}
8925 
8926  out:
8927 	cb->args[2] = survey_idx;
8928 	res = skb->len;
8929  out_err:
8930 	kfree(attrbuf);
8931 	rtnl_unlock();
8932 	return res;
8933 }
8934 
8935 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8936 {
8937 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8938 				  NL80211_WPA_VERSION_2 |
8939 				  NL80211_WPA_VERSION_3));
8940 }
8941 
8942 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8943 {
8944 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8945 	struct net_device *dev = info->user_ptr[1];
8946 	struct ieee80211_channel *chan;
8947 	const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8948 	int err, ssid_len, ie_len = 0, auth_data_len = 0;
8949 	enum nl80211_auth_type auth_type;
8950 	struct key_parse key;
8951 	bool local_state_change;
8952 
8953 	if (!info->attrs[NL80211_ATTR_MAC])
8954 		return -EINVAL;
8955 
8956 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8957 		return -EINVAL;
8958 
8959 	if (!info->attrs[NL80211_ATTR_SSID])
8960 		return -EINVAL;
8961 
8962 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8963 		return -EINVAL;
8964 
8965 	err = nl80211_parse_key(info, &key);
8966 	if (err)
8967 		return err;
8968 
8969 	if (key.idx >= 0) {
8970 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8971 			return -EINVAL;
8972 		if (!key.p.key || !key.p.key_len)
8973 			return -EINVAL;
8974 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8975 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8976 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8977 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
8978 			return -EINVAL;
8979 		if (key.idx > 3)
8980 			return -EINVAL;
8981 	} else {
8982 		key.p.key_len = 0;
8983 		key.p.key = NULL;
8984 	}
8985 
8986 	if (key.idx >= 0) {
8987 		int i;
8988 		bool ok = false;
8989 
8990 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8991 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8992 				ok = true;
8993 				break;
8994 			}
8995 		}
8996 		if (!ok)
8997 			return -EINVAL;
8998 	}
8999 
9000 	if (!rdev->ops->auth)
9001 		return -EOPNOTSUPP;
9002 
9003 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9004 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9005 		return -EOPNOTSUPP;
9006 
9007 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9008 	chan = nl80211_get_valid_chan(&rdev->wiphy,
9009 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9010 	if (!chan)
9011 		return -EINVAL;
9012 
9013 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9014 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9015 
9016 	if (info->attrs[NL80211_ATTR_IE]) {
9017 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9018 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9019 	}
9020 
9021 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9022 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
9023 		return -EINVAL;
9024 
9025 	if ((auth_type == NL80211_AUTHTYPE_SAE ||
9026 	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
9027 	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
9028 	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&
9029 	    !info->attrs[NL80211_ATTR_AUTH_DATA])
9030 		return -EINVAL;
9031 
9032 	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
9033 		if (auth_type != NL80211_AUTHTYPE_SAE &&
9034 		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
9035 		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
9036 		    auth_type != NL80211_AUTHTYPE_FILS_PK)
9037 			return -EINVAL;
9038 		auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
9039 		auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
9040 		/* need to include at least Auth Transaction and Status Code */
9041 		if (auth_data_len < 4)
9042 			return -EINVAL;
9043 	}
9044 
9045 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9046 
9047 	/*
9048 	 * Since we no longer track auth state, ignore
9049 	 * requests to only change local state.
9050 	 */
9051 	if (local_state_change)
9052 		return 0;
9053 
9054 	wdev_lock(dev->ieee80211_ptr);
9055 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
9056 				 ssid, ssid_len, ie, ie_len,
9057 				 key.p.key, key.p.key_len, key.idx,
9058 				 auth_data, auth_data_len);
9059 	wdev_unlock(dev->ieee80211_ptr);
9060 	return err;
9061 }
9062 
9063 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
9064 				     struct genl_info *info)
9065 {
9066 	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9067 		GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
9068 		return -EINVAL;
9069 	}
9070 
9071 	if (!rdev->ops->tx_control_port ||
9072 	    !wiphy_ext_feature_isset(&rdev->wiphy,
9073 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
9074 		return -EOPNOTSUPP;
9075 
9076 	return 0;
9077 }
9078 
9079 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
9080 				   struct genl_info *info,
9081 				   struct cfg80211_crypto_settings *settings,
9082 				   int cipher_limit)
9083 {
9084 	memset(settings, 0, sizeof(*settings));
9085 
9086 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
9087 
9088 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
9089 		u16 proto;
9090 
9091 		proto = nla_get_u16(
9092 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
9093 		settings->control_port_ethertype = cpu_to_be16(proto);
9094 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
9095 		    proto != ETH_P_PAE)
9096 			return -EINVAL;
9097 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
9098 			settings->control_port_no_encrypt = true;
9099 	} else
9100 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
9101 
9102 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9103 		int r = validate_pae_over_nl80211(rdev, info);
9104 
9105 		if (r < 0)
9106 			return r;
9107 
9108 		settings->control_port_over_nl80211 = true;
9109 	}
9110 
9111 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
9112 		void *data;
9113 		int len, i;
9114 
9115 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9116 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
9117 		settings->n_ciphers_pairwise = len / sizeof(u32);
9118 
9119 		if (len % sizeof(u32))
9120 			return -EINVAL;
9121 
9122 		if (settings->n_ciphers_pairwise > cipher_limit)
9123 			return -EINVAL;
9124 
9125 		memcpy(settings->ciphers_pairwise, data, len);
9126 
9127 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
9128 			if (!cfg80211_supported_cipher_suite(
9129 					&rdev->wiphy,
9130 					settings->ciphers_pairwise[i]))
9131 				return -EINVAL;
9132 	}
9133 
9134 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
9135 		settings->cipher_group =
9136 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
9137 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
9138 						     settings->cipher_group))
9139 			return -EINVAL;
9140 	}
9141 
9142 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
9143 		settings->wpa_versions =
9144 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
9145 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
9146 			return -EINVAL;
9147 	}
9148 
9149 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
9150 		void *data;
9151 		int len;
9152 
9153 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
9154 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
9155 		settings->n_akm_suites = len / sizeof(u32);
9156 
9157 		if (len % sizeof(u32))
9158 			return -EINVAL;
9159 
9160 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
9161 			return -EINVAL;
9162 
9163 		memcpy(settings->akm_suites, data, len);
9164 	}
9165 
9166 	if (info->attrs[NL80211_ATTR_PMK]) {
9167 		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
9168 			return -EINVAL;
9169 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9170 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
9171 			return -EINVAL;
9172 		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9173 	}
9174 
9175 	if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
9176 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9177 					     NL80211_EXT_FEATURE_SAE_OFFLOAD))
9178 			return -EINVAL;
9179 		settings->sae_pwd =
9180 			nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9181 		settings->sae_pwd_len =
9182 			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9183 	}
9184 
9185 	return 0;
9186 }
9187 
9188 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9189 {
9190 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9191 	struct net_device *dev = info->user_ptr[1];
9192 	struct ieee80211_channel *chan;
9193 	struct cfg80211_assoc_request req = {};
9194 	const u8 *bssid, *ssid;
9195 	int err, ssid_len = 0;
9196 
9197 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9198 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9199 		return -EPERM;
9200 
9201 	if (!info->attrs[NL80211_ATTR_MAC] ||
9202 	    !info->attrs[NL80211_ATTR_SSID] ||
9203 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9204 		return -EINVAL;
9205 
9206 	if (!rdev->ops->assoc)
9207 		return -EOPNOTSUPP;
9208 
9209 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9210 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9211 		return -EOPNOTSUPP;
9212 
9213 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9214 
9215 	chan = nl80211_get_valid_chan(&rdev->wiphy,
9216 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9217 	if (!chan)
9218 		return -EINVAL;
9219 
9220 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9221 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9222 
9223 	if (info->attrs[NL80211_ATTR_IE]) {
9224 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9225 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9226 	}
9227 
9228 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9229 		enum nl80211_mfp mfp =
9230 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9231 		if (mfp == NL80211_MFP_REQUIRED)
9232 			req.use_mfp = true;
9233 		else if (mfp != NL80211_MFP_NO)
9234 			return -EINVAL;
9235 	}
9236 
9237 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9238 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9239 
9240 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9241 		req.flags |= ASSOC_REQ_DISABLE_HT;
9242 
9243 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9244 		memcpy(&req.ht_capa_mask,
9245 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9246 		       sizeof(req.ht_capa_mask));
9247 
9248 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9249 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9250 			return -EINVAL;
9251 		memcpy(&req.ht_capa,
9252 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9253 		       sizeof(req.ht_capa));
9254 	}
9255 
9256 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9257 		req.flags |= ASSOC_REQ_DISABLE_VHT;
9258 
9259 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9260 		memcpy(&req.vht_capa_mask,
9261 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9262 		       sizeof(req.vht_capa_mask));
9263 
9264 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9265 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9266 			return -EINVAL;
9267 		memcpy(&req.vht_capa,
9268 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9269 		       sizeof(req.vht_capa));
9270 	}
9271 
9272 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9273 		if (!((rdev->wiphy.features &
9274 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9275 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9276 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9277 					     NL80211_EXT_FEATURE_RRM))
9278 			return -EINVAL;
9279 		req.flags |= ASSOC_REQ_USE_RRM;
9280 	}
9281 
9282 	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9283 		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9284 		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9285 		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9286 			return -EINVAL;
9287 		req.fils_nonces =
9288 			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9289 	}
9290 
9291 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9292 	if (!err) {
9293 		wdev_lock(dev->ieee80211_ptr);
9294 
9295 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9296 					  ssid, ssid_len, &req);
9297 
9298 		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9299 			dev->ieee80211_ptr->conn_owner_nlportid =
9300 				info->snd_portid;
9301 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
9302 			       bssid, ETH_ALEN);
9303 		}
9304 
9305 		wdev_unlock(dev->ieee80211_ptr);
9306 	}
9307 
9308 	return err;
9309 }
9310 
9311 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9312 {
9313 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9314 	struct net_device *dev = info->user_ptr[1];
9315 	const u8 *ie = NULL, *bssid;
9316 	int ie_len = 0, err;
9317 	u16 reason_code;
9318 	bool local_state_change;
9319 
9320 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9321 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9322 		return -EPERM;
9323 
9324 	if (!info->attrs[NL80211_ATTR_MAC])
9325 		return -EINVAL;
9326 
9327 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9328 		return -EINVAL;
9329 
9330 	if (!rdev->ops->deauth)
9331 		return -EOPNOTSUPP;
9332 
9333 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9334 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9335 		return -EOPNOTSUPP;
9336 
9337 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9338 
9339 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9340 	if (reason_code == 0) {
9341 		/* Reason Code 0 is reserved */
9342 		return -EINVAL;
9343 	}
9344 
9345 	if (info->attrs[NL80211_ATTR_IE]) {
9346 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9347 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9348 	}
9349 
9350 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9351 
9352 	wdev_lock(dev->ieee80211_ptr);
9353 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9354 				   local_state_change);
9355 	wdev_unlock(dev->ieee80211_ptr);
9356 	return err;
9357 }
9358 
9359 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9360 {
9361 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9362 	struct net_device *dev = info->user_ptr[1];
9363 	const u8 *ie = NULL, *bssid;
9364 	int ie_len = 0, err;
9365 	u16 reason_code;
9366 	bool local_state_change;
9367 
9368 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9369 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9370 		return -EPERM;
9371 
9372 	if (!info->attrs[NL80211_ATTR_MAC])
9373 		return -EINVAL;
9374 
9375 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9376 		return -EINVAL;
9377 
9378 	if (!rdev->ops->disassoc)
9379 		return -EOPNOTSUPP;
9380 
9381 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9382 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9383 		return -EOPNOTSUPP;
9384 
9385 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9386 
9387 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9388 	if (reason_code == 0) {
9389 		/* Reason Code 0 is reserved */
9390 		return -EINVAL;
9391 	}
9392 
9393 	if (info->attrs[NL80211_ATTR_IE]) {
9394 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9395 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9396 	}
9397 
9398 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9399 
9400 	wdev_lock(dev->ieee80211_ptr);
9401 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9402 				     local_state_change);
9403 	wdev_unlock(dev->ieee80211_ptr);
9404 	return err;
9405 }
9406 
9407 static bool
9408 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9409 			 int mcast_rate[NUM_NL80211_BANDS],
9410 			 int rateval)
9411 {
9412 	struct wiphy *wiphy = &rdev->wiphy;
9413 	bool found = false;
9414 	int band, i;
9415 
9416 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
9417 		struct ieee80211_supported_band *sband;
9418 
9419 		sband = wiphy->bands[band];
9420 		if (!sband)
9421 			continue;
9422 
9423 		for (i = 0; i < sband->n_bitrates; i++) {
9424 			if (sband->bitrates[i].bitrate == rateval) {
9425 				mcast_rate[band] = i + 1;
9426 				found = true;
9427 				break;
9428 			}
9429 		}
9430 	}
9431 
9432 	return found;
9433 }
9434 
9435 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9436 {
9437 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9438 	struct net_device *dev = info->user_ptr[1];
9439 	struct cfg80211_ibss_params ibss;
9440 	struct wiphy *wiphy;
9441 	struct cfg80211_cached_keys *connkeys = NULL;
9442 	int err;
9443 
9444 	memset(&ibss, 0, sizeof(ibss));
9445 
9446 	if (!info->attrs[NL80211_ATTR_SSID] ||
9447 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9448 		return -EINVAL;
9449 
9450 	ibss.beacon_interval = 100;
9451 
9452 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9453 		ibss.beacon_interval =
9454 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9455 
9456 	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9457 					   ibss.beacon_interval);
9458 	if (err)
9459 		return err;
9460 
9461 	if (!rdev->ops->join_ibss)
9462 		return -EOPNOTSUPP;
9463 
9464 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9465 		return -EOPNOTSUPP;
9466 
9467 	wiphy = &rdev->wiphy;
9468 
9469 	if (info->attrs[NL80211_ATTR_MAC]) {
9470 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9471 
9472 		if (!is_valid_ether_addr(ibss.bssid))
9473 			return -EINVAL;
9474 	}
9475 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9476 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9477 
9478 	if (info->attrs[NL80211_ATTR_IE]) {
9479 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9480 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9481 	}
9482 
9483 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9484 	if (err)
9485 		return err;
9486 
9487 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9488 				     NL80211_IFTYPE_ADHOC))
9489 		return -EINVAL;
9490 
9491 	switch (ibss.chandef.width) {
9492 	case NL80211_CHAN_WIDTH_5:
9493 	case NL80211_CHAN_WIDTH_10:
9494 	case NL80211_CHAN_WIDTH_20_NOHT:
9495 		break;
9496 	case NL80211_CHAN_WIDTH_20:
9497 	case NL80211_CHAN_WIDTH_40:
9498 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9499 			return -EINVAL;
9500 		break;
9501 	case NL80211_CHAN_WIDTH_80:
9502 	case NL80211_CHAN_WIDTH_80P80:
9503 	case NL80211_CHAN_WIDTH_160:
9504 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9505 			return -EINVAL;
9506 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9507 					     NL80211_EXT_FEATURE_VHT_IBSS))
9508 			return -EINVAL;
9509 		break;
9510 	default:
9511 		return -EINVAL;
9512 	}
9513 
9514 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9515 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9516 
9517 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9518 		u8 *rates =
9519 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9520 		int n_rates =
9521 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9522 		struct ieee80211_supported_band *sband =
9523 			wiphy->bands[ibss.chandef.chan->band];
9524 
9525 		err = ieee80211_get_ratemask(sband, rates, n_rates,
9526 					     &ibss.basic_rates);
9527 		if (err)
9528 			return err;
9529 	}
9530 
9531 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9532 		memcpy(&ibss.ht_capa_mask,
9533 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9534 		       sizeof(ibss.ht_capa_mask));
9535 
9536 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9537 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9538 			return -EINVAL;
9539 		memcpy(&ibss.ht_capa,
9540 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9541 		       sizeof(ibss.ht_capa));
9542 	}
9543 
9544 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9545 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9546 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9547 		return -EINVAL;
9548 
9549 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9550 		bool no_ht = false;
9551 
9552 		connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9553 		if (IS_ERR(connkeys))
9554 			return PTR_ERR(connkeys);
9555 
9556 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9557 		    no_ht) {
9558 			kzfree(connkeys);
9559 			return -EINVAL;
9560 		}
9561 	}
9562 
9563 	ibss.control_port =
9564 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9565 
9566 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9567 		int r = validate_pae_over_nl80211(rdev, info);
9568 
9569 		if (r < 0) {
9570 			kzfree(connkeys);
9571 			return r;
9572 		}
9573 
9574 		ibss.control_port_over_nl80211 = true;
9575 	}
9576 
9577 	ibss.userspace_handles_dfs =
9578 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9579 
9580 	wdev_lock(dev->ieee80211_ptr);
9581 	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9582 	if (err)
9583 		kzfree(connkeys);
9584 	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9585 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9586 	wdev_unlock(dev->ieee80211_ptr);
9587 
9588 	return err;
9589 }
9590 
9591 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9592 {
9593 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9594 	struct net_device *dev = info->user_ptr[1];
9595 
9596 	if (!rdev->ops->leave_ibss)
9597 		return -EOPNOTSUPP;
9598 
9599 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9600 		return -EOPNOTSUPP;
9601 
9602 	return cfg80211_leave_ibss(rdev, dev, false);
9603 }
9604 
9605 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9606 {
9607 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9608 	struct net_device *dev = info->user_ptr[1];
9609 	int mcast_rate[NUM_NL80211_BANDS];
9610 	u32 nla_rate;
9611 	int err;
9612 
9613 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9614 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9615 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9616 		return -EOPNOTSUPP;
9617 
9618 	if (!rdev->ops->set_mcast_rate)
9619 		return -EOPNOTSUPP;
9620 
9621 	memset(mcast_rate, 0, sizeof(mcast_rate));
9622 
9623 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9624 		return -EINVAL;
9625 
9626 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9627 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9628 		return -EINVAL;
9629 
9630 	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9631 
9632 	return err;
9633 }
9634 
9635 static struct sk_buff *
9636 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9637 			    struct wireless_dev *wdev, int approxlen,
9638 			    u32 portid, u32 seq, enum nl80211_commands cmd,
9639 			    enum nl80211_attrs attr,
9640 			    const struct nl80211_vendor_cmd_info *info,
9641 			    gfp_t gfp)
9642 {
9643 	struct sk_buff *skb;
9644 	void *hdr;
9645 	struct nlattr *data;
9646 
9647 	skb = nlmsg_new(approxlen + 100, gfp);
9648 	if (!skb)
9649 		return NULL;
9650 
9651 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9652 	if (!hdr) {
9653 		kfree_skb(skb);
9654 		return NULL;
9655 	}
9656 
9657 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9658 		goto nla_put_failure;
9659 
9660 	if (info) {
9661 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9662 				info->vendor_id))
9663 			goto nla_put_failure;
9664 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9665 				info->subcmd))
9666 			goto nla_put_failure;
9667 	}
9668 
9669 	if (wdev) {
9670 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9671 				      wdev_id(wdev), NL80211_ATTR_PAD))
9672 			goto nla_put_failure;
9673 		if (wdev->netdev &&
9674 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9675 				wdev->netdev->ifindex))
9676 			goto nla_put_failure;
9677 	}
9678 
9679 	data = nla_nest_start_noflag(skb, attr);
9680 	if (!data)
9681 		goto nla_put_failure;
9682 
9683 	((void **)skb->cb)[0] = rdev;
9684 	((void **)skb->cb)[1] = hdr;
9685 	((void **)skb->cb)[2] = data;
9686 
9687 	return skb;
9688 
9689  nla_put_failure:
9690 	kfree_skb(skb);
9691 	return NULL;
9692 }
9693 
9694 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9695 					   struct wireless_dev *wdev,
9696 					   enum nl80211_commands cmd,
9697 					   enum nl80211_attrs attr,
9698 					   unsigned int portid,
9699 					   int vendor_event_idx,
9700 					   int approxlen, gfp_t gfp)
9701 {
9702 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9703 	const struct nl80211_vendor_cmd_info *info;
9704 
9705 	switch (cmd) {
9706 	case NL80211_CMD_TESTMODE:
9707 		if (WARN_ON(vendor_event_idx != -1))
9708 			return NULL;
9709 		info = NULL;
9710 		break;
9711 	case NL80211_CMD_VENDOR:
9712 		if (WARN_ON(vendor_event_idx < 0 ||
9713 			    vendor_event_idx >= wiphy->n_vendor_events))
9714 			return NULL;
9715 		info = &wiphy->vendor_events[vendor_event_idx];
9716 		break;
9717 	default:
9718 		WARN_ON(1);
9719 		return NULL;
9720 	}
9721 
9722 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9723 					   cmd, attr, info, gfp);
9724 }
9725 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9726 
9727 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9728 {
9729 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9730 	void *hdr = ((void **)skb->cb)[1];
9731 	struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9732 	struct nlattr *data = ((void **)skb->cb)[2];
9733 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9734 
9735 	/* clear CB data for netlink core to own from now on */
9736 	memset(skb->cb, 0, sizeof(skb->cb));
9737 
9738 	nla_nest_end(skb, data);
9739 	genlmsg_end(skb, hdr);
9740 
9741 	if (nlhdr->nlmsg_pid) {
9742 		genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
9743 				nlhdr->nlmsg_pid);
9744 	} else {
9745 		if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9746 			mcgrp = NL80211_MCGRP_VENDOR;
9747 
9748 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
9749 					skb, 0, mcgrp, gfp);
9750 	}
9751 }
9752 EXPORT_SYMBOL(__cfg80211_send_event_skb);
9753 
9754 #ifdef CONFIG_NL80211_TESTMODE
9755 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9756 {
9757 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9758 	struct wireless_dev *wdev =
9759 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9760 	int err;
9761 
9762 	if (!rdev->ops->testmode_cmd)
9763 		return -EOPNOTSUPP;
9764 
9765 	if (IS_ERR(wdev)) {
9766 		err = PTR_ERR(wdev);
9767 		if (err != -EINVAL)
9768 			return err;
9769 		wdev = NULL;
9770 	} else if (wdev->wiphy != &rdev->wiphy) {
9771 		return -EINVAL;
9772 	}
9773 
9774 	if (!info->attrs[NL80211_ATTR_TESTDATA])
9775 		return -EINVAL;
9776 
9777 	rdev->cur_cmd_info = info;
9778 	err = rdev_testmode_cmd(rdev, wdev,
9779 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9780 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
9781 	rdev->cur_cmd_info = NULL;
9782 
9783 	return err;
9784 }
9785 
9786 static int nl80211_testmode_dump(struct sk_buff *skb,
9787 				 struct netlink_callback *cb)
9788 {
9789 	struct cfg80211_registered_device *rdev;
9790 	struct nlattr **attrbuf = NULL;
9791 	int err;
9792 	long phy_idx;
9793 	void *data = NULL;
9794 	int data_len = 0;
9795 
9796 	rtnl_lock();
9797 
9798 	if (cb->args[0]) {
9799 		/*
9800 		 * 0 is a valid index, but not valid for args[0],
9801 		 * so we need to offset by 1.
9802 		 */
9803 		phy_idx = cb->args[0] - 1;
9804 
9805 		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
9806 		if (!rdev) {
9807 			err = -ENOENT;
9808 			goto out_err;
9809 		}
9810 	} else {
9811 		attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
9812 				  GFP_KERNEL);
9813 		if (!attrbuf) {
9814 			err = -ENOMEM;
9815 			goto out_err;
9816 		}
9817 
9818 		err = nlmsg_parse_deprecated(cb->nlh,
9819 					     GENL_HDRLEN + nl80211_fam.hdrsize,
9820 					     attrbuf, nl80211_fam.maxattr,
9821 					     nl80211_policy, NULL);
9822 		if (err)
9823 			goto out_err;
9824 
9825 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
9826 		if (IS_ERR(rdev)) {
9827 			err = PTR_ERR(rdev);
9828 			goto out_err;
9829 		}
9830 		phy_idx = rdev->wiphy_idx;
9831 
9832 		if (attrbuf[NL80211_ATTR_TESTDATA])
9833 			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
9834 	}
9835 
9836 	if (cb->args[1]) {
9837 		data = nla_data((void *)cb->args[1]);
9838 		data_len = nla_len((void *)cb->args[1]);
9839 	}
9840 
9841 	if (!rdev->ops->testmode_dump) {
9842 		err = -EOPNOTSUPP;
9843 		goto out_err;
9844 	}
9845 
9846 	while (1) {
9847 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
9848 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
9849 					   NL80211_CMD_TESTMODE);
9850 		struct nlattr *tmdata;
9851 
9852 		if (!hdr)
9853 			break;
9854 
9855 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
9856 			genlmsg_cancel(skb, hdr);
9857 			break;
9858 		}
9859 
9860 		tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
9861 		if (!tmdata) {
9862 			genlmsg_cancel(skb, hdr);
9863 			break;
9864 		}
9865 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
9866 		nla_nest_end(skb, tmdata);
9867 
9868 		if (err == -ENOBUFS || err == -ENOENT) {
9869 			genlmsg_cancel(skb, hdr);
9870 			break;
9871 		} else if (err) {
9872 			genlmsg_cancel(skb, hdr);
9873 			goto out_err;
9874 		}
9875 
9876 		genlmsg_end(skb, hdr);
9877 	}
9878 
9879 	err = skb->len;
9880 	/* see above */
9881 	cb->args[0] = phy_idx + 1;
9882  out_err:
9883 	kfree(attrbuf);
9884 	rtnl_unlock();
9885 	return err;
9886 }
9887 #endif
9888 
9889 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
9890 {
9891 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9892 	struct net_device *dev = info->user_ptr[1];
9893 	struct cfg80211_connect_params connect;
9894 	struct wiphy *wiphy;
9895 	struct cfg80211_cached_keys *connkeys = NULL;
9896 	int err;
9897 
9898 	memset(&connect, 0, sizeof(connect));
9899 
9900 	if (!info->attrs[NL80211_ATTR_SSID] ||
9901 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9902 		return -EINVAL;
9903 
9904 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9905 		connect.auth_type =
9906 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9907 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
9908 					     NL80211_CMD_CONNECT))
9909 			return -EINVAL;
9910 	} else
9911 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
9912 
9913 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
9914 
9915 	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
9916 	    !wiphy_ext_feature_isset(&rdev->wiphy,
9917 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
9918 		return -EINVAL;
9919 	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
9920 
9921 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
9922 				      NL80211_MAX_NR_CIPHER_SUITES);
9923 	if (err)
9924 		return err;
9925 
9926 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9927 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9928 		return -EOPNOTSUPP;
9929 
9930 	wiphy = &rdev->wiphy;
9931 
9932 	connect.bg_scan_period = -1;
9933 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
9934 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
9935 		connect.bg_scan_period =
9936 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
9937 	}
9938 
9939 	if (info->attrs[NL80211_ATTR_MAC])
9940 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9941 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
9942 		connect.bssid_hint =
9943 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
9944 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9945 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9946 
9947 	if (info->attrs[NL80211_ATTR_IE]) {
9948 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9949 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9950 	}
9951 
9952 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9953 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9954 		if (connect.mfp == NL80211_MFP_OPTIONAL &&
9955 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9956 					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
9957 			return -EOPNOTSUPP;
9958 	} else {
9959 		connect.mfp = NL80211_MFP_NO;
9960 	}
9961 
9962 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9963 		connect.prev_bssid =
9964 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9965 
9966 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9967 		connect.channel = nl80211_get_valid_chan(
9968 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9969 		if (!connect.channel)
9970 			return -EINVAL;
9971 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9972 		connect.channel_hint = nl80211_get_valid_chan(
9973 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9974 		if (!connect.channel_hint)
9975 			return -EINVAL;
9976 	}
9977 
9978 	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
9979 		connect.edmg.channels =
9980 		      nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]);
9981 
9982 		if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
9983 			connect.edmg.bw_config =
9984 				nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
9985 	}
9986 
9987 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9988 		connkeys = nl80211_parse_connkeys(rdev, info, NULL);
9989 		if (IS_ERR(connkeys))
9990 			return PTR_ERR(connkeys);
9991 	}
9992 
9993 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9994 		connect.flags |= ASSOC_REQ_DISABLE_HT;
9995 
9996 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9997 		memcpy(&connect.ht_capa_mask,
9998 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9999 		       sizeof(connect.ht_capa_mask));
10000 
10001 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
10002 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
10003 			kzfree(connkeys);
10004 			return -EINVAL;
10005 		}
10006 		memcpy(&connect.ht_capa,
10007 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
10008 		       sizeof(connect.ht_capa));
10009 	}
10010 
10011 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
10012 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
10013 
10014 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
10015 		memcpy(&connect.vht_capa_mask,
10016 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
10017 		       sizeof(connect.vht_capa_mask));
10018 
10019 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
10020 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
10021 			kzfree(connkeys);
10022 			return -EINVAL;
10023 		}
10024 		memcpy(&connect.vht_capa,
10025 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
10026 		       sizeof(connect.vht_capa));
10027 	}
10028 
10029 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
10030 		if (!((rdev->wiphy.features &
10031 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
10032 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
10033 		    !wiphy_ext_feature_isset(&rdev->wiphy,
10034 					     NL80211_EXT_FEATURE_RRM)) {
10035 			kzfree(connkeys);
10036 			return -EINVAL;
10037 		}
10038 		connect.flags |= ASSOC_REQ_USE_RRM;
10039 	}
10040 
10041 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
10042 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
10043 		kzfree(connkeys);
10044 		return -EOPNOTSUPP;
10045 	}
10046 
10047 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
10048 		/* bss selection makes no sense if bssid is set */
10049 		if (connect.bssid) {
10050 			kzfree(connkeys);
10051 			return -EINVAL;
10052 		}
10053 
10054 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
10055 				       wiphy, &connect.bss_select);
10056 		if (err) {
10057 			kzfree(connkeys);
10058 			return err;
10059 		}
10060 	}
10061 
10062 	if (wiphy_ext_feature_isset(&rdev->wiphy,
10063 				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
10064 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10065 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10066 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10067 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10068 		connect.fils_erp_username =
10069 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10070 		connect.fils_erp_username_len =
10071 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10072 		connect.fils_erp_realm =
10073 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10074 		connect.fils_erp_realm_len =
10075 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10076 		connect.fils_erp_next_seq_num =
10077 			nla_get_u16(
10078 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10079 		connect.fils_erp_rrk =
10080 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10081 		connect.fils_erp_rrk_len =
10082 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10083 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10084 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10085 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10086 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10087 		kzfree(connkeys);
10088 		return -EINVAL;
10089 	}
10090 
10091 	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
10092 		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10093 			kzfree(connkeys);
10094 			GENL_SET_ERR_MSG(info,
10095 					 "external auth requires connection ownership");
10096 			return -EINVAL;
10097 		}
10098 		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
10099 	}
10100 
10101 	wdev_lock(dev->ieee80211_ptr);
10102 
10103 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
10104 			       connect.prev_bssid);
10105 	if (err)
10106 		kzfree(connkeys);
10107 
10108 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
10109 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10110 		if (connect.bssid)
10111 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
10112 			       connect.bssid, ETH_ALEN);
10113 		else
10114 			memset(dev->ieee80211_ptr->disconnect_bssid,
10115 			       0, ETH_ALEN);
10116 	}
10117 
10118 	wdev_unlock(dev->ieee80211_ptr);
10119 
10120 	return err;
10121 }
10122 
10123 static int nl80211_update_connect_params(struct sk_buff *skb,
10124 					 struct genl_info *info)
10125 {
10126 	struct cfg80211_connect_params connect = {};
10127 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10128 	struct net_device *dev = info->user_ptr[1];
10129 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10130 	bool fils_sk_offload;
10131 	u32 auth_type;
10132 	u32 changed = 0;
10133 	int ret;
10134 
10135 	if (!rdev->ops->update_connect_params)
10136 		return -EOPNOTSUPP;
10137 
10138 	if (info->attrs[NL80211_ATTR_IE]) {
10139 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
10140 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
10141 		changed |= UPDATE_ASSOC_IES;
10142 	}
10143 
10144 	fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
10145 						  NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
10146 
10147 	/*
10148 	 * when driver supports fils-sk offload all attributes must be
10149 	 * provided. So the else covers "fils-sk-not-all" and
10150 	 * "no-fils-sk-any".
10151 	 */
10152 	if (fils_sk_offload &&
10153 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
10154 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
10155 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
10156 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10157 		connect.fils_erp_username =
10158 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10159 		connect.fils_erp_username_len =
10160 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
10161 		connect.fils_erp_realm =
10162 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10163 		connect.fils_erp_realm_len =
10164 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
10165 		connect.fils_erp_next_seq_num =
10166 			nla_get_u16(
10167 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
10168 		connect.fils_erp_rrk =
10169 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10170 		connect.fils_erp_rrk_len =
10171 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
10172 		changed |= UPDATE_FILS_ERP_INFO;
10173 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
10174 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
10175 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
10176 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
10177 		return -EINVAL;
10178 	}
10179 
10180 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
10181 		auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
10182 		if (!nl80211_valid_auth_type(rdev, auth_type,
10183 					     NL80211_CMD_CONNECT))
10184 			return -EINVAL;
10185 
10186 		if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
10187 		    fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
10188 			return -EINVAL;
10189 
10190 		connect.auth_type = auth_type;
10191 		changed |= UPDATE_AUTH_TYPE;
10192 	}
10193 
10194 	wdev_lock(dev->ieee80211_ptr);
10195 	if (!wdev->current_bss)
10196 		ret = -ENOLINK;
10197 	else
10198 		ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10199 	wdev_unlock(dev->ieee80211_ptr);
10200 
10201 	return ret;
10202 }
10203 
10204 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
10205 {
10206 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10207 	struct net_device *dev = info->user_ptr[1];
10208 	u16 reason;
10209 	int ret;
10210 
10211 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
10212 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10213 		return -EPERM;
10214 
10215 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
10216 		reason = WLAN_REASON_DEAUTH_LEAVING;
10217 	else
10218 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10219 
10220 	if (reason == 0)
10221 		return -EINVAL;
10222 
10223 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10224 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10225 		return -EOPNOTSUPP;
10226 
10227 	wdev_lock(dev->ieee80211_ptr);
10228 	ret = cfg80211_disconnect(rdev, dev, reason, true);
10229 	wdev_unlock(dev->ieee80211_ptr);
10230 	return ret;
10231 }
10232 
10233 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10234 {
10235 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10236 	struct net *net;
10237 	int err;
10238 
10239 	if (info->attrs[NL80211_ATTR_PID]) {
10240 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10241 
10242 		net = get_net_ns_by_pid(pid);
10243 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10244 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10245 
10246 		net = get_net_ns_by_fd(fd);
10247 	} else {
10248 		return -EINVAL;
10249 	}
10250 
10251 	if (IS_ERR(net))
10252 		return PTR_ERR(net);
10253 
10254 	err = 0;
10255 
10256 	/* check if anything to do */
10257 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
10258 		err = cfg80211_switch_netns(rdev, net);
10259 
10260 	put_net(net);
10261 	return err;
10262 }
10263 
10264 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10265 {
10266 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10267 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10268 			struct cfg80211_pmksa *pmksa) = NULL;
10269 	struct net_device *dev = info->user_ptr[1];
10270 	struct cfg80211_pmksa pmksa;
10271 
10272 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10273 
10274 	if (!info->attrs[NL80211_ATTR_PMKID])
10275 		return -EINVAL;
10276 
10277 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10278 
10279 	if (info->attrs[NL80211_ATTR_MAC]) {
10280 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10281 	} else if (info->attrs[NL80211_ATTR_SSID] &&
10282 		   info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10283 		   (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10284 		    info->attrs[NL80211_ATTR_PMK])) {
10285 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10286 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10287 		pmksa.cache_id =
10288 			nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10289 	} else {
10290 		return -EINVAL;
10291 	}
10292 	if (info->attrs[NL80211_ATTR_PMK]) {
10293 		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10294 		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10295 	}
10296 
10297 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10298 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10299 	    !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10300 	      wiphy_ext_feature_isset(&rdev->wiphy,
10301 				      NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10302 		return -EOPNOTSUPP;
10303 
10304 	switch (info->genlhdr->cmd) {
10305 	case NL80211_CMD_SET_PMKSA:
10306 		rdev_ops = rdev->ops->set_pmksa;
10307 		break;
10308 	case NL80211_CMD_DEL_PMKSA:
10309 		rdev_ops = rdev->ops->del_pmksa;
10310 		break;
10311 	default:
10312 		WARN_ON(1);
10313 		break;
10314 	}
10315 
10316 	if (!rdev_ops)
10317 		return -EOPNOTSUPP;
10318 
10319 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
10320 }
10321 
10322 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10323 {
10324 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10325 	struct net_device *dev = info->user_ptr[1];
10326 
10327 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10328 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10329 		return -EOPNOTSUPP;
10330 
10331 	if (!rdev->ops->flush_pmksa)
10332 		return -EOPNOTSUPP;
10333 
10334 	return rdev_flush_pmksa(rdev, dev);
10335 }
10336 
10337 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10338 {
10339 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10340 	struct net_device *dev = info->user_ptr[1];
10341 	u8 action_code, dialog_token;
10342 	u32 peer_capability = 0;
10343 	u16 status_code;
10344 	u8 *peer;
10345 	bool initiator;
10346 
10347 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10348 	    !rdev->ops->tdls_mgmt)
10349 		return -EOPNOTSUPP;
10350 
10351 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10352 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10353 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10354 	    !info->attrs[NL80211_ATTR_IE] ||
10355 	    !info->attrs[NL80211_ATTR_MAC])
10356 		return -EINVAL;
10357 
10358 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10359 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10360 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10361 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10362 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10363 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10364 		peer_capability =
10365 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10366 
10367 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10368 			      dialog_token, status_code, peer_capability,
10369 			      initiator,
10370 			      nla_data(info->attrs[NL80211_ATTR_IE]),
10371 			      nla_len(info->attrs[NL80211_ATTR_IE]));
10372 }
10373 
10374 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10375 {
10376 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10377 	struct net_device *dev = info->user_ptr[1];
10378 	enum nl80211_tdls_operation operation;
10379 	u8 *peer;
10380 
10381 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10382 	    !rdev->ops->tdls_oper)
10383 		return -EOPNOTSUPP;
10384 
10385 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10386 	    !info->attrs[NL80211_ATTR_MAC])
10387 		return -EINVAL;
10388 
10389 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10390 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10391 
10392 	return rdev_tdls_oper(rdev, dev, peer, operation);
10393 }
10394 
10395 static int nl80211_remain_on_channel(struct sk_buff *skb,
10396 				     struct genl_info *info)
10397 {
10398 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10399 	struct wireless_dev *wdev = info->user_ptr[1];
10400 	struct cfg80211_chan_def chandef;
10401 	const struct cfg80211_chan_def *compat_chandef;
10402 	struct sk_buff *msg;
10403 	void *hdr;
10404 	u64 cookie;
10405 	u32 duration;
10406 	int err;
10407 
10408 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10409 	    !info->attrs[NL80211_ATTR_DURATION])
10410 		return -EINVAL;
10411 
10412 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10413 
10414 	if (!rdev->ops->remain_on_channel ||
10415 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10416 		return -EOPNOTSUPP;
10417 
10418 	/*
10419 	 * We should be on that channel for at least a minimum amount of
10420 	 * time (10ms) but no longer than the driver supports.
10421 	 */
10422 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10423 	    duration > rdev->wiphy.max_remain_on_channel_duration)
10424 		return -EINVAL;
10425 
10426 	err = nl80211_parse_chandef(rdev, info, &chandef);
10427 	if (err)
10428 		return err;
10429 
10430 	wdev_lock(wdev);
10431 	if (!cfg80211_off_channel_oper_allowed(wdev) &&
10432 	    !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10433 		compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10434 							     &chandef);
10435 		if (compat_chandef != &chandef) {
10436 			wdev_unlock(wdev);
10437 			return -EBUSY;
10438 		}
10439 	}
10440 	wdev_unlock(wdev);
10441 
10442 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10443 	if (!msg)
10444 		return -ENOMEM;
10445 
10446 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10447 			     NL80211_CMD_REMAIN_ON_CHANNEL);
10448 	if (!hdr) {
10449 		err = -ENOBUFS;
10450 		goto free_msg;
10451 	}
10452 
10453 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10454 				     duration, &cookie);
10455 
10456 	if (err)
10457 		goto free_msg;
10458 
10459 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10460 			      NL80211_ATTR_PAD))
10461 		goto nla_put_failure;
10462 
10463 	genlmsg_end(msg, hdr);
10464 
10465 	return genlmsg_reply(msg, info);
10466 
10467  nla_put_failure:
10468 	err = -ENOBUFS;
10469  free_msg:
10470 	nlmsg_free(msg);
10471 	return err;
10472 }
10473 
10474 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10475 					    struct genl_info *info)
10476 {
10477 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10478 	struct wireless_dev *wdev = info->user_ptr[1];
10479 	u64 cookie;
10480 
10481 	if (!info->attrs[NL80211_ATTR_COOKIE])
10482 		return -EINVAL;
10483 
10484 	if (!rdev->ops->cancel_remain_on_channel)
10485 		return -EOPNOTSUPP;
10486 
10487 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10488 
10489 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10490 }
10491 
10492 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10493 				       struct genl_info *info)
10494 {
10495 	struct cfg80211_bitrate_mask mask;
10496 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10497 	struct net_device *dev = info->user_ptr[1];
10498 	int err;
10499 
10500 	if (!rdev->ops->set_bitrate_mask)
10501 		return -EOPNOTSUPP;
10502 
10503 	err = nl80211_parse_tx_bitrate_mask(info, &mask);
10504 	if (err)
10505 		return err;
10506 
10507 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10508 }
10509 
10510 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10511 {
10512 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10513 	struct wireless_dev *wdev = info->user_ptr[1];
10514 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10515 
10516 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10517 		return -EINVAL;
10518 
10519 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10520 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10521 
10522 	switch (wdev->iftype) {
10523 	case NL80211_IFTYPE_STATION:
10524 	case NL80211_IFTYPE_ADHOC:
10525 	case NL80211_IFTYPE_P2P_CLIENT:
10526 	case NL80211_IFTYPE_AP:
10527 	case NL80211_IFTYPE_AP_VLAN:
10528 	case NL80211_IFTYPE_MESH_POINT:
10529 	case NL80211_IFTYPE_P2P_GO:
10530 	case NL80211_IFTYPE_P2P_DEVICE:
10531 		break;
10532 	case NL80211_IFTYPE_NAN:
10533 	default:
10534 		return -EOPNOTSUPP;
10535 	}
10536 
10537 	/* not much point in registering if we can't reply */
10538 	if (!rdev->ops->mgmt_tx)
10539 		return -EOPNOTSUPP;
10540 
10541 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10542 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10543 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
10544 }
10545 
10546 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10547 {
10548 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10549 	struct wireless_dev *wdev = info->user_ptr[1];
10550 	struct cfg80211_chan_def chandef;
10551 	int err;
10552 	void *hdr = NULL;
10553 	u64 cookie;
10554 	struct sk_buff *msg = NULL;
10555 	struct cfg80211_mgmt_tx_params params = {
10556 		.dont_wait_for_ack =
10557 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10558 	};
10559 
10560 	if (!info->attrs[NL80211_ATTR_FRAME])
10561 		return -EINVAL;
10562 
10563 	if (!rdev->ops->mgmt_tx)
10564 		return -EOPNOTSUPP;
10565 
10566 	switch (wdev->iftype) {
10567 	case NL80211_IFTYPE_P2P_DEVICE:
10568 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10569 			return -EINVAL;
10570 	case NL80211_IFTYPE_STATION:
10571 	case NL80211_IFTYPE_ADHOC:
10572 	case NL80211_IFTYPE_P2P_CLIENT:
10573 	case NL80211_IFTYPE_AP:
10574 	case NL80211_IFTYPE_AP_VLAN:
10575 	case NL80211_IFTYPE_MESH_POINT:
10576 	case NL80211_IFTYPE_P2P_GO:
10577 		break;
10578 	case NL80211_IFTYPE_NAN:
10579 	default:
10580 		return -EOPNOTSUPP;
10581 	}
10582 
10583 	if (info->attrs[NL80211_ATTR_DURATION]) {
10584 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10585 			return -EINVAL;
10586 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10587 
10588 		/*
10589 		 * We should wait on the channel for at least a minimum amount
10590 		 * of time (10ms) but no longer than the driver supports.
10591 		 */
10592 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10593 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
10594 			return -EINVAL;
10595 	}
10596 
10597 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10598 
10599 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10600 		return -EINVAL;
10601 
10602 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10603 
10604 	/* get the channel if any has been specified, otherwise pass NULL to
10605 	 * the driver. The latter will use the current one
10606 	 */
10607 	chandef.chan = NULL;
10608 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10609 		err = nl80211_parse_chandef(rdev, info, &chandef);
10610 		if (err)
10611 			return err;
10612 	}
10613 
10614 	if (!chandef.chan && params.offchan)
10615 		return -EINVAL;
10616 
10617 	wdev_lock(wdev);
10618 	if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10619 		wdev_unlock(wdev);
10620 		return -EBUSY;
10621 	}
10622 	wdev_unlock(wdev);
10623 
10624 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10625 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10626 
10627 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10628 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10629 		int i;
10630 
10631 		if (len % sizeof(u16))
10632 			return -EINVAL;
10633 
10634 		params.n_csa_offsets = len / sizeof(u16);
10635 		params.csa_offsets =
10636 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10637 
10638 		/* check that all the offsets fit the frame */
10639 		for (i = 0; i < params.n_csa_offsets; i++) {
10640 			if (params.csa_offsets[i] >= params.len)
10641 				return -EINVAL;
10642 		}
10643 	}
10644 
10645 	if (!params.dont_wait_for_ack) {
10646 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10647 		if (!msg)
10648 			return -ENOMEM;
10649 
10650 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10651 				     NL80211_CMD_FRAME);
10652 		if (!hdr) {
10653 			err = -ENOBUFS;
10654 			goto free_msg;
10655 		}
10656 	}
10657 
10658 	params.chan = chandef.chan;
10659 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
10660 	if (err)
10661 		goto free_msg;
10662 
10663 	if (msg) {
10664 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10665 				      NL80211_ATTR_PAD))
10666 			goto nla_put_failure;
10667 
10668 		genlmsg_end(msg, hdr);
10669 		return genlmsg_reply(msg, info);
10670 	}
10671 
10672 	return 0;
10673 
10674  nla_put_failure:
10675 	err = -ENOBUFS;
10676  free_msg:
10677 	nlmsg_free(msg);
10678 	return err;
10679 }
10680 
10681 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10682 {
10683 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10684 	struct wireless_dev *wdev = info->user_ptr[1];
10685 	u64 cookie;
10686 
10687 	if (!info->attrs[NL80211_ATTR_COOKIE])
10688 		return -EINVAL;
10689 
10690 	if (!rdev->ops->mgmt_tx_cancel_wait)
10691 		return -EOPNOTSUPP;
10692 
10693 	switch (wdev->iftype) {
10694 	case NL80211_IFTYPE_STATION:
10695 	case NL80211_IFTYPE_ADHOC:
10696 	case NL80211_IFTYPE_P2P_CLIENT:
10697 	case NL80211_IFTYPE_AP:
10698 	case NL80211_IFTYPE_AP_VLAN:
10699 	case NL80211_IFTYPE_P2P_GO:
10700 	case NL80211_IFTYPE_P2P_DEVICE:
10701 		break;
10702 	case NL80211_IFTYPE_NAN:
10703 	default:
10704 		return -EOPNOTSUPP;
10705 	}
10706 
10707 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10708 
10709 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10710 }
10711 
10712 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10713 {
10714 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10715 	struct wireless_dev *wdev;
10716 	struct net_device *dev = info->user_ptr[1];
10717 	u8 ps_state;
10718 	bool state;
10719 	int err;
10720 
10721 	if (!info->attrs[NL80211_ATTR_PS_STATE])
10722 		return -EINVAL;
10723 
10724 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10725 
10726 	wdev = dev->ieee80211_ptr;
10727 
10728 	if (!rdev->ops->set_power_mgmt)
10729 		return -EOPNOTSUPP;
10730 
10731 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10732 
10733 	if (state == wdev->ps)
10734 		return 0;
10735 
10736 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10737 	if (!err)
10738 		wdev->ps = state;
10739 	return err;
10740 }
10741 
10742 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10743 {
10744 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10745 	enum nl80211_ps_state ps_state;
10746 	struct wireless_dev *wdev;
10747 	struct net_device *dev = info->user_ptr[1];
10748 	struct sk_buff *msg;
10749 	void *hdr;
10750 	int err;
10751 
10752 	wdev = dev->ieee80211_ptr;
10753 
10754 	if (!rdev->ops->set_power_mgmt)
10755 		return -EOPNOTSUPP;
10756 
10757 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10758 	if (!msg)
10759 		return -ENOMEM;
10760 
10761 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10762 			     NL80211_CMD_GET_POWER_SAVE);
10763 	if (!hdr) {
10764 		err = -ENOBUFS;
10765 		goto free_msg;
10766 	}
10767 
10768 	if (wdev->ps)
10769 		ps_state = NL80211_PS_ENABLED;
10770 	else
10771 		ps_state = NL80211_PS_DISABLED;
10772 
10773 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
10774 		goto nla_put_failure;
10775 
10776 	genlmsg_end(msg, hdr);
10777 	return genlmsg_reply(msg, info);
10778 
10779  nla_put_failure:
10780 	err = -ENOBUFS;
10781  free_msg:
10782 	nlmsg_free(msg);
10783 	return err;
10784 }
10785 
10786 static const struct nla_policy
10787 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
10788 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
10789 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
10790 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
10791 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
10792 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
10793 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
10794 	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
10795 };
10796 
10797 static int nl80211_set_cqm_txe(struct genl_info *info,
10798 			       u32 rate, u32 pkts, u32 intvl)
10799 {
10800 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10801 	struct net_device *dev = info->user_ptr[1];
10802 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10803 
10804 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
10805 		return -EINVAL;
10806 
10807 	if (!rdev->ops->set_cqm_txe_config)
10808 		return -EOPNOTSUPP;
10809 
10810 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10811 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10812 		return -EOPNOTSUPP;
10813 
10814 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
10815 }
10816 
10817 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
10818 				    struct net_device *dev)
10819 {
10820 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10821 	s32 last, low, high;
10822 	u32 hyst;
10823 	int i, n, low_index;
10824 	int err;
10825 
10826 	/* RSSI reporting disabled? */
10827 	if (!wdev->cqm_config)
10828 		return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
10829 
10830 	/*
10831 	 * Obtain current RSSI value if possible, if not and no RSSI threshold
10832 	 * event has been received yet, we should receive an event after a
10833 	 * connection is established and enough beacons received to calculate
10834 	 * the average.
10835 	 */
10836 	if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
10837 	    rdev->ops->get_station) {
10838 		struct station_info sinfo = {};
10839 		u8 *mac_addr;
10840 
10841 		mac_addr = wdev->current_bss->pub.bssid;
10842 
10843 		err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
10844 		if (err)
10845 			return err;
10846 
10847 		cfg80211_sinfo_release_content(&sinfo);
10848 		if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
10849 			wdev->cqm_config->last_rssi_event_value =
10850 				(s8) sinfo.rx_beacon_signal_avg;
10851 	}
10852 
10853 	last = wdev->cqm_config->last_rssi_event_value;
10854 	hyst = wdev->cqm_config->rssi_hyst;
10855 	n = wdev->cqm_config->n_rssi_thresholds;
10856 
10857 	for (i = 0; i < n; i++) {
10858 		i = array_index_nospec(i, n);
10859 		if (last < wdev->cqm_config->rssi_thresholds[i])
10860 			break;
10861 	}
10862 
10863 	low_index = i - 1;
10864 	if (low_index >= 0) {
10865 		low_index = array_index_nospec(low_index, n);
10866 		low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10867 	} else {
10868 		low = S32_MIN;
10869 	}
10870 	if (i < n) {
10871 		i = array_index_nospec(i, n);
10872 		high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10873 	} else {
10874 		high = S32_MAX;
10875 	}
10876 
10877 	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
10878 }
10879 
10880 static int nl80211_set_cqm_rssi(struct genl_info *info,
10881 				const s32 *thresholds, int n_thresholds,
10882 				u32 hysteresis)
10883 {
10884 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10885 	struct net_device *dev = info->user_ptr[1];
10886 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10887 	int i, err;
10888 	s32 prev = S32_MIN;
10889 
10890 	/* Check all values negative and sorted */
10891 	for (i = 0; i < n_thresholds; i++) {
10892 		if (thresholds[i] > 0 || thresholds[i] <= prev)
10893 			return -EINVAL;
10894 
10895 		prev = thresholds[i];
10896 	}
10897 
10898 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10899 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10900 		return -EOPNOTSUPP;
10901 
10902 	wdev_lock(wdev);
10903 	cfg80211_cqm_config_free(wdev);
10904 	wdev_unlock(wdev);
10905 
10906 	if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
10907 		if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
10908 			return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
10909 
10910 		return rdev_set_cqm_rssi_config(rdev, dev,
10911 						thresholds[0], hysteresis);
10912 	}
10913 
10914 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
10915 				     NL80211_EXT_FEATURE_CQM_RSSI_LIST))
10916 		return -EOPNOTSUPP;
10917 
10918 	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
10919 		n_thresholds = 0;
10920 
10921 	wdev_lock(wdev);
10922 	if (n_thresholds) {
10923 		struct cfg80211_cqm_config *cqm_config;
10924 
10925 		cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
10926 				     n_thresholds * sizeof(s32), GFP_KERNEL);
10927 		if (!cqm_config) {
10928 			err = -ENOMEM;
10929 			goto unlock;
10930 		}
10931 
10932 		cqm_config->rssi_hyst = hysteresis;
10933 		cqm_config->n_rssi_thresholds = n_thresholds;
10934 		memcpy(cqm_config->rssi_thresholds, thresholds,
10935 		       n_thresholds * sizeof(s32));
10936 
10937 		wdev->cqm_config = cqm_config;
10938 	}
10939 
10940 	err = cfg80211_cqm_rssi_update(rdev, dev);
10941 
10942 unlock:
10943 	wdev_unlock(wdev);
10944 
10945 	return err;
10946 }
10947 
10948 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
10949 {
10950 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
10951 	struct nlattr *cqm;
10952 	int err;
10953 
10954 	cqm = info->attrs[NL80211_ATTR_CQM];
10955 	if (!cqm)
10956 		return -EINVAL;
10957 
10958 	err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
10959 					  nl80211_attr_cqm_policy,
10960 					  info->extack);
10961 	if (err)
10962 		return err;
10963 
10964 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
10965 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
10966 		const s32 *thresholds =
10967 			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10968 		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10969 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
10970 
10971 		if (len % 4)
10972 			return -EINVAL;
10973 
10974 		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
10975 					    hysteresis);
10976 	}
10977 
10978 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
10979 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
10980 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
10981 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
10982 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
10983 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
10984 
10985 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
10986 	}
10987 
10988 	return -EINVAL;
10989 }
10990 
10991 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
10992 {
10993 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10994 	struct net_device *dev = info->user_ptr[1];
10995 	struct ocb_setup setup = {};
10996 	int err;
10997 
10998 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10999 	if (err)
11000 		return err;
11001 
11002 	return cfg80211_join_ocb(rdev, dev, &setup);
11003 }
11004 
11005 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
11006 {
11007 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11008 	struct net_device *dev = info->user_ptr[1];
11009 
11010 	return cfg80211_leave_ocb(rdev, dev);
11011 }
11012 
11013 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
11014 {
11015 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11016 	struct net_device *dev = info->user_ptr[1];
11017 	struct mesh_config cfg;
11018 	struct mesh_setup setup;
11019 	int err;
11020 
11021 	/* start with default */
11022 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
11023 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
11024 
11025 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
11026 		/* and parse parameters if given */
11027 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
11028 		if (err)
11029 			return err;
11030 	}
11031 
11032 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
11033 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
11034 		return -EINVAL;
11035 
11036 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
11037 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
11038 
11039 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
11040 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
11041 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
11042 			return -EINVAL;
11043 
11044 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
11045 		setup.beacon_interval =
11046 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
11047 
11048 		err = cfg80211_validate_beacon_int(rdev,
11049 						   NL80211_IFTYPE_MESH_POINT,
11050 						   setup.beacon_interval);
11051 		if (err)
11052 			return err;
11053 	}
11054 
11055 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
11056 		setup.dtim_period =
11057 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
11058 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
11059 			return -EINVAL;
11060 	}
11061 
11062 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
11063 		/* parse additional setup parameters if given */
11064 		err = nl80211_parse_mesh_setup(info, &setup);
11065 		if (err)
11066 			return err;
11067 	}
11068 
11069 	if (setup.user_mpm)
11070 		cfg.auto_open_plinks = false;
11071 
11072 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
11073 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
11074 		if (err)
11075 			return err;
11076 	} else {
11077 		/* __cfg80211_join_mesh() will sort it out */
11078 		setup.chandef.chan = NULL;
11079 	}
11080 
11081 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
11082 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11083 		int n_rates =
11084 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
11085 		struct ieee80211_supported_band *sband;
11086 
11087 		if (!setup.chandef.chan)
11088 			return -EINVAL;
11089 
11090 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
11091 
11092 		err = ieee80211_get_ratemask(sband, rates, n_rates,
11093 					     &setup.basic_rates);
11094 		if (err)
11095 			return err;
11096 	}
11097 
11098 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
11099 		err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
11100 		if (err)
11101 			return err;
11102 
11103 		if (!setup.chandef.chan)
11104 			return -EINVAL;
11105 
11106 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
11107 					      &setup.beacon_rate);
11108 		if (err)
11109 			return err;
11110 	}
11111 
11112 	setup.userspace_handles_dfs =
11113 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
11114 
11115 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
11116 		int r = validate_pae_over_nl80211(rdev, info);
11117 
11118 		if (r < 0)
11119 			return r;
11120 
11121 		setup.control_port_over_nl80211 = true;
11122 	}
11123 
11124 	wdev_lock(dev->ieee80211_ptr);
11125 	err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
11126 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
11127 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
11128 	wdev_unlock(dev->ieee80211_ptr);
11129 
11130 	return err;
11131 }
11132 
11133 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
11134 {
11135 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11136 	struct net_device *dev = info->user_ptr[1];
11137 
11138 	return cfg80211_leave_mesh(rdev, dev);
11139 }
11140 
11141 #ifdef CONFIG_PM
11142 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
11143 					struct cfg80211_registered_device *rdev)
11144 {
11145 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
11146 	struct nlattr *nl_pats, *nl_pat;
11147 	int i, pat_len;
11148 
11149 	if (!wowlan->n_patterns)
11150 		return 0;
11151 
11152 	nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
11153 	if (!nl_pats)
11154 		return -ENOBUFS;
11155 
11156 	for (i = 0; i < wowlan->n_patterns; i++) {
11157 		nl_pat = nla_nest_start_noflag(msg, i + 1);
11158 		if (!nl_pat)
11159 			return -ENOBUFS;
11160 		pat_len = wowlan->patterns[i].pattern_len;
11161 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
11162 			    wowlan->patterns[i].mask) ||
11163 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11164 			    wowlan->patterns[i].pattern) ||
11165 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11166 				wowlan->patterns[i].pkt_offset))
11167 			return -ENOBUFS;
11168 		nla_nest_end(msg, nl_pat);
11169 	}
11170 	nla_nest_end(msg, nl_pats);
11171 
11172 	return 0;
11173 }
11174 
11175 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
11176 				   struct cfg80211_wowlan_tcp *tcp)
11177 {
11178 	struct nlattr *nl_tcp;
11179 
11180 	if (!tcp)
11181 		return 0;
11182 
11183 	nl_tcp = nla_nest_start_noflag(msg,
11184 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
11185 	if (!nl_tcp)
11186 		return -ENOBUFS;
11187 
11188 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
11189 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
11190 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
11191 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
11192 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
11193 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
11194 		    tcp->payload_len, tcp->payload) ||
11195 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
11196 			tcp->data_interval) ||
11197 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
11198 		    tcp->wake_len, tcp->wake_data) ||
11199 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
11200 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
11201 		return -ENOBUFS;
11202 
11203 	if (tcp->payload_seq.len &&
11204 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
11205 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
11206 		return -ENOBUFS;
11207 
11208 	if (tcp->payload_tok.len &&
11209 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11210 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
11211 		    &tcp->payload_tok))
11212 		return -ENOBUFS;
11213 
11214 	nla_nest_end(msg, nl_tcp);
11215 
11216 	return 0;
11217 }
11218 
11219 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11220 				  struct cfg80211_sched_scan_request *req)
11221 {
11222 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11223 	int i;
11224 
11225 	if (!req)
11226 		return 0;
11227 
11228 	nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11229 	if (!nd)
11230 		return -ENOBUFS;
11231 
11232 	if (req->n_scan_plans == 1 &&
11233 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11234 			req->scan_plans[0].interval * 1000))
11235 		return -ENOBUFS;
11236 
11237 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11238 		return -ENOBUFS;
11239 
11240 	if (req->relative_rssi_set) {
11241 		struct nl80211_bss_select_rssi_adjust rssi_adjust;
11242 
11243 		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11244 			       req->relative_rssi))
11245 			return -ENOBUFS;
11246 
11247 		rssi_adjust.band = req->rssi_adjust.band;
11248 		rssi_adjust.delta = req->rssi_adjust.delta;
11249 		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11250 			    sizeof(rssi_adjust), &rssi_adjust))
11251 			return -ENOBUFS;
11252 	}
11253 
11254 	freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11255 	if (!freqs)
11256 		return -ENOBUFS;
11257 
11258 	for (i = 0; i < req->n_channels; i++) {
11259 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11260 			return -ENOBUFS;
11261 	}
11262 
11263 	nla_nest_end(msg, freqs);
11264 
11265 	if (req->n_match_sets) {
11266 		matches = nla_nest_start_noflag(msg,
11267 						NL80211_ATTR_SCHED_SCAN_MATCH);
11268 		if (!matches)
11269 			return -ENOBUFS;
11270 
11271 		for (i = 0; i < req->n_match_sets; i++) {
11272 			match = nla_nest_start_noflag(msg, i);
11273 			if (!match)
11274 				return -ENOBUFS;
11275 
11276 			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11277 				    req->match_sets[i].ssid.ssid_len,
11278 				    req->match_sets[i].ssid.ssid))
11279 				return -ENOBUFS;
11280 			nla_nest_end(msg, match);
11281 		}
11282 		nla_nest_end(msg, matches);
11283 	}
11284 
11285 	scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11286 	if (!scan_plans)
11287 		return -ENOBUFS;
11288 
11289 	for (i = 0; i < req->n_scan_plans; i++) {
11290 		scan_plan = nla_nest_start_noflag(msg, i + 1);
11291 		if (!scan_plan)
11292 			return -ENOBUFS;
11293 
11294 		if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11295 				req->scan_plans[i].interval) ||
11296 		    (req->scan_plans[i].iterations &&
11297 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11298 				 req->scan_plans[i].iterations)))
11299 			return -ENOBUFS;
11300 		nla_nest_end(msg, scan_plan);
11301 	}
11302 	nla_nest_end(msg, scan_plans);
11303 
11304 	nla_nest_end(msg, nd);
11305 
11306 	return 0;
11307 }
11308 
11309 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11310 {
11311 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11312 	struct sk_buff *msg;
11313 	void *hdr;
11314 	u32 size = NLMSG_DEFAULT_SIZE;
11315 
11316 	if (!rdev->wiphy.wowlan)
11317 		return -EOPNOTSUPP;
11318 
11319 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11320 		/* adjust size to have room for all the data */
11321 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11322 			rdev->wiphy.wowlan_config->tcp->payload_len +
11323 			rdev->wiphy.wowlan_config->tcp->wake_len +
11324 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11325 	}
11326 
11327 	msg = nlmsg_new(size, GFP_KERNEL);
11328 	if (!msg)
11329 		return -ENOMEM;
11330 
11331 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11332 			     NL80211_CMD_GET_WOWLAN);
11333 	if (!hdr)
11334 		goto nla_put_failure;
11335 
11336 	if (rdev->wiphy.wowlan_config) {
11337 		struct nlattr *nl_wowlan;
11338 
11339 		nl_wowlan = nla_nest_start_noflag(msg,
11340 						  NL80211_ATTR_WOWLAN_TRIGGERS);
11341 		if (!nl_wowlan)
11342 			goto nla_put_failure;
11343 
11344 		if ((rdev->wiphy.wowlan_config->any &&
11345 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11346 		    (rdev->wiphy.wowlan_config->disconnect &&
11347 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11348 		    (rdev->wiphy.wowlan_config->magic_pkt &&
11349 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11350 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11351 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11352 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
11353 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11354 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
11355 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11356 		    (rdev->wiphy.wowlan_config->rfkill_release &&
11357 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11358 			goto nla_put_failure;
11359 
11360 		if (nl80211_send_wowlan_patterns(msg, rdev))
11361 			goto nla_put_failure;
11362 
11363 		if (nl80211_send_wowlan_tcp(msg,
11364 					    rdev->wiphy.wowlan_config->tcp))
11365 			goto nla_put_failure;
11366 
11367 		if (nl80211_send_wowlan_nd(
11368 			    msg,
11369 			    rdev->wiphy.wowlan_config->nd_config))
11370 			goto nla_put_failure;
11371 
11372 		nla_nest_end(msg, nl_wowlan);
11373 	}
11374 
11375 	genlmsg_end(msg, hdr);
11376 	return genlmsg_reply(msg, info);
11377 
11378 nla_put_failure:
11379 	nlmsg_free(msg);
11380 	return -ENOBUFS;
11381 }
11382 
11383 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
11384 				    struct nlattr *attr,
11385 				    struct cfg80211_wowlan *trig)
11386 {
11387 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
11388 	struct cfg80211_wowlan_tcp *cfg;
11389 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
11390 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
11391 	u32 size;
11392 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
11393 	int err, port;
11394 
11395 	if (!rdev->wiphy.wowlan->tcp)
11396 		return -EINVAL;
11397 
11398 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
11399 					  nl80211_wowlan_tcp_policy, NULL);
11400 	if (err)
11401 		return err;
11402 
11403 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
11404 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
11405 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
11406 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
11407 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
11408 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
11409 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
11410 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
11411 		return -EINVAL;
11412 
11413 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11414 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11415 		return -EINVAL;
11416 
11417 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11418 			rdev->wiphy.wowlan->tcp->data_interval_max ||
11419 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11420 		return -EINVAL;
11421 
11422 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11423 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11424 		return -EINVAL;
11425 
11426 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11427 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11428 		return -EINVAL;
11429 
11430 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11431 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11432 
11433 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11434 		tokens_size = tokln - sizeof(*tok);
11435 
11436 		if (!tok->len || tokens_size % tok->len)
11437 			return -EINVAL;
11438 		if (!rdev->wiphy.wowlan->tcp->tok)
11439 			return -EINVAL;
11440 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11441 			return -EINVAL;
11442 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11443 			return -EINVAL;
11444 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11445 			return -EINVAL;
11446 		if (tok->offset + tok->len > data_size)
11447 			return -EINVAL;
11448 	}
11449 
11450 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11451 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11452 		if (!rdev->wiphy.wowlan->tcp->seq)
11453 			return -EINVAL;
11454 		if (seq->len == 0 || seq->len > 4)
11455 			return -EINVAL;
11456 		if (seq->len + seq->offset > data_size)
11457 			return -EINVAL;
11458 	}
11459 
11460 	size = sizeof(*cfg);
11461 	size += data_size;
11462 	size += wake_size + wake_mask_size;
11463 	size += tokens_size;
11464 
11465 	cfg = kzalloc(size, GFP_KERNEL);
11466 	if (!cfg)
11467 		return -ENOMEM;
11468 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11469 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11470 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11471 	       ETH_ALEN);
11472 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11473 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11474 	else
11475 		port = 0;
11476 #ifdef CONFIG_INET
11477 	/* allocate a socket and port for it and use it */
11478 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11479 			    IPPROTO_TCP, &cfg->sock, 1);
11480 	if (err) {
11481 		kfree(cfg);
11482 		return err;
11483 	}
11484 	if (inet_csk_get_port(cfg->sock->sk, port)) {
11485 		sock_release(cfg->sock);
11486 		kfree(cfg);
11487 		return -EADDRINUSE;
11488 	}
11489 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11490 #else
11491 	if (!port) {
11492 		kfree(cfg);
11493 		return -EINVAL;
11494 	}
11495 	cfg->src_port = port;
11496 #endif
11497 
11498 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11499 	cfg->payload_len = data_size;
11500 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11501 	memcpy((void *)cfg->payload,
11502 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11503 	       data_size);
11504 	if (seq)
11505 		cfg->payload_seq = *seq;
11506 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11507 	cfg->wake_len = wake_size;
11508 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11509 	memcpy((void *)cfg->wake_data,
11510 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11511 	       wake_size);
11512 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11513 			 data_size + wake_size;
11514 	memcpy((void *)cfg->wake_mask,
11515 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11516 	       wake_mask_size);
11517 	if (tok) {
11518 		cfg->tokens_size = tokens_size;
11519 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11520 	}
11521 
11522 	trig->tcp = cfg;
11523 
11524 	return 0;
11525 }
11526 
11527 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11528 				   const struct wiphy_wowlan_support *wowlan,
11529 				   struct nlattr *attr,
11530 				   struct cfg80211_wowlan *trig)
11531 {
11532 	struct nlattr **tb;
11533 	int err;
11534 
11535 	tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11536 	if (!tb)
11537 		return -ENOMEM;
11538 
11539 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11540 		err = -EOPNOTSUPP;
11541 		goto out;
11542 	}
11543 
11544 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
11545 					  nl80211_policy, NULL);
11546 	if (err)
11547 		goto out;
11548 
11549 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11550 						   wowlan->max_nd_match_sets);
11551 	err = PTR_ERR_OR_ZERO(trig->nd_config);
11552 	if (err)
11553 		trig->nd_config = NULL;
11554 
11555 out:
11556 	kfree(tb);
11557 	return err;
11558 }
11559 
11560 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11561 {
11562 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11563 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11564 	struct cfg80211_wowlan new_triggers = {};
11565 	struct cfg80211_wowlan *ntrig;
11566 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11567 	int err, i;
11568 	bool prev_enabled = rdev->wiphy.wowlan_config;
11569 	bool regular = false;
11570 
11571 	if (!wowlan)
11572 		return -EOPNOTSUPP;
11573 
11574 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11575 		cfg80211_rdev_free_wowlan(rdev);
11576 		rdev->wiphy.wowlan_config = NULL;
11577 		goto set_wakeup;
11578 	}
11579 
11580 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
11581 					  info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11582 					  nl80211_wowlan_policy, info->extack);
11583 	if (err)
11584 		return err;
11585 
11586 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11587 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11588 			return -EINVAL;
11589 		new_triggers.any = true;
11590 	}
11591 
11592 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11593 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11594 			return -EINVAL;
11595 		new_triggers.disconnect = true;
11596 		regular = true;
11597 	}
11598 
11599 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11600 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11601 			return -EINVAL;
11602 		new_triggers.magic_pkt = true;
11603 		regular = true;
11604 	}
11605 
11606 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11607 		return -EINVAL;
11608 
11609 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11610 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11611 			return -EINVAL;
11612 		new_triggers.gtk_rekey_failure = true;
11613 		regular = true;
11614 	}
11615 
11616 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11617 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11618 			return -EINVAL;
11619 		new_triggers.eap_identity_req = true;
11620 		regular = true;
11621 	}
11622 
11623 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11624 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11625 			return -EINVAL;
11626 		new_triggers.four_way_handshake = true;
11627 		regular = true;
11628 	}
11629 
11630 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11631 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11632 			return -EINVAL;
11633 		new_triggers.rfkill_release = true;
11634 		regular = true;
11635 	}
11636 
11637 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11638 		struct nlattr *pat;
11639 		int n_patterns = 0;
11640 		int rem, pat_len, mask_len, pkt_offset;
11641 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11642 
11643 		regular = true;
11644 
11645 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11646 				    rem)
11647 			n_patterns++;
11648 		if (n_patterns > wowlan->n_patterns)
11649 			return -EINVAL;
11650 
11651 		new_triggers.patterns = kcalloc(n_patterns,
11652 						sizeof(new_triggers.patterns[0]),
11653 						GFP_KERNEL);
11654 		if (!new_triggers.patterns)
11655 			return -ENOMEM;
11656 
11657 		new_triggers.n_patterns = n_patterns;
11658 		i = 0;
11659 
11660 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11661 				    rem) {
11662 			u8 *mask_pat;
11663 
11664 			err = nla_parse_nested_deprecated(pat_tb,
11665 							  MAX_NL80211_PKTPAT,
11666 							  pat,
11667 							  nl80211_packet_pattern_policy,
11668 							  info->extack);
11669 			if (err)
11670 				goto error;
11671 
11672 			err = -EINVAL;
11673 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
11674 			    !pat_tb[NL80211_PKTPAT_PATTERN])
11675 				goto error;
11676 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11677 			mask_len = DIV_ROUND_UP(pat_len, 8);
11678 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11679 				goto error;
11680 			if (pat_len > wowlan->pattern_max_len ||
11681 			    pat_len < wowlan->pattern_min_len)
11682 				goto error;
11683 
11684 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
11685 				pkt_offset = 0;
11686 			else
11687 				pkt_offset = nla_get_u32(
11688 					pat_tb[NL80211_PKTPAT_OFFSET]);
11689 			if (pkt_offset > wowlan->max_pkt_offset)
11690 				goto error;
11691 			new_triggers.patterns[i].pkt_offset = pkt_offset;
11692 
11693 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11694 			if (!mask_pat) {
11695 				err = -ENOMEM;
11696 				goto error;
11697 			}
11698 			new_triggers.patterns[i].mask = mask_pat;
11699 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11700 			       mask_len);
11701 			mask_pat += mask_len;
11702 			new_triggers.patterns[i].pattern = mask_pat;
11703 			new_triggers.patterns[i].pattern_len = pat_len;
11704 			memcpy(mask_pat,
11705 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11706 			       pat_len);
11707 			i++;
11708 		}
11709 	}
11710 
11711 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11712 		regular = true;
11713 		err = nl80211_parse_wowlan_tcp(
11714 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11715 			&new_triggers);
11716 		if (err)
11717 			goto error;
11718 	}
11719 
11720 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11721 		regular = true;
11722 		err = nl80211_parse_wowlan_nd(
11723 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11724 			&new_triggers);
11725 		if (err)
11726 			goto error;
11727 	}
11728 
11729 	/* The 'any' trigger means the device continues operating more or less
11730 	 * as in its normal operation mode and wakes up the host on most of the
11731 	 * normal interrupts (like packet RX, ...)
11732 	 * It therefore makes little sense to combine with the more constrained
11733 	 * wakeup trigger modes.
11734 	 */
11735 	if (new_triggers.any && regular) {
11736 		err = -EINVAL;
11737 		goto error;
11738 	}
11739 
11740 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11741 	if (!ntrig) {
11742 		err = -ENOMEM;
11743 		goto error;
11744 	}
11745 	cfg80211_rdev_free_wowlan(rdev);
11746 	rdev->wiphy.wowlan_config = ntrig;
11747 
11748  set_wakeup:
11749 	if (rdev->ops->set_wakeup &&
11750 	    prev_enabled != !!rdev->wiphy.wowlan_config)
11751 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11752 
11753 	return 0;
11754  error:
11755 	for (i = 0; i < new_triggers.n_patterns; i++)
11756 		kfree(new_triggers.patterns[i].mask);
11757 	kfree(new_triggers.patterns);
11758 	if (new_triggers.tcp && new_triggers.tcp->sock)
11759 		sock_release(new_triggers.tcp->sock);
11760 	kfree(new_triggers.tcp);
11761 	kfree(new_triggers.nd_config);
11762 	return err;
11763 }
11764 #endif
11765 
11766 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11767 				       struct cfg80211_registered_device *rdev)
11768 {
11769 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11770 	int i, j, pat_len;
11771 	struct cfg80211_coalesce_rules *rule;
11772 
11773 	if (!rdev->coalesce->n_rules)
11774 		return 0;
11775 
11776 	nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
11777 	if (!nl_rules)
11778 		return -ENOBUFS;
11779 
11780 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
11781 		nl_rule = nla_nest_start_noflag(msg, i + 1);
11782 		if (!nl_rule)
11783 			return -ENOBUFS;
11784 
11785 		rule = &rdev->coalesce->rules[i];
11786 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
11787 				rule->delay))
11788 			return -ENOBUFS;
11789 
11790 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
11791 				rule->condition))
11792 			return -ENOBUFS;
11793 
11794 		nl_pats = nla_nest_start_noflag(msg,
11795 						NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11796 		if (!nl_pats)
11797 			return -ENOBUFS;
11798 
11799 		for (j = 0; j < rule->n_patterns; j++) {
11800 			nl_pat = nla_nest_start_noflag(msg, j + 1);
11801 			if (!nl_pat)
11802 				return -ENOBUFS;
11803 			pat_len = rule->patterns[j].pattern_len;
11804 			if (nla_put(msg, NL80211_PKTPAT_MASK,
11805 				    DIV_ROUND_UP(pat_len, 8),
11806 				    rule->patterns[j].mask) ||
11807 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11808 				    rule->patterns[j].pattern) ||
11809 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11810 					rule->patterns[j].pkt_offset))
11811 				return -ENOBUFS;
11812 			nla_nest_end(msg, nl_pat);
11813 		}
11814 		nla_nest_end(msg, nl_pats);
11815 		nla_nest_end(msg, nl_rule);
11816 	}
11817 	nla_nest_end(msg, nl_rules);
11818 
11819 	return 0;
11820 }
11821 
11822 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
11823 {
11824 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11825 	struct sk_buff *msg;
11826 	void *hdr;
11827 
11828 	if (!rdev->wiphy.coalesce)
11829 		return -EOPNOTSUPP;
11830 
11831 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11832 	if (!msg)
11833 		return -ENOMEM;
11834 
11835 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11836 			     NL80211_CMD_GET_COALESCE);
11837 	if (!hdr)
11838 		goto nla_put_failure;
11839 
11840 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
11841 		goto nla_put_failure;
11842 
11843 	genlmsg_end(msg, hdr);
11844 	return genlmsg_reply(msg, info);
11845 
11846 nla_put_failure:
11847 	nlmsg_free(msg);
11848 	return -ENOBUFS;
11849 }
11850 
11851 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
11852 {
11853 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
11854 	int i, j;
11855 	struct cfg80211_coalesce_rules *rule;
11856 
11857 	if (!coalesce)
11858 		return;
11859 
11860 	for (i = 0; i < coalesce->n_rules; i++) {
11861 		rule = &coalesce->rules[i];
11862 		for (j = 0; j < rule->n_patterns; j++)
11863 			kfree(rule->patterns[j].mask);
11864 		kfree(rule->patterns);
11865 	}
11866 	kfree(coalesce->rules);
11867 	kfree(coalesce);
11868 	rdev->coalesce = NULL;
11869 }
11870 
11871 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
11872 				       struct nlattr *rule,
11873 				       struct cfg80211_coalesce_rules *new_rule)
11874 {
11875 	int err, i;
11876 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11877 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
11878 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
11879 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11880 
11881 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
11882 					  rule, nl80211_coalesce_policy, NULL);
11883 	if (err)
11884 		return err;
11885 
11886 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
11887 		new_rule->delay =
11888 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
11889 	if (new_rule->delay > coalesce->max_delay)
11890 		return -EINVAL;
11891 
11892 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
11893 		new_rule->condition =
11894 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
11895 
11896 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
11897 		return -EINVAL;
11898 
11899 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11900 			    rem)
11901 		n_patterns++;
11902 	if (n_patterns > coalesce->n_patterns)
11903 		return -EINVAL;
11904 
11905 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
11906 				     GFP_KERNEL);
11907 	if (!new_rule->patterns)
11908 		return -ENOMEM;
11909 
11910 	new_rule->n_patterns = n_patterns;
11911 	i = 0;
11912 
11913 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11914 			    rem) {
11915 		u8 *mask_pat;
11916 
11917 		err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
11918 						  pat,
11919 						  nl80211_packet_pattern_policy,
11920 						  NULL);
11921 		if (err)
11922 			return err;
11923 
11924 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
11925 		    !pat_tb[NL80211_PKTPAT_PATTERN])
11926 			return -EINVAL;
11927 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11928 		mask_len = DIV_ROUND_UP(pat_len, 8);
11929 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11930 			return -EINVAL;
11931 		if (pat_len > coalesce->pattern_max_len ||
11932 		    pat_len < coalesce->pattern_min_len)
11933 			return -EINVAL;
11934 
11935 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
11936 			pkt_offset = 0;
11937 		else
11938 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
11939 		if (pkt_offset > coalesce->max_pkt_offset)
11940 			return -EINVAL;
11941 		new_rule->patterns[i].pkt_offset = pkt_offset;
11942 
11943 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11944 		if (!mask_pat)
11945 			return -ENOMEM;
11946 
11947 		new_rule->patterns[i].mask = mask_pat;
11948 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11949 		       mask_len);
11950 
11951 		mask_pat += mask_len;
11952 		new_rule->patterns[i].pattern = mask_pat;
11953 		new_rule->patterns[i].pattern_len = pat_len;
11954 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11955 		       pat_len);
11956 		i++;
11957 	}
11958 
11959 	return 0;
11960 }
11961 
11962 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
11963 {
11964 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11965 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11966 	struct cfg80211_coalesce new_coalesce = {};
11967 	struct cfg80211_coalesce *n_coalesce;
11968 	int err, rem_rule, n_rules = 0, i, j;
11969 	struct nlattr *rule;
11970 	struct cfg80211_coalesce_rules *tmp_rule;
11971 
11972 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
11973 		return -EOPNOTSUPP;
11974 
11975 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
11976 		cfg80211_rdev_free_coalesce(rdev);
11977 		rdev_set_coalesce(rdev, NULL);
11978 		return 0;
11979 	}
11980 
11981 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11982 			    rem_rule)
11983 		n_rules++;
11984 	if (n_rules > coalesce->n_rules)
11985 		return -EINVAL;
11986 
11987 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
11988 				     GFP_KERNEL);
11989 	if (!new_coalesce.rules)
11990 		return -ENOMEM;
11991 
11992 	new_coalesce.n_rules = n_rules;
11993 	i = 0;
11994 
11995 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11996 			    rem_rule) {
11997 		err = nl80211_parse_coalesce_rule(rdev, rule,
11998 						  &new_coalesce.rules[i]);
11999 		if (err)
12000 			goto error;
12001 
12002 		i++;
12003 	}
12004 
12005 	err = rdev_set_coalesce(rdev, &new_coalesce);
12006 	if (err)
12007 		goto error;
12008 
12009 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
12010 	if (!n_coalesce) {
12011 		err = -ENOMEM;
12012 		goto error;
12013 	}
12014 	cfg80211_rdev_free_coalesce(rdev);
12015 	rdev->coalesce = n_coalesce;
12016 
12017 	return 0;
12018 error:
12019 	for (i = 0; i < new_coalesce.n_rules; i++) {
12020 		tmp_rule = &new_coalesce.rules[i];
12021 		for (j = 0; j < tmp_rule->n_patterns; j++)
12022 			kfree(tmp_rule->patterns[j].mask);
12023 		kfree(tmp_rule->patterns);
12024 	}
12025 	kfree(new_coalesce.rules);
12026 
12027 	return err;
12028 }
12029 
12030 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
12031 {
12032 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12033 	struct net_device *dev = info->user_ptr[1];
12034 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12035 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
12036 	struct cfg80211_gtk_rekey_data rekey_data;
12037 	int err;
12038 
12039 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
12040 		return -EINVAL;
12041 
12042 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
12043 					  info->attrs[NL80211_ATTR_REKEY_DATA],
12044 					  nl80211_rekey_policy, info->extack);
12045 	if (err)
12046 		return err;
12047 
12048 	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
12049 	    !tb[NL80211_REKEY_DATA_KCK])
12050 		return -EINVAL;
12051 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
12052 		return -ERANGE;
12053 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
12054 		return -ERANGE;
12055 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
12056 		return -ERANGE;
12057 
12058 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
12059 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
12060 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
12061 
12062 	wdev_lock(wdev);
12063 	if (!wdev->current_bss) {
12064 		err = -ENOTCONN;
12065 		goto out;
12066 	}
12067 
12068 	if (!rdev->ops->set_rekey_data) {
12069 		err = -EOPNOTSUPP;
12070 		goto out;
12071 	}
12072 
12073 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
12074  out:
12075 	wdev_unlock(wdev);
12076 	return err;
12077 }
12078 
12079 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
12080 					     struct genl_info *info)
12081 {
12082 	struct net_device *dev = info->user_ptr[1];
12083 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12084 
12085 	if (wdev->iftype != NL80211_IFTYPE_AP &&
12086 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
12087 		return -EINVAL;
12088 
12089 	if (wdev->ap_unexpected_nlportid)
12090 		return -EBUSY;
12091 
12092 	wdev->ap_unexpected_nlportid = info->snd_portid;
12093 	return 0;
12094 }
12095 
12096 static int nl80211_probe_client(struct sk_buff *skb,
12097 				struct genl_info *info)
12098 {
12099 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12100 	struct net_device *dev = info->user_ptr[1];
12101 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12102 	struct sk_buff *msg;
12103 	void *hdr;
12104 	const u8 *addr;
12105 	u64 cookie;
12106 	int err;
12107 
12108 	if (wdev->iftype != NL80211_IFTYPE_AP &&
12109 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
12110 		return -EOPNOTSUPP;
12111 
12112 	if (!info->attrs[NL80211_ATTR_MAC])
12113 		return -EINVAL;
12114 
12115 	if (!rdev->ops->probe_client)
12116 		return -EOPNOTSUPP;
12117 
12118 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12119 	if (!msg)
12120 		return -ENOMEM;
12121 
12122 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12123 			     NL80211_CMD_PROBE_CLIENT);
12124 	if (!hdr) {
12125 		err = -ENOBUFS;
12126 		goto free_msg;
12127 	}
12128 
12129 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12130 
12131 	err = rdev_probe_client(rdev, dev, addr, &cookie);
12132 	if (err)
12133 		goto free_msg;
12134 
12135 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12136 			      NL80211_ATTR_PAD))
12137 		goto nla_put_failure;
12138 
12139 	genlmsg_end(msg, hdr);
12140 
12141 	return genlmsg_reply(msg, info);
12142 
12143  nla_put_failure:
12144 	err = -ENOBUFS;
12145  free_msg:
12146 	nlmsg_free(msg);
12147 	return err;
12148 }
12149 
12150 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
12151 {
12152 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12153 	struct cfg80211_beacon_registration *reg, *nreg;
12154 	int rv;
12155 
12156 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
12157 		return -EOPNOTSUPP;
12158 
12159 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
12160 	if (!nreg)
12161 		return -ENOMEM;
12162 
12163 	/* First, check if already registered. */
12164 	spin_lock_bh(&rdev->beacon_registrations_lock);
12165 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12166 		if (reg->nlportid == info->snd_portid) {
12167 			rv = -EALREADY;
12168 			goto out_err;
12169 		}
12170 	}
12171 	/* Add it to the list */
12172 	nreg->nlportid = info->snd_portid;
12173 	list_add(&nreg->list, &rdev->beacon_registrations);
12174 
12175 	spin_unlock_bh(&rdev->beacon_registrations_lock);
12176 
12177 	return 0;
12178 out_err:
12179 	spin_unlock_bh(&rdev->beacon_registrations_lock);
12180 	kfree(nreg);
12181 	return rv;
12182 }
12183 
12184 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
12185 {
12186 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12187 	struct wireless_dev *wdev = info->user_ptr[1];
12188 	int err;
12189 
12190 	if (!rdev->ops->start_p2p_device)
12191 		return -EOPNOTSUPP;
12192 
12193 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12194 		return -EOPNOTSUPP;
12195 
12196 	if (wdev_running(wdev))
12197 		return 0;
12198 
12199 	if (rfkill_blocked(rdev->rfkill))
12200 		return -ERFKILL;
12201 
12202 	err = rdev_start_p2p_device(rdev, wdev);
12203 	if (err)
12204 		return err;
12205 
12206 	wdev->is_running = true;
12207 	rdev->opencount++;
12208 
12209 	return 0;
12210 }
12211 
12212 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12213 {
12214 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12215 	struct wireless_dev *wdev = info->user_ptr[1];
12216 
12217 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12218 		return -EOPNOTSUPP;
12219 
12220 	if (!rdev->ops->stop_p2p_device)
12221 		return -EOPNOTSUPP;
12222 
12223 	cfg80211_stop_p2p_device(rdev, wdev);
12224 
12225 	return 0;
12226 }
12227 
12228 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12229 {
12230 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12231 	struct wireless_dev *wdev = info->user_ptr[1];
12232 	struct cfg80211_nan_conf conf = {};
12233 	int err;
12234 
12235 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12236 		return -EOPNOTSUPP;
12237 
12238 	if (wdev_running(wdev))
12239 		return -EEXIST;
12240 
12241 	if (rfkill_blocked(rdev->rfkill))
12242 		return -ERFKILL;
12243 
12244 	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12245 		return -EINVAL;
12246 
12247 	conf.master_pref =
12248 		nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12249 
12250 	if (info->attrs[NL80211_ATTR_BANDS]) {
12251 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12252 
12253 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12254 			return -EOPNOTSUPP;
12255 
12256 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12257 			return -EINVAL;
12258 
12259 		conf.bands = bands;
12260 	}
12261 
12262 	err = rdev_start_nan(rdev, wdev, &conf);
12263 	if (err)
12264 		return err;
12265 
12266 	wdev->is_running = true;
12267 	rdev->opencount++;
12268 
12269 	return 0;
12270 }
12271 
12272 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12273 {
12274 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12275 	struct wireless_dev *wdev = info->user_ptr[1];
12276 
12277 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12278 		return -EOPNOTSUPP;
12279 
12280 	cfg80211_stop_nan(rdev, wdev);
12281 
12282 	return 0;
12283 }
12284 
12285 static int validate_nan_filter(struct nlattr *filter_attr)
12286 {
12287 	struct nlattr *attr;
12288 	int len = 0, n_entries = 0, rem;
12289 
12290 	nla_for_each_nested(attr, filter_attr, rem) {
12291 		len += nla_len(attr);
12292 		n_entries++;
12293 	}
12294 
12295 	if (len >= U8_MAX)
12296 		return -EINVAL;
12297 
12298 	return n_entries;
12299 }
12300 
12301 static int handle_nan_filter(struct nlattr *attr_filter,
12302 			     struct cfg80211_nan_func *func,
12303 			     bool tx)
12304 {
12305 	struct nlattr *attr;
12306 	int n_entries, rem, i;
12307 	struct cfg80211_nan_func_filter *filter;
12308 
12309 	n_entries = validate_nan_filter(attr_filter);
12310 	if (n_entries < 0)
12311 		return n_entries;
12312 
12313 	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12314 
12315 	filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12316 	if (!filter)
12317 		return -ENOMEM;
12318 
12319 	i = 0;
12320 	nla_for_each_nested(attr, attr_filter, rem) {
12321 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12322 		filter[i].len = nla_len(attr);
12323 		i++;
12324 	}
12325 	if (tx) {
12326 		func->num_tx_filters = n_entries;
12327 		func->tx_filters = filter;
12328 	} else {
12329 		func->num_rx_filters = n_entries;
12330 		func->rx_filters = filter;
12331 	}
12332 
12333 	return 0;
12334 }
12335 
12336 static int nl80211_nan_add_func(struct sk_buff *skb,
12337 				struct genl_info *info)
12338 {
12339 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12340 	struct wireless_dev *wdev = info->user_ptr[1];
12341 	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12342 	struct cfg80211_nan_func *func;
12343 	struct sk_buff *msg = NULL;
12344 	void *hdr = NULL;
12345 	int err = 0;
12346 
12347 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12348 		return -EOPNOTSUPP;
12349 
12350 	if (!wdev_running(wdev))
12351 		return -ENOTCONN;
12352 
12353 	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12354 		return -EINVAL;
12355 
12356 	err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12357 					  info->attrs[NL80211_ATTR_NAN_FUNC],
12358 					  nl80211_nan_func_policy,
12359 					  info->extack);
12360 	if (err)
12361 		return err;
12362 
12363 	func = kzalloc(sizeof(*func), GFP_KERNEL);
12364 	if (!func)
12365 		return -ENOMEM;
12366 
12367 	func->cookie = cfg80211_assign_cookie(rdev);
12368 
12369 	if (!tb[NL80211_NAN_FUNC_TYPE] ||
12370 	    nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
12371 		err = -EINVAL;
12372 		goto out;
12373 	}
12374 
12375 
12376 	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
12377 
12378 	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
12379 		err = -EINVAL;
12380 		goto out;
12381 	}
12382 
12383 	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
12384 	       sizeof(func->service_id));
12385 
12386 	func->close_range =
12387 		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
12388 
12389 	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
12390 		func->serv_spec_info_len =
12391 			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
12392 		func->serv_spec_info =
12393 			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
12394 				func->serv_spec_info_len,
12395 				GFP_KERNEL);
12396 		if (!func->serv_spec_info) {
12397 			err = -ENOMEM;
12398 			goto out;
12399 		}
12400 	}
12401 
12402 	if (tb[NL80211_NAN_FUNC_TTL])
12403 		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
12404 
12405 	switch (func->type) {
12406 	case NL80211_NAN_FUNC_PUBLISH:
12407 		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
12408 			err = -EINVAL;
12409 			goto out;
12410 		}
12411 
12412 		func->publish_type =
12413 			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
12414 		func->publish_bcast =
12415 			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
12416 
12417 		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12418 			func->publish_bcast) {
12419 			err = -EINVAL;
12420 			goto out;
12421 		}
12422 		break;
12423 	case NL80211_NAN_FUNC_SUBSCRIBE:
12424 		func->subscribe_active =
12425 			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12426 		break;
12427 	case NL80211_NAN_FUNC_FOLLOW_UP:
12428 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12429 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12430 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12431 			err = -EINVAL;
12432 			goto out;
12433 		}
12434 
12435 		func->followup_id =
12436 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12437 		func->followup_reqid =
12438 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12439 		memcpy(func->followup_dest.addr,
12440 		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12441 		       sizeof(func->followup_dest.addr));
12442 		if (func->ttl) {
12443 			err = -EINVAL;
12444 			goto out;
12445 		}
12446 		break;
12447 	default:
12448 		err = -EINVAL;
12449 		goto out;
12450 	}
12451 
12452 	if (tb[NL80211_NAN_FUNC_SRF]) {
12453 		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12454 
12455 		err = nla_parse_nested_deprecated(srf_tb,
12456 						  NL80211_NAN_SRF_ATTR_MAX,
12457 						  tb[NL80211_NAN_FUNC_SRF],
12458 						  nl80211_nan_srf_policy,
12459 						  info->extack);
12460 		if (err)
12461 			goto out;
12462 
12463 		func->srf_include =
12464 			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12465 
12466 		if (srf_tb[NL80211_NAN_SRF_BF]) {
12467 			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12468 			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12469 				err = -EINVAL;
12470 				goto out;
12471 			}
12472 
12473 			func->srf_bf_len =
12474 				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12475 			func->srf_bf =
12476 				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12477 					func->srf_bf_len, GFP_KERNEL);
12478 			if (!func->srf_bf) {
12479 				err = -ENOMEM;
12480 				goto out;
12481 			}
12482 
12483 			func->srf_bf_idx =
12484 				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12485 		} else {
12486 			struct nlattr *attr, *mac_attr =
12487 				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12488 			int n_entries, rem, i = 0;
12489 
12490 			if (!mac_attr) {
12491 				err = -EINVAL;
12492 				goto out;
12493 			}
12494 
12495 			n_entries = validate_acl_mac_addrs(mac_attr);
12496 			if (n_entries <= 0) {
12497 				err = -EINVAL;
12498 				goto out;
12499 			}
12500 
12501 			func->srf_num_macs = n_entries;
12502 			func->srf_macs =
12503 				kcalloc(n_entries, sizeof(*func->srf_macs),
12504 					GFP_KERNEL);
12505 			if (!func->srf_macs) {
12506 				err = -ENOMEM;
12507 				goto out;
12508 			}
12509 
12510 			nla_for_each_nested(attr, mac_attr, rem)
12511 				memcpy(func->srf_macs[i++].addr, nla_data(attr),
12512 				       sizeof(*func->srf_macs));
12513 		}
12514 	}
12515 
12516 	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12517 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12518 					func, true);
12519 		if (err)
12520 			goto out;
12521 	}
12522 
12523 	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12524 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12525 					func, false);
12526 		if (err)
12527 			goto out;
12528 	}
12529 
12530 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12531 	if (!msg) {
12532 		err = -ENOMEM;
12533 		goto out;
12534 	}
12535 
12536 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12537 			     NL80211_CMD_ADD_NAN_FUNCTION);
12538 	/* This can't really happen - we just allocated 4KB */
12539 	if (WARN_ON(!hdr)) {
12540 		err = -ENOMEM;
12541 		goto out;
12542 	}
12543 
12544 	err = rdev_add_nan_func(rdev, wdev, func);
12545 out:
12546 	if (err < 0) {
12547 		cfg80211_free_nan_func(func);
12548 		nlmsg_free(msg);
12549 		return err;
12550 	}
12551 
12552 	/* propagate the instance id and cookie to userspace  */
12553 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12554 			      NL80211_ATTR_PAD))
12555 		goto nla_put_failure;
12556 
12557 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12558 	if (!func_attr)
12559 		goto nla_put_failure;
12560 
12561 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12562 		       func->instance_id))
12563 		goto nla_put_failure;
12564 
12565 	nla_nest_end(msg, func_attr);
12566 
12567 	genlmsg_end(msg, hdr);
12568 	return genlmsg_reply(msg, info);
12569 
12570 nla_put_failure:
12571 	nlmsg_free(msg);
12572 	return -ENOBUFS;
12573 }
12574 
12575 static int nl80211_nan_del_func(struct sk_buff *skb,
12576 			       struct genl_info *info)
12577 {
12578 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12579 	struct wireless_dev *wdev = info->user_ptr[1];
12580 	u64 cookie;
12581 
12582 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12583 		return -EOPNOTSUPP;
12584 
12585 	if (!wdev_running(wdev))
12586 		return -ENOTCONN;
12587 
12588 	if (!info->attrs[NL80211_ATTR_COOKIE])
12589 		return -EINVAL;
12590 
12591 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12592 
12593 	rdev_del_nan_func(rdev, wdev, cookie);
12594 
12595 	return 0;
12596 }
12597 
12598 static int nl80211_nan_change_config(struct sk_buff *skb,
12599 				     struct genl_info *info)
12600 {
12601 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12602 	struct wireless_dev *wdev = info->user_ptr[1];
12603 	struct cfg80211_nan_conf conf = {};
12604 	u32 changed = 0;
12605 
12606 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12607 		return -EOPNOTSUPP;
12608 
12609 	if (!wdev_running(wdev))
12610 		return -ENOTCONN;
12611 
12612 	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12613 		conf.master_pref =
12614 			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12615 		if (conf.master_pref <= 1 || conf.master_pref == 255)
12616 			return -EINVAL;
12617 
12618 		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12619 	}
12620 
12621 	if (info->attrs[NL80211_ATTR_BANDS]) {
12622 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12623 
12624 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12625 			return -EOPNOTSUPP;
12626 
12627 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12628 			return -EINVAL;
12629 
12630 		conf.bands = bands;
12631 		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12632 	}
12633 
12634 	if (!changed)
12635 		return -EINVAL;
12636 
12637 	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12638 }
12639 
12640 void cfg80211_nan_match(struct wireless_dev *wdev,
12641 			struct cfg80211_nan_match_params *match, gfp_t gfp)
12642 {
12643 	struct wiphy *wiphy = wdev->wiphy;
12644 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12645 	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12646 	struct sk_buff *msg;
12647 	void *hdr;
12648 
12649 	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12650 		return;
12651 
12652 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12653 	if (!msg)
12654 		return;
12655 
12656 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12657 	if (!hdr) {
12658 		nlmsg_free(msg);
12659 		return;
12660 	}
12661 
12662 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12663 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12664 					 wdev->netdev->ifindex)) ||
12665 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12666 			      NL80211_ATTR_PAD))
12667 		goto nla_put_failure;
12668 
12669 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12670 			      NL80211_ATTR_PAD) ||
12671 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12672 		goto nla_put_failure;
12673 
12674 	match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12675 	if (!match_attr)
12676 		goto nla_put_failure;
12677 
12678 	local_func_attr = nla_nest_start_noflag(msg,
12679 						NL80211_NAN_MATCH_FUNC_LOCAL);
12680 	if (!local_func_attr)
12681 		goto nla_put_failure;
12682 
12683 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12684 		goto nla_put_failure;
12685 
12686 	nla_nest_end(msg, local_func_attr);
12687 
12688 	peer_func_attr = nla_nest_start_noflag(msg,
12689 					       NL80211_NAN_MATCH_FUNC_PEER);
12690 	if (!peer_func_attr)
12691 		goto nla_put_failure;
12692 
12693 	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12694 	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12695 		goto nla_put_failure;
12696 
12697 	if (match->info && match->info_len &&
12698 	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12699 		    match->info))
12700 		goto nla_put_failure;
12701 
12702 	nla_nest_end(msg, peer_func_attr);
12703 	nla_nest_end(msg, match_attr);
12704 	genlmsg_end(msg, hdr);
12705 
12706 	if (!wdev->owner_nlportid)
12707 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12708 					msg, 0, NL80211_MCGRP_NAN, gfp);
12709 	else
12710 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12711 				wdev->owner_nlportid);
12712 
12713 	return;
12714 
12715 nla_put_failure:
12716 	nlmsg_free(msg);
12717 }
12718 EXPORT_SYMBOL(cfg80211_nan_match);
12719 
12720 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12721 				  u8 inst_id,
12722 				  enum nl80211_nan_func_term_reason reason,
12723 				  u64 cookie, gfp_t gfp)
12724 {
12725 	struct wiphy *wiphy = wdev->wiphy;
12726 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12727 	struct sk_buff *msg;
12728 	struct nlattr *func_attr;
12729 	void *hdr;
12730 
12731 	if (WARN_ON(!inst_id))
12732 		return;
12733 
12734 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12735 	if (!msg)
12736 		return;
12737 
12738 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12739 	if (!hdr) {
12740 		nlmsg_free(msg);
12741 		return;
12742 	}
12743 
12744 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12745 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12746 					 wdev->netdev->ifindex)) ||
12747 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12748 			      NL80211_ATTR_PAD))
12749 		goto nla_put_failure;
12750 
12751 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12752 			      NL80211_ATTR_PAD))
12753 		goto nla_put_failure;
12754 
12755 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12756 	if (!func_attr)
12757 		goto nla_put_failure;
12758 
12759 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
12760 	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
12761 		goto nla_put_failure;
12762 
12763 	nla_nest_end(msg, func_attr);
12764 	genlmsg_end(msg, hdr);
12765 
12766 	if (!wdev->owner_nlportid)
12767 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12768 					msg, 0, NL80211_MCGRP_NAN, gfp);
12769 	else
12770 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12771 				wdev->owner_nlportid);
12772 
12773 	return;
12774 
12775 nla_put_failure:
12776 	nlmsg_free(msg);
12777 }
12778 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
12779 
12780 static int nl80211_get_protocol_features(struct sk_buff *skb,
12781 					 struct genl_info *info)
12782 {
12783 	void *hdr;
12784 	struct sk_buff *msg;
12785 
12786 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12787 	if (!msg)
12788 		return -ENOMEM;
12789 
12790 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12791 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
12792 	if (!hdr)
12793 		goto nla_put_failure;
12794 
12795 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
12796 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
12797 		goto nla_put_failure;
12798 
12799 	genlmsg_end(msg, hdr);
12800 	return genlmsg_reply(msg, info);
12801 
12802  nla_put_failure:
12803 	kfree_skb(msg);
12804 	return -ENOBUFS;
12805 }
12806 
12807 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
12808 {
12809 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12810 	struct cfg80211_update_ft_ies_params ft_params;
12811 	struct net_device *dev = info->user_ptr[1];
12812 
12813 	if (!rdev->ops->update_ft_ies)
12814 		return -EOPNOTSUPP;
12815 
12816 	if (!info->attrs[NL80211_ATTR_MDID] ||
12817 	    !info->attrs[NL80211_ATTR_IE])
12818 		return -EINVAL;
12819 
12820 	memset(&ft_params, 0, sizeof(ft_params));
12821 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
12822 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12823 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12824 
12825 	return rdev_update_ft_ies(rdev, dev, &ft_params);
12826 }
12827 
12828 static int nl80211_crit_protocol_start(struct sk_buff *skb,
12829 				       struct genl_info *info)
12830 {
12831 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12832 	struct wireless_dev *wdev = info->user_ptr[1];
12833 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
12834 	u16 duration;
12835 	int ret;
12836 
12837 	if (!rdev->ops->crit_proto_start)
12838 		return -EOPNOTSUPP;
12839 
12840 	if (WARN_ON(!rdev->ops->crit_proto_stop))
12841 		return -EINVAL;
12842 
12843 	if (rdev->crit_proto_nlportid)
12844 		return -EBUSY;
12845 
12846 	/* determine protocol if provided */
12847 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
12848 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
12849 
12850 	if (proto >= NUM_NL80211_CRIT_PROTO)
12851 		return -EINVAL;
12852 
12853 	/* timeout must be provided */
12854 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
12855 		return -EINVAL;
12856 
12857 	duration =
12858 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
12859 
12860 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
12861 		return -ERANGE;
12862 
12863 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
12864 	if (!ret)
12865 		rdev->crit_proto_nlportid = info->snd_portid;
12866 
12867 	return ret;
12868 }
12869 
12870 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
12871 				      struct genl_info *info)
12872 {
12873 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12874 	struct wireless_dev *wdev = info->user_ptr[1];
12875 
12876 	if (!rdev->ops->crit_proto_stop)
12877 		return -EOPNOTSUPP;
12878 
12879 	if (rdev->crit_proto_nlportid) {
12880 		rdev->crit_proto_nlportid = 0;
12881 		rdev_crit_proto_stop(rdev, wdev);
12882 	}
12883 	return 0;
12884 }
12885 
12886 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
12887 				       struct nlattr *attr,
12888 				       struct netlink_ext_ack *extack)
12889 {
12890 	if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
12891 		if (attr->nla_type & NLA_F_NESTED) {
12892 			NL_SET_ERR_MSG_ATTR(extack, attr,
12893 					    "unexpected nested data");
12894 			return -EINVAL;
12895 		}
12896 
12897 		return 0;
12898 	}
12899 
12900 	if (!(attr->nla_type & NLA_F_NESTED)) {
12901 		NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
12902 		return -EINVAL;
12903 	}
12904 
12905 	return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
12906 }
12907 
12908 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
12909 {
12910 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12911 	struct wireless_dev *wdev =
12912 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
12913 	int i, err;
12914 	u32 vid, subcmd;
12915 
12916 	if (!rdev->wiphy.vendor_commands)
12917 		return -EOPNOTSUPP;
12918 
12919 	if (IS_ERR(wdev)) {
12920 		err = PTR_ERR(wdev);
12921 		if (err != -EINVAL)
12922 			return err;
12923 		wdev = NULL;
12924 	} else if (wdev->wiphy != &rdev->wiphy) {
12925 		return -EINVAL;
12926 	}
12927 
12928 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
12929 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
12930 		return -EINVAL;
12931 
12932 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
12933 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
12934 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
12935 		const struct wiphy_vendor_command *vcmd;
12936 		void *data = NULL;
12937 		int len = 0;
12938 
12939 		vcmd = &rdev->wiphy.vendor_commands[i];
12940 
12941 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12942 			continue;
12943 
12944 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12945 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12946 			if (!wdev)
12947 				return -EINVAL;
12948 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12949 			    !wdev->netdev)
12950 				return -EINVAL;
12951 
12952 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12953 				if (!wdev_running(wdev))
12954 					return -ENETDOWN;
12955 			}
12956 
12957 			if (!vcmd->doit)
12958 				return -EOPNOTSUPP;
12959 		} else {
12960 			wdev = NULL;
12961 		}
12962 
12963 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
12964 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12965 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12966 
12967 			err = nl80211_vendor_check_policy(vcmd,
12968 					info->attrs[NL80211_ATTR_VENDOR_DATA],
12969 					info->extack);
12970 			if (err)
12971 				return err;
12972 		}
12973 
12974 		rdev->cur_cmd_info = info;
12975 		err = vcmd->doit(&rdev->wiphy, wdev, data, len);
12976 		rdev->cur_cmd_info = NULL;
12977 		return err;
12978 	}
12979 
12980 	return -EOPNOTSUPP;
12981 }
12982 
12983 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
12984 				       struct netlink_callback *cb,
12985 				       struct cfg80211_registered_device **rdev,
12986 				       struct wireless_dev **wdev)
12987 {
12988 	struct nlattr **attrbuf;
12989 	u32 vid, subcmd;
12990 	unsigned int i;
12991 	int vcmd_idx = -1;
12992 	int err;
12993 	void *data = NULL;
12994 	unsigned int data_len = 0;
12995 
12996 	if (cb->args[0]) {
12997 		/* subtract the 1 again here */
12998 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
12999 		struct wireless_dev *tmp;
13000 
13001 		if (!wiphy)
13002 			return -ENODEV;
13003 		*rdev = wiphy_to_rdev(wiphy);
13004 		*wdev = NULL;
13005 
13006 		if (cb->args[1]) {
13007 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
13008 				if (tmp->identifier == cb->args[1] - 1) {
13009 					*wdev = tmp;
13010 					break;
13011 				}
13012 			}
13013 		}
13014 
13015 		/* keep rtnl locked in successful case */
13016 		return 0;
13017 	}
13018 
13019 	attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
13020 	if (!attrbuf)
13021 		return -ENOMEM;
13022 
13023 	err = nlmsg_parse_deprecated(cb->nlh,
13024 				     GENL_HDRLEN + nl80211_fam.hdrsize,
13025 				     attrbuf, nl80211_fam.maxattr,
13026 				     nl80211_policy, NULL);
13027 	if (err)
13028 		goto out;
13029 
13030 	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
13031 	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
13032 		err = -EINVAL;
13033 		goto out;
13034 	}
13035 
13036 	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
13037 	if (IS_ERR(*wdev))
13038 		*wdev = NULL;
13039 
13040 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
13041 	if (IS_ERR(*rdev)) {
13042 		err = PTR_ERR(*rdev);
13043 		goto out;
13044 	}
13045 
13046 	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
13047 	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
13048 
13049 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
13050 		const struct wiphy_vendor_command *vcmd;
13051 
13052 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
13053 
13054 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
13055 			continue;
13056 
13057 		if (!vcmd->dumpit) {
13058 			err = -EOPNOTSUPP;
13059 			goto out;
13060 		}
13061 
13062 		vcmd_idx = i;
13063 		break;
13064 	}
13065 
13066 	if (vcmd_idx < 0) {
13067 		err = -EOPNOTSUPP;
13068 		goto out;
13069 	}
13070 
13071 	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
13072 		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13073 		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
13074 
13075 		err = nl80211_vendor_check_policy(
13076 				&(*rdev)->wiphy.vendor_commands[vcmd_idx],
13077 				attrbuf[NL80211_ATTR_VENDOR_DATA],
13078 				cb->extack);
13079 		if (err)
13080 			goto out;
13081 	}
13082 
13083 	/* 0 is the first index - add 1 to parse only once */
13084 	cb->args[0] = (*rdev)->wiphy_idx + 1;
13085 	/* add 1 to know if it was NULL */
13086 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
13087 	cb->args[2] = vcmd_idx;
13088 	cb->args[3] = (unsigned long)data;
13089 	cb->args[4] = data_len;
13090 
13091 	/* keep rtnl locked in successful case */
13092 	err = 0;
13093 out:
13094 	kfree(attrbuf);
13095 	return err;
13096 }
13097 
13098 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
13099 				   struct netlink_callback *cb)
13100 {
13101 	struct cfg80211_registered_device *rdev;
13102 	struct wireless_dev *wdev;
13103 	unsigned int vcmd_idx;
13104 	const struct wiphy_vendor_command *vcmd;
13105 	void *data;
13106 	int data_len;
13107 	int err;
13108 	struct nlattr *vendor_data;
13109 
13110 	rtnl_lock();
13111 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
13112 	if (err)
13113 		goto out;
13114 
13115 	vcmd_idx = cb->args[2];
13116 	data = (void *)cb->args[3];
13117 	data_len = cb->args[4];
13118 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
13119 
13120 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
13121 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
13122 		if (!wdev) {
13123 			err = -EINVAL;
13124 			goto out;
13125 		}
13126 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
13127 		    !wdev->netdev) {
13128 			err = -EINVAL;
13129 			goto out;
13130 		}
13131 
13132 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
13133 			if (!wdev_running(wdev)) {
13134 				err = -ENETDOWN;
13135 				goto out;
13136 			}
13137 		}
13138 	}
13139 
13140 	while (1) {
13141 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
13142 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
13143 					   NL80211_CMD_VENDOR);
13144 		if (!hdr)
13145 			break;
13146 
13147 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
13148 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
13149 					       wdev_id(wdev),
13150 					       NL80211_ATTR_PAD))) {
13151 			genlmsg_cancel(skb, hdr);
13152 			break;
13153 		}
13154 
13155 		vendor_data = nla_nest_start_noflag(skb,
13156 						    NL80211_ATTR_VENDOR_DATA);
13157 		if (!vendor_data) {
13158 			genlmsg_cancel(skb, hdr);
13159 			break;
13160 		}
13161 
13162 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
13163 				   (unsigned long *)&cb->args[5]);
13164 		nla_nest_end(skb, vendor_data);
13165 
13166 		if (err == -ENOBUFS || err == -ENOENT) {
13167 			genlmsg_cancel(skb, hdr);
13168 			break;
13169 		} else if (err) {
13170 			genlmsg_cancel(skb, hdr);
13171 			goto out;
13172 		}
13173 
13174 		genlmsg_end(skb, hdr);
13175 	}
13176 
13177 	err = skb->len;
13178  out:
13179 	rtnl_unlock();
13180 	return err;
13181 }
13182 
13183 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
13184 					   enum nl80211_commands cmd,
13185 					   enum nl80211_attrs attr,
13186 					   int approxlen)
13187 {
13188 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13189 
13190 	if (WARN_ON(!rdev->cur_cmd_info))
13191 		return NULL;
13192 
13193 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
13194 					   rdev->cur_cmd_info->snd_portid,
13195 					   rdev->cur_cmd_info->snd_seq,
13196 					   cmd, attr, NULL, GFP_KERNEL);
13197 }
13198 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
13199 
13200 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
13201 {
13202 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
13203 	void *hdr = ((void **)skb->cb)[1];
13204 	struct nlattr *data = ((void **)skb->cb)[2];
13205 
13206 	/* clear CB data for netlink core to own from now on */
13207 	memset(skb->cb, 0, sizeof(skb->cb));
13208 
13209 	if (WARN_ON(!rdev->cur_cmd_info)) {
13210 		kfree_skb(skb);
13211 		return -EINVAL;
13212 	}
13213 
13214 	nla_nest_end(skb, data);
13215 	genlmsg_end(skb, hdr);
13216 	return genlmsg_reply(skb, rdev->cur_cmd_info);
13217 }
13218 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
13219 
13220 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
13221 {
13222 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13223 
13224 	if (WARN_ON(!rdev->cur_cmd_info))
13225 		return 0;
13226 
13227 	return rdev->cur_cmd_info->snd_portid;
13228 }
13229 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13230 
13231 static int nl80211_set_qos_map(struct sk_buff *skb,
13232 			       struct genl_info *info)
13233 {
13234 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13235 	struct cfg80211_qos_map *qos_map = NULL;
13236 	struct net_device *dev = info->user_ptr[1];
13237 	u8 *pos, len, num_des, des_len, des;
13238 	int ret;
13239 
13240 	if (!rdev->ops->set_qos_map)
13241 		return -EOPNOTSUPP;
13242 
13243 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13244 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13245 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13246 
13247 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
13248 		    len > IEEE80211_QOS_MAP_LEN_MAX)
13249 			return -EINVAL;
13250 
13251 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13252 		if (!qos_map)
13253 			return -ENOMEM;
13254 
13255 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13256 		if (num_des) {
13257 			des_len = num_des *
13258 				sizeof(struct cfg80211_dscp_exception);
13259 			memcpy(qos_map->dscp_exception, pos, des_len);
13260 			qos_map->num_des = num_des;
13261 			for (des = 0; des < num_des; des++) {
13262 				if (qos_map->dscp_exception[des].up > 7) {
13263 					kfree(qos_map);
13264 					return -EINVAL;
13265 				}
13266 			}
13267 			pos += des_len;
13268 		}
13269 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13270 	}
13271 
13272 	wdev_lock(dev->ieee80211_ptr);
13273 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
13274 	if (!ret)
13275 		ret = rdev_set_qos_map(rdev, dev, qos_map);
13276 	wdev_unlock(dev->ieee80211_ptr);
13277 
13278 	kfree(qos_map);
13279 	return ret;
13280 }
13281 
13282 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13283 {
13284 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13285 	struct net_device *dev = info->user_ptr[1];
13286 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13287 	const u8 *peer;
13288 	u8 tsid, up;
13289 	u16 admitted_time = 0;
13290 	int err;
13291 
13292 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13293 		return -EOPNOTSUPP;
13294 
13295 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13296 	    !info->attrs[NL80211_ATTR_USER_PRIO])
13297 		return -EINVAL;
13298 
13299 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13300 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13301 
13302 	/* WMM uses TIDs 0-7 even for TSPEC */
13303 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13304 		/* TODO: handle 802.11 TSPEC/admission control
13305 		 * need more attributes for that (e.g. BA session requirement);
13306 		 * change the WMM adminssion test above to allow both then
13307 		 */
13308 		return -EINVAL;
13309 	}
13310 
13311 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13312 
13313 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13314 		admitted_time =
13315 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13316 		if (!admitted_time)
13317 			return -EINVAL;
13318 	}
13319 
13320 	wdev_lock(wdev);
13321 	switch (wdev->iftype) {
13322 	case NL80211_IFTYPE_STATION:
13323 	case NL80211_IFTYPE_P2P_CLIENT:
13324 		if (wdev->current_bss)
13325 			break;
13326 		err = -ENOTCONN;
13327 		goto out;
13328 	default:
13329 		err = -EOPNOTSUPP;
13330 		goto out;
13331 	}
13332 
13333 	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13334 
13335  out:
13336 	wdev_unlock(wdev);
13337 	return err;
13338 }
13339 
13340 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13341 {
13342 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13343 	struct net_device *dev = info->user_ptr[1];
13344 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13345 	const u8 *peer;
13346 	u8 tsid;
13347 	int err;
13348 
13349 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13350 		return -EINVAL;
13351 
13352 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13353 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13354 
13355 	wdev_lock(wdev);
13356 	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13357 	wdev_unlock(wdev);
13358 
13359 	return err;
13360 }
13361 
13362 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13363 				       struct genl_info *info)
13364 {
13365 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13366 	struct net_device *dev = info->user_ptr[1];
13367 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13368 	struct cfg80211_chan_def chandef = {};
13369 	const u8 *addr;
13370 	u8 oper_class;
13371 	int err;
13372 
13373 	if (!rdev->ops->tdls_channel_switch ||
13374 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13375 		return -EOPNOTSUPP;
13376 
13377 	switch (dev->ieee80211_ptr->iftype) {
13378 	case NL80211_IFTYPE_STATION:
13379 	case NL80211_IFTYPE_P2P_CLIENT:
13380 		break;
13381 	default:
13382 		return -EOPNOTSUPP;
13383 	}
13384 
13385 	if (!info->attrs[NL80211_ATTR_MAC] ||
13386 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
13387 		return -EINVAL;
13388 
13389 	err = nl80211_parse_chandef(rdev, info, &chandef);
13390 	if (err)
13391 		return err;
13392 
13393 	/*
13394 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
13395 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
13396 	 * specification is not defined for them.
13397 	 */
13398 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
13399 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
13400 	    chandef.width != NL80211_CHAN_WIDTH_20)
13401 		return -EINVAL;
13402 
13403 	/* we will be active on the TDLS link */
13404 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
13405 					   wdev->iftype))
13406 		return -EINVAL;
13407 
13408 	/* don't allow switching to DFS channels */
13409 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
13410 		return -EINVAL;
13411 
13412 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13413 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
13414 
13415 	wdev_lock(wdev);
13416 	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
13417 	wdev_unlock(wdev);
13418 
13419 	return err;
13420 }
13421 
13422 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
13423 					      struct genl_info *info)
13424 {
13425 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13426 	struct net_device *dev = info->user_ptr[1];
13427 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13428 	const u8 *addr;
13429 
13430 	if (!rdev->ops->tdls_channel_switch ||
13431 	    !rdev->ops->tdls_cancel_channel_switch ||
13432 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13433 		return -EOPNOTSUPP;
13434 
13435 	switch (dev->ieee80211_ptr->iftype) {
13436 	case NL80211_IFTYPE_STATION:
13437 	case NL80211_IFTYPE_P2P_CLIENT:
13438 		break;
13439 	default:
13440 		return -EOPNOTSUPP;
13441 	}
13442 
13443 	if (!info->attrs[NL80211_ATTR_MAC])
13444 		return -EINVAL;
13445 
13446 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13447 
13448 	wdev_lock(wdev);
13449 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
13450 	wdev_unlock(wdev);
13451 
13452 	return 0;
13453 }
13454 
13455 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
13456 					    struct genl_info *info)
13457 {
13458 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13459 	struct net_device *dev = info->user_ptr[1];
13460 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13461 	const struct nlattr *nla;
13462 	bool enabled;
13463 
13464 	if (!rdev->ops->set_multicast_to_unicast)
13465 		return -EOPNOTSUPP;
13466 
13467 	if (wdev->iftype != NL80211_IFTYPE_AP &&
13468 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
13469 		return -EOPNOTSUPP;
13470 
13471 	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
13472 	enabled = nla_get_flag(nla);
13473 
13474 	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13475 }
13476 
13477 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13478 {
13479 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13480 	struct net_device *dev = info->user_ptr[1];
13481 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13482 	struct cfg80211_pmk_conf pmk_conf = {};
13483 	int ret;
13484 
13485 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13486 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13487 		return -EOPNOTSUPP;
13488 
13489 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13490 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13491 		return -EOPNOTSUPP;
13492 
13493 	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13494 		return -EINVAL;
13495 
13496 	wdev_lock(wdev);
13497 	if (!wdev->current_bss) {
13498 		ret = -ENOTCONN;
13499 		goto out;
13500 	}
13501 
13502 	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13503 	if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13504 		ret = -EINVAL;
13505 		goto out;
13506 	}
13507 
13508 	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13509 	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13510 	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13511 	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13512 		ret = -EINVAL;
13513 		goto out;
13514 	}
13515 
13516 	if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13517 		int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13518 
13519 		if (r0_name_len != WLAN_PMK_NAME_LEN) {
13520 			ret = -EINVAL;
13521 			goto out;
13522 		}
13523 
13524 		pmk_conf.pmk_r0_name =
13525 			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13526 	}
13527 
13528 	ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13529 out:
13530 	wdev_unlock(wdev);
13531 	return ret;
13532 }
13533 
13534 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13535 {
13536 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13537 	struct net_device *dev = info->user_ptr[1];
13538 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13539 	const u8 *aa;
13540 	int ret;
13541 
13542 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13543 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13544 		return -EOPNOTSUPP;
13545 
13546 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13547 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13548 		return -EOPNOTSUPP;
13549 
13550 	if (!info->attrs[NL80211_ATTR_MAC])
13551 		return -EINVAL;
13552 
13553 	wdev_lock(wdev);
13554 	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13555 	ret = rdev_del_pmk(rdev, dev, aa);
13556 	wdev_unlock(wdev);
13557 
13558 	return ret;
13559 }
13560 
13561 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13562 {
13563 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13564 	struct net_device *dev = info->user_ptr[1];
13565 	struct cfg80211_external_auth_params params;
13566 
13567 	if (!rdev->ops->external_auth)
13568 		return -EOPNOTSUPP;
13569 
13570 	if (!info->attrs[NL80211_ATTR_SSID] &&
13571 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13572 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13573 		return -EINVAL;
13574 
13575 	if (!info->attrs[NL80211_ATTR_BSSID])
13576 		return -EINVAL;
13577 
13578 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13579 		return -EINVAL;
13580 
13581 	memset(&params, 0, sizeof(params));
13582 
13583 	if (info->attrs[NL80211_ATTR_SSID]) {
13584 		params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13585 		if (params.ssid.ssid_len == 0 ||
13586 		    params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13587 			return -EINVAL;
13588 		memcpy(params.ssid.ssid,
13589 		       nla_data(info->attrs[NL80211_ATTR_SSID]),
13590 		       params.ssid.ssid_len);
13591 	}
13592 
13593 	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13594 	       ETH_ALEN);
13595 
13596 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13597 
13598 	if (info->attrs[NL80211_ATTR_PMKID])
13599 		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13600 
13601 	return rdev_external_auth(rdev, dev, &params);
13602 }
13603 
13604 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13605 {
13606 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13607 	struct net_device *dev = info->user_ptr[1];
13608 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13609 	const u8 *buf;
13610 	size_t len;
13611 	u8 *dest;
13612 	u16 proto;
13613 	bool noencrypt;
13614 	int err;
13615 
13616 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13617 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13618 		return -EOPNOTSUPP;
13619 
13620 	if (!rdev->ops->tx_control_port)
13621 		return -EOPNOTSUPP;
13622 
13623 	if (!info->attrs[NL80211_ATTR_FRAME] ||
13624 	    !info->attrs[NL80211_ATTR_MAC] ||
13625 	    !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13626 		GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13627 		return -EINVAL;
13628 	}
13629 
13630 	wdev_lock(wdev);
13631 
13632 	switch (wdev->iftype) {
13633 	case NL80211_IFTYPE_AP:
13634 	case NL80211_IFTYPE_P2P_GO:
13635 	case NL80211_IFTYPE_MESH_POINT:
13636 		break;
13637 	case NL80211_IFTYPE_ADHOC:
13638 	case NL80211_IFTYPE_STATION:
13639 	case NL80211_IFTYPE_P2P_CLIENT:
13640 		if (wdev->current_bss)
13641 			break;
13642 		err = -ENOTCONN;
13643 		goto out;
13644 	default:
13645 		err = -EOPNOTSUPP;
13646 		goto out;
13647 	}
13648 
13649 	wdev_unlock(wdev);
13650 
13651 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13652 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13653 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13654 	proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13655 	noencrypt =
13656 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13657 
13658 	return rdev_tx_control_port(rdev, dev, buf, len,
13659 				    dest, cpu_to_be16(proto), noencrypt);
13660 
13661  out:
13662 	wdev_unlock(wdev);
13663 	return err;
13664 }
13665 
13666 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13667 					   struct genl_info *info)
13668 {
13669 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13670 	struct net_device *dev = info->user_ptr[1];
13671 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13672 	struct cfg80211_ftm_responder_stats ftm_stats = {};
13673 	struct sk_buff *msg;
13674 	void *hdr;
13675 	struct nlattr *ftm_stats_attr;
13676 	int err;
13677 
13678 	if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
13679 		return -EOPNOTSUPP;
13680 
13681 	err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
13682 	if (err)
13683 		return err;
13684 
13685 	if (!ftm_stats.filled)
13686 		return -ENODATA;
13687 
13688 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13689 	if (!msg)
13690 		return -ENOMEM;
13691 
13692 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13693 			     NL80211_CMD_GET_FTM_RESPONDER_STATS);
13694 	if (!hdr)
13695 		goto nla_put_failure;
13696 
13697 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
13698 		goto nla_put_failure;
13699 
13700 	ftm_stats_attr = nla_nest_start_noflag(msg,
13701 					       NL80211_ATTR_FTM_RESPONDER_STATS);
13702 	if (!ftm_stats_attr)
13703 		goto nla_put_failure;
13704 
13705 #define SET_FTM(field, name, type)					 \
13706 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13707 	    nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,		 \
13708 			     ftm_stats.field))				 \
13709 		goto nla_put_failure; } while (0)
13710 #define SET_FTM_U64(field, name)					 \
13711 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13712 	    nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,		 \
13713 			      ftm_stats.field, NL80211_FTM_STATS_PAD))	 \
13714 		goto nla_put_failure; } while (0)
13715 
13716 	SET_FTM(success_num, SUCCESS_NUM, u32);
13717 	SET_FTM(partial_num, PARTIAL_NUM, u32);
13718 	SET_FTM(failed_num, FAILED_NUM, u32);
13719 	SET_FTM(asap_num, ASAP_NUM, u32);
13720 	SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
13721 	SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
13722 	SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
13723 	SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
13724 	SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
13725 #undef SET_FTM
13726 
13727 	nla_nest_end(msg, ftm_stats_attr);
13728 
13729 	genlmsg_end(msg, hdr);
13730 	return genlmsg_reply(msg, info);
13731 
13732 nla_put_failure:
13733 	nlmsg_free(msg);
13734 	return -ENOBUFS;
13735 }
13736 
13737 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
13738 {
13739 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13740 	struct cfg80211_update_owe_info owe_info;
13741 	struct net_device *dev = info->user_ptr[1];
13742 
13743 	if (!rdev->ops->update_owe_info)
13744 		return -EOPNOTSUPP;
13745 
13746 	if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
13747 	    !info->attrs[NL80211_ATTR_MAC])
13748 		return -EINVAL;
13749 
13750 	memset(&owe_info, 0, sizeof(owe_info));
13751 	owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13752 	nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
13753 
13754 	if (info->attrs[NL80211_ATTR_IE]) {
13755 		owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13756 		owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13757 	}
13758 
13759 	return rdev_update_owe_info(rdev, dev, &owe_info);
13760 }
13761 
13762 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
13763 {
13764 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13765 	struct net_device *dev = info->user_ptr[1];
13766 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13767 	struct station_info sinfo = {};
13768 	const u8 *buf;
13769 	size_t len;
13770 	u8 *dest;
13771 	int err;
13772 
13773 	if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
13774 		return -EOPNOTSUPP;
13775 
13776 	if (!info->attrs[NL80211_ATTR_MAC] ||
13777 	    !info->attrs[NL80211_ATTR_FRAME]) {
13778 		GENL_SET_ERR_MSG(info, "Frame or MAC missing");
13779 		return -EINVAL;
13780 	}
13781 
13782 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
13783 		return -EOPNOTSUPP;
13784 
13785 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13786 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13787 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13788 
13789 	if (len < sizeof(struct ethhdr))
13790 		return -EINVAL;
13791 
13792 	if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
13793 	    !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
13794 		return -EINVAL;
13795 
13796 	err = rdev_get_station(rdev, dev, dest, &sinfo);
13797 	if (err)
13798 		return err;
13799 
13800 	cfg80211_sinfo_release_content(&sinfo);
13801 
13802 	return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
13803 }
13804 
13805 #define NL80211_FLAG_NEED_WIPHY		0x01
13806 #define NL80211_FLAG_NEED_NETDEV	0x02
13807 #define NL80211_FLAG_NEED_RTNL		0x04
13808 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
13809 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
13810 					 NL80211_FLAG_CHECK_NETDEV_UP)
13811 #define NL80211_FLAG_NEED_WDEV		0x10
13812 /* If a netdev is associated, it must be UP, P2P must be started */
13813 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
13814 					 NL80211_FLAG_CHECK_NETDEV_UP)
13815 #define NL80211_FLAG_CLEAR_SKB		0x20
13816 
13817 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
13818 			    struct genl_info *info)
13819 {
13820 	struct cfg80211_registered_device *rdev;
13821 	struct wireless_dev *wdev;
13822 	struct net_device *dev;
13823 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
13824 
13825 	if (rtnl)
13826 		rtnl_lock();
13827 
13828 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
13829 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
13830 		if (IS_ERR(rdev)) {
13831 			if (rtnl)
13832 				rtnl_unlock();
13833 			return PTR_ERR(rdev);
13834 		}
13835 		info->user_ptr[0] = rdev;
13836 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
13837 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13838 		ASSERT_RTNL();
13839 
13840 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
13841 						  info->attrs);
13842 		if (IS_ERR(wdev)) {
13843 			if (rtnl)
13844 				rtnl_unlock();
13845 			return PTR_ERR(wdev);
13846 		}
13847 
13848 		dev = wdev->netdev;
13849 		rdev = wiphy_to_rdev(wdev->wiphy);
13850 
13851 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
13852 			if (!dev) {
13853 				if (rtnl)
13854 					rtnl_unlock();
13855 				return -EINVAL;
13856 			}
13857 
13858 			info->user_ptr[1] = dev;
13859 		} else {
13860 			info->user_ptr[1] = wdev;
13861 		}
13862 
13863 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
13864 		    !wdev_running(wdev)) {
13865 			if (rtnl)
13866 				rtnl_unlock();
13867 			return -ENETDOWN;
13868 		}
13869 
13870 		if (dev)
13871 			dev_hold(dev);
13872 
13873 		info->user_ptr[0] = rdev;
13874 	}
13875 
13876 	return 0;
13877 }
13878 
13879 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
13880 			      struct genl_info *info)
13881 {
13882 	if (info->user_ptr[1]) {
13883 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13884 			struct wireless_dev *wdev = info->user_ptr[1];
13885 
13886 			if (wdev->netdev)
13887 				dev_put(wdev->netdev);
13888 		} else {
13889 			dev_put(info->user_ptr[1]);
13890 		}
13891 	}
13892 
13893 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
13894 		rtnl_unlock();
13895 
13896 	/* If needed, clear the netlink message payload from the SKB
13897 	 * as it might contain key data that shouldn't stick around on
13898 	 * the heap after the SKB is freed. The netlink message header
13899 	 * is still needed for further processing, so leave it intact.
13900 	 */
13901 	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
13902 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
13903 
13904 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
13905 	}
13906 }
13907 
13908 static const struct genl_ops nl80211_ops[] = {
13909 	{
13910 		.cmd = NL80211_CMD_GET_WIPHY,
13911 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13912 		.doit = nl80211_get_wiphy,
13913 		.dumpit = nl80211_dump_wiphy,
13914 		.done = nl80211_dump_wiphy_done,
13915 		/* can be retrieved by unprivileged users */
13916 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13917 				  NL80211_FLAG_NEED_RTNL,
13918 	},
13919 	{
13920 		.cmd = NL80211_CMD_SET_WIPHY,
13921 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13922 		.doit = nl80211_set_wiphy,
13923 		.flags = GENL_UNS_ADMIN_PERM,
13924 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13925 	},
13926 	{
13927 		.cmd = NL80211_CMD_GET_INTERFACE,
13928 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13929 		.doit = nl80211_get_interface,
13930 		.dumpit = nl80211_dump_interface,
13931 		/* can be retrieved by unprivileged users */
13932 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13933 				  NL80211_FLAG_NEED_RTNL,
13934 	},
13935 	{
13936 		.cmd = NL80211_CMD_SET_INTERFACE,
13937 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13938 		.doit = nl80211_set_interface,
13939 		.flags = GENL_UNS_ADMIN_PERM,
13940 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13941 				  NL80211_FLAG_NEED_RTNL,
13942 	},
13943 	{
13944 		.cmd = NL80211_CMD_NEW_INTERFACE,
13945 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13946 		.doit = nl80211_new_interface,
13947 		.flags = GENL_UNS_ADMIN_PERM,
13948 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13949 				  NL80211_FLAG_NEED_RTNL,
13950 	},
13951 	{
13952 		.cmd = NL80211_CMD_DEL_INTERFACE,
13953 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13954 		.doit = nl80211_del_interface,
13955 		.flags = GENL_UNS_ADMIN_PERM,
13956 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13957 				  NL80211_FLAG_NEED_RTNL,
13958 	},
13959 	{
13960 		.cmd = NL80211_CMD_GET_KEY,
13961 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13962 		.doit = nl80211_get_key,
13963 		.flags = GENL_UNS_ADMIN_PERM,
13964 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13965 				  NL80211_FLAG_NEED_RTNL,
13966 	},
13967 	{
13968 		.cmd = NL80211_CMD_SET_KEY,
13969 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13970 		.doit = nl80211_set_key,
13971 		.flags = GENL_UNS_ADMIN_PERM,
13972 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13973 				  NL80211_FLAG_NEED_RTNL |
13974 				  NL80211_FLAG_CLEAR_SKB,
13975 	},
13976 	{
13977 		.cmd = NL80211_CMD_NEW_KEY,
13978 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13979 		.doit = nl80211_new_key,
13980 		.flags = GENL_UNS_ADMIN_PERM,
13981 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13982 				  NL80211_FLAG_NEED_RTNL |
13983 				  NL80211_FLAG_CLEAR_SKB,
13984 	},
13985 	{
13986 		.cmd = NL80211_CMD_DEL_KEY,
13987 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13988 		.doit = nl80211_del_key,
13989 		.flags = GENL_UNS_ADMIN_PERM,
13990 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13991 				  NL80211_FLAG_NEED_RTNL,
13992 	},
13993 	{
13994 		.cmd = NL80211_CMD_SET_BEACON,
13995 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13996 		.flags = GENL_UNS_ADMIN_PERM,
13997 		.doit = nl80211_set_beacon,
13998 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13999 				  NL80211_FLAG_NEED_RTNL,
14000 	},
14001 	{
14002 		.cmd = NL80211_CMD_START_AP,
14003 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14004 		.flags = GENL_UNS_ADMIN_PERM,
14005 		.doit = nl80211_start_ap,
14006 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14007 				  NL80211_FLAG_NEED_RTNL,
14008 	},
14009 	{
14010 		.cmd = NL80211_CMD_STOP_AP,
14011 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14012 		.flags = GENL_UNS_ADMIN_PERM,
14013 		.doit = nl80211_stop_ap,
14014 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14015 				  NL80211_FLAG_NEED_RTNL,
14016 	},
14017 	{
14018 		.cmd = NL80211_CMD_GET_STATION,
14019 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14020 		.doit = nl80211_get_station,
14021 		.dumpit = nl80211_dump_station,
14022 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14023 				  NL80211_FLAG_NEED_RTNL,
14024 	},
14025 	{
14026 		.cmd = NL80211_CMD_SET_STATION,
14027 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14028 		.doit = nl80211_set_station,
14029 		.flags = GENL_UNS_ADMIN_PERM,
14030 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14031 				  NL80211_FLAG_NEED_RTNL,
14032 	},
14033 	{
14034 		.cmd = NL80211_CMD_NEW_STATION,
14035 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14036 		.doit = nl80211_new_station,
14037 		.flags = GENL_UNS_ADMIN_PERM,
14038 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14039 				  NL80211_FLAG_NEED_RTNL,
14040 	},
14041 	{
14042 		.cmd = NL80211_CMD_DEL_STATION,
14043 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14044 		.doit = nl80211_del_station,
14045 		.flags = GENL_UNS_ADMIN_PERM,
14046 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14047 				  NL80211_FLAG_NEED_RTNL,
14048 	},
14049 	{
14050 		.cmd = NL80211_CMD_GET_MPATH,
14051 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14052 		.doit = nl80211_get_mpath,
14053 		.dumpit = nl80211_dump_mpath,
14054 		.flags = GENL_UNS_ADMIN_PERM,
14055 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14056 				  NL80211_FLAG_NEED_RTNL,
14057 	},
14058 	{
14059 		.cmd = NL80211_CMD_GET_MPP,
14060 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14061 		.doit = nl80211_get_mpp,
14062 		.dumpit = nl80211_dump_mpp,
14063 		.flags = GENL_UNS_ADMIN_PERM,
14064 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14065 				  NL80211_FLAG_NEED_RTNL,
14066 	},
14067 	{
14068 		.cmd = NL80211_CMD_SET_MPATH,
14069 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14070 		.doit = nl80211_set_mpath,
14071 		.flags = GENL_UNS_ADMIN_PERM,
14072 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14073 				  NL80211_FLAG_NEED_RTNL,
14074 	},
14075 	{
14076 		.cmd = NL80211_CMD_NEW_MPATH,
14077 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14078 		.doit = nl80211_new_mpath,
14079 		.flags = GENL_UNS_ADMIN_PERM,
14080 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14081 				  NL80211_FLAG_NEED_RTNL,
14082 	},
14083 	{
14084 		.cmd = NL80211_CMD_DEL_MPATH,
14085 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14086 		.doit = nl80211_del_mpath,
14087 		.flags = GENL_UNS_ADMIN_PERM,
14088 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14089 				  NL80211_FLAG_NEED_RTNL,
14090 	},
14091 	{
14092 		.cmd = NL80211_CMD_SET_BSS,
14093 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14094 		.doit = nl80211_set_bss,
14095 		.flags = GENL_UNS_ADMIN_PERM,
14096 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14097 				  NL80211_FLAG_NEED_RTNL,
14098 	},
14099 	{
14100 		.cmd = NL80211_CMD_GET_REG,
14101 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14102 		.doit = nl80211_get_reg_do,
14103 		.dumpit = nl80211_get_reg_dump,
14104 		.internal_flags = NL80211_FLAG_NEED_RTNL,
14105 		/* can be retrieved by unprivileged users */
14106 	},
14107 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
14108 	{
14109 		.cmd = NL80211_CMD_SET_REG,
14110 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14111 		.doit = nl80211_set_reg,
14112 		.flags = GENL_ADMIN_PERM,
14113 		.internal_flags = NL80211_FLAG_NEED_RTNL,
14114 	},
14115 #endif
14116 	{
14117 		.cmd = NL80211_CMD_REQ_SET_REG,
14118 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14119 		.doit = nl80211_req_set_reg,
14120 		.flags = GENL_ADMIN_PERM,
14121 	},
14122 	{
14123 		.cmd = NL80211_CMD_RELOAD_REGDB,
14124 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14125 		.doit = nl80211_reload_regdb,
14126 		.flags = GENL_ADMIN_PERM,
14127 	},
14128 	{
14129 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
14130 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14131 		.doit = nl80211_get_mesh_config,
14132 		/* can be retrieved by unprivileged users */
14133 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14134 				  NL80211_FLAG_NEED_RTNL,
14135 	},
14136 	{
14137 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
14138 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14139 		.doit = nl80211_update_mesh_config,
14140 		.flags = GENL_UNS_ADMIN_PERM,
14141 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14142 				  NL80211_FLAG_NEED_RTNL,
14143 	},
14144 	{
14145 		.cmd = NL80211_CMD_TRIGGER_SCAN,
14146 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14147 		.doit = nl80211_trigger_scan,
14148 		.flags = GENL_UNS_ADMIN_PERM,
14149 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14150 				  NL80211_FLAG_NEED_RTNL,
14151 	},
14152 	{
14153 		.cmd = NL80211_CMD_ABORT_SCAN,
14154 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14155 		.doit = nl80211_abort_scan,
14156 		.flags = GENL_UNS_ADMIN_PERM,
14157 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14158 				  NL80211_FLAG_NEED_RTNL,
14159 	},
14160 	{
14161 		.cmd = NL80211_CMD_GET_SCAN,
14162 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14163 		.dumpit = nl80211_dump_scan,
14164 	},
14165 	{
14166 		.cmd = NL80211_CMD_START_SCHED_SCAN,
14167 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14168 		.doit = nl80211_start_sched_scan,
14169 		.flags = GENL_UNS_ADMIN_PERM,
14170 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14171 				  NL80211_FLAG_NEED_RTNL,
14172 	},
14173 	{
14174 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
14175 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14176 		.doit = nl80211_stop_sched_scan,
14177 		.flags = GENL_UNS_ADMIN_PERM,
14178 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14179 				  NL80211_FLAG_NEED_RTNL,
14180 	},
14181 	{
14182 		.cmd = NL80211_CMD_AUTHENTICATE,
14183 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14184 		.doit = nl80211_authenticate,
14185 		.flags = GENL_UNS_ADMIN_PERM,
14186 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14187 				  NL80211_FLAG_NEED_RTNL |
14188 				  NL80211_FLAG_CLEAR_SKB,
14189 	},
14190 	{
14191 		.cmd = NL80211_CMD_ASSOCIATE,
14192 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14193 		.doit = nl80211_associate,
14194 		.flags = GENL_UNS_ADMIN_PERM,
14195 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14196 				  NL80211_FLAG_NEED_RTNL |
14197 				  NL80211_FLAG_CLEAR_SKB,
14198 	},
14199 	{
14200 		.cmd = NL80211_CMD_DEAUTHENTICATE,
14201 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14202 		.doit = nl80211_deauthenticate,
14203 		.flags = GENL_UNS_ADMIN_PERM,
14204 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14205 				  NL80211_FLAG_NEED_RTNL,
14206 	},
14207 	{
14208 		.cmd = NL80211_CMD_DISASSOCIATE,
14209 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14210 		.doit = nl80211_disassociate,
14211 		.flags = GENL_UNS_ADMIN_PERM,
14212 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14213 				  NL80211_FLAG_NEED_RTNL,
14214 	},
14215 	{
14216 		.cmd = NL80211_CMD_JOIN_IBSS,
14217 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14218 		.doit = nl80211_join_ibss,
14219 		.flags = GENL_UNS_ADMIN_PERM,
14220 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14221 				  NL80211_FLAG_NEED_RTNL,
14222 	},
14223 	{
14224 		.cmd = NL80211_CMD_LEAVE_IBSS,
14225 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14226 		.doit = nl80211_leave_ibss,
14227 		.flags = GENL_UNS_ADMIN_PERM,
14228 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14229 				  NL80211_FLAG_NEED_RTNL,
14230 	},
14231 #ifdef CONFIG_NL80211_TESTMODE
14232 	{
14233 		.cmd = NL80211_CMD_TESTMODE,
14234 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14235 		.doit = nl80211_testmode_do,
14236 		.dumpit = nl80211_testmode_dump,
14237 		.flags = GENL_UNS_ADMIN_PERM,
14238 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14239 				  NL80211_FLAG_NEED_RTNL,
14240 	},
14241 #endif
14242 	{
14243 		.cmd = NL80211_CMD_CONNECT,
14244 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14245 		.doit = nl80211_connect,
14246 		.flags = GENL_UNS_ADMIN_PERM,
14247 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14248 				  NL80211_FLAG_NEED_RTNL |
14249 				  NL80211_FLAG_CLEAR_SKB,
14250 	},
14251 	{
14252 		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
14253 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14254 		.doit = nl80211_update_connect_params,
14255 		.flags = GENL_ADMIN_PERM,
14256 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14257 				  NL80211_FLAG_NEED_RTNL |
14258 				  NL80211_FLAG_CLEAR_SKB,
14259 	},
14260 	{
14261 		.cmd = NL80211_CMD_DISCONNECT,
14262 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14263 		.doit = nl80211_disconnect,
14264 		.flags = GENL_UNS_ADMIN_PERM,
14265 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14266 				  NL80211_FLAG_NEED_RTNL,
14267 	},
14268 	{
14269 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
14270 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14271 		.doit = nl80211_wiphy_netns,
14272 		.flags = GENL_UNS_ADMIN_PERM,
14273 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14274 				  NL80211_FLAG_NEED_RTNL,
14275 	},
14276 	{
14277 		.cmd = NL80211_CMD_GET_SURVEY,
14278 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14279 		.dumpit = nl80211_dump_survey,
14280 	},
14281 	{
14282 		.cmd = NL80211_CMD_SET_PMKSA,
14283 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14284 		.doit = nl80211_setdel_pmksa,
14285 		.flags = GENL_UNS_ADMIN_PERM,
14286 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14287 				  NL80211_FLAG_NEED_RTNL |
14288 				  NL80211_FLAG_CLEAR_SKB,
14289 	},
14290 	{
14291 		.cmd = NL80211_CMD_DEL_PMKSA,
14292 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14293 		.doit = nl80211_setdel_pmksa,
14294 		.flags = GENL_UNS_ADMIN_PERM,
14295 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14296 				  NL80211_FLAG_NEED_RTNL,
14297 	},
14298 	{
14299 		.cmd = NL80211_CMD_FLUSH_PMKSA,
14300 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14301 		.doit = nl80211_flush_pmksa,
14302 		.flags = GENL_UNS_ADMIN_PERM,
14303 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14304 				  NL80211_FLAG_NEED_RTNL,
14305 	},
14306 	{
14307 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
14308 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14309 		.doit = nl80211_remain_on_channel,
14310 		.flags = GENL_UNS_ADMIN_PERM,
14311 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14312 				  NL80211_FLAG_NEED_RTNL,
14313 	},
14314 	{
14315 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14316 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14317 		.doit = nl80211_cancel_remain_on_channel,
14318 		.flags = GENL_UNS_ADMIN_PERM,
14319 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14320 				  NL80211_FLAG_NEED_RTNL,
14321 	},
14322 	{
14323 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
14324 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14325 		.doit = nl80211_set_tx_bitrate_mask,
14326 		.flags = GENL_UNS_ADMIN_PERM,
14327 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14328 				  NL80211_FLAG_NEED_RTNL,
14329 	},
14330 	{
14331 		.cmd = NL80211_CMD_REGISTER_FRAME,
14332 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14333 		.doit = nl80211_register_mgmt,
14334 		.flags = GENL_UNS_ADMIN_PERM,
14335 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14336 				  NL80211_FLAG_NEED_RTNL,
14337 	},
14338 	{
14339 		.cmd = NL80211_CMD_FRAME,
14340 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14341 		.doit = nl80211_tx_mgmt,
14342 		.flags = GENL_UNS_ADMIN_PERM,
14343 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14344 				  NL80211_FLAG_NEED_RTNL,
14345 	},
14346 	{
14347 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
14348 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14349 		.doit = nl80211_tx_mgmt_cancel_wait,
14350 		.flags = GENL_UNS_ADMIN_PERM,
14351 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14352 				  NL80211_FLAG_NEED_RTNL,
14353 	},
14354 	{
14355 		.cmd = NL80211_CMD_SET_POWER_SAVE,
14356 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14357 		.doit = nl80211_set_power_save,
14358 		.flags = GENL_UNS_ADMIN_PERM,
14359 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14360 				  NL80211_FLAG_NEED_RTNL,
14361 	},
14362 	{
14363 		.cmd = NL80211_CMD_GET_POWER_SAVE,
14364 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14365 		.doit = nl80211_get_power_save,
14366 		/* can be retrieved by unprivileged users */
14367 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14368 				  NL80211_FLAG_NEED_RTNL,
14369 	},
14370 	{
14371 		.cmd = NL80211_CMD_SET_CQM,
14372 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14373 		.doit = nl80211_set_cqm,
14374 		.flags = GENL_UNS_ADMIN_PERM,
14375 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14376 				  NL80211_FLAG_NEED_RTNL,
14377 	},
14378 	{
14379 		.cmd = NL80211_CMD_SET_CHANNEL,
14380 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14381 		.doit = nl80211_set_channel,
14382 		.flags = GENL_UNS_ADMIN_PERM,
14383 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14384 				  NL80211_FLAG_NEED_RTNL,
14385 	},
14386 	{
14387 		.cmd = NL80211_CMD_SET_WDS_PEER,
14388 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14389 		.doit = nl80211_set_wds_peer,
14390 		.flags = GENL_UNS_ADMIN_PERM,
14391 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14392 				  NL80211_FLAG_NEED_RTNL,
14393 	},
14394 	{
14395 		.cmd = NL80211_CMD_JOIN_MESH,
14396 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14397 		.doit = nl80211_join_mesh,
14398 		.flags = GENL_UNS_ADMIN_PERM,
14399 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14400 				  NL80211_FLAG_NEED_RTNL,
14401 	},
14402 	{
14403 		.cmd = NL80211_CMD_LEAVE_MESH,
14404 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14405 		.doit = nl80211_leave_mesh,
14406 		.flags = GENL_UNS_ADMIN_PERM,
14407 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14408 				  NL80211_FLAG_NEED_RTNL,
14409 	},
14410 	{
14411 		.cmd = NL80211_CMD_JOIN_OCB,
14412 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14413 		.doit = nl80211_join_ocb,
14414 		.flags = GENL_UNS_ADMIN_PERM,
14415 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14416 				  NL80211_FLAG_NEED_RTNL,
14417 	},
14418 	{
14419 		.cmd = NL80211_CMD_LEAVE_OCB,
14420 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14421 		.doit = nl80211_leave_ocb,
14422 		.flags = GENL_UNS_ADMIN_PERM,
14423 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14424 				  NL80211_FLAG_NEED_RTNL,
14425 	},
14426 #ifdef CONFIG_PM
14427 	{
14428 		.cmd = NL80211_CMD_GET_WOWLAN,
14429 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14430 		.doit = nl80211_get_wowlan,
14431 		/* can be retrieved by unprivileged users */
14432 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14433 				  NL80211_FLAG_NEED_RTNL,
14434 	},
14435 	{
14436 		.cmd = NL80211_CMD_SET_WOWLAN,
14437 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14438 		.doit = nl80211_set_wowlan,
14439 		.flags = GENL_UNS_ADMIN_PERM,
14440 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14441 				  NL80211_FLAG_NEED_RTNL,
14442 	},
14443 #endif
14444 	{
14445 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
14446 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14447 		.doit = nl80211_set_rekey_data,
14448 		.flags = GENL_UNS_ADMIN_PERM,
14449 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14450 				  NL80211_FLAG_NEED_RTNL |
14451 				  NL80211_FLAG_CLEAR_SKB,
14452 	},
14453 	{
14454 		.cmd = NL80211_CMD_TDLS_MGMT,
14455 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14456 		.doit = nl80211_tdls_mgmt,
14457 		.flags = GENL_UNS_ADMIN_PERM,
14458 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14459 				  NL80211_FLAG_NEED_RTNL,
14460 	},
14461 	{
14462 		.cmd = NL80211_CMD_TDLS_OPER,
14463 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14464 		.doit = nl80211_tdls_oper,
14465 		.flags = GENL_UNS_ADMIN_PERM,
14466 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14467 				  NL80211_FLAG_NEED_RTNL,
14468 	},
14469 	{
14470 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
14471 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14472 		.doit = nl80211_register_unexpected_frame,
14473 		.flags = GENL_UNS_ADMIN_PERM,
14474 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14475 				  NL80211_FLAG_NEED_RTNL,
14476 	},
14477 	{
14478 		.cmd = NL80211_CMD_PROBE_CLIENT,
14479 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14480 		.doit = nl80211_probe_client,
14481 		.flags = GENL_UNS_ADMIN_PERM,
14482 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14483 				  NL80211_FLAG_NEED_RTNL,
14484 	},
14485 	{
14486 		.cmd = NL80211_CMD_REGISTER_BEACONS,
14487 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14488 		.doit = nl80211_register_beacons,
14489 		.flags = GENL_UNS_ADMIN_PERM,
14490 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14491 				  NL80211_FLAG_NEED_RTNL,
14492 	},
14493 	{
14494 		.cmd = NL80211_CMD_SET_NOACK_MAP,
14495 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14496 		.doit = nl80211_set_noack_map,
14497 		.flags = GENL_UNS_ADMIN_PERM,
14498 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14499 				  NL80211_FLAG_NEED_RTNL,
14500 	},
14501 	{
14502 		.cmd = NL80211_CMD_START_P2P_DEVICE,
14503 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14504 		.doit = nl80211_start_p2p_device,
14505 		.flags = GENL_UNS_ADMIN_PERM,
14506 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14507 				  NL80211_FLAG_NEED_RTNL,
14508 	},
14509 	{
14510 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
14511 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14512 		.doit = nl80211_stop_p2p_device,
14513 		.flags = GENL_UNS_ADMIN_PERM,
14514 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14515 				  NL80211_FLAG_NEED_RTNL,
14516 	},
14517 	{
14518 		.cmd = NL80211_CMD_START_NAN,
14519 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14520 		.doit = nl80211_start_nan,
14521 		.flags = GENL_ADMIN_PERM,
14522 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14523 				  NL80211_FLAG_NEED_RTNL,
14524 	},
14525 	{
14526 		.cmd = NL80211_CMD_STOP_NAN,
14527 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14528 		.doit = nl80211_stop_nan,
14529 		.flags = GENL_ADMIN_PERM,
14530 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14531 				  NL80211_FLAG_NEED_RTNL,
14532 	},
14533 	{
14534 		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
14535 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14536 		.doit = nl80211_nan_add_func,
14537 		.flags = GENL_ADMIN_PERM,
14538 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14539 				  NL80211_FLAG_NEED_RTNL,
14540 	},
14541 	{
14542 		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
14543 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14544 		.doit = nl80211_nan_del_func,
14545 		.flags = GENL_ADMIN_PERM,
14546 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14547 				  NL80211_FLAG_NEED_RTNL,
14548 	},
14549 	{
14550 		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
14551 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14552 		.doit = nl80211_nan_change_config,
14553 		.flags = GENL_ADMIN_PERM,
14554 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14555 				  NL80211_FLAG_NEED_RTNL,
14556 	},
14557 	{
14558 		.cmd = NL80211_CMD_SET_MCAST_RATE,
14559 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14560 		.doit = nl80211_set_mcast_rate,
14561 		.flags = GENL_UNS_ADMIN_PERM,
14562 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14563 				  NL80211_FLAG_NEED_RTNL,
14564 	},
14565 	{
14566 		.cmd = NL80211_CMD_SET_MAC_ACL,
14567 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14568 		.doit = nl80211_set_mac_acl,
14569 		.flags = GENL_UNS_ADMIN_PERM,
14570 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14571 				  NL80211_FLAG_NEED_RTNL,
14572 	},
14573 	{
14574 		.cmd = NL80211_CMD_RADAR_DETECT,
14575 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14576 		.doit = nl80211_start_radar_detection,
14577 		.flags = GENL_UNS_ADMIN_PERM,
14578 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14579 				  NL80211_FLAG_NEED_RTNL,
14580 	},
14581 	{
14582 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
14583 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14584 		.doit = nl80211_get_protocol_features,
14585 	},
14586 	{
14587 		.cmd = NL80211_CMD_UPDATE_FT_IES,
14588 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14589 		.doit = nl80211_update_ft_ies,
14590 		.flags = GENL_UNS_ADMIN_PERM,
14591 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14592 				  NL80211_FLAG_NEED_RTNL,
14593 	},
14594 	{
14595 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
14596 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14597 		.doit = nl80211_crit_protocol_start,
14598 		.flags = GENL_UNS_ADMIN_PERM,
14599 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14600 				  NL80211_FLAG_NEED_RTNL,
14601 	},
14602 	{
14603 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
14604 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14605 		.doit = nl80211_crit_protocol_stop,
14606 		.flags = GENL_UNS_ADMIN_PERM,
14607 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14608 				  NL80211_FLAG_NEED_RTNL,
14609 	},
14610 	{
14611 		.cmd = NL80211_CMD_GET_COALESCE,
14612 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14613 		.doit = nl80211_get_coalesce,
14614 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14615 				  NL80211_FLAG_NEED_RTNL,
14616 	},
14617 	{
14618 		.cmd = NL80211_CMD_SET_COALESCE,
14619 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14620 		.doit = nl80211_set_coalesce,
14621 		.flags = GENL_UNS_ADMIN_PERM,
14622 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14623 				  NL80211_FLAG_NEED_RTNL,
14624 	},
14625 	{
14626 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
14627 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14628 		.doit = nl80211_channel_switch,
14629 		.flags = GENL_UNS_ADMIN_PERM,
14630 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14631 				  NL80211_FLAG_NEED_RTNL,
14632 	},
14633 	{
14634 		.cmd = NL80211_CMD_VENDOR,
14635 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14636 		.doit = nl80211_vendor_cmd,
14637 		.dumpit = nl80211_vendor_cmd_dump,
14638 		.flags = GENL_UNS_ADMIN_PERM,
14639 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14640 				  NL80211_FLAG_NEED_RTNL |
14641 				  NL80211_FLAG_CLEAR_SKB,
14642 	},
14643 	{
14644 		.cmd = NL80211_CMD_SET_QOS_MAP,
14645 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14646 		.doit = nl80211_set_qos_map,
14647 		.flags = GENL_UNS_ADMIN_PERM,
14648 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14649 				  NL80211_FLAG_NEED_RTNL,
14650 	},
14651 	{
14652 		.cmd = NL80211_CMD_ADD_TX_TS,
14653 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14654 		.doit = nl80211_add_tx_ts,
14655 		.flags = GENL_UNS_ADMIN_PERM,
14656 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14657 				  NL80211_FLAG_NEED_RTNL,
14658 	},
14659 	{
14660 		.cmd = NL80211_CMD_DEL_TX_TS,
14661 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14662 		.doit = nl80211_del_tx_ts,
14663 		.flags = GENL_UNS_ADMIN_PERM,
14664 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14665 				  NL80211_FLAG_NEED_RTNL,
14666 	},
14667 	{
14668 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
14669 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14670 		.doit = nl80211_tdls_channel_switch,
14671 		.flags = GENL_UNS_ADMIN_PERM,
14672 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14673 				  NL80211_FLAG_NEED_RTNL,
14674 	},
14675 	{
14676 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
14677 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14678 		.doit = nl80211_tdls_cancel_channel_switch,
14679 		.flags = GENL_UNS_ADMIN_PERM,
14680 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14681 				  NL80211_FLAG_NEED_RTNL,
14682 	},
14683 	{
14684 		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
14685 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14686 		.doit = nl80211_set_multicast_to_unicast,
14687 		.flags = GENL_UNS_ADMIN_PERM,
14688 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14689 				  NL80211_FLAG_NEED_RTNL,
14690 	},
14691 	{
14692 		.cmd = NL80211_CMD_SET_PMK,
14693 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14694 		.doit = nl80211_set_pmk,
14695 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14696 				  NL80211_FLAG_NEED_RTNL |
14697 				  NL80211_FLAG_CLEAR_SKB,
14698 	},
14699 	{
14700 		.cmd = NL80211_CMD_DEL_PMK,
14701 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14702 		.doit = nl80211_del_pmk,
14703 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14704 				  NL80211_FLAG_NEED_RTNL,
14705 	},
14706 	{
14707 		.cmd = NL80211_CMD_EXTERNAL_AUTH,
14708 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14709 		.doit = nl80211_external_auth,
14710 		.flags = GENL_ADMIN_PERM,
14711 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14712 				  NL80211_FLAG_NEED_RTNL,
14713 	},
14714 	{
14715 		.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
14716 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14717 		.doit = nl80211_tx_control_port,
14718 		.flags = GENL_UNS_ADMIN_PERM,
14719 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14720 				  NL80211_FLAG_NEED_RTNL,
14721 	},
14722 	{
14723 		.cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
14724 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14725 		.doit = nl80211_get_ftm_responder_stats,
14726 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14727 				  NL80211_FLAG_NEED_RTNL,
14728 	},
14729 	{
14730 		.cmd = NL80211_CMD_PEER_MEASUREMENT_START,
14731 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14732 		.doit = nl80211_pmsr_start,
14733 		.flags = GENL_UNS_ADMIN_PERM,
14734 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14735 				  NL80211_FLAG_NEED_RTNL,
14736 	},
14737 	{
14738 		.cmd = NL80211_CMD_NOTIFY_RADAR,
14739 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14740 		.doit = nl80211_notify_radar_detection,
14741 		.flags = GENL_UNS_ADMIN_PERM,
14742 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14743 				  NL80211_FLAG_NEED_RTNL,
14744 	},
14745 	{
14746 		.cmd = NL80211_CMD_UPDATE_OWE_INFO,
14747 		.doit = nl80211_update_owe_info,
14748 		.flags = GENL_ADMIN_PERM,
14749 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14750 				  NL80211_FLAG_NEED_RTNL,
14751 	},
14752 	{
14753 		.cmd = NL80211_CMD_PROBE_MESH_LINK,
14754 		.doit = nl80211_probe_mesh_link,
14755 		.flags = GENL_UNS_ADMIN_PERM,
14756 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14757 				  NL80211_FLAG_NEED_RTNL,
14758 	},
14759 };
14760 
14761 static struct genl_family nl80211_fam __ro_after_init = {
14762 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
14763 	.hdrsize = 0,			/* no private header */
14764 	.version = 1,			/* no particular meaning now */
14765 	.maxattr = NL80211_ATTR_MAX,
14766 	.policy = nl80211_policy,
14767 	.netnsok = true,
14768 	.pre_doit = nl80211_pre_doit,
14769 	.post_doit = nl80211_post_doit,
14770 	.module = THIS_MODULE,
14771 	.ops = nl80211_ops,
14772 	.n_ops = ARRAY_SIZE(nl80211_ops),
14773 	.mcgrps = nl80211_mcgrps,
14774 	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
14775 	.parallel_ops = true,
14776 };
14777 
14778 /* notification functions */
14779 
14780 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
14781 			  enum nl80211_commands cmd)
14782 {
14783 	struct sk_buff *msg;
14784 	struct nl80211_dump_wiphy_state state = {};
14785 
14786 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
14787 		cmd != NL80211_CMD_DEL_WIPHY);
14788 
14789 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14790 	if (!msg)
14791 		return;
14792 
14793 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
14794 		nlmsg_free(msg);
14795 		return;
14796 	}
14797 
14798 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14799 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14800 }
14801 
14802 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
14803 				struct wireless_dev *wdev,
14804 				enum nl80211_commands cmd)
14805 {
14806 	struct sk_buff *msg;
14807 
14808 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14809 	if (!msg)
14810 		return;
14811 
14812 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
14813 		nlmsg_free(msg);
14814 		return;
14815 	}
14816 
14817 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14818 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14819 }
14820 
14821 static int nl80211_add_scan_req(struct sk_buff *msg,
14822 				struct cfg80211_registered_device *rdev)
14823 {
14824 	struct cfg80211_scan_request *req = rdev->scan_req;
14825 	struct nlattr *nest;
14826 	int i;
14827 
14828 	if (WARN_ON(!req))
14829 		return 0;
14830 
14831 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
14832 	if (!nest)
14833 		goto nla_put_failure;
14834 	for (i = 0; i < req->n_ssids; i++) {
14835 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
14836 			goto nla_put_failure;
14837 	}
14838 	nla_nest_end(msg, nest);
14839 
14840 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14841 	if (!nest)
14842 		goto nla_put_failure;
14843 	for (i = 0; i < req->n_channels; i++) {
14844 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14845 			goto nla_put_failure;
14846 	}
14847 	nla_nest_end(msg, nest);
14848 
14849 	if (req->ie &&
14850 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
14851 		goto nla_put_failure;
14852 
14853 	if (req->flags &&
14854 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
14855 		goto nla_put_failure;
14856 
14857 	if (req->info.scan_start_tsf &&
14858 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
14859 			       req->info.scan_start_tsf, NL80211_BSS_PAD) ||
14860 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
14861 		     req->info.tsf_bssid)))
14862 		goto nla_put_failure;
14863 
14864 	return 0;
14865  nla_put_failure:
14866 	return -ENOBUFS;
14867 }
14868 
14869 static int nl80211_prep_scan_msg(struct sk_buff *msg,
14870 				 struct cfg80211_registered_device *rdev,
14871 				 struct wireless_dev *wdev,
14872 				 u32 portid, u32 seq, int flags,
14873 				 u32 cmd)
14874 {
14875 	void *hdr;
14876 
14877 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
14878 	if (!hdr)
14879 		return -1;
14880 
14881 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14882 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14883 					 wdev->netdev->ifindex)) ||
14884 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14885 			      NL80211_ATTR_PAD))
14886 		goto nla_put_failure;
14887 
14888 	/* ignore errors and send incomplete event anyway */
14889 	nl80211_add_scan_req(msg, rdev);
14890 
14891 	genlmsg_end(msg, hdr);
14892 	return 0;
14893 
14894  nla_put_failure:
14895 	genlmsg_cancel(msg, hdr);
14896 	return -EMSGSIZE;
14897 }
14898 
14899 static int
14900 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
14901 			    struct cfg80211_sched_scan_request *req, u32 cmd)
14902 {
14903 	void *hdr;
14904 
14905 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14906 	if (!hdr)
14907 		return -1;
14908 
14909 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
14910 			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
14911 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
14912 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
14913 			      NL80211_ATTR_PAD))
14914 		goto nla_put_failure;
14915 
14916 	genlmsg_end(msg, hdr);
14917 	return 0;
14918 
14919  nla_put_failure:
14920 	genlmsg_cancel(msg, hdr);
14921 	return -EMSGSIZE;
14922 }
14923 
14924 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
14925 			     struct wireless_dev *wdev)
14926 {
14927 	struct sk_buff *msg;
14928 
14929 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14930 	if (!msg)
14931 		return;
14932 
14933 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14934 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
14935 		nlmsg_free(msg);
14936 		return;
14937 	}
14938 
14939 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14940 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14941 }
14942 
14943 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
14944 				       struct wireless_dev *wdev, bool aborted)
14945 {
14946 	struct sk_buff *msg;
14947 
14948 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14949 	if (!msg)
14950 		return NULL;
14951 
14952 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14953 				  aborted ? NL80211_CMD_SCAN_ABORTED :
14954 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
14955 		nlmsg_free(msg);
14956 		return NULL;
14957 	}
14958 
14959 	return msg;
14960 }
14961 
14962 /* send message created by nl80211_build_scan_msg() */
14963 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
14964 			   struct sk_buff *msg)
14965 {
14966 	if (!msg)
14967 		return;
14968 
14969 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14970 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14971 }
14972 
14973 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
14974 {
14975 	struct sk_buff *msg;
14976 
14977 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14978 	if (!msg)
14979 		return;
14980 
14981 	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
14982 		nlmsg_free(msg);
14983 		return;
14984 	}
14985 
14986 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
14987 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14988 }
14989 
14990 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
14991 					  struct regulatory_request *request)
14992 {
14993 	/* Userspace can always count this one always being set */
14994 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
14995 		goto nla_put_failure;
14996 
14997 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
14998 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14999 			       NL80211_REGDOM_TYPE_WORLD))
15000 			goto nla_put_failure;
15001 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
15002 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15003 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
15004 			goto nla_put_failure;
15005 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
15006 		   request->intersect) {
15007 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15008 			       NL80211_REGDOM_TYPE_INTERSECTION))
15009 			goto nla_put_failure;
15010 	} else {
15011 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
15012 			       NL80211_REGDOM_TYPE_COUNTRY) ||
15013 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
15014 				   request->alpha2))
15015 			goto nla_put_failure;
15016 	}
15017 
15018 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
15019 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
15020 
15021 		if (wiphy &&
15022 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
15023 			goto nla_put_failure;
15024 
15025 		if (wiphy &&
15026 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
15027 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
15028 			goto nla_put_failure;
15029 	}
15030 
15031 	return true;
15032 
15033 nla_put_failure:
15034 	return false;
15035 }
15036 
15037 /*
15038  * This can happen on global regulatory changes or device specific settings
15039  * based on custom regulatory domains.
15040  */
15041 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
15042 				     struct regulatory_request *request)
15043 {
15044 	struct sk_buff *msg;
15045 	void *hdr;
15046 
15047 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15048 	if (!msg)
15049 		return;
15050 
15051 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
15052 	if (!hdr)
15053 		goto nla_put_failure;
15054 
15055 	if (!nl80211_reg_change_event_fill(msg, request))
15056 		goto nla_put_failure;
15057 
15058 	genlmsg_end(msg, hdr);
15059 
15060 	rcu_read_lock();
15061 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15062 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15063 	rcu_read_unlock();
15064 
15065 	return;
15066 
15067 nla_put_failure:
15068 	nlmsg_free(msg);
15069 }
15070 
15071 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
15072 				    struct net_device *netdev,
15073 				    const u8 *buf, size_t len,
15074 				    enum nl80211_commands cmd, gfp_t gfp,
15075 				    int uapsd_queues, const u8 *req_ies,
15076 				    size_t req_ies_len)
15077 {
15078 	struct sk_buff *msg;
15079 	void *hdr;
15080 
15081 	msg = nlmsg_new(100 + len + req_ies_len, gfp);
15082 	if (!msg)
15083 		return;
15084 
15085 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15086 	if (!hdr) {
15087 		nlmsg_free(msg);
15088 		return;
15089 	}
15090 
15091 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15092 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15093 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15094 	    (req_ies &&
15095 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
15096 		goto nla_put_failure;
15097 
15098 	if (uapsd_queues >= 0) {
15099 		struct nlattr *nla_wmm =
15100 			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
15101 		if (!nla_wmm)
15102 			goto nla_put_failure;
15103 
15104 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
15105 			       uapsd_queues))
15106 			goto nla_put_failure;
15107 
15108 		nla_nest_end(msg, nla_wmm);
15109 	}
15110 
15111 	genlmsg_end(msg, hdr);
15112 
15113 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15114 				NL80211_MCGRP_MLME, gfp);
15115 	return;
15116 
15117  nla_put_failure:
15118 	nlmsg_free(msg);
15119 }
15120 
15121 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
15122 			  struct net_device *netdev, const u8 *buf,
15123 			  size_t len, gfp_t gfp)
15124 {
15125 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15126 				NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
15127 }
15128 
15129 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
15130 			   struct net_device *netdev, const u8 *buf,
15131 			   size_t len, gfp_t gfp, int uapsd_queues,
15132 			   const u8 *req_ies, size_t req_ies_len)
15133 {
15134 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15135 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
15136 				req_ies, req_ies_len);
15137 }
15138 
15139 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
15140 			 struct net_device *netdev, const u8 *buf,
15141 			 size_t len, gfp_t gfp)
15142 {
15143 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15144 				NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
15145 }
15146 
15147 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
15148 			   struct net_device *netdev, const u8 *buf,
15149 			   size_t len, gfp_t gfp)
15150 {
15151 	nl80211_send_mlme_event(rdev, netdev, buf, len,
15152 				NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
15153 }
15154 
15155 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
15156 				  size_t len)
15157 {
15158 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15159 	struct wiphy *wiphy = wdev->wiphy;
15160 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15161 	const struct ieee80211_mgmt *mgmt = (void *)buf;
15162 	u32 cmd;
15163 
15164 	if (WARN_ON(len < 2))
15165 		return;
15166 
15167 	if (ieee80211_is_deauth(mgmt->frame_control))
15168 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
15169 	else
15170 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
15171 
15172 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
15173 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
15174 				NULL, 0);
15175 }
15176 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
15177 
15178 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
15179 				      struct net_device *netdev, int cmd,
15180 				      const u8 *addr, gfp_t gfp)
15181 {
15182 	struct sk_buff *msg;
15183 	void *hdr;
15184 
15185 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15186 	if (!msg)
15187 		return;
15188 
15189 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15190 	if (!hdr) {
15191 		nlmsg_free(msg);
15192 		return;
15193 	}
15194 
15195 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15196 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15197 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15198 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15199 		goto nla_put_failure;
15200 
15201 	genlmsg_end(msg, hdr);
15202 
15203 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15204 				NL80211_MCGRP_MLME, gfp);
15205 	return;
15206 
15207  nla_put_failure:
15208 	nlmsg_free(msg);
15209 }
15210 
15211 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
15212 			       struct net_device *netdev, const u8 *addr,
15213 			       gfp_t gfp)
15214 {
15215 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
15216 				  addr, gfp);
15217 }
15218 
15219 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
15220 				struct net_device *netdev, const u8 *addr,
15221 				gfp_t gfp)
15222 {
15223 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
15224 				  addr, gfp);
15225 }
15226 
15227 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
15228 				 struct net_device *netdev,
15229 				 struct cfg80211_connect_resp_params *cr,
15230 				 gfp_t gfp)
15231 {
15232 	struct sk_buff *msg;
15233 	void *hdr;
15234 
15235 	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
15236 			cr->fils.kek_len + cr->fils.pmk_len +
15237 			(cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15238 	if (!msg)
15239 		return;
15240 
15241 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
15242 	if (!hdr) {
15243 		nlmsg_free(msg);
15244 		return;
15245 	}
15246 
15247 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15248 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15249 	    (cr->bssid &&
15250 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
15251 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
15252 			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
15253 			cr->status) ||
15254 	    (cr->status < 0 &&
15255 	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15256 	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
15257 			  cr->timeout_reason))) ||
15258 	    (cr->req_ie &&
15259 	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
15260 	    (cr->resp_ie &&
15261 	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
15262 		     cr->resp_ie)) ||
15263 	    (cr->fils.update_erp_next_seq_num &&
15264 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15265 			 cr->fils.erp_next_seq_num)) ||
15266 	    (cr->status == WLAN_STATUS_SUCCESS &&
15267 	     ((cr->fils.kek &&
15268 	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
15269 		       cr->fils.kek)) ||
15270 	      (cr->fils.pmk &&
15271 	       nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
15272 	      (cr->fils.pmkid &&
15273 	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
15274 		goto nla_put_failure;
15275 
15276 	genlmsg_end(msg, hdr);
15277 
15278 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15279 				NL80211_MCGRP_MLME, gfp);
15280 	return;
15281 
15282  nla_put_failure:
15283 	nlmsg_free(msg);
15284 }
15285 
15286 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
15287 			 struct net_device *netdev,
15288 			 struct cfg80211_roam_info *info, gfp_t gfp)
15289 {
15290 	struct sk_buff *msg;
15291 	void *hdr;
15292 	const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
15293 
15294 	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
15295 			info->fils.kek_len + info->fils.pmk_len +
15296 			(info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15297 	if (!msg)
15298 		return;
15299 
15300 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
15301 	if (!hdr) {
15302 		nlmsg_free(msg);
15303 		return;
15304 	}
15305 
15306 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15307 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15308 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
15309 	    (info->req_ie &&
15310 	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
15311 		     info->req_ie)) ||
15312 	    (info->resp_ie &&
15313 	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
15314 		     info->resp_ie)) ||
15315 	    (info->fils.update_erp_next_seq_num &&
15316 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15317 			 info->fils.erp_next_seq_num)) ||
15318 	    (info->fils.kek &&
15319 	     nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
15320 		     info->fils.kek)) ||
15321 	    (info->fils.pmk &&
15322 	     nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
15323 	    (info->fils.pmkid &&
15324 	     nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
15325 		goto nla_put_failure;
15326 
15327 	genlmsg_end(msg, hdr);
15328 
15329 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15330 				NL80211_MCGRP_MLME, gfp);
15331 	return;
15332 
15333  nla_put_failure:
15334 	nlmsg_free(msg);
15335 }
15336 
15337 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
15338 				  struct net_device *netdev, const u8 *bssid)
15339 {
15340 	struct sk_buff *msg;
15341 	void *hdr;
15342 
15343 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15344 	if (!msg)
15345 		return;
15346 
15347 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
15348 	if (!hdr) {
15349 		nlmsg_free(msg);
15350 		return;
15351 	}
15352 
15353 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15354 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15355 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15356 		goto nla_put_failure;
15357 
15358 	genlmsg_end(msg, hdr);
15359 
15360 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15361 				NL80211_MCGRP_MLME, GFP_KERNEL);
15362 	return;
15363 
15364  nla_put_failure:
15365 	nlmsg_free(msg);
15366 }
15367 
15368 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
15369 			       struct net_device *netdev, u16 reason,
15370 			       const u8 *ie, size_t ie_len, bool from_ap)
15371 {
15372 	struct sk_buff *msg;
15373 	void *hdr;
15374 
15375 	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
15376 	if (!msg)
15377 		return;
15378 
15379 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
15380 	if (!hdr) {
15381 		nlmsg_free(msg);
15382 		return;
15383 	}
15384 
15385 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15386 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15387 	    (reason &&
15388 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
15389 	    (from_ap &&
15390 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
15391 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
15392 		goto nla_put_failure;
15393 
15394 	genlmsg_end(msg, hdr);
15395 
15396 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15397 				NL80211_MCGRP_MLME, GFP_KERNEL);
15398 	return;
15399 
15400  nla_put_failure:
15401 	nlmsg_free(msg);
15402 }
15403 
15404 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
15405 			     struct net_device *netdev, const u8 *bssid,
15406 			     gfp_t gfp)
15407 {
15408 	struct sk_buff *msg;
15409 	void *hdr;
15410 
15411 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15412 	if (!msg)
15413 		return;
15414 
15415 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
15416 	if (!hdr) {
15417 		nlmsg_free(msg);
15418 		return;
15419 	}
15420 
15421 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15422 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15423 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15424 		goto nla_put_failure;
15425 
15426 	genlmsg_end(msg, hdr);
15427 
15428 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15429 				NL80211_MCGRP_MLME, gfp);
15430 	return;
15431 
15432  nla_put_failure:
15433 	nlmsg_free(msg);
15434 }
15435 
15436 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
15437 					const u8 *ie, u8 ie_len,
15438 					int sig_dbm, gfp_t gfp)
15439 {
15440 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15441 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15442 	struct sk_buff *msg;
15443 	void *hdr;
15444 
15445 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
15446 		return;
15447 
15448 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
15449 
15450 	msg = nlmsg_new(100 + ie_len, gfp);
15451 	if (!msg)
15452 		return;
15453 
15454 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
15455 	if (!hdr) {
15456 		nlmsg_free(msg);
15457 		return;
15458 	}
15459 
15460 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15461 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15462 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15463 	    (ie_len && ie &&
15464 	     nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
15465 	    (sig_dbm &&
15466 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
15467 		goto nla_put_failure;
15468 
15469 	genlmsg_end(msg, hdr);
15470 
15471 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15472 				NL80211_MCGRP_MLME, gfp);
15473 	return;
15474 
15475  nla_put_failure:
15476 	nlmsg_free(msg);
15477 }
15478 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
15479 
15480 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
15481 				 struct net_device *netdev, const u8 *addr,
15482 				 enum nl80211_key_type key_type, int key_id,
15483 				 const u8 *tsc, gfp_t gfp)
15484 {
15485 	struct sk_buff *msg;
15486 	void *hdr;
15487 
15488 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15489 	if (!msg)
15490 		return;
15491 
15492 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
15493 	if (!hdr) {
15494 		nlmsg_free(msg);
15495 		return;
15496 	}
15497 
15498 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15499 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15500 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
15501 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
15502 	    (key_id != -1 &&
15503 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
15504 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
15505 		goto nla_put_failure;
15506 
15507 	genlmsg_end(msg, hdr);
15508 
15509 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15510 				NL80211_MCGRP_MLME, gfp);
15511 	return;
15512 
15513  nla_put_failure:
15514 	nlmsg_free(msg);
15515 }
15516 
15517 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
15518 				    struct ieee80211_channel *channel_before,
15519 				    struct ieee80211_channel *channel_after)
15520 {
15521 	struct sk_buff *msg;
15522 	void *hdr;
15523 	struct nlattr *nl_freq;
15524 
15525 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
15526 	if (!msg)
15527 		return;
15528 
15529 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
15530 	if (!hdr) {
15531 		nlmsg_free(msg);
15532 		return;
15533 	}
15534 
15535 	/*
15536 	 * Since we are applying the beacon hint to a wiphy we know its
15537 	 * wiphy_idx is valid
15538 	 */
15539 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
15540 		goto nla_put_failure;
15541 
15542 	/* Before */
15543 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
15544 	if (!nl_freq)
15545 		goto nla_put_failure;
15546 
15547 	if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
15548 		goto nla_put_failure;
15549 	nla_nest_end(msg, nl_freq);
15550 
15551 	/* After */
15552 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
15553 	if (!nl_freq)
15554 		goto nla_put_failure;
15555 
15556 	if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
15557 		goto nla_put_failure;
15558 	nla_nest_end(msg, nl_freq);
15559 
15560 	genlmsg_end(msg, hdr);
15561 
15562 	rcu_read_lock();
15563 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15564 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15565 	rcu_read_unlock();
15566 
15567 	return;
15568 
15569 nla_put_failure:
15570 	nlmsg_free(msg);
15571 }
15572 
15573 static void nl80211_send_remain_on_chan_event(
15574 	int cmd, struct cfg80211_registered_device *rdev,
15575 	struct wireless_dev *wdev, u64 cookie,
15576 	struct ieee80211_channel *chan,
15577 	unsigned int duration, gfp_t gfp)
15578 {
15579 	struct sk_buff *msg;
15580 	void *hdr;
15581 
15582 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15583 	if (!msg)
15584 		return;
15585 
15586 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15587 	if (!hdr) {
15588 		nlmsg_free(msg);
15589 		return;
15590 	}
15591 
15592 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15593 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15594 					 wdev->netdev->ifindex)) ||
15595 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15596 			      NL80211_ATTR_PAD) ||
15597 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
15598 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
15599 			NL80211_CHAN_NO_HT) ||
15600 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15601 			      NL80211_ATTR_PAD))
15602 		goto nla_put_failure;
15603 
15604 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
15605 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
15606 		goto nla_put_failure;
15607 
15608 	genlmsg_end(msg, hdr);
15609 
15610 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15611 				NL80211_MCGRP_MLME, gfp);
15612 	return;
15613 
15614  nla_put_failure:
15615 	nlmsg_free(msg);
15616 }
15617 
15618 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
15619 			       struct ieee80211_channel *chan,
15620 			       unsigned int duration, gfp_t gfp)
15621 {
15622 	struct wiphy *wiphy = wdev->wiphy;
15623 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15624 
15625 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
15626 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
15627 					  rdev, wdev, cookie, chan,
15628 					  duration, gfp);
15629 }
15630 EXPORT_SYMBOL(cfg80211_ready_on_channel);
15631 
15632 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
15633 					struct ieee80211_channel *chan,
15634 					gfp_t gfp)
15635 {
15636 	struct wiphy *wiphy = wdev->wiphy;
15637 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15638 
15639 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
15640 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15641 					  rdev, wdev, cookie, chan, 0, gfp);
15642 }
15643 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
15644 
15645 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
15646 					struct ieee80211_channel *chan,
15647 					gfp_t gfp)
15648 {
15649 	struct wiphy *wiphy = wdev->wiphy;
15650 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15651 
15652 	trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
15653 	nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
15654 					  rdev, wdev, cookie, chan, 0, gfp);
15655 }
15656 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
15657 
15658 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
15659 		      struct station_info *sinfo, gfp_t gfp)
15660 {
15661 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15662 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15663 	struct sk_buff *msg;
15664 
15665 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
15666 
15667 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15668 	if (!msg)
15669 		return;
15670 
15671 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
15672 				 rdev, dev, mac_addr, sinfo) < 0) {
15673 		nlmsg_free(msg);
15674 		return;
15675 	}
15676 
15677 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15678 				NL80211_MCGRP_MLME, gfp);
15679 }
15680 EXPORT_SYMBOL(cfg80211_new_sta);
15681 
15682 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
15683 			    struct station_info *sinfo, gfp_t gfp)
15684 {
15685 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15686 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15687 	struct sk_buff *msg;
15688 	struct station_info empty_sinfo = {};
15689 
15690 	if (!sinfo)
15691 		sinfo = &empty_sinfo;
15692 
15693 	trace_cfg80211_del_sta(dev, mac_addr);
15694 
15695 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15696 	if (!msg) {
15697 		cfg80211_sinfo_release_content(sinfo);
15698 		return;
15699 	}
15700 
15701 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
15702 				 rdev, dev, mac_addr, sinfo) < 0) {
15703 		nlmsg_free(msg);
15704 		return;
15705 	}
15706 
15707 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15708 				NL80211_MCGRP_MLME, gfp);
15709 }
15710 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
15711 
15712 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
15713 			  enum nl80211_connect_failed_reason reason,
15714 			  gfp_t gfp)
15715 {
15716 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15717 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15718 	struct sk_buff *msg;
15719 	void *hdr;
15720 
15721 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
15722 	if (!msg)
15723 		return;
15724 
15725 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
15726 	if (!hdr) {
15727 		nlmsg_free(msg);
15728 		return;
15729 	}
15730 
15731 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15732 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
15733 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
15734 		goto nla_put_failure;
15735 
15736 	genlmsg_end(msg, hdr);
15737 
15738 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15739 				NL80211_MCGRP_MLME, gfp);
15740 	return;
15741 
15742  nla_put_failure:
15743 	nlmsg_free(msg);
15744 }
15745 EXPORT_SYMBOL(cfg80211_conn_failed);
15746 
15747 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
15748 				       const u8 *addr, gfp_t gfp)
15749 {
15750 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15751 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15752 	struct sk_buff *msg;
15753 	void *hdr;
15754 	u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
15755 
15756 	if (!nlportid)
15757 		return false;
15758 
15759 	msg = nlmsg_new(100, gfp);
15760 	if (!msg)
15761 		return true;
15762 
15763 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15764 	if (!hdr) {
15765 		nlmsg_free(msg);
15766 		return true;
15767 	}
15768 
15769 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15770 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15771 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15772 		goto nla_put_failure;
15773 
15774 	genlmsg_end(msg, hdr);
15775 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15776 	return true;
15777 
15778  nla_put_failure:
15779 	nlmsg_free(msg);
15780 	return true;
15781 }
15782 
15783 bool cfg80211_rx_spurious_frame(struct net_device *dev,
15784 				const u8 *addr, gfp_t gfp)
15785 {
15786 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15787 	bool ret;
15788 
15789 	trace_cfg80211_rx_spurious_frame(dev, addr);
15790 
15791 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15792 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
15793 		trace_cfg80211_return_bool(false);
15794 		return false;
15795 	}
15796 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
15797 					 addr, gfp);
15798 	trace_cfg80211_return_bool(ret);
15799 	return ret;
15800 }
15801 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
15802 
15803 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
15804 					const u8 *addr, gfp_t gfp)
15805 {
15806 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15807 	bool ret;
15808 
15809 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
15810 
15811 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15812 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
15813 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
15814 		trace_cfg80211_return_bool(false);
15815 		return false;
15816 	}
15817 	ret = __nl80211_unexpected_frame(dev,
15818 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
15819 					 addr, gfp);
15820 	trace_cfg80211_return_bool(ret);
15821 	return ret;
15822 }
15823 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
15824 
15825 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
15826 		      struct wireless_dev *wdev, u32 nlportid,
15827 		      int freq, int sig_dbm,
15828 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
15829 {
15830 	struct net_device *netdev = wdev->netdev;
15831 	struct sk_buff *msg;
15832 	void *hdr;
15833 
15834 	msg = nlmsg_new(100 + len, gfp);
15835 	if (!msg)
15836 		return -ENOMEM;
15837 
15838 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15839 	if (!hdr) {
15840 		nlmsg_free(msg);
15841 		return -ENOMEM;
15842 	}
15843 
15844 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15845 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15846 					netdev->ifindex)) ||
15847 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15848 			      NL80211_ATTR_PAD) ||
15849 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
15850 	    (sig_dbm &&
15851 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15852 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15853 	    (flags &&
15854 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
15855 		goto nla_put_failure;
15856 
15857 	genlmsg_end(msg, hdr);
15858 
15859 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15860 
15861  nla_put_failure:
15862 	nlmsg_free(msg);
15863 	return -ENOBUFS;
15864 }
15865 
15866 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
15867 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
15868 {
15869 	struct wiphy *wiphy = wdev->wiphy;
15870 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15871 	struct net_device *netdev = wdev->netdev;
15872 	struct sk_buff *msg;
15873 	void *hdr;
15874 
15875 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
15876 
15877 	msg = nlmsg_new(100 + len, gfp);
15878 	if (!msg)
15879 		return;
15880 
15881 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
15882 	if (!hdr) {
15883 		nlmsg_free(msg);
15884 		return;
15885 	}
15886 
15887 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15888 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15889 				   netdev->ifindex)) ||
15890 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15891 			      NL80211_ATTR_PAD) ||
15892 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15893 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15894 			      NL80211_ATTR_PAD) ||
15895 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
15896 		goto nla_put_failure;
15897 
15898 	genlmsg_end(msg, hdr);
15899 
15900 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15901 				NL80211_MCGRP_MLME, gfp);
15902 	return;
15903 
15904  nla_put_failure:
15905 	nlmsg_free(msg);
15906 }
15907 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
15908 
15909 static int __nl80211_rx_control_port(struct net_device *dev,
15910 				     struct sk_buff *skb,
15911 				     bool unencrypted, gfp_t gfp)
15912 {
15913 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15914 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15915 	struct ethhdr *ehdr = eth_hdr(skb);
15916 	const u8 *addr = ehdr->h_source;
15917 	u16 proto = be16_to_cpu(skb->protocol);
15918 	struct sk_buff *msg;
15919 	void *hdr;
15920 	struct nlattr *frame;
15921 
15922 	u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
15923 
15924 	if (!nlportid)
15925 		return -ENOENT;
15926 
15927 	msg = nlmsg_new(100 + skb->len, gfp);
15928 	if (!msg)
15929 		return -ENOMEM;
15930 
15931 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
15932 	if (!hdr) {
15933 		nlmsg_free(msg);
15934 		return -ENOBUFS;
15935 	}
15936 
15937 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15938 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15939 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15940 			      NL80211_ATTR_PAD) ||
15941 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15942 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
15943 	    (unencrypted && nla_put_flag(msg,
15944 					 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
15945 		goto nla_put_failure;
15946 
15947 	frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
15948 	if (!frame)
15949 		goto nla_put_failure;
15950 
15951 	skb_copy_bits(skb, 0, nla_data(frame), skb->len);
15952 	genlmsg_end(msg, hdr);
15953 
15954 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15955 
15956  nla_put_failure:
15957 	nlmsg_free(msg);
15958 	return -ENOBUFS;
15959 }
15960 
15961 bool cfg80211_rx_control_port(struct net_device *dev,
15962 			      struct sk_buff *skb, bool unencrypted)
15963 {
15964 	int ret;
15965 
15966 	trace_cfg80211_rx_control_port(dev, skb, unencrypted);
15967 	ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
15968 	trace_cfg80211_return_bool(ret == 0);
15969 	return ret == 0;
15970 }
15971 EXPORT_SYMBOL(cfg80211_rx_control_port);
15972 
15973 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
15974 					    const char *mac, gfp_t gfp)
15975 {
15976 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15977 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15978 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15979 	void **cb;
15980 
15981 	if (!msg)
15982 		return NULL;
15983 
15984 	cb = (void **)msg->cb;
15985 
15986 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
15987 	if (!cb[0]) {
15988 		nlmsg_free(msg);
15989 		return NULL;
15990 	}
15991 
15992 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15993 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15994 		goto nla_put_failure;
15995 
15996 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15997 		goto nla_put_failure;
15998 
15999 	cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
16000 	if (!cb[1])
16001 		goto nla_put_failure;
16002 
16003 	cb[2] = rdev;
16004 
16005 	return msg;
16006  nla_put_failure:
16007 	nlmsg_free(msg);
16008 	return NULL;
16009 }
16010 
16011 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
16012 {
16013 	void **cb = (void **)msg->cb;
16014 	struct cfg80211_registered_device *rdev = cb[2];
16015 
16016 	nla_nest_end(msg, cb[1]);
16017 	genlmsg_end(msg, cb[0]);
16018 
16019 	memset(msg->cb, 0, sizeof(msg->cb));
16020 
16021 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16022 				NL80211_MCGRP_MLME, gfp);
16023 }
16024 
16025 void cfg80211_cqm_rssi_notify(struct net_device *dev,
16026 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
16027 			      s32 rssi_level, gfp_t gfp)
16028 {
16029 	struct sk_buff *msg;
16030 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16031 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16032 
16033 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
16034 
16035 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
16036 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
16037 		return;
16038 
16039 	if (wdev->cqm_config) {
16040 		wdev->cqm_config->last_rssi_event_value = rssi_level;
16041 
16042 		cfg80211_cqm_rssi_update(rdev, dev);
16043 
16044 		if (rssi_level == 0)
16045 			rssi_level = wdev->cqm_config->last_rssi_event_value;
16046 	}
16047 
16048 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16049 	if (!msg)
16050 		return;
16051 
16052 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
16053 			rssi_event))
16054 		goto nla_put_failure;
16055 
16056 	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
16057 				      rssi_level))
16058 		goto nla_put_failure;
16059 
16060 	cfg80211_send_cqm(msg, gfp);
16061 
16062 	return;
16063 
16064  nla_put_failure:
16065 	nlmsg_free(msg);
16066 }
16067 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
16068 
16069 void cfg80211_cqm_txe_notify(struct net_device *dev,
16070 			     const u8 *peer, u32 num_packets,
16071 			     u32 rate, u32 intvl, gfp_t gfp)
16072 {
16073 	struct sk_buff *msg;
16074 
16075 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
16076 	if (!msg)
16077 		return;
16078 
16079 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
16080 		goto nla_put_failure;
16081 
16082 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
16083 		goto nla_put_failure;
16084 
16085 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
16086 		goto nla_put_failure;
16087 
16088 	cfg80211_send_cqm(msg, gfp);
16089 	return;
16090 
16091  nla_put_failure:
16092 	nlmsg_free(msg);
16093 }
16094 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
16095 
16096 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
16097 				 const u8 *peer, u32 num_packets, gfp_t gfp)
16098 {
16099 	struct sk_buff *msg;
16100 
16101 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
16102 
16103 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
16104 	if (!msg)
16105 		return;
16106 
16107 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
16108 		goto nla_put_failure;
16109 
16110 	cfg80211_send_cqm(msg, gfp);
16111 	return;
16112 
16113  nla_put_failure:
16114 	nlmsg_free(msg);
16115 }
16116 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
16117 
16118 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
16119 {
16120 	struct sk_buff *msg;
16121 
16122 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
16123 	if (!msg)
16124 		return;
16125 
16126 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
16127 		goto nla_put_failure;
16128 
16129 	cfg80211_send_cqm(msg, gfp);
16130 	return;
16131 
16132  nla_put_failure:
16133 	nlmsg_free(msg);
16134 }
16135 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
16136 
16137 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
16138 				     struct net_device *netdev, const u8 *bssid,
16139 				     const u8 *replay_ctr, gfp_t gfp)
16140 {
16141 	struct sk_buff *msg;
16142 	struct nlattr *rekey_attr;
16143 	void *hdr;
16144 
16145 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16146 	if (!msg)
16147 		return;
16148 
16149 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
16150 	if (!hdr) {
16151 		nlmsg_free(msg);
16152 		return;
16153 	}
16154 
16155 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16156 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16157 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
16158 		goto nla_put_failure;
16159 
16160 	rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
16161 	if (!rekey_attr)
16162 		goto nla_put_failure;
16163 
16164 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
16165 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
16166 		goto nla_put_failure;
16167 
16168 	nla_nest_end(msg, rekey_attr);
16169 
16170 	genlmsg_end(msg, hdr);
16171 
16172 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16173 				NL80211_MCGRP_MLME, gfp);
16174 	return;
16175 
16176  nla_put_failure:
16177 	nlmsg_free(msg);
16178 }
16179 
16180 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
16181 			       const u8 *replay_ctr, gfp_t gfp)
16182 {
16183 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16184 	struct wiphy *wiphy = wdev->wiphy;
16185 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16186 
16187 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
16188 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
16189 }
16190 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
16191 
16192 static void
16193 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
16194 			       struct net_device *netdev, int index,
16195 			       const u8 *bssid, bool preauth, gfp_t gfp)
16196 {
16197 	struct sk_buff *msg;
16198 	struct nlattr *attr;
16199 	void *hdr;
16200 
16201 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16202 	if (!msg)
16203 		return;
16204 
16205 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
16206 	if (!hdr) {
16207 		nlmsg_free(msg);
16208 		return;
16209 	}
16210 
16211 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16212 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16213 		goto nla_put_failure;
16214 
16215 	attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
16216 	if (!attr)
16217 		goto nla_put_failure;
16218 
16219 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
16220 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
16221 	    (preauth &&
16222 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
16223 		goto nla_put_failure;
16224 
16225 	nla_nest_end(msg, attr);
16226 
16227 	genlmsg_end(msg, hdr);
16228 
16229 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16230 				NL80211_MCGRP_MLME, gfp);
16231 	return;
16232 
16233  nla_put_failure:
16234 	nlmsg_free(msg);
16235 }
16236 
16237 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
16238 				     const u8 *bssid, bool preauth, gfp_t gfp)
16239 {
16240 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16241 	struct wiphy *wiphy = wdev->wiphy;
16242 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16243 
16244 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
16245 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
16246 }
16247 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
16248 
16249 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
16250 				     struct net_device *netdev,
16251 				     struct cfg80211_chan_def *chandef,
16252 				     gfp_t gfp,
16253 				     enum nl80211_commands notif,
16254 				     u8 count)
16255 {
16256 	struct sk_buff *msg;
16257 	void *hdr;
16258 
16259 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16260 	if (!msg)
16261 		return;
16262 
16263 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
16264 	if (!hdr) {
16265 		nlmsg_free(msg);
16266 		return;
16267 	}
16268 
16269 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16270 		goto nla_put_failure;
16271 
16272 	if (nl80211_send_chandef(msg, chandef))
16273 		goto nla_put_failure;
16274 
16275 	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
16276 	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
16277 			goto nla_put_failure;
16278 
16279 	genlmsg_end(msg, hdr);
16280 
16281 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16282 				NL80211_MCGRP_MLME, gfp);
16283 	return;
16284 
16285  nla_put_failure:
16286 	nlmsg_free(msg);
16287 }
16288 
16289 void cfg80211_ch_switch_notify(struct net_device *dev,
16290 			       struct cfg80211_chan_def *chandef)
16291 {
16292 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16293 	struct wiphy *wiphy = wdev->wiphy;
16294 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16295 
16296 	ASSERT_WDEV_LOCK(wdev);
16297 
16298 	trace_cfg80211_ch_switch_notify(dev, chandef);
16299 
16300 	wdev->chandef = *chandef;
16301 	wdev->preset_chandef = *chandef;
16302 
16303 	if (wdev->iftype == NL80211_IFTYPE_STATION &&
16304 	    !WARN_ON(!wdev->current_bss))
16305 		cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
16306 
16307 	cfg80211_sched_dfs_chan_update(rdev);
16308 
16309 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16310 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
16311 }
16312 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
16313 
16314 void cfg80211_ch_switch_started_notify(struct net_device *dev,
16315 				       struct cfg80211_chan_def *chandef,
16316 				       u8 count)
16317 {
16318 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16319 	struct wiphy *wiphy = wdev->wiphy;
16320 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16321 
16322 	trace_cfg80211_ch_switch_started_notify(dev, chandef);
16323 
16324 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16325 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
16326 }
16327 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
16328 
16329 void
16330 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
16331 		     const struct cfg80211_chan_def *chandef,
16332 		     enum nl80211_radar_event event,
16333 		     struct net_device *netdev, gfp_t gfp)
16334 {
16335 	struct sk_buff *msg;
16336 	void *hdr;
16337 
16338 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16339 	if (!msg)
16340 		return;
16341 
16342 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
16343 	if (!hdr) {
16344 		nlmsg_free(msg);
16345 		return;
16346 	}
16347 
16348 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16349 		goto nla_put_failure;
16350 
16351 	/* NOP and radar events don't need a netdev parameter */
16352 	if (netdev) {
16353 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
16354 
16355 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16356 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16357 				      NL80211_ATTR_PAD))
16358 			goto nla_put_failure;
16359 	}
16360 
16361 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
16362 		goto nla_put_failure;
16363 
16364 	if (nl80211_send_chandef(msg, chandef))
16365 		goto nla_put_failure;
16366 
16367 	genlmsg_end(msg, hdr);
16368 
16369 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16370 				NL80211_MCGRP_MLME, gfp);
16371 	return;
16372 
16373  nla_put_failure:
16374 	nlmsg_free(msg);
16375 }
16376 
16377 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
16378 				       struct sta_opmode_info *sta_opmode,
16379 				       gfp_t gfp)
16380 {
16381 	struct sk_buff *msg;
16382 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16383 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16384 	void *hdr;
16385 
16386 	if (WARN_ON(!mac))
16387 		return;
16388 
16389 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16390 	if (!msg)
16391 		return;
16392 
16393 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
16394 	if (!hdr) {
16395 		nlmsg_free(msg);
16396 		return;
16397 	}
16398 
16399 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16400 		goto nla_put_failure;
16401 
16402 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16403 		goto nla_put_failure;
16404 
16405 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16406 		goto nla_put_failure;
16407 
16408 	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
16409 	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
16410 		goto nla_put_failure;
16411 
16412 	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
16413 	    nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
16414 		goto nla_put_failure;
16415 
16416 	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
16417 	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
16418 		goto nla_put_failure;
16419 
16420 	genlmsg_end(msg, hdr);
16421 
16422 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16423 				NL80211_MCGRP_MLME, gfp);
16424 
16425 	return;
16426 
16427 nla_put_failure:
16428 	nlmsg_free(msg);
16429 }
16430 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
16431 
16432 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
16433 			   u64 cookie, bool acked, s32 ack_signal,
16434 			   bool is_valid_ack_signal, gfp_t gfp)
16435 {
16436 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16437 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16438 	struct sk_buff *msg;
16439 	void *hdr;
16440 
16441 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
16442 
16443 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16444 
16445 	if (!msg)
16446 		return;
16447 
16448 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
16449 	if (!hdr) {
16450 		nlmsg_free(msg);
16451 		return;
16452 	}
16453 
16454 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16455 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16456 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16457 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16458 			      NL80211_ATTR_PAD) ||
16459 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
16460 	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
16461 						ack_signal)))
16462 		goto nla_put_failure;
16463 
16464 	genlmsg_end(msg, hdr);
16465 
16466 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16467 				NL80211_MCGRP_MLME, gfp);
16468 	return;
16469 
16470  nla_put_failure:
16471 	nlmsg_free(msg);
16472 }
16473 EXPORT_SYMBOL(cfg80211_probe_status);
16474 
16475 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
16476 				 const u8 *frame, size_t len,
16477 				 int freq, int sig_dbm)
16478 {
16479 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16480 	struct sk_buff *msg;
16481 	void *hdr;
16482 	struct cfg80211_beacon_registration *reg;
16483 
16484 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
16485 
16486 	spin_lock_bh(&rdev->beacon_registrations_lock);
16487 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
16488 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
16489 		if (!msg) {
16490 			spin_unlock_bh(&rdev->beacon_registrations_lock);
16491 			return;
16492 		}
16493 
16494 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16495 		if (!hdr)
16496 			goto nla_put_failure;
16497 
16498 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16499 		    (freq &&
16500 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
16501 		    (sig_dbm &&
16502 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16503 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
16504 			goto nla_put_failure;
16505 
16506 		genlmsg_end(msg, hdr);
16507 
16508 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
16509 	}
16510 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16511 	return;
16512 
16513  nla_put_failure:
16514 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16515 	nlmsg_free(msg);
16516 }
16517 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
16518 
16519 #ifdef CONFIG_PM
16520 static int cfg80211_net_detect_results(struct sk_buff *msg,
16521 				       struct cfg80211_wowlan_wakeup *wakeup)
16522 {
16523 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
16524 	struct nlattr *nl_results, *nl_match, *nl_freqs;
16525 	int i, j;
16526 
16527 	nl_results = nla_nest_start_noflag(msg,
16528 					   NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
16529 	if (!nl_results)
16530 		return -EMSGSIZE;
16531 
16532 	for (i = 0; i < nd->n_matches; i++) {
16533 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
16534 
16535 		nl_match = nla_nest_start_noflag(msg, i);
16536 		if (!nl_match)
16537 			break;
16538 
16539 		/* The SSID attribute is optional in nl80211, but for
16540 		 * simplicity reasons it's always present in the
16541 		 * cfg80211 structure.  If a driver can't pass the
16542 		 * SSID, that needs to be changed.  A zero length SSID
16543 		 * is still a valid SSID (wildcard), so it cannot be
16544 		 * used for this purpose.
16545 		 */
16546 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
16547 			    match->ssid.ssid)) {
16548 			nla_nest_cancel(msg, nl_match);
16549 			goto out;
16550 		}
16551 
16552 		if (match->n_channels) {
16553 			nl_freqs = nla_nest_start_noflag(msg,
16554 							 NL80211_ATTR_SCAN_FREQUENCIES);
16555 			if (!nl_freqs) {
16556 				nla_nest_cancel(msg, nl_match);
16557 				goto out;
16558 			}
16559 
16560 			for (j = 0; j < match->n_channels; j++) {
16561 				if (nla_put_u32(msg, j, match->channels[j])) {
16562 					nla_nest_cancel(msg, nl_freqs);
16563 					nla_nest_cancel(msg, nl_match);
16564 					goto out;
16565 				}
16566 			}
16567 
16568 			nla_nest_end(msg, nl_freqs);
16569 		}
16570 
16571 		nla_nest_end(msg, nl_match);
16572 	}
16573 
16574 out:
16575 	nla_nest_end(msg, nl_results);
16576 	return 0;
16577 }
16578 
16579 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
16580 				   struct cfg80211_wowlan_wakeup *wakeup,
16581 				   gfp_t gfp)
16582 {
16583 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16584 	struct sk_buff *msg;
16585 	void *hdr;
16586 	int size = 200;
16587 
16588 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
16589 
16590 	if (wakeup)
16591 		size += wakeup->packet_present_len;
16592 
16593 	msg = nlmsg_new(size, gfp);
16594 	if (!msg)
16595 		return;
16596 
16597 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
16598 	if (!hdr)
16599 		goto free_msg;
16600 
16601 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16602 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16603 			      NL80211_ATTR_PAD))
16604 		goto free_msg;
16605 
16606 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16607 					wdev->netdev->ifindex))
16608 		goto free_msg;
16609 
16610 	if (wakeup) {
16611 		struct nlattr *reasons;
16612 
16613 		reasons = nla_nest_start_noflag(msg,
16614 						NL80211_ATTR_WOWLAN_TRIGGERS);
16615 		if (!reasons)
16616 			goto free_msg;
16617 
16618 		if (wakeup->disconnect &&
16619 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
16620 			goto free_msg;
16621 		if (wakeup->magic_pkt &&
16622 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
16623 			goto free_msg;
16624 		if (wakeup->gtk_rekey_failure &&
16625 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
16626 			goto free_msg;
16627 		if (wakeup->eap_identity_req &&
16628 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
16629 			goto free_msg;
16630 		if (wakeup->four_way_handshake &&
16631 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
16632 			goto free_msg;
16633 		if (wakeup->rfkill_release &&
16634 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
16635 			goto free_msg;
16636 
16637 		if (wakeup->pattern_idx >= 0 &&
16638 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
16639 				wakeup->pattern_idx))
16640 			goto free_msg;
16641 
16642 		if (wakeup->tcp_match &&
16643 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
16644 			goto free_msg;
16645 
16646 		if (wakeup->tcp_connlost &&
16647 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
16648 			goto free_msg;
16649 
16650 		if (wakeup->tcp_nomoretokens &&
16651 		    nla_put_flag(msg,
16652 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
16653 			goto free_msg;
16654 
16655 		if (wakeup->packet) {
16656 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
16657 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
16658 
16659 			if (!wakeup->packet_80211) {
16660 				pkt_attr =
16661 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
16662 				len_attr =
16663 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
16664 			}
16665 
16666 			if (wakeup->packet_len &&
16667 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
16668 				goto free_msg;
16669 
16670 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
16671 				    wakeup->packet))
16672 				goto free_msg;
16673 		}
16674 
16675 		if (wakeup->net_detect &&
16676 		    cfg80211_net_detect_results(msg, wakeup))
16677 				goto free_msg;
16678 
16679 		nla_nest_end(msg, reasons);
16680 	}
16681 
16682 	genlmsg_end(msg, hdr);
16683 
16684 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16685 				NL80211_MCGRP_MLME, gfp);
16686 	return;
16687 
16688  free_msg:
16689 	nlmsg_free(msg);
16690 }
16691 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
16692 #endif
16693 
16694 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
16695 				enum nl80211_tdls_operation oper,
16696 				u16 reason_code, gfp_t gfp)
16697 {
16698 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16699 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16700 	struct sk_buff *msg;
16701 	void *hdr;
16702 
16703 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
16704 					 reason_code);
16705 
16706 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16707 	if (!msg)
16708 		return;
16709 
16710 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
16711 	if (!hdr) {
16712 		nlmsg_free(msg);
16713 		return;
16714 	}
16715 
16716 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16717 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16718 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
16719 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
16720 	    (reason_code > 0 &&
16721 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
16722 		goto nla_put_failure;
16723 
16724 	genlmsg_end(msg, hdr);
16725 
16726 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16727 				NL80211_MCGRP_MLME, gfp);
16728 	return;
16729 
16730  nla_put_failure:
16731 	nlmsg_free(msg);
16732 }
16733 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
16734 
16735 static int nl80211_netlink_notify(struct notifier_block * nb,
16736 				  unsigned long state,
16737 				  void *_notify)
16738 {
16739 	struct netlink_notify *notify = _notify;
16740 	struct cfg80211_registered_device *rdev;
16741 	struct wireless_dev *wdev;
16742 	struct cfg80211_beacon_registration *reg, *tmp;
16743 
16744 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
16745 		return NOTIFY_DONE;
16746 
16747 	rcu_read_lock();
16748 
16749 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
16750 		struct cfg80211_sched_scan_request *sched_scan_req;
16751 
16752 		list_for_each_entry_rcu(sched_scan_req,
16753 					&rdev->sched_scan_req_list,
16754 					list) {
16755 			if (sched_scan_req->owner_nlportid == notify->portid) {
16756 				sched_scan_req->nl_owner_dead = true;
16757 				schedule_work(&rdev->sched_scan_stop_wk);
16758 			}
16759 		}
16760 
16761 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
16762 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
16763 
16764 			if (wdev->owner_nlportid == notify->portid) {
16765 				wdev->nl_owner_dead = true;
16766 				schedule_work(&rdev->destroy_work);
16767 			} else if (wdev->conn_owner_nlportid == notify->portid) {
16768 				schedule_work(&wdev->disconnect_wk);
16769 			}
16770 
16771 			cfg80211_release_pmsr(wdev, notify->portid);
16772 		}
16773 
16774 		spin_lock_bh(&rdev->beacon_registrations_lock);
16775 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
16776 					 list) {
16777 			if (reg->nlportid == notify->portid) {
16778 				list_del(&reg->list);
16779 				kfree(reg);
16780 				break;
16781 			}
16782 		}
16783 		spin_unlock_bh(&rdev->beacon_registrations_lock);
16784 	}
16785 
16786 	rcu_read_unlock();
16787 
16788 	/*
16789 	 * It is possible that the user space process that is controlling the
16790 	 * indoor setting disappeared, so notify the regulatory core.
16791 	 */
16792 	regulatory_netlink_notify(notify->portid);
16793 	return NOTIFY_OK;
16794 }
16795 
16796 static struct notifier_block nl80211_netlink_notifier = {
16797 	.notifier_call = nl80211_netlink_notify,
16798 };
16799 
16800 void cfg80211_ft_event(struct net_device *netdev,
16801 		       struct cfg80211_ft_event_params *ft_event)
16802 {
16803 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16804 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16805 	struct sk_buff *msg;
16806 	void *hdr;
16807 
16808 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
16809 
16810 	if (!ft_event->target_ap)
16811 		return;
16812 
16813 	msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
16814 			GFP_KERNEL);
16815 	if (!msg)
16816 		return;
16817 
16818 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
16819 	if (!hdr)
16820 		goto out;
16821 
16822 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16823 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16824 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
16825 		goto out;
16826 
16827 	if (ft_event->ies &&
16828 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
16829 		goto out;
16830 	if (ft_event->ric_ies &&
16831 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
16832 		    ft_event->ric_ies))
16833 		goto out;
16834 
16835 	genlmsg_end(msg, hdr);
16836 
16837 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16838 				NL80211_MCGRP_MLME, GFP_KERNEL);
16839 	return;
16840  out:
16841 	nlmsg_free(msg);
16842 }
16843 EXPORT_SYMBOL(cfg80211_ft_event);
16844 
16845 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
16846 {
16847 	struct cfg80211_registered_device *rdev;
16848 	struct sk_buff *msg;
16849 	void *hdr;
16850 	u32 nlportid;
16851 
16852 	rdev = wiphy_to_rdev(wdev->wiphy);
16853 	if (!rdev->crit_proto_nlportid)
16854 		return;
16855 
16856 	nlportid = rdev->crit_proto_nlportid;
16857 	rdev->crit_proto_nlportid = 0;
16858 
16859 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16860 	if (!msg)
16861 		return;
16862 
16863 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
16864 	if (!hdr)
16865 		goto nla_put_failure;
16866 
16867 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16868 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16869 			      NL80211_ATTR_PAD))
16870 		goto nla_put_failure;
16871 
16872 	genlmsg_end(msg, hdr);
16873 
16874 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16875 	return;
16876 
16877  nla_put_failure:
16878 	nlmsg_free(msg);
16879 }
16880 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
16881 
16882 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
16883 {
16884 	struct wiphy *wiphy = wdev->wiphy;
16885 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16886 	struct sk_buff *msg;
16887 	void *hdr;
16888 
16889 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16890 	if (!msg)
16891 		return;
16892 
16893 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
16894 	if (!hdr)
16895 		goto out;
16896 
16897 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16898 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
16899 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16900 			      NL80211_ATTR_PAD))
16901 		goto out;
16902 
16903 	genlmsg_end(msg, hdr);
16904 
16905 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
16906 				NL80211_MCGRP_MLME, GFP_KERNEL);
16907 	return;
16908  out:
16909 	nlmsg_free(msg);
16910 }
16911 
16912 int cfg80211_external_auth_request(struct net_device *dev,
16913 				   struct cfg80211_external_auth_params *params,
16914 				   gfp_t gfp)
16915 {
16916 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16917 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16918 	struct sk_buff *msg;
16919 	void *hdr;
16920 
16921 	if (!wdev->conn_owner_nlportid)
16922 		return -EINVAL;
16923 
16924 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16925 	if (!msg)
16926 		return -ENOMEM;
16927 
16928 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
16929 	if (!hdr)
16930 		goto nla_put_failure;
16931 
16932 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16933 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16934 	    nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
16935 	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
16936 			params->action) ||
16937 	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
16938 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
16939 		    params->ssid.ssid))
16940 		goto nla_put_failure;
16941 
16942 	genlmsg_end(msg, hdr);
16943 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16944 			wdev->conn_owner_nlportid);
16945 	return 0;
16946 
16947  nla_put_failure:
16948 	nlmsg_free(msg);
16949 	return -ENOBUFS;
16950 }
16951 EXPORT_SYMBOL(cfg80211_external_auth_request);
16952 
16953 void cfg80211_update_owe_info_event(struct net_device *netdev,
16954 				    struct cfg80211_update_owe_info *owe_info,
16955 				    gfp_t gfp)
16956 {
16957 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16958 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16959 	struct sk_buff *msg;
16960 	void *hdr;
16961 
16962 	trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
16963 
16964 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16965 	if (!msg)
16966 		return;
16967 
16968 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
16969 	if (!hdr)
16970 		goto nla_put_failure;
16971 
16972 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16973 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16974 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
16975 		goto nla_put_failure;
16976 
16977 	if (!owe_info->ie_len ||
16978 	    nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
16979 		goto nla_put_failure;
16980 
16981 	genlmsg_end(msg, hdr);
16982 
16983 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16984 				NL80211_MCGRP_MLME, gfp);
16985 	return;
16986 
16987 nla_put_failure:
16988 	genlmsg_cancel(msg, hdr);
16989 	nlmsg_free(msg);
16990 }
16991 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
16992 
16993 /* initialisation/exit functions */
16994 
16995 int __init nl80211_init(void)
16996 {
16997 	int err;
16998 
16999 	err = genl_register_family(&nl80211_fam);
17000 	if (err)
17001 		return err;
17002 
17003 	err = netlink_register_notifier(&nl80211_netlink_notifier);
17004 	if (err)
17005 		goto err_out;
17006 
17007 	return 0;
17008  err_out:
17009 	genl_unregister_family(&nl80211_fam);
17010 	return err;
17011 }
17012 
17013 void nl80211_exit(void)
17014 {
17015 	netlink_unregister_notifier(&nl80211_netlink_notifier);
17016 	genl_unregister_family(&nl80211_fam);
17017 }
17018