xref: /openbmc/linux/net/wireless/nl80211.c (revision afb46f79) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27 
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 				   struct genl_info *info,
30 				   struct cfg80211_crypto_settings *settings,
31 				   int cipher_limit);
32 
33 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
34 			    struct genl_info *info);
35 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 			      struct genl_info *info);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
41 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
42 	.hdrsize = 0,			/* no private header */
43 	.version = 1,			/* no particular meaning now */
44 	.maxattr = NL80211_ATTR_MAX,
45 	.netnsok = true,
46 	.pre_doit = nl80211_pre_doit,
47 	.post_doit = nl80211_post_doit,
48 };
49 
50 /* multicast groups */
51 enum nl80211_multicast_groups {
52 	NL80211_MCGRP_CONFIG,
53 	NL80211_MCGRP_SCAN,
54 	NL80211_MCGRP_REGULATORY,
55 	NL80211_MCGRP_MLME,
56 	NL80211_MCGRP_VENDOR,
57 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
58 };
59 
60 static const struct genl_multicast_group nl80211_mcgrps[] = {
61 	[NL80211_MCGRP_CONFIG] = { .name = "config", },
62 	[NL80211_MCGRP_SCAN] = { .name = "scan", },
63 	[NL80211_MCGRP_REGULATORY] = { .name = "regulatory", },
64 	[NL80211_MCGRP_MLME] = { .name = "mlme", },
65 	[NL80211_MCGRP_VENDOR] = { .name = "vendor", },
66 #ifdef CONFIG_NL80211_TESTMODE
67 	[NL80211_MCGRP_TESTMODE] = { .name = "testmode", }
68 #endif
69 };
70 
71 /* returns ERR_PTR values */
72 static struct wireless_dev *
73 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
74 {
75 	struct cfg80211_registered_device *rdev;
76 	struct wireless_dev *result = NULL;
77 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
78 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
79 	u64 wdev_id;
80 	int wiphy_idx = -1;
81 	int ifidx = -1;
82 
83 	ASSERT_RTNL();
84 
85 	if (!have_ifidx && !have_wdev_id)
86 		return ERR_PTR(-EINVAL);
87 
88 	if (have_ifidx)
89 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
90 	if (have_wdev_id) {
91 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
92 		wiphy_idx = wdev_id >> 32;
93 	}
94 
95 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
96 		struct wireless_dev *wdev;
97 
98 		if (wiphy_net(&rdev->wiphy) != netns)
99 			continue;
100 
101 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
102 			continue;
103 
104 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
105 			if (have_ifidx && wdev->netdev &&
106 			    wdev->netdev->ifindex == ifidx) {
107 				result = wdev;
108 				break;
109 			}
110 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
111 				result = wdev;
112 				break;
113 			}
114 		}
115 
116 		if (result)
117 			break;
118 	}
119 
120 	if (result)
121 		return result;
122 	return ERR_PTR(-ENODEV);
123 }
124 
125 static struct cfg80211_registered_device *
126 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
127 {
128 	struct cfg80211_registered_device *rdev = NULL, *tmp;
129 	struct net_device *netdev;
130 
131 	ASSERT_RTNL();
132 
133 	if (!attrs[NL80211_ATTR_WIPHY] &&
134 	    !attrs[NL80211_ATTR_IFINDEX] &&
135 	    !attrs[NL80211_ATTR_WDEV])
136 		return ERR_PTR(-EINVAL);
137 
138 	if (attrs[NL80211_ATTR_WIPHY])
139 		rdev = cfg80211_rdev_by_wiphy_idx(
140 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
141 
142 	if (attrs[NL80211_ATTR_WDEV]) {
143 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
144 		struct wireless_dev *wdev;
145 		bool found = false;
146 
147 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
148 		if (tmp) {
149 			/* make sure wdev exists */
150 			list_for_each_entry(wdev, &tmp->wdev_list, list) {
151 				if (wdev->identifier != (u32)wdev_id)
152 					continue;
153 				found = true;
154 				break;
155 			}
156 
157 			if (!found)
158 				tmp = NULL;
159 
160 			if (rdev && tmp != rdev)
161 				return ERR_PTR(-EINVAL);
162 			rdev = tmp;
163 		}
164 	}
165 
166 	if (attrs[NL80211_ATTR_IFINDEX]) {
167 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
168 		netdev = __dev_get_by_index(netns, ifindex);
169 		if (netdev) {
170 			if (netdev->ieee80211_ptr)
171 				tmp = wiphy_to_dev(
172 						netdev->ieee80211_ptr->wiphy);
173 			else
174 				tmp = NULL;
175 
176 			/* not wireless device -- return error */
177 			if (!tmp)
178 				return ERR_PTR(-EINVAL);
179 
180 			/* mismatch -- return error */
181 			if (rdev && tmp != rdev)
182 				return ERR_PTR(-EINVAL);
183 
184 			rdev = tmp;
185 		}
186 	}
187 
188 	if (!rdev)
189 		return ERR_PTR(-ENODEV);
190 
191 	if (netns != wiphy_net(&rdev->wiphy))
192 		return ERR_PTR(-ENODEV);
193 
194 	return rdev;
195 }
196 
197 /*
198  * This function returns a pointer to the driver
199  * that the genl_info item that is passed refers to.
200  *
201  * The result of this can be a PTR_ERR and hence must
202  * be checked with IS_ERR() for errors.
203  */
204 static struct cfg80211_registered_device *
205 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
206 {
207 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
208 }
209 
210 /* policy for the attributes */
211 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
212 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
213 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
214 				      .len = 20-1 },
215 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
216 
217 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
218 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
219 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
220 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
221 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
222 
223 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
224 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
225 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
226 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
227 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
228 
229 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
230 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
231 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
232 
233 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
234 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
235 
236 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
237 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
238 				    .len = WLAN_MAX_KEY_LEN },
239 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
240 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
241 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
242 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
243 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
244 
245 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
246 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
247 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
248 				       .len = IEEE80211_MAX_DATA_LEN },
249 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
250 				       .len = IEEE80211_MAX_DATA_LEN },
251 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
252 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
253 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
254 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
255 					       .len = NL80211_MAX_SUPP_RATES },
256 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
257 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
258 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
259 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
260 				   .len = IEEE80211_MAX_MESH_ID_LEN },
261 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
262 
263 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
264 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
265 
266 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
267 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
268 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
269 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
270 					   .len = NL80211_MAX_SUPP_RATES },
271 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
272 
273 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
274 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
275 
276 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
277 
278 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
279 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
280 			      .len = IEEE80211_MAX_DATA_LEN },
281 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
282 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
283 
284 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
285 				.len = IEEE80211_MAX_SSID_LEN },
286 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
287 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
288 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
289 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
290 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
291 	[NL80211_ATTR_STA_FLAGS2] = {
292 		.len = sizeof(struct nl80211_sta_flag_update),
293 	},
294 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
295 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
296 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
297 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
298 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
299 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
300 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
301 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
302 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
303 				 .len = WLAN_PMKID_LEN },
304 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
305 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
306 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
307 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
308 				 .len = IEEE80211_MAX_DATA_LEN },
309 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
310 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
311 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
312 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
313 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
314 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
315 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
316 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
317 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
318 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
319 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
320 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
321 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
322 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
323 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
324 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
325 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
326 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
327 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
328 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
329 					 .len = IEEE80211_MAX_DATA_LEN },
330 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
331 					 .len = IEEE80211_MAX_DATA_LEN },
332 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
333 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
334 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
335 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
336 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
337 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
338 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
339 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
340 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
341 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
342 				      .len = IEEE80211_MAX_DATA_LEN },
343 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
344 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
345 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
346 		.len = NL80211_HT_CAPABILITY_LEN
347 	},
348 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
349 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
350 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
351 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
352 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
353 	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
354 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
355 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
356 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
357 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
358 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
359 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
360 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
361 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
362 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
363 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
364 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
365 		.len = NL80211_VHT_CAPABILITY_LEN,
366 	},
367 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
368 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
369 				  .len = IEEE80211_MAX_DATA_LEN },
370 	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
371 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
372 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
373 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
374 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_U16 },
375 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_U16 },
376 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
377 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
378 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
379 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
380 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
381 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
382 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
383 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
384 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
385 	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
386 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
387 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
388 };
389 
390 /* policy for the key attributes */
391 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
392 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
393 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
394 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
395 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
396 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
397 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
398 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
399 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
400 };
401 
402 /* policy for the key default flags */
403 static const struct nla_policy
404 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
405 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
406 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
407 };
408 
409 /* policy for WoWLAN attributes */
410 static const struct nla_policy
411 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
412 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
413 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
414 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
415 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
416 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
417 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
418 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
419 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
420 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
421 };
422 
423 static const struct nla_policy
424 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
425 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
426 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
427 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
428 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
429 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
430 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
431 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
432 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
433 	},
434 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
435 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
436 	},
437 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
438 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
439 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
440 };
441 
442 /* policy for coalesce rule attributes */
443 static const struct nla_policy
444 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
445 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
446 	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
447 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
448 };
449 
450 /* policy for GTK rekey offload attributes */
451 static const struct nla_policy
452 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
453 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
454 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
455 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
456 };
457 
458 static const struct nla_policy
459 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
460 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
461 						 .len = IEEE80211_MAX_SSID_LEN },
462 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
463 };
464 
465 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
466 				     struct netlink_callback *cb,
467 				     struct cfg80211_registered_device **rdev,
468 				     struct wireless_dev **wdev)
469 {
470 	int err;
471 
472 	rtnl_lock();
473 
474 	if (!cb->args[0]) {
475 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
476 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
477 				  nl80211_policy);
478 		if (err)
479 			goto out_unlock;
480 
481 		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
482 						   nl80211_fam.attrbuf);
483 		if (IS_ERR(*wdev)) {
484 			err = PTR_ERR(*wdev);
485 			goto out_unlock;
486 		}
487 		*rdev = wiphy_to_dev((*wdev)->wiphy);
488 		/* 0 is the first index - add 1 to parse only once */
489 		cb->args[0] = (*rdev)->wiphy_idx + 1;
490 		cb->args[1] = (*wdev)->identifier;
491 	} else {
492 		/* subtract the 1 again here */
493 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
494 		struct wireless_dev *tmp;
495 
496 		if (!wiphy) {
497 			err = -ENODEV;
498 			goto out_unlock;
499 		}
500 		*rdev = wiphy_to_dev(wiphy);
501 		*wdev = NULL;
502 
503 		list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
504 			if (tmp->identifier == cb->args[1]) {
505 				*wdev = tmp;
506 				break;
507 			}
508 		}
509 
510 		if (!*wdev) {
511 			err = -ENODEV;
512 			goto out_unlock;
513 		}
514 	}
515 
516 	return 0;
517  out_unlock:
518 	rtnl_unlock();
519 	return err;
520 }
521 
522 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
523 {
524 	rtnl_unlock();
525 }
526 
527 /* IE validation */
528 static bool is_valid_ie_attr(const struct nlattr *attr)
529 {
530 	const u8 *pos;
531 	int len;
532 
533 	if (!attr)
534 		return true;
535 
536 	pos = nla_data(attr);
537 	len = nla_len(attr);
538 
539 	while (len) {
540 		u8 elemlen;
541 
542 		if (len < 2)
543 			return false;
544 		len -= 2;
545 
546 		elemlen = pos[1];
547 		if (elemlen > len)
548 			return false;
549 
550 		len -= elemlen;
551 		pos += 2 + elemlen;
552 	}
553 
554 	return true;
555 }
556 
557 /* message building helper */
558 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
559 				   int flags, u8 cmd)
560 {
561 	/* since there is no private header just add the generic one */
562 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
563 }
564 
565 static int nl80211_msg_put_channel(struct sk_buff *msg,
566 				   struct ieee80211_channel *chan,
567 				   bool large)
568 {
569 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
570 			chan->center_freq))
571 		goto nla_put_failure;
572 
573 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
574 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
575 		goto nla_put_failure;
576 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
577 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
578 			goto nla_put_failure;
579 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
580 			goto nla_put_failure;
581 	}
582 	if (chan->flags & IEEE80211_CHAN_RADAR) {
583 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
584 			goto nla_put_failure;
585 		if (large) {
586 			u32 time;
587 
588 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
589 
590 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
591 					chan->dfs_state))
592 				goto nla_put_failure;
593 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
594 					time))
595 				goto nla_put_failure;
596 			if (nla_put_u32(msg,
597 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
598 					chan->dfs_cac_ms))
599 				goto nla_put_failure;
600 		}
601 	}
602 
603 	if (large) {
604 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
605 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
606 			goto nla_put_failure;
607 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
608 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
609 			goto nla_put_failure;
610 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
611 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
612 			goto nla_put_failure;
613 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
614 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
615 			goto nla_put_failure;
616 	}
617 
618 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
619 			DBM_TO_MBM(chan->max_power)))
620 		goto nla_put_failure;
621 
622 	return 0;
623 
624  nla_put_failure:
625 	return -ENOBUFS;
626 }
627 
628 /* netlink command implementations */
629 
630 struct key_parse {
631 	struct key_params p;
632 	int idx;
633 	int type;
634 	bool def, defmgmt;
635 	bool def_uni, def_multi;
636 };
637 
638 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
639 {
640 	struct nlattr *tb[NL80211_KEY_MAX + 1];
641 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
642 				   nl80211_key_policy);
643 	if (err)
644 		return err;
645 
646 	k->def = !!tb[NL80211_KEY_DEFAULT];
647 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
648 
649 	if (k->def) {
650 		k->def_uni = true;
651 		k->def_multi = true;
652 	}
653 	if (k->defmgmt)
654 		k->def_multi = true;
655 
656 	if (tb[NL80211_KEY_IDX])
657 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
658 
659 	if (tb[NL80211_KEY_DATA]) {
660 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
661 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
662 	}
663 
664 	if (tb[NL80211_KEY_SEQ]) {
665 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
666 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
667 	}
668 
669 	if (tb[NL80211_KEY_CIPHER])
670 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
671 
672 	if (tb[NL80211_KEY_TYPE]) {
673 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
674 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
675 			return -EINVAL;
676 	}
677 
678 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
679 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
680 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
681 				       tb[NL80211_KEY_DEFAULT_TYPES],
682 				       nl80211_key_default_policy);
683 		if (err)
684 			return err;
685 
686 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
687 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
688 	}
689 
690 	return 0;
691 }
692 
693 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
694 {
695 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
696 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
697 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
698 	}
699 
700 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
701 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
702 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
703 	}
704 
705 	if (info->attrs[NL80211_ATTR_KEY_IDX])
706 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
707 
708 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
709 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
710 
711 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
712 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
713 
714 	if (k->def) {
715 		k->def_uni = true;
716 		k->def_multi = true;
717 	}
718 	if (k->defmgmt)
719 		k->def_multi = true;
720 
721 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
722 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
723 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
724 			return -EINVAL;
725 	}
726 
727 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
728 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
729 		int err = nla_parse_nested(
730 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
731 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
732 				nl80211_key_default_policy);
733 		if (err)
734 			return err;
735 
736 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
737 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
738 	}
739 
740 	return 0;
741 }
742 
743 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
744 {
745 	int err;
746 
747 	memset(k, 0, sizeof(*k));
748 	k->idx = -1;
749 	k->type = -1;
750 
751 	if (info->attrs[NL80211_ATTR_KEY])
752 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
753 	else
754 		err = nl80211_parse_key_old(info, k);
755 
756 	if (err)
757 		return err;
758 
759 	if (k->def && k->defmgmt)
760 		return -EINVAL;
761 
762 	if (k->defmgmt) {
763 		if (k->def_uni || !k->def_multi)
764 			return -EINVAL;
765 	}
766 
767 	if (k->idx != -1) {
768 		if (k->defmgmt) {
769 			if (k->idx < 4 || k->idx > 5)
770 				return -EINVAL;
771 		} else if (k->def) {
772 			if (k->idx < 0 || k->idx > 3)
773 				return -EINVAL;
774 		} else {
775 			if (k->idx < 0 || k->idx > 5)
776 				return -EINVAL;
777 		}
778 	}
779 
780 	return 0;
781 }
782 
783 static struct cfg80211_cached_keys *
784 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
785 		       struct nlattr *keys, bool *no_ht)
786 {
787 	struct key_parse parse;
788 	struct nlattr *key;
789 	struct cfg80211_cached_keys *result;
790 	int rem, err, def = 0;
791 
792 	result = kzalloc(sizeof(*result), GFP_KERNEL);
793 	if (!result)
794 		return ERR_PTR(-ENOMEM);
795 
796 	result->def = -1;
797 	result->defmgmt = -1;
798 
799 	nla_for_each_nested(key, keys, rem) {
800 		memset(&parse, 0, sizeof(parse));
801 		parse.idx = -1;
802 
803 		err = nl80211_parse_key_new(key, &parse);
804 		if (err)
805 			goto error;
806 		err = -EINVAL;
807 		if (!parse.p.key)
808 			goto error;
809 		if (parse.idx < 0 || parse.idx > 4)
810 			goto error;
811 		if (parse.def) {
812 			if (def)
813 				goto error;
814 			def = 1;
815 			result->def = parse.idx;
816 			if (!parse.def_uni || !parse.def_multi)
817 				goto error;
818 		} else if (parse.defmgmt)
819 			goto error;
820 		err = cfg80211_validate_key_settings(rdev, &parse.p,
821 						     parse.idx, false, NULL);
822 		if (err)
823 			goto error;
824 		result->params[parse.idx].cipher = parse.p.cipher;
825 		result->params[parse.idx].key_len = parse.p.key_len;
826 		result->params[parse.idx].key = result->data[parse.idx];
827 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
828 
829 		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
830 		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
831 			if (no_ht)
832 				*no_ht = true;
833 		}
834 	}
835 
836 	return result;
837  error:
838 	kfree(result);
839 	return ERR_PTR(err);
840 }
841 
842 static int nl80211_key_allowed(struct wireless_dev *wdev)
843 {
844 	ASSERT_WDEV_LOCK(wdev);
845 
846 	switch (wdev->iftype) {
847 	case NL80211_IFTYPE_AP:
848 	case NL80211_IFTYPE_AP_VLAN:
849 	case NL80211_IFTYPE_P2P_GO:
850 	case NL80211_IFTYPE_MESH_POINT:
851 		break;
852 	case NL80211_IFTYPE_ADHOC:
853 	case NL80211_IFTYPE_STATION:
854 	case NL80211_IFTYPE_P2P_CLIENT:
855 		if (!wdev->current_bss)
856 			return -ENOLINK;
857 		break;
858 	default:
859 		return -EINVAL;
860 	}
861 
862 	return 0;
863 }
864 
865 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
866 							struct nlattr *tb)
867 {
868 	struct ieee80211_channel *chan;
869 
870 	if (tb == NULL)
871 		return NULL;
872 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
873 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
874 		return NULL;
875 	return chan;
876 }
877 
878 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
879 {
880 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
881 	int i;
882 
883 	if (!nl_modes)
884 		goto nla_put_failure;
885 
886 	i = 0;
887 	while (ifmodes) {
888 		if ((ifmodes & 1) && nla_put_flag(msg, i))
889 			goto nla_put_failure;
890 		ifmodes >>= 1;
891 		i++;
892 	}
893 
894 	nla_nest_end(msg, nl_modes);
895 	return 0;
896 
897 nla_put_failure:
898 	return -ENOBUFS;
899 }
900 
901 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
902 					  struct sk_buff *msg,
903 					  bool large)
904 {
905 	struct nlattr *nl_combis;
906 	int i, j;
907 
908 	nl_combis = nla_nest_start(msg,
909 				NL80211_ATTR_INTERFACE_COMBINATIONS);
910 	if (!nl_combis)
911 		goto nla_put_failure;
912 
913 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
914 		const struct ieee80211_iface_combination *c;
915 		struct nlattr *nl_combi, *nl_limits;
916 
917 		c = &wiphy->iface_combinations[i];
918 
919 		nl_combi = nla_nest_start(msg, i + 1);
920 		if (!nl_combi)
921 			goto nla_put_failure;
922 
923 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
924 		if (!nl_limits)
925 			goto nla_put_failure;
926 
927 		for (j = 0; j < c->n_limits; j++) {
928 			struct nlattr *nl_limit;
929 
930 			nl_limit = nla_nest_start(msg, j + 1);
931 			if (!nl_limit)
932 				goto nla_put_failure;
933 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
934 					c->limits[j].max))
935 				goto nla_put_failure;
936 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
937 						c->limits[j].types))
938 				goto nla_put_failure;
939 			nla_nest_end(msg, nl_limit);
940 		}
941 
942 		nla_nest_end(msg, nl_limits);
943 
944 		if (c->beacon_int_infra_match &&
945 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
946 			goto nla_put_failure;
947 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
948 				c->num_different_channels) ||
949 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
950 				c->max_interfaces))
951 			goto nla_put_failure;
952 		if (large &&
953 		    nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
954 				c->radar_detect_widths))
955 			goto nla_put_failure;
956 
957 		nla_nest_end(msg, nl_combi);
958 	}
959 
960 	nla_nest_end(msg, nl_combis);
961 
962 	return 0;
963 nla_put_failure:
964 	return -ENOBUFS;
965 }
966 
967 #ifdef CONFIG_PM
968 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
969 					struct sk_buff *msg)
970 {
971 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
972 	struct nlattr *nl_tcp;
973 
974 	if (!tcp)
975 		return 0;
976 
977 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
978 	if (!nl_tcp)
979 		return -ENOBUFS;
980 
981 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
982 			tcp->data_payload_max))
983 		return -ENOBUFS;
984 
985 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
986 			tcp->data_payload_max))
987 		return -ENOBUFS;
988 
989 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
990 		return -ENOBUFS;
991 
992 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
993 				sizeof(*tcp->tok), tcp->tok))
994 		return -ENOBUFS;
995 
996 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
997 			tcp->data_interval_max))
998 		return -ENOBUFS;
999 
1000 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1001 			tcp->wake_payload_max))
1002 		return -ENOBUFS;
1003 
1004 	nla_nest_end(msg, nl_tcp);
1005 	return 0;
1006 }
1007 
1008 static int nl80211_send_wowlan(struct sk_buff *msg,
1009 			       struct cfg80211_registered_device *dev,
1010 			       bool large)
1011 {
1012 	struct nlattr *nl_wowlan;
1013 
1014 	if (!dev->wiphy.wowlan)
1015 		return 0;
1016 
1017 	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1018 	if (!nl_wowlan)
1019 		return -ENOBUFS;
1020 
1021 	if (((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1022 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1023 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1024 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1025 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1026 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1027 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1028 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1029 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1030 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1031 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1032 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1033 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1034 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1035 	    ((dev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1036 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1037 		return -ENOBUFS;
1038 
1039 	if (dev->wiphy.wowlan->n_patterns) {
1040 		struct nl80211_pattern_support pat = {
1041 			.max_patterns = dev->wiphy.wowlan->n_patterns,
1042 			.min_pattern_len = dev->wiphy.wowlan->pattern_min_len,
1043 			.max_pattern_len = dev->wiphy.wowlan->pattern_max_len,
1044 			.max_pkt_offset = dev->wiphy.wowlan->max_pkt_offset,
1045 		};
1046 
1047 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1048 			    sizeof(pat), &pat))
1049 			return -ENOBUFS;
1050 	}
1051 
1052 	if (large && nl80211_send_wowlan_tcp_caps(dev, msg))
1053 		return -ENOBUFS;
1054 
1055 	nla_nest_end(msg, nl_wowlan);
1056 
1057 	return 0;
1058 }
1059 #endif
1060 
1061 static int nl80211_send_coalesce(struct sk_buff *msg,
1062 				 struct cfg80211_registered_device *dev)
1063 {
1064 	struct nl80211_coalesce_rule_support rule;
1065 
1066 	if (!dev->wiphy.coalesce)
1067 		return 0;
1068 
1069 	rule.max_rules = dev->wiphy.coalesce->n_rules;
1070 	rule.max_delay = dev->wiphy.coalesce->max_delay;
1071 	rule.pat.max_patterns = dev->wiphy.coalesce->n_patterns;
1072 	rule.pat.min_pattern_len = dev->wiphy.coalesce->pattern_min_len;
1073 	rule.pat.max_pattern_len = dev->wiphy.coalesce->pattern_max_len;
1074 	rule.pat.max_pkt_offset = dev->wiphy.coalesce->max_pkt_offset;
1075 
1076 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1077 		return -ENOBUFS;
1078 
1079 	return 0;
1080 }
1081 
1082 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1083 				      struct ieee80211_supported_band *sband)
1084 {
1085 	struct nlattr *nl_rates, *nl_rate;
1086 	struct ieee80211_rate *rate;
1087 	int i;
1088 
1089 	/* add HT info */
1090 	if (sband->ht_cap.ht_supported &&
1091 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1092 		     sizeof(sband->ht_cap.mcs),
1093 		     &sband->ht_cap.mcs) ||
1094 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1095 			 sband->ht_cap.cap) ||
1096 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1097 			sband->ht_cap.ampdu_factor) ||
1098 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1099 			sband->ht_cap.ampdu_density)))
1100 		return -ENOBUFS;
1101 
1102 	/* add VHT info */
1103 	if (sband->vht_cap.vht_supported &&
1104 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1105 		     sizeof(sband->vht_cap.vht_mcs),
1106 		     &sband->vht_cap.vht_mcs) ||
1107 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1108 			 sband->vht_cap.cap)))
1109 		return -ENOBUFS;
1110 
1111 	/* add bitrates */
1112 	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1113 	if (!nl_rates)
1114 		return -ENOBUFS;
1115 
1116 	for (i = 0; i < sband->n_bitrates; i++) {
1117 		nl_rate = nla_nest_start(msg, i);
1118 		if (!nl_rate)
1119 			return -ENOBUFS;
1120 
1121 		rate = &sband->bitrates[i];
1122 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1123 				rate->bitrate))
1124 			return -ENOBUFS;
1125 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1126 		    nla_put_flag(msg,
1127 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1128 			return -ENOBUFS;
1129 
1130 		nla_nest_end(msg, nl_rate);
1131 	}
1132 
1133 	nla_nest_end(msg, nl_rates);
1134 
1135 	return 0;
1136 }
1137 
1138 static int
1139 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1140 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1141 {
1142 	u16 stypes;
1143 	struct nlattr *nl_ftypes, *nl_ifs;
1144 	enum nl80211_iftype ift;
1145 	int i;
1146 
1147 	if (!mgmt_stypes)
1148 		return 0;
1149 
1150 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1151 	if (!nl_ifs)
1152 		return -ENOBUFS;
1153 
1154 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1155 		nl_ftypes = nla_nest_start(msg, ift);
1156 		if (!nl_ftypes)
1157 			return -ENOBUFS;
1158 		i = 0;
1159 		stypes = mgmt_stypes[ift].tx;
1160 		while (stypes) {
1161 			if ((stypes & 1) &&
1162 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1163 					(i << 4) | IEEE80211_FTYPE_MGMT))
1164 				return -ENOBUFS;
1165 			stypes >>= 1;
1166 			i++;
1167 		}
1168 		nla_nest_end(msg, nl_ftypes);
1169 	}
1170 
1171 	nla_nest_end(msg, nl_ifs);
1172 
1173 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1174 	if (!nl_ifs)
1175 		return -ENOBUFS;
1176 
1177 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1178 		nl_ftypes = nla_nest_start(msg, ift);
1179 		if (!nl_ftypes)
1180 			return -ENOBUFS;
1181 		i = 0;
1182 		stypes = mgmt_stypes[ift].rx;
1183 		while (stypes) {
1184 			if ((stypes & 1) &&
1185 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1186 					(i << 4) | IEEE80211_FTYPE_MGMT))
1187 				return -ENOBUFS;
1188 			stypes >>= 1;
1189 			i++;
1190 		}
1191 		nla_nest_end(msg, nl_ftypes);
1192 	}
1193 	nla_nest_end(msg, nl_ifs);
1194 
1195 	return 0;
1196 }
1197 
1198 struct nl80211_dump_wiphy_state {
1199 	s64 filter_wiphy;
1200 	long start;
1201 	long split_start, band_start, chan_start;
1202 	bool split;
1203 };
1204 
1205 static int nl80211_send_wiphy(struct cfg80211_registered_device *dev,
1206 			      struct sk_buff *msg, u32 portid, u32 seq,
1207 			      int flags, struct nl80211_dump_wiphy_state *state)
1208 {
1209 	void *hdr;
1210 	struct nlattr *nl_bands, *nl_band;
1211 	struct nlattr *nl_freqs, *nl_freq;
1212 	struct nlattr *nl_cmds;
1213 	enum ieee80211_band band;
1214 	struct ieee80211_channel *chan;
1215 	int i;
1216 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1217 				dev->wiphy.mgmt_stypes;
1218 	u32 features;
1219 
1220 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
1221 	if (!hdr)
1222 		return -ENOBUFS;
1223 
1224 	if (WARN_ON(!state))
1225 		return -EINVAL;
1226 
1227 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
1228 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1229 			   wiphy_name(&dev->wiphy)) ||
1230 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1231 			cfg80211_rdev_list_generation))
1232 		goto nla_put_failure;
1233 
1234 	switch (state->split_start) {
1235 	case 0:
1236 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1237 			       dev->wiphy.retry_short) ||
1238 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1239 			       dev->wiphy.retry_long) ||
1240 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1241 				dev->wiphy.frag_threshold) ||
1242 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1243 				dev->wiphy.rts_threshold) ||
1244 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1245 			       dev->wiphy.coverage_class) ||
1246 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1247 			       dev->wiphy.max_scan_ssids) ||
1248 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1249 			       dev->wiphy.max_sched_scan_ssids) ||
1250 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1251 				dev->wiphy.max_scan_ie_len) ||
1252 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1253 				dev->wiphy.max_sched_scan_ie_len) ||
1254 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1255 			       dev->wiphy.max_match_sets))
1256 			goto nla_put_failure;
1257 
1258 		if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1259 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1260 			goto nla_put_failure;
1261 		if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1262 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1263 			goto nla_put_failure;
1264 		if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1265 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1266 			goto nla_put_failure;
1267 		if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1268 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1269 			goto nla_put_failure;
1270 		if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1271 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1272 			goto nla_put_failure;
1273 		if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1274 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1275 			goto nla_put_failure;
1276 		state->split_start++;
1277 		if (state->split)
1278 			break;
1279 	case 1:
1280 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1281 			    sizeof(u32) * dev->wiphy.n_cipher_suites,
1282 			    dev->wiphy.cipher_suites))
1283 			goto nla_put_failure;
1284 
1285 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1286 			       dev->wiphy.max_num_pmkids))
1287 			goto nla_put_failure;
1288 
1289 		if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1290 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1291 			goto nla_put_failure;
1292 
1293 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1294 				dev->wiphy.available_antennas_tx) ||
1295 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1296 				dev->wiphy.available_antennas_rx))
1297 			goto nla_put_failure;
1298 
1299 		if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1300 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1301 				dev->wiphy.probe_resp_offload))
1302 			goto nla_put_failure;
1303 
1304 		if ((dev->wiphy.available_antennas_tx ||
1305 		     dev->wiphy.available_antennas_rx) &&
1306 		    dev->ops->get_antenna) {
1307 			u32 tx_ant = 0, rx_ant = 0;
1308 			int res;
1309 			res = rdev_get_antenna(dev, &tx_ant, &rx_ant);
1310 			if (!res) {
1311 				if (nla_put_u32(msg,
1312 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1313 						tx_ant) ||
1314 				    nla_put_u32(msg,
1315 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1316 						rx_ant))
1317 					goto nla_put_failure;
1318 			}
1319 		}
1320 
1321 		state->split_start++;
1322 		if (state->split)
1323 			break;
1324 	case 2:
1325 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1326 					dev->wiphy.interface_modes))
1327 				goto nla_put_failure;
1328 		state->split_start++;
1329 		if (state->split)
1330 			break;
1331 	case 3:
1332 		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1333 		if (!nl_bands)
1334 			goto nla_put_failure;
1335 
1336 		for (band = state->band_start;
1337 		     band < IEEE80211_NUM_BANDS; band++) {
1338 			struct ieee80211_supported_band *sband;
1339 
1340 			sband = dev->wiphy.bands[band];
1341 
1342 			if (!sband)
1343 				continue;
1344 
1345 			nl_band = nla_nest_start(msg, band);
1346 			if (!nl_band)
1347 				goto nla_put_failure;
1348 
1349 			switch (state->chan_start) {
1350 			case 0:
1351 				if (nl80211_send_band_rateinfo(msg, sband))
1352 					goto nla_put_failure;
1353 				state->chan_start++;
1354 				if (state->split)
1355 					break;
1356 			default:
1357 				/* add frequencies */
1358 				nl_freqs = nla_nest_start(
1359 					msg, NL80211_BAND_ATTR_FREQS);
1360 				if (!nl_freqs)
1361 					goto nla_put_failure;
1362 
1363 				for (i = state->chan_start - 1;
1364 				     i < sband->n_channels;
1365 				     i++) {
1366 					nl_freq = nla_nest_start(msg, i);
1367 					if (!nl_freq)
1368 						goto nla_put_failure;
1369 
1370 					chan = &sband->channels[i];
1371 
1372 					if (nl80211_msg_put_channel(
1373 							msg, chan,
1374 							state->split))
1375 						goto nla_put_failure;
1376 
1377 					nla_nest_end(msg, nl_freq);
1378 					if (state->split)
1379 						break;
1380 				}
1381 				if (i < sband->n_channels)
1382 					state->chan_start = i + 2;
1383 				else
1384 					state->chan_start = 0;
1385 				nla_nest_end(msg, nl_freqs);
1386 			}
1387 
1388 			nla_nest_end(msg, nl_band);
1389 
1390 			if (state->split) {
1391 				/* start again here */
1392 				if (state->chan_start)
1393 					band--;
1394 				break;
1395 			}
1396 		}
1397 		nla_nest_end(msg, nl_bands);
1398 
1399 		if (band < IEEE80211_NUM_BANDS)
1400 			state->band_start = band + 1;
1401 		else
1402 			state->band_start = 0;
1403 
1404 		/* if bands & channels are done, continue outside */
1405 		if (state->band_start == 0 && state->chan_start == 0)
1406 			state->split_start++;
1407 		if (state->split)
1408 			break;
1409 	case 4:
1410 		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1411 		if (!nl_cmds)
1412 			goto nla_put_failure;
1413 
1414 		i = 0;
1415 #define CMD(op, n)							\
1416 		 do {							\
1417 			if (dev->ops->op) {				\
1418 				i++;					\
1419 				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1420 					goto nla_put_failure;		\
1421 			}						\
1422 		} while (0)
1423 
1424 		CMD(add_virtual_intf, NEW_INTERFACE);
1425 		CMD(change_virtual_intf, SET_INTERFACE);
1426 		CMD(add_key, NEW_KEY);
1427 		CMD(start_ap, START_AP);
1428 		CMD(add_station, NEW_STATION);
1429 		CMD(add_mpath, NEW_MPATH);
1430 		CMD(update_mesh_config, SET_MESH_CONFIG);
1431 		CMD(change_bss, SET_BSS);
1432 		CMD(auth, AUTHENTICATE);
1433 		CMD(assoc, ASSOCIATE);
1434 		CMD(deauth, DEAUTHENTICATE);
1435 		CMD(disassoc, DISASSOCIATE);
1436 		CMD(join_ibss, JOIN_IBSS);
1437 		CMD(join_mesh, JOIN_MESH);
1438 		CMD(set_pmksa, SET_PMKSA);
1439 		CMD(del_pmksa, DEL_PMKSA);
1440 		CMD(flush_pmksa, FLUSH_PMKSA);
1441 		if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1442 			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1443 		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1444 		CMD(mgmt_tx, FRAME);
1445 		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1446 		if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1447 			i++;
1448 			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1449 				goto nla_put_failure;
1450 		}
1451 		if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
1452 		    dev->ops->join_mesh) {
1453 			i++;
1454 			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1455 				goto nla_put_failure;
1456 		}
1457 		CMD(set_wds_peer, SET_WDS_PEER);
1458 		if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1459 			CMD(tdls_mgmt, TDLS_MGMT);
1460 			CMD(tdls_oper, TDLS_OPER);
1461 		}
1462 		if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1463 			CMD(sched_scan_start, START_SCHED_SCAN);
1464 		CMD(probe_client, PROBE_CLIENT);
1465 		CMD(set_noack_map, SET_NOACK_MAP);
1466 		if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1467 			i++;
1468 			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1469 				goto nla_put_failure;
1470 		}
1471 		CMD(start_p2p_device, START_P2P_DEVICE);
1472 		CMD(set_mcast_rate, SET_MCAST_RATE);
1473 		if (state->split) {
1474 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1475 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1476 			if (dev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1477 				CMD(channel_switch, CHANNEL_SWITCH);
1478 		}
1479 		CMD(set_qos_map, SET_QOS_MAP);
1480 
1481 #ifdef CONFIG_NL80211_TESTMODE
1482 		CMD(testmode_cmd, TESTMODE);
1483 #endif
1484 
1485 #undef CMD
1486 
1487 		if (dev->ops->connect || dev->ops->auth) {
1488 			i++;
1489 			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1490 				goto nla_put_failure;
1491 		}
1492 
1493 		if (dev->ops->disconnect || dev->ops->deauth) {
1494 			i++;
1495 			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1496 				goto nla_put_failure;
1497 		}
1498 
1499 		nla_nest_end(msg, nl_cmds);
1500 		state->split_start++;
1501 		if (state->split)
1502 			break;
1503 	case 5:
1504 		if (dev->ops->remain_on_channel &&
1505 		    (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1506 		    nla_put_u32(msg,
1507 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1508 				dev->wiphy.max_remain_on_channel_duration))
1509 			goto nla_put_failure;
1510 
1511 		if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1512 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1513 			goto nla_put_failure;
1514 
1515 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1516 			goto nla_put_failure;
1517 		state->split_start++;
1518 		if (state->split)
1519 			break;
1520 	case 6:
1521 #ifdef CONFIG_PM
1522 		if (nl80211_send_wowlan(msg, dev, state->split))
1523 			goto nla_put_failure;
1524 		state->split_start++;
1525 		if (state->split)
1526 			break;
1527 #else
1528 		state->split_start++;
1529 #endif
1530 	case 7:
1531 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1532 					dev->wiphy.software_iftypes))
1533 			goto nla_put_failure;
1534 
1535 		if (nl80211_put_iface_combinations(&dev->wiphy, msg,
1536 						   state->split))
1537 			goto nla_put_failure;
1538 
1539 		state->split_start++;
1540 		if (state->split)
1541 			break;
1542 	case 8:
1543 		if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1544 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1545 				dev->wiphy.ap_sme_capa))
1546 			goto nla_put_failure;
1547 
1548 		features = dev->wiphy.features;
1549 		/*
1550 		 * We can only add the per-channel limit information if the
1551 		 * dump is split, otherwise it makes it too big. Therefore
1552 		 * only advertise it in that case.
1553 		 */
1554 		if (state->split)
1555 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1556 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1557 			goto nla_put_failure;
1558 
1559 		if (dev->wiphy.ht_capa_mod_mask &&
1560 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1561 			    sizeof(*dev->wiphy.ht_capa_mod_mask),
1562 			    dev->wiphy.ht_capa_mod_mask))
1563 			goto nla_put_failure;
1564 
1565 		if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1566 		    dev->wiphy.max_acl_mac_addrs &&
1567 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1568 				dev->wiphy.max_acl_mac_addrs))
1569 			goto nla_put_failure;
1570 
1571 		/*
1572 		 * Any information below this point is only available to
1573 		 * applications that can deal with it being split. This
1574 		 * helps ensure that newly added capabilities don't break
1575 		 * older tools by overrunning their buffers.
1576 		 *
1577 		 * We still increment split_start so that in the split
1578 		 * case we'll continue with more data in the next round,
1579 		 * but break unconditionally so unsplit data stops here.
1580 		 */
1581 		state->split_start++;
1582 		break;
1583 	case 9:
1584 		if (dev->wiphy.extended_capabilities &&
1585 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1586 			     dev->wiphy.extended_capabilities_len,
1587 			     dev->wiphy.extended_capabilities) ||
1588 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1589 			     dev->wiphy.extended_capabilities_len,
1590 			     dev->wiphy.extended_capabilities_mask)))
1591 			goto nla_put_failure;
1592 
1593 		if (dev->wiphy.vht_capa_mod_mask &&
1594 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1595 			    sizeof(*dev->wiphy.vht_capa_mod_mask),
1596 			    dev->wiphy.vht_capa_mod_mask))
1597 			goto nla_put_failure;
1598 
1599 		state->split_start++;
1600 		break;
1601 	case 10:
1602 		if (nl80211_send_coalesce(msg, dev))
1603 			goto nla_put_failure;
1604 
1605 		if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1606 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1607 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1608 			goto nla_put_failure;
1609 
1610 		if (dev->wiphy.max_ap_assoc_sta &&
1611 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1612 				dev->wiphy.max_ap_assoc_sta))
1613 			goto nla_put_failure;
1614 
1615 		state->split_start++;
1616 		break;
1617 	case 11:
1618 		if (dev->wiphy.n_vendor_commands) {
1619 			const struct nl80211_vendor_cmd_info *info;
1620 			struct nlattr *nested;
1621 
1622 			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1623 			if (!nested)
1624 				goto nla_put_failure;
1625 
1626 			for (i = 0; i < dev->wiphy.n_vendor_commands; i++) {
1627 				info = &dev->wiphy.vendor_commands[i].info;
1628 				if (nla_put(msg, i + 1, sizeof(*info), info))
1629 					goto nla_put_failure;
1630 			}
1631 			nla_nest_end(msg, nested);
1632 		}
1633 
1634 		if (dev->wiphy.n_vendor_events) {
1635 			const struct nl80211_vendor_cmd_info *info;
1636 			struct nlattr *nested;
1637 
1638 			nested = nla_nest_start(msg,
1639 						NL80211_ATTR_VENDOR_EVENTS);
1640 			if (!nested)
1641 				goto nla_put_failure;
1642 
1643 			for (i = 0; i < dev->wiphy.n_vendor_events; i++) {
1644 				info = &dev->wiphy.vendor_events[i];
1645 				if (nla_put(msg, i + 1, sizeof(*info), info))
1646 					goto nla_put_failure;
1647 			}
1648 			nla_nest_end(msg, nested);
1649 		}
1650 
1651 		/* done */
1652 		state->split_start = 0;
1653 		break;
1654 	}
1655 	return genlmsg_end(msg, hdr);
1656 
1657  nla_put_failure:
1658 	genlmsg_cancel(msg, hdr);
1659 	return -EMSGSIZE;
1660 }
1661 
1662 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1663 				    struct netlink_callback *cb,
1664 				    struct nl80211_dump_wiphy_state *state)
1665 {
1666 	struct nlattr **tb = nl80211_fam.attrbuf;
1667 	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1668 			      tb, nl80211_fam.maxattr, nl80211_policy);
1669 	/* ignore parse errors for backward compatibility */
1670 	if (ret)
1671 		return 0;
1672 
1673 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1674 	if (tb[NL80211_ATTR_WIPHY])
1675 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1676 	if (tb[NL80211_ATTR_WDEV])
1677 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1678 	if (tb[NL80211_ATTR_IFINDEX]) {
1679 		struct net_device *netdev;
1680 		struct cfg80211_registered_device *rdev;
1681 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1682 
1683 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1684 		if (!netdev)
1685 			return -ENODEV;
1686 		if (netdev->ieee80211_ptr) {
1687 			rdev = wiphy_to_dev(
1688 				netdev->ieee80211_ptr->wiphy);
1689 			state->filter_wiphy = rdev->wiphy_idx;
1690 		}
1691 	}
1692 
1693 	return 0;
1694 }
1695 
1696 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1697 {
1698 	int idx = 0, ret;
1699 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1700 	struct cfg80211_registered_device *dev;
1701 
1702 	rtnl_lock();
1703 	if (!state) {
1704 		state = kzalloc(sizeof(*state), GFP_KERNEL);
1705 		if (!state) {
1706 			rtnl_unlock();
1707 			return -ENOMEM;
1708 		}
1709 		state->filter_wiphy = -1;
1710 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1711 		if (ret) {
1712 			kfree(state);
1713 			rtnl_unlock();
1714 			return ret;
1715 		}
1716 		cb->args[0] = (long)state;
1717 	}
1718 
1719 	list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1720 		if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1721 			continue;
1722 		if (++idx <= state->start)
1723 			continue;
1724 		if (state->filter_wiphy != -1 &&
1725 		    state->filter_wiphy != dev->wiphy_idx)
1726 			continue;
1727 		/* attempt to fit multiple wiphy data chunks into the skb */
1728 		do {
1729 			ret = nl80211_send_wiphy(dev, skb,
1730 						 NETLINK_CB(cb->skb).portid,
1731 						 cb->nlh->nlmsg_seq,
1732 						 NLM_F_MULTI, state);
1733 			if (ret < 0) {
1734 				/*
1735 				 * If sending the wiphy data didn't fit (ENOBUFS
1736 				 * or EMSGSIZE returned), this SKB is still
1737 				 * empty (so it's not too big because another
1738 				 * wiphy dataset is already in the skb) and
1739 				 * we've not tried to adjust the dump allocation
1740 				 * yet ... then adjust the alloc size to be
1741 				 * bigger, and return 1 but with the empty skb.
1742 				 * This results in an empty message being RX'ed
1743 				 * in userspace, but that is ignored.
1744 				 *
1745 				 * We can then retry with the larger buffer.
1746 				 */
1747 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1748 				    !skb->len && !state->split &&
1749 				    cb->min_dump_alloc < 4096) {
1750 					cb->min_dump_alloc = 4096;
1751 					state->split_start = 0;
1752 					rtnl_unlock();
1753 					return 1;
1754 				}
1755 				idx--;
1756 				break;
1757 			}
1758 		} while (state->split_start > 0);
1759 		break;
1760 	}
1761 	rtnl_unlock();
1762 
1763 	state->start = idx;
1764 
1765 	return skb->len;
1766 }
1767 
1768 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1769 {
1770 	kfree((void *)cb->args[0]);
1771 	return 0;
1772 }
1773 
1774 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1775 {
1776 	struct sk_buff *msg;
1777 	struct cfg80211_registered_device *dev = info->user_ptr[0];
1778 	struct nl80211_dump_wiphy_state state = {};
1779 
1780 	msg = nlmsg_new(4096, GFP_KERNEL);
1781 	if (!msg)
1782 		return -ENOMEM;
1783 
1784 	if (nl80211_send_wiphy(dev, msg, info->snd_portid, info->snd_seq, 0,
1785 			       &state) < 0) {
1786 		nlmsg_free(msg);
1787 		return -ENOBUFS;
1788 	}
1789 
1790 	return genlmsg_reply(msg, info);
1791 }
1792 
1793 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1794 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1795 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1796 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1797 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1798 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1799 };
1800 
1801 static int parse_txq_params(struct nlattr *tb[],
1802 			    struct ieee80211_txq_params *txq_params)
1803 {
1804 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1805 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1806 	    !tb[NL80211_TXQ_ATTR_AIFS])
1807 		return -EINVAL;
1808 
1809 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1810 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1811 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1812 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1813 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1814 
1815 	if (txq_params->ac >= NL80211_NUM_ACS)
1816 		return -EINVAL;
1817 
1818 	return 0;
1819 }
1820 
1821 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1822 {
1823 	/*
1824 	 * You can only set the channel explicitly for WDS interfaces,
1825 	 * all others have their channel managed via their respective
1826 	 * "establish a connection" command (connect, join, ...)
1827 	 *
1828 	 * For AP/GO and mesh mode, the channel can be set with the
1829 	 * channel userspace API, but is only stored and passed to the
1830 	 * low-level driver when the AP starts or the mesh is joined.
1831 	 * This is for backward compatibility, userspace can also give
1832 	 * the channel in the start-ap or join-mesh commands instead.
1833 	 *
1834 	 * Monitors are special as they are normally slaved to
1835 	 * whatever else is going on, so they have their own special
1836 	 * operation to set the monitor channel if possible.
1837 	 */
1838 	return !wdev ||
1839 		wdev->iftype == NL80211_IFTYPE_AP ||
1840 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1841 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1842 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1843 }
1844 
1845 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1846 				 struct genl_info *info,
1847 				 struct cfg80211_chan_def *chandef)
1848 {
1849 	u32 control_freq;
1850 
1851 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1852 		return -EINVAL;
1853 
1854 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1855 
1856 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1857 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1858 	chandef->center_freq1 = control_freq;
1859 	chandef->center_freq2 = 0;
1860 
1861 	/* Primary channel not allowed */
1862 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1863 		return -EINVAL;
1864 
1865 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1866 		enum nl80211_channel_type chantype;
1867 
1868 		chantype = nla_get_u32(
1869 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1870 
1871 		switch (chantype) {
1872 		case NL80211_CHAN_NO_HT:
1873 		case NL80211_CHAN_HT20:
1874 		case NL80211_CHAN_HT40PLUS:
1875 		case NL80211_CHAN_HT40MINUS:
1876 			cfg80211_chandef_create(chandef, chandef->chan,
1877 						chantype);
1878 			break;
1879 		default:
1880 			return -EINVAL;
1881 		}
1882 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1883 		chandef->width =
1884 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1885 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1886 			chandef->center_freq1 =
1887 				nla_get_u32(
1888 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1889 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1890 			chandef->center_freq2 =
1891 				nla_get_u32(
1892 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1893 	}
1894 
1895 	if (!cfg80211_chandef_valid(chandef))
1896 		return -EINVAL;
1897 
1898 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1899 				     IEEE80211_CHAN_DISABLED))
1900 		return -EINVAL;
1901 
1902 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1903 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
1904 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1905 		return -EINVAL;
1906 
1907 	return 0;
1908 }
1909 
1910 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1911 				 struct wireless_dev *wdev,
1912 				 struct genl_info *info)
1913 {
1914 	struct cfg80211_chan_def chandef;
1915 	int result;
1916 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1917 
1918 	if (wdev)
1919 		iftype = wdev->iftype;
1920 
1921 	if (!nl80211_can_set_dev_channel(wdev))
1922 		return -EOPNOTSUPP;
1923 
1924 	result = nl80211_parse_chandef(rdev, info, &chandef);
1925 	if (result)
1926 		return result;
1927 
1928 	switch (iftype) {
1929 	case NL80211_IFTYPE_AP:
1930 	case NL80211_IFTYPE_P2P_GO:
1931 		if (wdev->beacon_interval) {
1932 			result = -EBUSY;
1933 			break;
1934 		}
1935 		if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef)) {
1936 			result = -EINVAL;
1937 			break;
1938 		}
1939 		wdev->preset_chandef = chandef;
1940 		result = 0;
1941 		break;
1942 	case NL80211_IFTYPE_MESH_POINT:
1943 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1944 		break;
1945 	case NL80211_IFTYPE_MONITOR:
1946 		result = cfg80211_set_monitor_channel(rdev, &chandef);
1947 		break;
1948 	default:
1949 		result = -EINVAL;
1950 	}
1951 
1952 	return result;
1953 }
1954 
1955 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1956 {
1957 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1958 	struct net_device *netdev = info->user_ptr[1];
1959 
1960 	return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1961 }
1962 
1963 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1964 {
1965 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1966 	struct net_device *dev = info->user_ptr[1];
1967 	struct wireless_dev *wdev = dev->ieee80211_ptr;
1968 	const u8 *bssid;
1969 
1970 	if (!info->attrs[NL80211_ATTR_MAC])
1971 		return -EINVAL;
1972 
1973 	if (netif_running(dev))
1974 		return -EBUSY;
1975 
1976 	if (!rdev->ops->set_wds_peer)
1977 		return -EOPNOTSUPP;
1978 
1979 	if (wdev->iftype != NL80211_IFTYPE_WDS)
1980 		return -EOPNOTSUPP;
1981 
1982 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1983 	return rdev_set_wds_peer(rdev, dev, bssid);
1984 }
1985 
1986 
1987 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1988 {
1989 	struct cfg80211_registered_device *rdev;
1990 	struct net_device *netdev = NULL;
1991 	struct wireless_dev *wdev;
1992 	int result = 0, rem_txq_params = 0;
1993 	struct nlattr *nl_txq_params;
1994 	u32 changed;
1995 	u8 retry_short = 0, retry_long = 0;
1996 	u32 frag_threshold = 0, rts_threshold = 0;
1997 	u8 coverage_class = 0;
1998 
1999 	ASSERT_RTNL();
2000 
2001 	/*
2002 	 * Try to find the wiphy and netdev. Normally this
2003 	 * function shouldn't need the netdev, but this is
2004 	 * done for backward compatibility -- previously
2005 	 * setting the channel was done per wiphy, but now
2006 	 * it is per netdev. Previous userland like hostapd
2007 	 * also passed a netdev to set_wiphy, so that it is
2008 	 * possible to let that go to the right netdev!
2009 	 */
2010 
2011 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2012 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2013 
2014 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2015 		if (netdev && netdev->ieee80211_ptr)
2016 			rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
2017 		else
2018 			netdev = NULL;
2019 	}
2020 
2021 	if (!netdev) {
2022 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2023 						  info->attrs);
2024 		if (IS_ERR(rdev))
2025 			return PTR_ERR(rdev);
2026 		wdev = NULL;
2027 		netdev = NULL;
2028 		result = 0;
2029 	} else
2030 		wdev = netdev->ieee80211_ptr;
2031 
2032 	/*
2033 	 * end workaround code, by now the rdev is available
2034 	 * and locked, and wdev may or may not be NULL.
2035 	 */
2036 
2037 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2038 		result = cfg80211_dev_rename(
2039 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2040 
2041 	if (result)
2042 		return result;
2043 
2044 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2045 		struct ieee80211_txq_params txq_params;
2046 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2047 
2048 		if (!rdev->ops->set_txq_params)
2049 			return -EOPNOTSUPP;
2050 
2051 		if (!netdev)
2052 			return -EINVAL;
2053 
2054 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2055 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2056 			return -EINVAL;
2057 
2058 		if (!netif_running(netdev))
2059 			return -ENETDOWN;
2060 
2061 		nla_for_each_nested(nl_txq_params,
2062 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2063 				    rem_txq_params) {
2064 			result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2065 					   nla_data(nl_txq_params),
2066 					   nla_len(nl_txq_params),
2067 					   txq_params_policy);
2068 			if (result)
2069 				return result;
2070 			result = parse_txq_params(tb, &txq_params);
2071 			if (result)
2072 				return result;
2073 
2074 			result = rdev_set_txq_params(rdev, netdev,
2075 						     &txq_params);
2076 			if (result)
2077 				return result;
2078 		}
2079 	}
2080 
2081 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2082 		result = __nl80211_set_channel(rdev,
2083 				nl80211_can_set_dev_channel(wdev) ? wdev : NULL,
2084 				info);
2085 		if (result)
2086 			return result;
2087 	}
2088 
2089 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2090 		struct wireless_dev *txp_wdev = wdev;
2091 		enum nl80211_tx_power_setting type;
2092 		int idx, mbm = 0;
2093 
2094 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2095 			txp_wdev = NULL;
2096 
2097 		if (!rdev->ops->set_tx_power)
2098 			return -EOPNOTSUPP;
2099 
2100 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2101 		type = nla_get_u32(info->attrs[idx]);
2102 
2103 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2104 		    (type != NL80211_TX_POWER_AUTOMATIC))
2105 			return -EINVAL;
2106 
2107 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2108 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2109 			mbm = nla_get_u32(info->attrs[idx]);
2110 		}
2111 
2112 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2113 		if (result)
2114 			return result;
2115 	}
2116 
2117 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2118 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2119 		u32 tx_ant, rx_ant;
2120 		if ((!rdev->wiphy.available_antennas_tx &&
2121 		     !rdev->wiphy.available_antennas_rx) ||
2122 		    !rdev->ops->set_antenna)
2123 			return -EOPNOTSUPP;
2124 
2125 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2126 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2127 
2128 		/* reject antenna configurations which don't match the
2129 		 * available antenna masks, except for the "all" mask */
2130 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2131 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2132 			return -EINVAL;
2133 
2134 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2135 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2136 
2137 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2138 		if (result)
2139 			return result;
2140 	}
2141 
2142 	changed = 0;
2143 
2144 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2145 		retry_short = nla_get_u8(
2146 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2147 		if (retry_short == 0)
2148 			return -EINVAL;
2149 
2150 		changed |= WIPHY_PARAM_RETRY_SHORT;
2151 	}
2152 
2153 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2154 		retry_long = nla_get_u8(
2155 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2156 		if (retry_long == 0)
2157 			return -EINVAL;
2158 
2159 		changed |= WIPHY_PARAM_RETRY_LONG;
2160 	}
2161 
2162 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2163 		frag_threshold = nla_get_u32(
2164 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2165 		if (frag_threshold < 256)
2166 			return -EINVAL;
2167 
2168 		if (frag_threshold != (u32) -1) {
2169 			/*
2170 			 * Fragments (apart from the last one) are required to
2171 			 * have even length. Make the fragmentation code
2172 			 * simpler by stripping LSB should someone try to use
2173 			 * odd threshold value.
2174 			 */
2175 			frag_threshold &= ~0x1;
2176 		}
2177 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2178 	}
2179 
2180 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2181 		rts_threshold = nla_get_u32(
2182 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2183 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2184 	}
2185 
2186 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2187 		coverage_class = nla_get_u8(
2188 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2189 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2190 	}
2191 
2192 	if (changed) {
2193 		u8 old_retry_short, old_retry_long;
2194 		u32 old_frag_threshold, old_rts_threshold;
2195 		u8 old_coverage_class;
2196 
2197 		if (!rdev->ops->set_wiphy_params)
2198 			return -EOPNOTSUPP;
2199 
2200 		old_retry_short = rdev->wiphy.retry_short;
2201 		old_retry_long = rdev->wiphy.retry_long;
2202 		old_frag_threshold = rdev->wiphy.frag_threshold;
2203 		old_rts_threshold = rdev->wiphy.rts_threshold;
2204 		old_coverage_class = rdev->wiphy.coverage_class;
2205 
2206 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2207 			rdev->wiphy.retry_short = retry_short;
2208 		if (changed & WIPHY_PARAM_RETRY_LONG)
2209 			rdev->wiphy.retry_long = retry_long;
2210 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2211 			rdev->wiphy.frag_threshold = frag_threshold;
2212 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2213 			rdev->wiphy.rts_threshold = rts_threshold;
2214 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2215 			rdev->wiphy.coverage_class = coverage_class;
2216 
2217 		result = rdev_set_wiphy_params(rdev, changed);
2218 		if (result) {
2219 			rdev->wiphy.retry_short = old_retry_short;
2220 			rdev->wiphy.retry_long = old_retry_long;
2221 			rdev->wiphy.frag_threshold = old_frag_threshold;
2222 			rdev->wiphy.rts_threshold = old_rts_threshold;
2223 			rdev->wiphy.coverage_class = old_coverage_class;
2224 		}
2225 	}
2226 	return 0;
2227 }
2228 
2229 static inline u64 wdev_id(struct wireless_dev *wdev)
2230 {
2231 	return (u64)wdev->identifier |
2232 	       ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
2233 }
2234 
2235 static int nl80211_send_chandef(struct sk_buff *msg,
2236 				const struct cfg80211_chan_def *chandef)
2237 {
2238 	WARN_ON(!cfg80211_chandef_valid(chandef));
2239 
2240 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2241 			chandef->chan->center_freq))
2242 		return -ENOBUFS;
2243 	switch (chandef->width) {
2244 	case NL80211_CHAN_WIDTH_20_NOHT:
2245 	case NL80211_CHAN_WIDTH_20:
2246 	case NL80211_CHAN_WIDTH_40:
2247 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2248 				cfg80211_get_chandef_type(chandef)))
2249 			return -ENOBUFS;
2250 		break;
2251 	default:
2252 		break;
2253 	}
2254 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2255 		return -ENOBUFS;
2256 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2257 		return -ENOBUFS;
2258 	if (chandef->center_freq2 &&
2259 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2260 		return -ENOBUFS;
2261 	return 0;
2262 }
2263 
2264 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2265 			      struct cfg80211_registered_device *rdev,
2266 			      struct wireless_dev *wdev)
2267 {
2268 	struct net_device *dev = wdev->netdev;
2269 	void *hdr;
2270 
2271 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2272 	if (!hdr)
2273 		return -1;
2274 
2275 	if (dev &&
2276 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2277 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2278 		goto nla_put_failure;
2279 
2280 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2281 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2282 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2283 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2284 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2285 			rdev->devlist_generation ^
2286 			(cfg80211_rdev_list_generation << 2)))
2287 		goto nla_put_failure;
2288 
2289 	if (rdev->ops->get_channel) {
2290 		int ret;
2291 		struct cfg80211_chan_def chandef;
2292 
2293 		ret = rdev_get_channel(rdev, wdev, &chandef);
2294 		if (ret == 0) {
2295 			if (nl80211_send_chandef(msg, &chandef))
2296 				goto nla_put_failure;
2297 		}
2298 	}
2299 
2300 	if (wdev->ssid_len) {
2301 		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2302 			goto nla_put_failure;
2303 	}
2304 
2305 	return genlmsg_end(msg, hdr);
2306 
2307  nla_put_failure:
2308 	genlmsg_cancel(msg, hdr);
2309 	return -EMSGSIZE;
2310 }
2311 
2312 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2313 {
2314 	int wp_idx = 0;
2315 	int if_idx = 0;
2316 	int wp_start = cb->args[0];
2317 	int if_start = cb->args[1];
2318 	struct cfg80211_registered_device *rdev;
2319 	struct wireless_dev *wdev;
2320 
2321 	rtnl_lock();
2322 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2323 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2324 			continue;
2325 		if (wp_idx < wp_start) {
2326 			wp_idx++;
2327 			continue;
2328 		}
2329 		if_idx = 0;
2330 
2331 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
2332 			if (if_idx < if_start) {
2333 				if_idx++;
2334 				continue;
2335 			}
2336 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2337 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2338 					       rdev, wdev) < 0) {
2339 				goto out;
2340 			}
2341 			if_idx++;
2342 		}
2343 
2344 		wp_idx++;
2345 	}
2346  out:
2347 	rtnl_unlock();
2348 
2349 	cb->args[0] = wp_idx;
2350 	cb->args[1] = if_idx;
2351 
2352 	return skb->len;
2353 }
2354 
2355 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2356 {
2357 	struct sk_buff *msg;
2358 	struct cfg80211_registered_device *dev = info->user_ptr[0];
2359 	struct wireless_dev *wdev = info->user_ptr[1];
2360 
2361 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2362 	if (!msg)
2363 		return -ENOMEM;
2364 
2365 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2366 			       dev, wdev) < 0) {
2367 		nlmsg_free(msg);
2368 		return -ENOBUFS;
2369 	}
2370 
2371 	return genlmsg_reply(msg, info);
2372 }
2373 
2374 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2375 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2376 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2377 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2378 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2379 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2380 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2381 };
2382 
2383 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2384 {
2385 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2386 	int flag;
2387 
2388 	*mntrflags = 0;
2389 
2390 	if (!nla)
2391 		return -EINVAL;
2392 
2393 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2394 			     nla, mntr_flags_policy))
2395 		return -EINVAL;
2396 
2397 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2398 		if (flags[flag])
2399 			*mntrflags |= (1<<flag);
2400 
2401 	return 0;
2402 }
2403 
2404 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2405 			       struct net_device *netdev, u8 use_4addr,
2406 			       enum nl80211_iftype iftype)
2407 {
2408 	if (!use_4addr) {
2409 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2410 			return -EBUSY;
2411 		return 0;
2412 	}
2413 
2414 	switch (iftype) {
2415 	case NL80211_IFTYPE_AP_VLAN:
2416 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2417 			return 0;
2418 		break;
2419 	case NL80211_IFTYPE_STATION:
2420 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2421 			return 0;
2422 		break;
2423 	default:
2424 		break;
2425 	}
2426 
2427 	return -EOPNOTSUPP;
2428 }
2429 
2430 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2431 {
2432 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2433 	struct vif_params params;
2434 	int err;
2435 	enum nl80211_iftype otype, ntype;
2436 	struct net_device *dev = info->user_ptr[1];
2437 	u32 _flags, *flags = NULL;
2438 	bool change = false;
2439 
2440 	memset(&params, 0, sizeof(params));
2441 
2442 	otype = ntype = dev->ieee80211_ptr->iftype;
2443 
2444 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2445 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2446 		if (otype != ntype)
2447 			change = true;
2448 		if (ntype > NL80211_IFTYPE_MAX)
2449 			return -EINVAL;
2450 	}
2451 
2452 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2453 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2454 
2455 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2456 			return -EINVAL;
2457 		if (netif_running(dev))
2458 			return -EBUSY;
2459 
2460 		wdev_lock(wdev);
2461 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2462 			     IEEE80211_MAX_MESH_ID_LEN);
2463 		wdev->mesh_id_up_len =
2464 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2465 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2466 		       wdev->mesh_id_up_len);
2467 		wdev_unlock(wdev);
2468 	}
2469 
2470 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2471 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2472 		change = true;
2473 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2474 		if (err)
2475 			return err;
2476 	} else {
2477 		params.use_4addr = -1;
2478 	}
2479 
2480 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2481 		if (ntype != NL80211_IFTYPE_MONITOR)
2482 			return -EINVAL;
2483 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2484 					  &_flags);
2485 		if (err)
2486 			return err;
2487 
2488 		flags = &_flags;
2489 		change = true;
2490 	}
2491 
2492 	if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2493 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2494 		return -EOPNOTSUPP;
2495 
2496 	if (change)
2497 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2498 	else
2499 		err = 0;
2500 
2501 	if (!err && params.use_4addr != -1)
2502 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2503 
2504 	return err;
2505 }
2506 
2507 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2508 {
2509 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2510 	struct vif_params params;
2511 	struct wireless_dev *wdev;
2512 	struct sk_buff *msg;
2513 	int err;
2514 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2515 	u32 flags;
2516 
2517 	memset(&params, 0, sizeof(params));
2518 
2519 	if (!info->attrs[NL80211_ATTR_IFNAME])
2520 		return -EINVAL;
2521 
2522 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2523 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2524 		if (type > NL80211_IFTYPE_MAX)
2525 			return -EINVAL;
2526 	}
2527 
2528 	if (!rdev->ops->add_virtual_intf ||
2529 	    !(rdev->wiphy.interface_modes & (1 << type)))
2530 		return -EOPNOTSUPP;
2531 
2532 	if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2533 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2534 			   ETH_ALEN);
2535 		if (!is_valid_ether_addr(params.macaddr))
2536 			return -EADDRNOTAVAIL;
2537 	}
2538 
2539 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2540 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2541 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2542 		if (err)
2543 			return err;
2544 	}
2545 
2546 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2547 	if (!msg)
2548 		return -ENOMEM;
2549 
2550 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2551 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2552 				  &flags);
2553 
2554 	if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2555 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2556 		return -EOPNOTSUPP;
2557 
2558 	wdev = rdev_add_virtual_intf(rdev,
2559 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2560 				type, err ? NULL : &flags, &params);
2561 	if (IS_ERR(wdev)) {
2562 		nlmsg_free(msg);
2563 		return PTR_ERR(wdev);
2564 	}
2565 
2566 	switch (type) {
2567 	case NL80211_IFTYPE_MESH_POINT:
2568 		if (!info->attrs[NL80211_ATTR_MESH_ID])
2569 			break;
2570 		wdev_lock(wdev);
2571 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2572 			     IEEE80211_MAX_MESH_ID_LEN);
2573 		wdev->mesh_id_up_len =
2574 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2575 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2576 		       wdev->mesh_id_up_len);
2577 		wdev_unlock(wdev);
2578 		break;
2579 	case NL80211_IFTYPE_P2P_DEVICE:
2580 		/*
2581 		 * P2P Device doesn't have a netdev, so doesn't go
2582 		 * through the netdev notifier and must be added here
2583 		 */
2584 		mutex_init(&wdev->mtx);
2585 		INIT_LIST_HEAD(&wdev->event_list);
2586 		spin_lock_init(&wdev->event_lock);
2587 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2588 		spin_lock_init(&wdev->mgmt_registrations_lock);
2589 
2590 		wdev->identifier = ++rdev->wdev_id;
2591 		list_add_rcu(&wdev->list, &rdev->wdev_list);
2592 		rdev->devlist_generation++;
2593 		break;
2594 	default:
2595 		break;
2596 	}
2597 
2598 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2599 			       rdev, wdev) < 0) {
2600 		nlmsg_free(msg);
2601 		return -ENOBUFS;
2602 	}
2603 
2604 	return genlmsg_reply(msg, info);
2605 }
2606 
2607 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2608 {
2609 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2610 	struct wireless_dev *wdev = info->user_ptr[1];
2611 
2612 	if (!rdev->ops->del_virtual_intf)
2613 		return -EOPNOTSUPP;
2614 
2615 	/*
2616 	 * If we remove a wireless device without a netdev then clear
2617 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2618 	 * to check if it needs to do dev_put(). Otherwise it crashes
2619 	 * since the wdev has been freed, unlike with a netdev where
2620 	 * we need the dev_put() for the netdev to really be freed.
2621 	 */
2622 	if (!wdev->netdev)
2623 		info->user_ptr[1] = NULL;
2624 
2625 	return rdev_del_virtual_intf(rdev, wdev);
2626 }
2627 
2628 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2629 {
2630 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2631 	struct net_device *dev = info->user_ptr[1];
2632 	u16 noack_map;
2633 
2634 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2635 		return -EINVAL;
2636 
2637 	if (!rdev->ops->set_noack_map)
2638 		return -EOPNOTSUPP;
2639 
2640 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2641 
2642 	return rdev_set_noack_map(rdev, dev, noack_map);
2643 }
2644 
2645 struct get_key_cookie {
2646 	struct sk_buff *msg;
2647 	int error;
2648 	int idx;
2649 };
2650 
2651 static void get_key_callback(void *c, struct key_params *params)
2652 {
2653 	struct nlattr *key;
2654 	struct get_key_cookie *cookie = c;
2655 
2656 	if ((params->key &&
2657 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2658 		     params->key_len, params->key)) ||
2659 	    (params->seq &&
2660 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2661 		     params->seq_len, params->seq)) ||
2662 	    (params->cipher &&
2663 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2664 			 params->cipher)))
2665 		goto nla_put_failure;
2666 
2667 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2668 	if (!key)
2669 		goto nla_put_failure;
2670 
2671 	if ((params->key &&
2672 	     nla_put(cookie->msg, NL80211_KEY_DATA,
2673 		     params->key_len, params->key)) ||
2674 	    (params->seq &&
2675 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2676 		     params->seq_len, params->seq)) ||
2677 	    (params->cipher &&
2678 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2679 			 params->cipher)))
2680 		goto nla_put_failure;
2681 
2682 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2683 		goto nla_put_failure;
2684 
2685 	nla_nest_end(cookie->msg, key);
2686 
2687 	return;
2688  nla_put_failure:
2689 	cookie->error = 1;
2690 }
2691 
2692 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2693 {
2694 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2695 	int err;
2696 	struct net_device *dev = info->user_ptr[1];
2697 	u8 key_idx = 0;
2698 	const u8 *mac_addr = NULL;
2699 	bool pairwise;
2700 	struct get_key_cookie cookie = {
2701 		.error = 0,
2702 	};
2703 	void *hdr;
2704 	struct sk_buff *msg;
2705 
2706 	if (info->attrs[NL80211_ATTR_KEY_IDX])
2707 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2708 
2709 	if (key_idx > 5)
2710 		return -EINVAL;
2711 
2712 	if (info->attrs[NL80211_ATTR_MAC])
2713 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2714 
2715 	pairwise = !!mac_addr;
2716 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2717 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2718 		if (kt >= NUM_NL80211_KEYTYPES)
2719 			return -EINVAL;
2720 		if (kt != NL80211_KEYTYPE_GROUP &&
2721 		    kt != NL80211_KEYTYPE_PAIRWISE)
2722 			return -EINVAL;
2723 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2724 	}
2725 
2726 	if (!rdev->ops->get_key)
2727 		return -EOPNOTSUPP;
2728 
2729 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2730 	if (!msg)
2731 		return -ENOMEM;
2732 
2733 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2734 			     NL80211_CMD_NEW_KEY);
2735 	if (!hdr)
2736 		goto nla_put_failure;
2737 
2738 	cookie.msg = msg;
2739 	cookie.idx = key_idx;
2740 
2741 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2742 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2743 		goto nla_put_failure;
2744 	if (mac_addr &&
2745 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2746 		goto nla_put_failure;
2747 
2748 	if (pairwise && mac_addr &&
2749 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2750 		return -ENOENT;
2751 
2752 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2753 			   get_key_callback);
2754 
2755 	if (err)
2756 		goto free_msg;
2757 
2758 	if (cookie.error)
2759 		goto nla_put_failure;
2760 
2761 	genlmsg_end(msg, hdr);
2762 	return genlmsg_reply(msg, info);
2763 
2764  nla_put_failure:
2765 	err = -ENOBUFS;
2766  free_msg:
2767 	nlmsg_free(msg);
2768 	return err;
2769 }
2770 
2771 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2772 {
2773 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2774 	struct key_parse key;
2775 	int err;
2776 	struct net_device *dev = info->user_ptr[1];
2777 
2778 	err = nl80211_parse_key(info, &key);
2779 	if (err)
2780 		return err;
2781 
2782 	if (key.idx < 0)
2783 		return -EINVAL;
2784 
2785 	/* only support setting default key */
2786 	if (!key.def && !key.defmgmt)
2787 		return -EINVAL;
2788 
2789 	wdev_lock(dev->ieee80211_ptr);
2790 
2791 	if (key.def) {
2792 		if (!rdev->ops->set_default_key) {
2793 			err = -EOPNOTSUPP;
2794 			goto out;
2795 		}
2796 
2797 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2798 		if (err)
2799 			goto out;
2800 
2801 		err = rdev_set_default_key(rdev, dev, key.idx,
2802 						 key.def_uni, key.def_multi);
2803 
2804 		if (err)
2805 			goto out;
2806 
2807 #ifdef CONFIG_CFG80211_WEXT
2808 		dev->ieee80211_ptr->wext.default_key = key.idx;
2809 #endif
2810 	} else {
2811 		if (key.def_uni || !key.def_multi) {
2812 			err = -EINVAL;
2813 			goto out;
2814 		}
2815 
2816 		if (!rdev->ops->set_default_mgmt_key) {
2817 			err = -EOPNOTSUPP;
2818 			goto out;
2819 		}
2820 
2821 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2822 		if (err)
2823 			goto out;
2824 
2825 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2826 		if (err)
2827 			goto out;
2828 
2829 #ifdef CONFIG_CFG80211_WEXT
2830 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2831 #endif
2832 	}
2833 
2834  out:
2835 	wdev_unlock(dev->ieee80211_ptr);
2836 
2837 	return err;
2838 }
2839 
2840 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2841 {
2842 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2843 	int err;
2844 	struct net_device *dev = info->user_ptr[1];
2845 	struct key_parse key;
2846 	const u8 *mac_addr = NULL;
2847 
2848 	err = nl80211_parse_key(info, &key);
2849 	if (err)
2850 		return err;
2851 
2852 	if (!key.p.key)
2853 		return -EINVAL;
2854 
2855 	if (info->attrs[NL80211_ATTR_MAC])
2856 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2857 
2858 	if (key.type == -1) {
2859 		if (mac_addr)
2860 			key.type = NL80211_KEYTYPE_PAIRWISE;
2861 		else
2862 			key.type = NL80211_KEYTYPE_GROUP;
2863 	}
2864 
2865 	/* for now */
2866 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2867 	    key.type != NL80211_KEYTYPE_GROUP)
2868 		return -EINVAL;
2869 
2870 	if (!rdev->ops->add_key)
2871 		return -EOPNOTSUPP;
2872 
2873 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2874 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2875 					   mac_addr))
2876 		return -EINVAL;
2877 
2878 	wdev_lock(dev->ieee80211_ptr);
2879 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2880 	if (!err)
2881 		err = rdev_add_key(rdev, dev, key.idx,
2882 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2883 				    mac_addr, &key.p);
2884 	wdev_unlock(dev->ieee80211_ptr);
2885 
2886 	return err;
2887 }
2888 
2889 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2890 {
2891 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2892 	int err;
2893 	struct net_device *dev = info->user_ptr[1];
2894 	u8 *mac_addr = NULL;
2895 	struct key_parse key;
2896 
2897 	err = nl80211_parse_key(info, &key);
2898 	if (err)
2899 		return err;
2900 
2901 	if (info->attrs[NL80211_ATTR_MAC])
2902 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2903 
2904 	if (key.type == -1) {
2905 		if (mac_addr)
2906 			key.type = NL80211_KEYTYPE_PAIRWISE;
2907 		else
2908 			key.type = NL80211_KEYTYPE_GROUP;
2909 	}
2910 
2911 	/* for now */
2912 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2913 	    key.type != NL80211_KEYTYPE_GROUP)
2914 		return -EINVAL;
2915 
2916 	if (!rdev->ops->del_key)
2917 		return -EOPNOTSUPP;
2918 
2919 	wdev_lock(dev->ieee80211_ptr);
2920 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2921 
2922 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2923 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2924 		err = -ENOENT;
2925 
2926 	if (!err)
2927 		err = rdev_del_key(rdev, dev, key.idx,
2928 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2929 				   mac_addr);
2930 
2931 #ifdef CONFIG_CFG80211_WEXT
2932 	if (!err) {
2933 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2934 			dev->ieee80211_ptr->wext.default_key = -1;
2935 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2936 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2937 	}
2938 #endif
2939 	wdev_unlock(dev->ieee80211_ptr);
2940 
2941 	return err;
2942 }
2943 
2944 /* This function returns an error or the number of nested attributes */
2945 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
2946 {
2947 	struct nlattr *attr;
2948 	int n_entries = 0, tmp;
2949 
2950 	nla_for_each_nested(attr, nl_attr, tmp) {
2951 		if (nla_len(attr) != ETH_ALEN)
2952 			return -EINVAL;
2953 
2954 		n_entries++;
2955 	}
2956 
2957 	return n_entries;
2958 }
2959 
2960 /*
2961  * This function parses ACL information and allocates memory for ACL data.
2962  * On successful return, the calling function is responsible to free the
2963  * ACL buffer returned by this function.
2964  */
2965 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
2966 						struct genl_info *info)
2967 {
2968 	enum nl80211_acl_policy acl_policy;
2969 	struct nlattr *attr;
2970 	struct cfg80211_acl_data *acl;
2971 	int i = 0, n_entries, tmp;
2972 
2973 	if (!wiphy->max_acl_mac_addrs)
2974 		return ERR_PTR(-EOPNOTSUPP);
2975 
2976 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
2977 		return ERR_PTR(-EINVAL);
2978 
2979 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
2980 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
2981 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
2982 		return ERR_PTR(-EINVAL);
2983 
2984 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
2985 		return ERR_PTR(-EINVAL);
2986 
2987 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
2988 	if (n_entries < 0)
2989 		return ERR_PTR(n_entries);
2990 
2991 	if (n_entries > wiphy->max_acl_mac_addrs)
2992 		return ERR_PTR(-ENOTSUPP);
2993 
2994 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
2995 		      GFP_KERNEL);
2996 	if (!acl)
2997 		return ERR_PTR(-ENOMEM);
2998 
2999 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3000 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3001 		i++;
3002 	}
3003 
3004 	acl->n_acl_entries = n_entries;
3005 	acl->acl_policy = acl_policy;
3006 
3007 	return acl;
3008 }
3009 
3010 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3011 {
3012 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3013 	struct net_device *dev = info->user_ptr[1];
3014 	struct cfg80211_acl_data *acl;
3015 	int err;
3016 
3017 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3018 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3019 		return -EOPNOTSUPP;
3020 
3021 	if (!dev->ieee80211_ptr->beacon_interval)
3022 		return -EINVAL;
3023 
3024 	acl = parse_acl_data(&rdev->wiphy, info);
3025 	if (IS_ERR(acl))
3026 		return PTR_ERR(acl);
3027 
3028 	err = rdev_set_mac_acl(rdev, dev, acl);
3029 
3030 	kfree(acl);
3031 
3032 	return err;
3033 }
3034 
3035 static int nl80211_parse_beacon(struct nlattr *attrs[],
3036 				struct cfg80211_beacon_data *bcn)
3037 {
3038 	bool haveinfo = false;
3039 
3040 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3041 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3042 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3043 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3044 		return -EINVAL;
3045 
3046 	memset(bcn, 0, sizeof(*bcn));
3047 
3048 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3049 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3050 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3051 		if (!bcn->head_len)
3052 			return -EINVAL;
3053 		haveinfo = true;
3054 	}
3055 
3056 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3057 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3058 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3059 		haveinfo = true;
3060 	}
3061 
3062 	if (!haveinfo)
3063 		return -EINVAL;
3064 
3065 	if (attrs[NL80211_ATTR_IE]) {
3066 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3067 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3068 	}
3069 
3070 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3071 		bcn->proberesp_ies =
3072 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3073 		bcn->proberesp_ies_len =
3074 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3075 	}
3076 
3077 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3078 		bcn->assocresp_ies =
3079 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3080 		bcn->assocresp_ies_len =
3081 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3082 	}
3083 
3084 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
3085 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3086 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3087 	}
3088 
3089 	return 0;
3090 }
3091 
3092 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3093 				   struct cfg80211_ap_settings *params)
3094 {
3095 	struct wireless_dev *wdev;
3096 	bool ret = false;
3097 
3098 	list_for_each_entry(wdev, &rdev->wdev_list, list) {
3099 		if (wdev->iftype != NL80211_IFTYPE_AP &&
3100 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
3101 			continue;
3102 
3103 		if (!wdev->preset_chandef.chan)
3104 			continue;
3105 
3106 		params->chandef = wdev->preset_chandef;
3107 		ret = true;
3108 		break;
3109 	}
3110 
3111 	return ret;
3112 }
3113 
3114 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3115 				    enum nl80211_auth_type auth_type,
3116 				    enum nl80211_commands cmd)
3117 {
3118 	if (auth_type > NL80211_AUTHTYPE_MAX)
3119 		return false;
3120 
3121 	switch (cmd) {
3122 	case NL80211_CMD_AUTHENTICATE:
3123 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3124 		    auth_type == NL80211_AUTHTYPE_SAE)
3125 			return false;
3126 		return true;
3127 	case NL80211_CMD_CONNECT:
3128 	case NL80211_CMD_START_AP:
3129 		/* SAE not supported yet */
3130 		if (auth_type == NL80211_AUTHTYPE_SAE)
3131 			return false;
3132 		return true;
3133 	default:
3134 		return false;
3135 	}
3136 }
3137 
3138 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3139 {
3140 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3141 	struct net_device *dev = info->user_ptr[1];
3142 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3143 	struct cfg80211_ap_settings params;
3144 	int err;
3145 	u8 radar_detect_width = 0;
3146 
3147 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3148 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3149 		return -EOPNOTSUPP;
3150 
3151 	if (!rdev->ops->start_ap)
3152 		return -EOPNOTSUPP;
3153 
3154 	if (wdev->beacon_interval)
3155 		return -EALREADY;
3156 
3157 	memset(&params, 0, sizeof(params));
3158 
3159 	/* these are required for START_AP */
3160 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3161 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3162 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3163 		return -EINVAL;
3164 
3165 	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3166 	if (err)
3167 		return err;
3168 
3169 	params.beacon_interval =
3170 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3171 	params.dtim_period =
3172 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3173 
3174 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3175 	if (err)
3176 		return err;
3177 
3178 	/*
3179 	 * In theory, some of these attributes should be required here
3180 	 * but since they were not used when the command was originally
3181 	 * added, keep them optional for old user space programs to let
3182 	 * them continue to work with drivers that do not need the
3183 	 * additional information -- drivers must check!
3184 	 */
3185 	if (info->attrs[NL80211_ATTR_SSID]) {
3186 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3187 		params.ssid_len =
3188 			nla_len(info->attrs[NL80211_ATTR_SSID]);
3189 		if (params.ssid_len == 0 ||
3190 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
3191 			return -EINVAL;
3192 	}
3193 
3194 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3195 		params.hidden_ssid = nla_get_u32(
3196 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3197 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3198 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3199 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3200 			return -EINVAL;
3201 	}
3202 
3203 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3204 
3205 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3206 		params.auth_type = nla_get_u32(
3207 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3208 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
3209 					     NL80211_CMD_START_AP))
3210 			return -EINVAL;
3211 	} else
3212 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3213 
3214 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
3215 				      NL80211_MAX_NR_CIPHER_SUITES);
3216 	if (err)
3217 		return err;
3218 
3219 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3220 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3221 			return -EOPNOTSUPP;
3222 		params.inactivity_timeout = nla_get_u16(
3223 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3224 	}
3225 
3226 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3227 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3228 			return -EINVAL;
3229 		params.p2p_ctwindow =
3230 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3231 		if (params.p2p_ctwindow > 127)
3232 			return -EINVAL;
3233 		if (params.p2p_ctwindow != 0 &&
3234 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3235 			return -EINVAL;
3236 	}
3237 
3238 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3239 		u8 tmp;
3240 
3241 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3242 			return -EINVAL;
3243 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3244 		if (tmp > 1)
3245 			return -EINVAL;
3246 		params.p2p_opp_ps = tmp;
3247 		if (params.p2p_opp_ps != 0 &&
3248 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3249 			return -EINVAL;
3250 	}
3251 
3252 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3253 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
3254 		if (err)
3255 			return err;
3256 	} else if (wdev->preset_chandef.chan) {
3257 		params.chandef = wdev->preset_chandef;
3258 	} else if (!nl80211_get_ap_channel(rdev, &params))
3259 		return -EINVAL;
3260 
3261 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
3262 		return -EINVAL;
3263 
3264 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &params.chandef);
3265 	if (err < 0)
3266 		return err;
3267 	if (err) {
3268 		radar_detect_width = BIT(params.chandef.width);
3269 		params.radar_required = true;
3270 	}
3271 
3272 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
3273 					   params.chandef.chan,
3274 					   CHAN_MODE_SHARED,
3275 					   radar_detect_width);
3276 	if (err)
3277 		return err;
3278 
3279 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3280 		params.acl = parse_acl_data(&rdev->wiphy, info);
3281 		if (IS_ERR(params.acl))
3282 			return PTR_ERR(params.acl);
3283 	}
3284 
3285 	wdev_lock(wdev);
3286 	err = rdev_start_ap(rdev, dev, &params);
3287 	if (!err) {
3288 		wdev->preset_chandef = params.chandef;
3289 		wdev->beacon_interval = params.beacon_interval;
3290 		wdev->chandef = params.chandef;
3291 		wdev->ssid_len = params.ssid_len;
3292 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3293 	}
3294 	wdev_unlock(wdev);
3295 
3296 	kfree(params.acl);
3297 
3298 	return err;
3299 }
3300 
3301 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3302 {
3303 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3304 	struct net_device *dev = info->user_ptr[1];
3305 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3306 	struct cfg80211_beacon_data params;
3307 	int err;
3308 
3309 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3310 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3311 		return -EOPNOTSUPP;
3312 
3313 	if (!rdev->ops->change_beacon)
3314 		return -EOPNOTSUPP;
3315 
3316 	if (!wdev->beacon_interval)
3317 		return -EINVAL;
3318 
3319 	err = nl80211_parse_beacon(info->attrs, &params);
3320 	if (err)
3321 		return err;
3322 
3323 	wdev_lock(wdev);
3324 	err = rdev_change_beacon(rdev, dev, &params);
3325 	wdev_unlock(wdev);
3326 
3327 	return err;
3328 }
3329 
3330 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3331 {
3332 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3333 	struct net_device *dev = info->user_ptr[1];
3334 
3335 	return cfg80211_stop_ap(rdev, dev, false);
3336 }
3337 
3338 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3339 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3340 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3341 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3342 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3343 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3344 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3345 };
3346 
3347 static int parse_station_flags(struct genl_info *info,
3348 			       enum nl80211_iftype iftype,
3349 			       struct station_parameters *params)
3350 {
3351 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3352 	struct nlattr *nla;
3353 	int flag;
3354 
3355 	/*
3356 	 * Try parsing the new attribute first so userspace
3357 	 * can specify both for older kernels.
3358 	 */
3359 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3360 	if (nla) {
3361 		struct nl80211_sta_flag_update *sta_flags;
3362 
3363 		sta_flags = nla_data(nla);
3364 		params->sta_flags_mask = sta_flags->mask;
3365 		params->sta_flags_set = sta_flags->set;
3366 		params->sta_flags_set &= params->sta_flags_mask;
3367 		if ((params->sta_flags_mask |
3368 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3369 			return -EINVAL;
3370 		return 0;
3371 	}
3372 
3373 	/* if present, parse the old attribute */
3374 
3375 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3376 	if (!nla)
3377 		return 0;
3378 
3379 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3380 			     nla, sta_flags_policy))
3381 		return -EINVAL;
3382 
3383 	/*
3384 	 * Only allow certain flags for interface types so that
3385 	 * other attributes are silently ignored. Remember that
3386 	 * this is backward compatibility code with old userspace
3387 	 * and shouldn't be hit in other cases anyway.
3388 	 */
3389 	switch (iftype) {
3390 	case NL80211_IFTYPE_AP:
3391 	case NL80211_IFTYPE_AP_VLAN:
3392 	case NL80211_IFTYPE_P2P_GO:
3393 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3394 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3395 					 BIT(NL80211_STA_FLAG_WME) |
3396 					 BIT(NL80211_STA_FLAG_MFP);
3397 		break;
3398 	case NL80211_IFTYPE_P2P_CLIENT:
3399 	case NL80211_IFTYPE_STATION:
3400 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3401 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3402 		break;
3403 	case NL80211_IFTYPE_MESH_POINT:
3404 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3405 					 BIT(NL80211_STA_FLAG_MFP) |
3406 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3407 	default:
3408 		return -EINVAL;
3409 	}
3410 
3411 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3412 		if (flags[flag]) {
3413 			params->sta_flags_set |= (1<<flag);
3414 
3415 			/* no longer support new API additions in old API */
3416 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3417 				return -EINVAL;
3418 		}
3419 	}
3420 
3421 	return 0;
3422 }
3423 
3424 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3425 				 int attr)
3426 {
3427 	struct nlattr *rate;
3428 	u32 bitrate;
3429 	u16 bitrate_compat;
3430 
3431 	rate = nla_nest_start(msg, attr);
3432 	if (!rate)
3433 		return false;
3434 
3435 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3436 	bitrate = cfg80211_calculate_bitrate(info);
3437 	/* report 16-bit bitrate only if we can */
3438 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3439 	if (bitrate > 0 &&
3440 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3441 		return false;
3442 	if (bitrate_compat > 0 &&
3443 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3444 		return false;
3445 
3446 	if (info->flags & RATE_INFO_FLAGS_MCS) {
3447 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3448 			return false;
3449 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3450 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3451 			return false;
3452 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3453 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3454 			return false;
3455 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3456 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3457 			return false;
3458 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3459 			return false;
3460 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3461 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3462 			return false;
3463 		if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3464 		    nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3465 			return false;
3466 		if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3467 		    nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3468 			return false;
3469 		if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3470 		    nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3471 			return false;
3472 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3473 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3474 			return false;
3475 	}
3476 
3477 	nla_nest_end(msg, rate);
3478 	return true;
3479 }
3480 
3481 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3482 			       int id)
3483 {
3484 	void *attr;
3485 	int i = 0;
3486 
3487 	if (!mask)
3488 		return true;
3489 
3490 	attr = nla_nest_start(msg, id);
3491 	if (!attr)
3492 		return false;
3493 
3494 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3495 		if (!(mask & BIT(i)))
3496 			continue;
3497 
3498 		if (nla_put_u8(msg, i, signal[i]))
3499 			return false;
3500 	}
3501 
3502 	nla_nest_end(msg, attr);
3503 
3504 	return true;
3505 }
3506 
3507 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3508 				int flags,
3509 				struct cfg80211_registered_device *rdev,
3510 				struct net_device *dev,
3511 				const u8 *mac_addr, struct station_info *sinfo)
3512 {
3513 	void *hdr;
3514 	struct nlattr *sinfoattr, *bss_param;
3515 
3516 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3517 	if (!hdr)
3518 		return -1;
3519 
3520 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3521 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3522 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3523 		goto nla_put_failure;
3524 
3525 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3526 	if (!sinfoattr)
3527 		goto nla_put_failure;
3528 	if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3529 	    nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3530 			sinfo->connected_time))
3531 		goto nla_put_failure;
3532 	if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3533 	    nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3534 			sinfo->inactive_time))
3535 		goto nla_put_failure;
3536 	if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3537 			      STATION_INFO_RX_BYTES64)) &&
3538 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3539 			(u32)sinfo->rx_bytes))
3540 		goto nla_put_failure;
3541 	if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3542 			      STATION_INFO_TX_BYTES64)) &&
3543 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3544 			(u32)sinfo->tx_bytes))
3545 		goto nla_put_failure;
3546 	if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3547 	    nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3548 			sinfo->rx_bytes))
3549 		goto nla_put_failure;
3550 	if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3551 	    nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3552 			sinfo->tx_bytes))
3553 		goto nla_put_failure;
3554 	if ((sinfo->filled & STATION_INFO_LLID) &&
3555 	    nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3556 		goto nla_put_failure;
3557 	if ((sinfo->filled & STATION_INFO_PLID) &&
3558 	    nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3559 		goto nla_put_failure;
3560 	if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3561 	    nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3562 		       sinfo->plink_state))
3563 		goto nla_put_failure;
3564 	switch (rdev->wiphy.signal_type) {
3565 	case CFG80211_SIGNAL_TYPE_MBM:
3566 		if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3567 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3568 			       sinfo->signal))
3569 			goto nla_put_failure;
3570 		if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3571 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3572 			       sinfo->signal_avg))
3573 			goto nla_put_failure;
3574 		break;
3575 	default:
3576 		break;
3577 	}
3578 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
3579 		if (!nl80211_put_signal(msg, sinfo->chains,
3580 					sinfo->chain_signal,
3581 					NL80211_STA_INFO_CHAIN_SIGNAL))
3582 			goto nla_put_failure;
3583 	}
3584 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
3585 		if (!nl80211_put_signal(msg, sinfo->chains,
3586 					sinfo->chain_signal_avg,
3587 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3588 			goto nla_put_failure;
3589 	}
3590 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3591 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3592 					  NL80211_STA_INFO_TX_BITRATE))
3593 			goto nla_put_failure;
3594 	}
3595 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3596 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3597 					  NL80211_STA_INFO_RX_BITRATE))
3598 			goto nla_put_failure;
3599 	}
3600 	if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3601 	    nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3602 			sinfo->rx_packets))
3603 		goto nla_put_failure;
3604 	if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3605 	    nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3606 			sinfo->tx_packets))
3607 		goto nla_put_failure;
3608 	if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3609 	    nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3610 			sinfo->tx_retries))
3611 		goto nla_put_failure;
3612 	if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3613 	    nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3614 			sinfo->tx_failed))
3615 		goto nla_put_failure;
3616 	if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3617 	    nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3618 			sinfo->beacon_loss_count))
3619 		goto nla_put_failure;
3620 	if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3621 	    nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3622 			sinfo->local_pm))
3623 		goto nla_put_failure;
3624 	if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3625 	    nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3626 			sinfo->peer_pm))
3627 		goto nla_put_failure;
3628 	if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3629 	    nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3630 			sinfo->nonpeer_pm))
3631 		goto nla_put_failure;
3632 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3633 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3634 		if (!bss_param)
3635 			goto nla_put_failure;
3636 
3637 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3638 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3639 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3640 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3641 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3642 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3643 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3644 			       sinfo->bss_param.dtim_period) ||
3645 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3646 				sinfo->bss_param.beacon_interval))
3647 			goto nla_put_failure;
3648 
3649 		nla_nest_end(msg, bss_param);
3650 	}
3651 	if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3652 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3653 		    sizeof(struct nl80211_sta_flag_update),
3654 		    &sinfo->sta_flags))
3655 		goto nla_put_failure;
3656 	if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3657 		nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3658 			    sinfo->t_offset))
3659 		goto nla_put_failure;
3660 	nla_nest_end(msg, sinfoattr);
3661 
3662 	if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3663 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3664 		    sinfo->assoc_req_ies))
3665 		goto nla_put_failure;
3666 
3667 	return genlmsg_end(msg, hdr);
3668 
3669  nla_put_failure:
3670 	genlmsg_cancel(msg, hdr);
3671 	return -EMSGSIZE;
3672 }
3673 
3674 static int nl80211_dump_station(struct sk_buff *skb,
3675 				struct netlink_callback *cb)
3676 {
3677 	struct station_info sinfo;
3678 	struct cfg80211_registered_device *dev;
3679 	struct wireless_dev *wdev;
3680 	u8 mac_addr[ETH_ALEN];
3681 	int sta_idx = cb->args[2];
3682 	int err;
3683 
3684 	err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
3685 	if (err)
3686 		return err;
3687 
3688 	if (!wdev->netdev) {
3689 		err = -EINVAL;
3690 		goto out_err;
3691 	}
3692 
3693 	if (!dev->ops->dump_station) {
3694 		err = -EOPNOTSUPP;
3695 		goto out_err;
3696 	}
3697 
3698 	while (1) {
3699 		memset(&sinfo, 0, sizeof(sinfo));
3700 		err = rdev_dump_station(dev, wdev->netdev, sta_idx,
3701 					mac_addr, &sinfo);
3702 		if (err == -ENOENT)
3703 			break;
3704 		if (err)
3705 			goto out_err;
3706 
3707 		if (nl80211_send_station(skb,
3708 				NETLINK_CB(cb->skb).portid,
3709 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3710 				dev, wdev->netdev, mac_addr,
3711 				&sinfo) < 0)
3712 			goto out;
3713 
3714 		sta_idx++;
3715 	}
3716 
3717 
3718  out:
3719 	cb->args[2] = sta_idx;
3720 	err = skb->len;
3721  out_err:
3722 	nl80211_finish_wdev_dump(dev);
3723 
3724 	return err;
3725 }
3726 
3727 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3728 {
3729 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3730 	struct net_device *dev = info->user_ptr[1];
3731 	struct station_info sinfo;
3732 	struct sk_buff *msg;
3733 	u8 *mac_addr = NULL;
3734 	int err;
3735 
3736 	memset(&sinfo, 0, sizeof(sinfo));
3737 
3738 	if (!info->attrs[NL80211_ATTR_MAC])
3739 		return -EINVAL;
3740 
3741 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3742 
3743 	if (!rdev->ops->get_station)
3744 		return -EOPNOTSUPP;
3745 
3746 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3747 	if (err)
3748 		return err;
3749 
3750 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3751 	if (!msg)
3752 		return -ENOMEM;
3753 
3754 	if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3755 				 rdev, dev, mac_addr, &sinfo) < 0) {
3756 		nlmsg_free(msg);
3757 		return -ENOBUFS;
3758 	}
3759 
3760 	return genlmsg_reply(msg, info);
3761 }
3762 
3763 int cfg80211_check_station_change(struct wiphy *wiphy,
3764 				  struct station_parameters *params,
3765 				  enum cfg80211_station_type statype)
3766 {
3767 	if (params->listen_interval != -1)
3768 		return -EINVAL;
3769 	if (params->aid)
3770 		return -EINVAL;
3771 
3772 	/* When you run into this, adjust the code below for the new flag */
3773 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3774 
3775 	switch (statype) {
3776 	case CFG80211_STA_MESH_PEER_KERNEL:
3777 	case CFG80211_STA_MESH_PEER_USER:
3778 		/*
3779 		 * No ignoring the TDLS flag here -- the userspace mesh
3780 		 * code doesn't have the bug of including TDLS in the
3781 		 * mask everywhere.
3782 		 */
3783 		if (params->sta_flags_mask &
3784 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3785 				  BIT(NL80211_STA_FLAG_MFP) |
3786 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3787 			return -EINVAL;
3788 		break;
3789 	case CFG80211_STA_TDLS_PEER_SETUP:
3790 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3791 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3792 			return -EINVAL;
3793 		/* ignore since it can't change */
3794 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3795 		break;
3796 	default:
3797 		/* disallow mesh-specific things */
3798 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3799 			return -EINVAL;
3800 		if (params->local_pm)
3801 			return -EINVAL;
3802 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3803 			return -EINVAL;
3804 	}
3805 
3806 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3807 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3808 		/* TDLS can't be set, ... */
3809 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3810 			return -EINVAL;
3811 		/*
3812 		 * ... but don't bother the driver with it. This works around
3813 		 * a hostapd/wpa_supplicant issue -- it always includes the
3814 		 * TLDS_PEER flag in the mask even for AP mode.
3815 		 */
3816 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3817 	}
3818 
3819 	if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3820 		/* reject other things that can't change */
3821 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3822 			return -EINVAL;
3823 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3824 			return -EINVAL;
3825 		if (params->supported_rates)
3826 			return -EINVAL;
3827 		if (params->ext_capab || params->ht_capa || params->vht_capa)
3828 			return -EINVAL;
3829 	}
3830 
3831 	if (statype != CFG80211_STA_AP_CLIENT) {
3832 		if (params->vlan)
3833 			return -EINVAL;
3834 	}
3835 
3836 	switch (statype) {
3837 	case CFG80211_STA_AP_MLME_CLIENT:
3838 		/* Use this only for authorizing/unauthorizing a station */
3839 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3840 			return -EOPNOTSUPP;
3841 		break;
3842 	case CFG80211_STA_AP_CLIENT:
3843 		/* accept only the listed bits */
3844 		if (params->sta_flags_mask &
3845 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3846 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3847 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
3848 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3849 				  BIT(NL80211_STA_FLAG_WME) |
3850 				  BIT(NL80211_STA_FLAG_MFP)))
3851 			return -EINVAL;
3852 
3853 		/* but authenticated/associated only if driver handles it */
3854 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3855 		    params->sta_flags_mask &
3856 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3857 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3858 			return -EINVAL;
3859 		break;
3860 	case CFG80211_STA_IBSS:
3861 	case CFG80211_STA_AP_STA:
3862 		/* reject any changes other than AUTHORIZED */
3863 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3864 			return -EINVAL;
3865 		break;
3866 	case CFG80211_STA_TDLS_PEER_SETUP:
3867 		/* reject any changes other than AUTHORIZED or WME */
3868 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3869 					       BIT(NL80211_STA_FLAG_WME)))
3870 			return -EINVAL;
3871 		/* force (at least) rates when authorizing */
3872 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3873 		    !params->supported_rates)
3874 			return -EINVAL;
3875 		break;
3876 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3877 		/* reject any changes */
3878 		return -EINVAL;
3879 	case CFG80211_STA_MESH_PEER_KERNEL:
3880 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3881 			return -EINVAL;
3882 		break;
3883 	case CFG80211_STA_MESH_PEER_USER:
3884 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3885 			return -EINVAL;
3886 		break;
3887 	}
3888 
3889 	return 0;
3890 }
3891 EXPORT_SYMBOL(cfg80211_check_station_change);
3892 
3893 /*
3894  * Get vlan interface making sure it is running and on the right wiphy.
3895  */
3896 static struct net_device *get_vlan(struct genl_info *info,
3897 				   struct cfg80211_registered_device *rdev)
3898 {
3899 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3900 	struct net_device *v;
3901 	int ret;
3902 
3903 	if (!vlanattr)
3904 		return NULL;
3905 
3906 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3907 	if (!v)
3908 		return ERR_PTR(-ENODEV);
3909 
3910 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3911 		ret = -EINVAL;
3912 		goto error;
3913 	}
3914 
3915 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3916 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3917 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3918 		ret = -EINVAL;
3919 		goto error;
3920 	}
3921 
3922 	if (!netif_running(v)) {
3923 		ret = -ENETDOWN;
3924 		goto error;
3925 	}
3926 
3927 	return v;
3928  error:
3929 	dev_put(v);
3930 	return ERR_PTR(ret);
3931 }
3932 
3933 static const struct nla_policy
3934 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
3935 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3936 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3937 };
3938 
3939 static int nl80211_parse_sta_wme(struct genl_info *info,
3940 				 struct station_parameters *params)
3941 {
3942 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3943 	struct nlattr *nla;
3944 	int err;
3945 
3946 	/* parse WME attributes if present */
3947 	if (!info->attrs[NL80211_ATTR_STA_WME])
3948 		return 0;
3949 
3950 	nla = info->attrs[NL80211_ATTR_STA_WME];
3951 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3952 			       nl80211_sta_wme_policy);
3953 	if (err)
3954 		return err;
3955 
3956 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
3957 		params->uapsd_queues = nla_get_u8(
3958 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
3959 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
3960 		return -EINVAL;
3961 
3962 	if (tb[NL80211_STA_WME_MAX_SP])
3963 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
3964 
3965 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
3966 		return -EINVAL;
3967 
3968 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
3969 
3970 	return 0;
3971 }
3972 
3973 static int nl80211_parse_sta_channel_info(struct genl_info *info,
3974 				      struct station_parameters *params)
3975 {
3976 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
3977 		params->supported_channels =
3978 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
3979 		params->supported_channels_len =
3980 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
3981 		/*
3982 		 * Need to include at least one (first channel, number of
3983 		 * channels) tuple for each subband, and must have proper
3984 		 * tuples for the rest of the data as well.
3985 		 */
3986 		if (params->supported_channels_len < 2)
3987 			return -EINVAL;
3988 		if (params->supported_channels_len % 2)
3989 			return -EINVAL;
3990 	}
3991 
3992 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
3993 		params->supported_oper_classes =
3994 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
3995 		params->supported_oper_classes_len =
3996 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
3997 		/*
3998 		 * The value of the Length field of the Supported Operating
3999 		 * Classes element is between 2 and 253.
4000 		 */
4001 		if (params->supported_oper_classes_len < 2 ||
4002 		    params->supported_oper_classes_len > 253)
4003 			return -EINVAL;
4004 	}
4005 	return 0;
4006 }
4007 
4008 static int nl80211_set_station_tdls(struct genl_info *info,
4009 				    struct station_parameters *params)
4010 {
4011 	int err;
4012 	/* Dummy STA entry gets updated once the peer capabilities are known */
4013 	if (info->attrs[NL80211_ATTR_PEER_AID])
4014 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4015 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4016 		params->ht_capa =
4017 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4018 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4019 		params->vht_capa =
4020 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4021 
4022 	err = nl80211_parse_sta_channel_info(info, params);
4023 	if (err)
4024 		return err;
4025 
4026 	return nl80211_parse_sta_wme(info, params);
4027 }
4028 
4029 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4030 {
4031 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4032 	struct net_device *dev = info->user_ptr[1];
4033 	struct station_parameters params;
4034 	u8 *mac_addr;
4035 	int err;
4036 
4037 	memset(&params, 0, sizeof(params));
4038 
4039 	params.listen_interval = -1;
4040 
4041 	if (!rdev->ops->change_station)
4042 		return -EOPNOTSUPP;
4043 
4044 	if (info->attrs[NL80211_ATTR_STA_AID])
4045 		return -EINVAL;
4046 
4047 	if (!info->attrs[NL80211_ATTR_MAC])
4048 		return -EINVAL;
4049 
4050 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4051 
4052 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4053 		params.supported_rates =
4054 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4055 		params.supported_rates_len =
4056 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4057 	}
4058 
4059 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4060 		params.capability =
4061 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4062 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4063 	}
4064 
4065 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4066 		params.ext_capab =
4067 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4068 		params.ext_capab_len =
4069 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4070 	}
4071 
4072 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4073 		return -EINVAL;
4074 
4075 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4076 		return -EINVAL;
4077 
4078 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4079 		params.plink_action =
4080 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4081 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4082 			return -EINVAL;
4083 	}
4084 
4085 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4086 		params.plink_state =
4087 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4088 		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4089 			return -EINVAL;
4090 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4091 	}
4092 
4093 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4094 		enum nl80211_mesh_power_mode pm = nla_get_u32(
4095 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4096 
4097 		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4098 		    pm > NL80211_MESH_POWER_MAX)
4099 			return -EINVAL;
4100 
4101 		params.local_pm = pm;
4102 	}
4103 
4104 	/* Include parameters for TDLS peer (will check later) */
4105 	err = nl80211_set_station_tdls(info, &params);
4106 	if (err)
4107 		return err;
4108 
4109 	params.vlan = get_vlan(info, rdev);
4110 	if (IS_ERR(params.vlan))
4111 		return PTR_ERR(params.vlan);
4112 
4113 	switch (dev->ieee80211_ptr->iftype) {
4114 	case NL80211_IFTYPE_AP:
4115 	case NL80211_IFTYPE_AP_VLAN:
4116 	case NL80211_IFTYPE_P2P_GO:
4117 	case NL80211_IFTYPE_P2P_CLIENT:
4118 	case NL80211_IFTYPE_STATION:
4119 	case NL80211_IFTYPE_ADHOC:
4120 	case NL80211_IFTYPE_MESH_POINT:
4121 		break;
4122 	default:
4123 		err = -EOPNOTSUPP;
4124 		goto out_put_vlan;
4125 	}
4126 
4127 	/* driver will call cfg80211_check_station_change() */
4128 	err = rdev_change_station(rdev, dev, mac_addr, &params);
4129 
4130  out_put_vlan:
4131 	if (params.vlan)
4132 		dev_put(params.vlan);
4133 
4134 	return err;
4135 }
4136 
4137 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4138 {
4139 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4140 	int err;
4141 	struct net_device *dev = info->user_ptr[1];
4142 	struct station_parameters params;
4143 	u8 *mac_addr = NULL;
4144 
4145 	memset(&params, 0, sizeof(params));
4146 
4147 	if (!rdev->ops->add_station)
4148 		return -EOPNOTSUPP;
4149 
4150 	if (!info->attrs[NL80211_ATTR_MAC])
4151 		return -EINVAL;
4152 
4153 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4154 		return -EINVAL;
4155 
4156 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4157 		return -EINVAL;
4158 
4159 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
4160 	    !info->attrs[NL80211_ATTR_PEER_AID])
4161 		return -EINVAL;
4162 
4163 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4164 	params.supported_rates =
4165 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4166 	params.supported_rates_len =
4167 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4168 	params.listen_interval =
4169 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4170 
4171 	if (info->attrs[NL80211_ATTR_PEER_AID])
4172 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4173 	else
4174 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4175 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
4176 		return -EINVAL;
4177 
4178 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4179 		params.capability =
4180 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4181 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4182 	}
4183 
4184 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4185 		params.ext_capab =
4186 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4187 		params.ext_capab_len =
4188 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4189 	}
4190 
4191 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4192 		params.ht_capa =
4193 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4194 
4195 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4196 		params.vht_capa =
4197 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4198 
4199 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4200 		params.opmode_notif_used = true;
4201 		params.opmode_notif =
4202 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4203 	}
4204 
4205 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4206 		params.plink_action =
4207 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4208 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4209 			return -EINVAL;
4210 	}
4211 
4212 	err = nl80211_parse_sta_channel_info(info, &params);
4213 	if (err)
4214 		return err;
4215 
4216 	err = nl80211_parse_sta_wme(info, &params);
4217 	if (err)
4218 		return err;
4219 
4220 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4221 		return -EINVAL;
4222 
4223 	/* When you run into this, adjust the code below for the new flag */
4224 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4225 
4226 	switch (dev->ieee80211_ptr->iftype) {
4227 	case NL80211_IFTYPE_AP:
4228 	case NL80211_IFTYPE_AP_VLAN:
4229 	case NL80211_IFTYPE_P2P_GO:
4230 		/* ignore WME attributes if iface/sta is not capable */
4231 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4232 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4233 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4234 
4235 		/* TDLS peers cannot be added */
4236 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4237 		    info->attrs[NL80211_ATTR_PEER_AID])
4238 			return -EINVAL;
4239 		/* but don't bother the driver with it */
4240 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4241 
4242 		/* allow authenticated/associated only if driver handles it */
4243 		if (!(rdev->wiphy.features &
4244 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4245 		    params.sta_flags_mask &
4246 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4247 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4248 			return -EINVAL;
4249 
4250 		/* must be last in here for error handling */
4251 		params.vlan = get_vlan(info, rdev);
4252 		if (IS_ERR(params.vlan))
4253 			return PTR_ERR(params.vlan);
4254 		break;
4255 	case NL80211_IFTYPE_MESH_POINT:
4256 		/* ignore uAPSD data */
4257 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4258 
4259 		/* associated is disallowed */
4260 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4261 			return -EINVAL;
4262 		/* TDLS peers cannot be added */
4263 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4264 		    info->attrs[NL80211_ATTR_PEER_AID])
4265 			return -EINVAL;
4266 		break;
4267 	case NL80211_IFTYPE_STATION:
4268 	case NL80211_IFTYPE_P2P_CLIENT:
4269 		/* ignore uAPSD data */
4270 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4271 
4272 		/* these are disallowed */
4273 		if (params.sta_flags_mask &
4274 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4275 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4276 			return -EINVAL;
4277 		/* Only TDLS peers can be added */
4278 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4279 			return -EINVAL;
4280 		/* Can only add if TDLS ... */
4281 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4282 			return -EOPNOTSUPP;
4283 		/* ... with external setup is supported */
4284 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4285 			return -EOPNOTSUPP;
4286 		/*
4287 		 * Older wpa_supplicant versions always mark the TDLS peer
4288 		 * as authorized, but it shouldn't yet be.
4289 		 */
4290 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4291 		break;
4292 	default:
4293 		return -EOPNOTSUPP;
4294 	}
4295 
4296 	/* be aware of params.vlan when changing code here */
4297 
4298 	err = rdev_add_station(rdev, dev, mac_addr, &params);
4299 
4300 	if (params.vlan)
4301 		dev_put(params.vlan);
4302 	return err;
4303 }
4304 
4305 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4306 {
4307 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4308 	struct net_device *dev = info->user_ptr[1];
4309 	u8 *mac_addr = NULL;
4310 
4311 	if (info->attrs[NL80211_ATTR_MAC])
4312 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4313 
4314 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4315 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4316 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4317 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4318 		return -EINVAL;
4319 
4320 	if (!rdev->ops->del_station)
4321 		return -EOPNOTSUPP;
4322 
4323 	return rdev_del_station(rdev, dev, mac_addr);
4324 }
4325 
4326 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4327 				int flags, struct net_device *dev,
4328 				u8 *dst, u8 *next_hop,
4329 				struct mpath_info *pinfo)
4330 {
4331 	void *hdr;
4332 	struct nlattr *pinfoattr;
4333 
4334 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4335 	if (!hdr)
4336 		return -1;
4337 
4338 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4339 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4340 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4341 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4342 		goto nla_put_failure;
4343 
4344 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4345 	if (!pinfoattr)
4346 		goto nla_put_failure;
4347 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4348 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4349 			pinfo->frame_qlen))
4350 		goto nla_put_failure;
4351 	if (((pinfo->filled & MPATH_INFO_SN) &&
4352 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4353 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
4354 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4355 			 pinfo->metric)) ||
4356 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4357 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4358 			 pinfo->exptime)) ||
4359 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
4360 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4361 			pinfo->flags)) ||
4362 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4363 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4364 			 pinfo->discovery_timeout)) ||
4365 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4366 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4367 			pinfo->discovery_retries)))
4368 		goto nla_put_failure;
4369 
4370 	nla_nest_end(msg, pinfoattr);
4371 
4372 	return genlmsg_end(msg, hdr);
4373 
4374  nla_put_failure:
4375 	genlmsg_cancel(msg, hdr);
4376 	return -EMSGSIZE;
4377 }
4378 
4379 static int nl80211_dump_mpath(struct sk_buff *skb,
4380 			      struct netlink_callback *cb)
4381 {
4382 	struct mpath_info pinfo;
4383 	struct cfg80211_registered_device *dev;
4384 	struct wireless_dev *wdev;
4385 	u8 dst[ETH_ALEN];
4386 	u8 next_hop[ETH_ALEN];
4387 	int path_idx = cb->args[2];
4388 	int err;
4389 
4390 	err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
4391 	if (err)
4392 		return err;
4393 
4394 	if (!dev->ops->dump_mpath) {
4395 		err = -EOPNOTSUPP;
4396 		goto out_err;
4397 	}
4398 
4399 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4400 		err = -EOPNOTSUPP;
4401 		goto out_err;
4402 	}
4403 
4404 	while (1) {
4405 		err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst,
4406 				      next_hop, &pinfo);
4407 		if (err == -ENOENT)
4408 			break;
4409 		if (err)
4410 			goto out_err;
4411 
4412 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4413 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4414 				       wdev->netdev, dst, next_hop,
4415 				       &pinfo) < 0)
4416 			goto out;
4417 
4418 		path_idx++;
4419 	}
4420 
4421 
4422  out:
4423 	cb->args[2] = path_idx;
4424 	err = skb->len;
4425  out_err:
4426 	nl80211_finish_wdev_dump(dev);
4427 	return err;
4428 }
4429 
4430 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4431 {
4432 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4433 	int err;
4434 	struct net_device *dev = info->user_ptr[1];
4435 	struct mpath_info pinfo;
4436 	struct sk_buff *msg;
4437 	u8 *dst = NULL;
4438 	u8 next_hop[ETH_ALEN];
4439 
4440 	memset(&pinfo, 0, sizeof(pinfo));
4441 
4442 	if (!info->attrs[NL80211_ATTR_MAC])
4443 		return -EINVAL;
4444 
4445 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4446 
4447 	if (!rdev->ops->get_mpath)
4448 		return -EOPNOTSUPP;
4449 
4450 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4451 		return -EOPNOTSUPP;
4452 
4453 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4454 	if (err)
4455 		return err;
4456 
4457 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4458 	if (!msg)
4459 		return -ENOMEM;
4460 
4461 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4462 				 dev, dst, next_hop, &pinfo) < 0) {
4463 		nlmsg_free(msg);
4464 		return -ENOBUFS;
4465 	}
4466 
4467 	return genlmsg_reply(msg, info);
4468 }
4469 
4470 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4471 {
4472 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4473 	struct net_device *dev = info->user_ptr[1];
4474 	u8 *dst = NULL;
4475 	u8 *next_hop = NULL;
4476 
4477 	if (!info->attrs[NL80211_ATTR_MAC])
4478 		return -EINVAL;
4479 
4480 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4481 		return -EINVAL;
4482 
4483 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4484 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4485 
4486 	if (!rdev->ops->change_mpath)
4487 		return -EOPNOTSUPP;
4488 
4489 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4490 		return -EOPNOTSUPP;
4491 
4492 	return rdev_change_mpath(rdev, dev, dst, next_hop);
4493 }
4494 
4495 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4496 {
4497 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4498 	struct net_device *dev = info->user_ptr[1];
4499 	u8 *dst = NULL;
4500 	u8 *next_hop = NULL;
4501 
4502 	if (!info->attrs[NL80211_ATTR_MAC])
4503 		return -EINVAL;
4504 
4505 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4506 		return -EINVAL;
4507 
4508 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4509 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4510 
4511 	if (!rdev->ops->add_mpath)
4512 		return -EOPNOTSUPP;
4513 
4514 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4515 		return -EOPNOTSUPP;
4516 
4517 	return rdev_add_mpath(rdev, dev, dst, next_hop);
4518 }
4519 
4520 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4521 {
4522 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4523 	struct net_device *dev = info->user_ptr[1];
4524 	u8 *dst = NULL;
4525 
4526 	if (info->attrs[NL80211_ATTR_MAC])
4527 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4528 
4529 	if (!rdev->ops->del_mpath)
4530 		return -EOPNOTSUPP;
4531 
4532 	return rdev_del_mpath(rdev, dev, dst);
4533 }
4534 
4535 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4536 {
4537 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4538 	struct net_device *dev = info->user_ptr[1];
4539 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4540 	struct bss_parameters params;
4541 	int err;
4542 
4543 	memset(&params, 0, sizeof(params));
4544 	/* default to not changing parameters */
4545 	params.use_cts_prot = -1;
4546 	params.use_short_preamble = -1;
4547 	params.use_short_slot_time = -1;
4548 	params.ap_isolate = -1;
4549 	params.ht_opmode = -1;
4550 	params.p2p_ctwindow = -1;
4551 	params.p2p_opp_ps = -1;
4552 
4553 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4554 		params.use_cts_prot =
4555 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4556 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4557 		params.use_short_preamble =
4558 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4559 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4560 		params.use_short_slot_time =
4561 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4562 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4563 		params.basic_rates =
4564 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4565 		params.basic_rates_len =
4566 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4567 	}
4568 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4569 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4570 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4571 		params.ht_opmode =
4572 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4573 
4574 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4575 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4576 			return -EINVAL;
4577 		params.p2p_ctwindow =
4578 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4579 		if (params.p2p_ctwindow < 0)
4580 			return -EINVAL;
4581 		if (params.p2p_ctwindow != 0 &&
4582 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4583 			return -EINVAL;
4584 	}
4585 
4586 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4587 		u8 tmp;
4588 
4589 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4590 			return -EINVAL;
4591 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4592 		if (tmp > 1)
4593 			return -EINVAL;
4594 		params.p2p_opp_ps = tmp;
4595 		if (params.p2p_opp_ps &&
4596 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4597 			return -EINVAL;
4598 	}
4599 
4600 	if (!rdev->ops->change_bss)
4601 		return -EOPNOTSUPP;
4602 
4603 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4604 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4605 		return -EOPNOTSUPP;
4606 
4607 	wdev_lock(wdev);
4608 	err = rdev_change_bss(rdev, dev, &params);
4609 	wdev_unlock(wdev);
4610 
4611 	return err;
4612 }
4613 
4614 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4615 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
4616 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
4617 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
4618 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
4619 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
4620 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
4621 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
4622 };
4623 
4624 static int parse_reg_rule(struct nlattr *tb[],
4625 	struct ieee80211_reg_rule *reg_rule)
4626 {
4627 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4628 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4629 
4630 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4631 		return -EINVAL;
4632 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4633 		return -EINVAL;
4634 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4635 		return -EINVAL;
4636 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4637 		return -EINVAL;
4638 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4639 		return -EINVAL;
4640 
4641 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4642 
4643 	freq_range->start_freq_khz =
4644 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4645 	freq_range->end_freq_khz =
4646 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4647 	freq_range->max_bandwidth_khz =
4648 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4649 
4650 	power_rule->max_eirp =
4651 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4652 
4653 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4654 		power_rule->max_antenna_gain =
4655 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4656 
4657 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
4658 		reg_rule->dfs_cac_ms =
4659 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
4660 
4661 	return 0;
4662 }
4663 
4664 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4665 {
4666 	int r;
4667 	char *data = NULL;
4668 	enum nl80211_user_reg_hint_type user_reg_hint_type;
4669 
4670 	/*
4671 	 * You should only get this when cfg80211 hasn't yet initialized
4672 	 * completely when built-in to the kernel right between the time
4673 	 * window between nl80211_init() and regulatory_init(), if that is
4674 	 * even possible.
4675 	 */
4676 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4677 		return -EINPROGRESS;
4678 
4679 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4680 		return -EINVAL;
4681 
4682 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4683 
4684 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4685 		user_reg_hint_type =
4686 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4687 	else
4688 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4689 
4690 	switch (user_reg_hint_type) {
4691 	case NL80211_USER_REG_HINT_USER:
4692 	case NL80211_USER_REG_HINT_CELL_BASE:
4693 		break;
4694 	default:
4695 		return -EINVAL;
4696 	}
4697 
4698 	r = regulatory_hint_user(data, user_reg_hint_type);
4699 
4700 	return r;
4701 }
4702 
4703 static int nl80211_get_mesh_config(struct sk_buff *skb,
4704 				   struct genl_info *info)
4705 {
4706 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4707 	struct net_device *dev = info->user_ptr[1];
4708 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4709 	struct mesh_config cur_params;
4710 	int err = 0;
4711 	void *hdr;
4712 	struct nlattr *pinfoattr;
4713 	struct sk_buff *msg;
4714 
4715 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4716 		return -EOPNOTSUPP;
4717 
4718 	if (!rdev->ops->get_mesh_config)
4719 		return -EOPNOTSUPP;
4720 
4721 	wdev_lock(wdev);
4722 	/* If not connected, get default parameters */
4723 	if (!wdev->mesh_id_len)
4724 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4725 	else
4726 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
4727 	wdev_unlock(wdev);
4728 
4729 	if (err)
4730 		return err;
4731 
4732 	/* Draw up a netlink message to send back */
4733 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4734 	if (!msg)
4735 		return -ENOMEM;
4736 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4737 			     NL80211_CMD_GET_MESH_CONFIG);
4738 	if (!hdr)
4739 		goto out;
4740 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4741 	if (!pinfoattr)
4742 		goto nla_put_failure;
4743 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4744 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4745 			cur_params.dot11MeshRetryTimeout) ||
4746 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4747 			cur_params.dot11MeshConfirmTimeout) ||
4748 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4749 			cur_params.dot11MeshHoldingTimeout) ||
4750 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4751 			cur_params.dot11MeshMaxPeerLinks) ||
4752 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4753 		       cur_params.dot11MeshMaxRetries) ||
4754 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
4755 		       cur_params.dot11MeshTTL) ||
4756 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4757 		       cur_params.element_ttl) ||
4758 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4759 		       cur_params.auto_open_plinks) ||
4760 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4761 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4762 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4763 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
4764 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4765 			cur_params.path_refresh_time) ||
4766 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4767 			cur_params.min_discovery_timeout) ||
4768 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4769 			cur_params.dot11MeshHWMPactivePathTimeout) ||
4770 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4771 			cur_params.dot11MeshHWMPpreqMinInterval) ||
4772 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4773 			cur_params.dot11MeshHWMPperrMinInterval) ||
4774 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4775 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4776 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4777 		       cur_params.dot11MeshHWMPRootMode) ||
4778 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4779 			cur_params.dot11MeshHWMPRannInterval) ||
4780 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4781 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
4782 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4783 		       cur_params.dot11MeshForwarding) ||
4784 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4785 			cur_params.rssi_threshold) ||
4786 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4787 			cur_params.ht_opmode) ||
4788 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4789 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4790 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4791 			cur_params.dot11MeshHWMProotInterval) ||
4792 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4793 			cur_params.dot11MeshHWMPconfirmationInterval) ||
4794 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4795 			cur_params.power_mode) ||
4796 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4797 			cur_params.dot11MeshAwakeWindowDuration) ||
4798 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
4799 			cur_params.plink_timeout))
4800 		goto nla_put_failure;
4801 	nla_nest_end(msg, pinfoattr);
4802 	genlmsg_end(msg, hdr);
4803 	return genlmsg_reply(msg, info);
4804 
4805  nla_put_failure:
4806 	genlmsg_cancel(msg, hdr);
4807  out:
4808 	nlmsg_free(msg);
4809 	return -ENOBUFS;
4810 }
4811 
4812 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4813 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4814 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4815 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4816 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4817 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4818 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4819 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4820 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4821 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4822 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4823 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4824 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4825 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4826 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4827 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4828 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4829 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4830 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4831 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4832 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4833 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4834 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4835 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4836 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4837 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4838 	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4839 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4840 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
4841 };
4842 
4843 static const struct nla_policy
4844 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4845 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4846 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4847 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4848 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4849 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
4850 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4851 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4852 				    .len = IEEE80211_MAX_DATA_LEN },
4853 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4854 };
4855 
4856 static int nl80211_parse_mesh_config(struct genl_info *info,
4857 				     struct mesh_config *cfg,
4858 				     u32 *mask_out)
4859 {
4860 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4861 	u32 mask = 0;
4862 
4863 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4864 do {									    \
4865 	if (tb[attr]) {							    \
4866 		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
4867 			return -EINVAL;					    \
4868 		cfg->param = fn(tb[attr]);				    \
4869 		mask |= (1 << (attr - 1));				    \
4870 	}								    \
4871 } while (0)
4872 
4873 
4874 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4875 		return -EINVAL;
4876 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4877 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
4878 			     nl80211_meshconf_params_policy))
4879 		return -EINVAL;
4880 
4881 	/* This makes sure that there aren't more than 32 mesh config
4882 	 * parameters (otherwise our bitfield scheme would not work.) */
4883 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4884 
4885 	/* Fill in the params struct */
4886 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4887 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4888 				  nla_get_u16);
4889 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4890 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4891 				  nla_get_u16);
4892 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4893 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4894 				  nla_get_u16);
4895 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4896 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4897 				  nla_get_u16);
4898 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4899 				  mask, NL80211_MESHCONF_MAX_RETRIES,
4900 				  nla_get_u8);
4901 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4902 				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
4903 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4904 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
4905 				  nla_get_u8);
4906 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4907 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4908 				  nla_get_u8);
4909 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4910 				  1, 255, mask,
4911 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4912 				  nla_get_u32);
4913 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4914 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4915 				  nla_get_u8);
4916 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4917 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4918 				  nla_get_u32);
4919 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4920 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4921 				  nla_get_u16);
4922 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4923 				  1, 65535, mask,
4924 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4925 				  nla_get_u32);
4926 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4927 				  1, 65535, mask,
4928 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4929 				  nla_get_u16);
4930 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4931 				  1, 65535, mask,
4932 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4933 				  nla_get_u16);
4934 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4935 				  dot11MeshHWMPnetDiameterTraversalTime,
4936 				  1, 65535, mask,
4937 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4938 				  nla_get_u16);
4939 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4940 				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4941 				  nla_get_u8);
4942 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4943 				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4944 				  nla_get_u16);
4945 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4946 				  dot11MeshGateAnnouncementProtocol, 0, 1,
4947 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4948 				  nla_get_u8);
4949 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4950 				  mask, NL80211_MESHCONF_FORWARDING,
4951 				  nla_get_u8);
4952 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
4953 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4954 				  nla_get_s32);
4955 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4956 				  mask, NL80211_MESHCONF_HT_OPMODE,
4957 				  nla_get_u16);
4958 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
4959 				  1, 65535, mask,
4960 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4961 				  nla_get_u32);
4962 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
4963 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4964 				  nla_get_u16);
4965 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4966 				  dot11MeshHWMPconfirmationInterval,
4967 				  1, 65535, mask,
4968 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4969 				  nla_get_u16);
4970 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
4971 				  NL80211_MESH_POWER_ACTIVE,
4972 				  NL80211_MESH_POWER_MAX,
4973 				  mask, NL80211_MESHCONF_POWER_MODE,
4974 				  nla_get_u32);
4975 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
4976 				  0, 65535, mask,
4977 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
4978 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
4979 				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
4980 				  nla_get_u32);
4981 	if (mask_out)
4982 		*mask_out = mask;
4983 
4984 	return 0;
4985 
4986 #undef FILL_IN_MESH_PARAM_IF_SET
4987 }
4988 
4989 static int nl80211_parse_mesh_setup(struct genl_info *info,
4990 				     struct mesh_setup *setup)
4991 {
4992 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4993 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
4994 
4995 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
4996 		return -EINVAL;
4997 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
4998 			     info->attrs[NL80211_ATTR_MESH_SETUP],
4999 			     nl80211_mesh_setup_params_policy))
5000 		return -EINVAL;
5001 
5002 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5003 		setup->sync_method =
5004 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5005 		 IEEE80211_SYNC_METHOD_VENDOR :
5006 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5007 
5008 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5009 		setup->path_sel_proto =
5010 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5011 		 IEEE80211_PATH_PROTOCOL_VENDOR :
5012 		 IEEE80211_PATH_PROTOCOL_HWMP;
5013 
5014 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5015 		setup->path_metric =
5016 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5017 		 IEEE80211_PATH_METRIC_VENDOR :
5018 		 IEEE80211_PATH_METRIC_AIRTIME;
5019 
5020 
5021 	if (tb[NL80211_MESH_SETUP_IE]) {
5022 		struct nlattr *ieattr =
5023 			tb[NL80211_MESH_SETUP_IE];
5024 		if (!is_valid_ie_attr(ieattr))
5025 			return -EINVAL;
5026 		setup->ie = nla_data(ieattr);
5027 		setup->ie_len = nla_len(ieattr);
5028 	}
5029 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5030 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5031 		return -EINVAL;
5032 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5033 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5034 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5035 	if (setup->is_secure)
5036 		setup->user_mpm = true;
5037 
5038 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5039 		if (!setup->user_mpm)
5040 			return -EINVAL;
5041 		setup->auth_id =
5042 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5043 	}
5044 
5045 	return 0;
5046 }
5047 
5048 static int nl80211_update_mesh_config(struct sk_buff *skb,
5049 				      struct genl_info *info)
5050 {
5051 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5052 	struct net_device *dev = info->user_ptr[1];
5053 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5054 	struct mesh_config cfg;
5055 	u32 mask;
5056 	int err;
5057 
5058 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5059 		return -EOPNOTSUPP;
5060 
5061 	if (!rdev->ops->update_mesh_config)
5062 		return -EOPNOTSUPP;
5063 
5064 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
5065 	if (err)
5066 		return err;
5067 
5068 	wdev_lock(wdev);
5069 	if (!wdev->mesh_id_len)
5070 		err = -ENOLINK;
5071 
5072 	if (!err)
5073 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5074 
5075 	wdev_unlock(wdev);
5076 
5077 	return err;
5078 }
5079 
5080 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
5081 {
5082 	const struct ieee80211_regdomain *regdom;
5083 	struct sk_buff *msg;
5084 	void *hdr = NULL;
5085 	struct nlattr *nl_reg_rules;
5086 	unsigned int i;
5087 
5088 	if (!cfg80211_regdomain)
5089 		return -EINVAL;
5090 
5091 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5092 	if (!msg)
5093 		return -ENOBUFS;
5094 
5095 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5096 			     NL80211_CMD_GET_REG);
5097 	if (!hdr)
5098 		goto put_failure;
5099 
5100 	if (reg_last_request_cell_base() &&
5101 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5102 			NL80211_USER_REG_HINT_CELL_BASE))
5103 		goto nla_put_failure;
5104 
5105 	rcu_read_lock();
5106 	regdom = rcu_dereference(cfg80211_regdomain);
5107 
5108 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5109 	    (regdom->dfs_region &&
5110 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5111 		goto nla_put_failure_rcu;
5112 
5113 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5114 	if (!nl_reg_rules)
5115 		goto nla_put_failure_rcu;
5116 
5117 	for (i = 0; i < regdom->n_reg_rules; i++) {
5118 		struct nlattr *nl_reg_rule;
5119 		const struct ieee80211_reg_rule *reg_rule;
5120 		const struct ieee80211_freq_range *freq_range;
5121 		const struct ieee80211_power_rule *power_rule;
5122 		unsigned int max_bandwidth_khz;
5123 
5124 		reg_rule = &regdom->reg_rules[i];
5125 		freq_range = &reg_rule->freq_range;
5126 		power_rule = &reg_rule->power_rule;
5127 
5128 		nl_reg_rule = nla_nest_start(msg, i);
5129 		if (!nl_reg_rule)
5130 			goto nla_put_failure_rcu;
5131 
5132 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
5133 		if (!max_bandwidth_khz)
5134 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5135 								  reg_rule);
5136 
5137 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5138 				reg_rule->flags) ||
5139 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5140 				freq_range->start_freq_khz) ||
5141 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5142 				freq_range->end_freq_khz) ||
5143 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5144 				max_bandwidth_khz) ||
5145 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5146 				power_rule->max_antenna_gain) ||
5147 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5148 				power_rule->max_eirp) ||
5149 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5150 				reg_rule->dfs_cac_ms))
5151 			goto nla_put_failure_rcu;
5152 
5153 		nla_nest_end(msg, nl_reg_rule);
5154 	}
5155 	rcu_read_unlock();
5156 
5157 	nla_nest_end(msg, nl_reg_rules);
5158 
5159 	genlmsg_end(msg, hdr);
5160 	return genlmsg_reply(msg, info);
5161 
5162 nla_put_failure_rcu:
5163 	rcu_read_unlock();
5164 nla_put_failure:
5165 	genlmsg_cancel(msg, hdr);
5166 put_failure:
5167 	nlmsg_free(msg);
5168 	return -EMSGSIZE;
5169 }
5170 
5171 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5172 {
5173 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5174 	struct nlattr *nl_reg_rule;
5175 	char *alpha2 = NULL;
5176 	int rem_reg_rules = 0, r = 0;
5177 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
5178 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5179 	struct ieee80211_regdomain *rd = NULL;
5180 
5181 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5182 		return -EINVAL;
5183 
5184 	if (!info->attrs[NL80211_ATTR_REG_RULES])
5185 		return -EINVAL;
5186 
5187 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5188 
5189 	if (info->attrs[NL80211_ATTR_DFS_REGION])
5190 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5191 
5192 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5193 			    rem_reg_rules) {
5194 		num_rules++;
5195 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5196 			return -EINVAL;
5197 	}
5198 
5199 	if (!reg_is_valid_request(alpha2))
5200 		return -EINVAL;
5201 
5202 	size_of_regd = sizeof(struct ieee80211_regdomain) +
5203 		       num_rules * sizeof(struct ieee80211_reg_rule);
5204 
5205 	rd = kzalloc(size_of_regd, GFP_KERNEL);
5206 	if (!rd)
5207 		return -ENOMEM;
5208 
5209 	rd->n_reg_rules = num_rules;
5210 	rd->alpha2[0] = alpha2[0];
5211 	rd->alpha2[1] = alpha2[1];
5212 
5213 	/*
5214 	 * Disable DFS master mode if the DFS region was
5215 	 * not supported or known on this kernel.
5216 	 */
5217 	if (reg_supported_dfs_region(dfs_region))
5218 		rd->dfs_region = dfs_region;
5219 
5220 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5221 			    rem_reg_rules) {
5222 		r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5223 			      nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5224 			      reg_rule_policy);
5225 		if (r)
5226 			goto bad_reg;
5227 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5228 		if (r)
5229 			goto bad_reg;
5230 
5231 		rule_idx++;
5232 
5233 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5234 			r = -EINVAL;
5235 			goto bad_reg;
5236 		}
5237 	}
5238 
5239 	r = set_regdom(rd);
5240 	/* set_regdom took ownership */
5241 	rd = NULL;
5242 
5243  bad_reg:
5244 	kfree(rd);
5245 	return r;
5246 }
5247 
5248 static int validate_scan_freqs(struct nlattr *freqs)
5249 {
5250 	struct nlattr *attr1, *attr2;
5251 	int n_channels = 0, tmp1, tmp2;
5252 
5253 	nla_for_each_nested(attr1, freqs, tmp1) {
5254 		n_channels++;
5255 		/*
5256 		 * Some hardware has a limited channel list for
5257 		 * scanning, and it is pretty much nonsensical
5258 		 * to scan for a channel twice, so disallow that
5259 		 * and don't require drivers to check that the
5260 		 * channel list they get isn't longer than what
5261 		 * they can scan, as long as they can scan all
5262 		 * the channels they registered at once.
5263 		 */
5264 		nla_for_each_nested(attr2, freqs, tmp2)
5265 			if (attr1 != attr2 &&
5266 			    nla_get_u32(attr1) == nla_get_u32(attr2))
5267 				return 0;
5268 	}
5269 
5270 	return n_channels;
5271 }
5272 
5273 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5274 {
5275 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5276 	struct wireless_dev *wdev = info->user_ptr[1];
5277 	struct cfg80211_scan_request *request;
5278 	struct nlattr *attr;
5279 	struct wiphy *wiphy;
5280 	int err, tmp, n_ssids = 0, n_channels, i;
5281 	size_t ie_len;
5282 
5283 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5284 		return -EINVAL;
5285 
5286 	wiphy = &rdev->wiphy;
5287 
5288 	if (!rdev->ops->scan)
5289 		return -EOPNOTSUPP;
5290 
5291 	if (rdev->scan_req || rdev->scan_msg) {
5292 		err = -EBUSY;
5293 		goto unlock;
5294 	}
5295 
5296 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5297 		n_channels = validate_scan_freqs(
5298 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5299 		if (!n_channels) {
5300 			err = -EINVAL;
5301 			goto unlock;
5302 		}
5303 	} else {
5304 		n_channels = ieee80211_get_num_supported_channels(wiphy);
5305 	}
5306 
5307 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5308 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5309 			n_ssids++;
5310 
5311 	if (n_ssids > wiphy->max_scan_ssids) {
5312 		err = -EINVAL;
5313 		goto unlock;
5314 	}
5315 
5316 	if (info->attrs[NL80211_ATTR_IE])
5317 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5318 	else
5319 		ie_len = 0;
5320 
5321 	if (ie_len > wiphy->max_scan_ie_len) {
5322 		err = -EINVAL;
5323 		goto unlock;
5324 	}
5325 
5326 	request = kzalloc(sizeof(*request)
5327 			+ sizeof(*request->ssids) * n_ssids
5328 			+ sizeof(*request->channels) * n_channels
5329 			+ ie_len, GFP_KERNEL);
5330 	if (!request) {
5331 		err = -ENOMEM;
5332 		goto unlock;
5333 	}
5334 
5335 	if (n_ssids)
5336 		request->ssids = (void *)&request->channels[n_channels];
5337 	request->n_ssids = n_ssids;
5338 	if (ie_len) {
5339 		if (request->ssids)
5340 			request->ie = (void *)(request->ssids + n_ssids);
5341 		else
5342 			request->ie = (void *)(request->channels + n_channels);
5343 	}
5344 
5345 	i = 0;
5346 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5347 		/* user specified, bail out if channel not found */
5348 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5349 			struct ieee80211_channel *chan;
5350 
5351 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5352 
5353 			if (!chan) {
5354 				err = -EINVAL;
5355 				goto out_free;
5356 			}
5357 
5358 			/* ignore disabled channels */
5359 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5360 				continue;
5361 
5362 			request->channels[i] = chan;
5363 			i++;
5364 		}
5365 	} else {
5366 		enum ieee80211_band band;
5367 
5368 		/* all channels */
5369 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5370 			int j;
5371 			if (!wiphy->bands[band])
5372 				continue;
5373 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5374 				struct ieee80211_channel *chan;
5375 
5376 				chan = &wiphy->bands[band]->channels[j];
5377 
5378 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5379 					continue;
5380 
5381 				request->channels[i] = chan;
5382 				i++;
5383 			}
5384 		}
5385 	}
5386 
5387 	if (!i) {
5388 		err = -EINVAL;
5389 		goto out_free;
5390 	}
5391 
5392 	request->n_channels = i;
5393 
5394 	i = 0;
5395 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5396 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5397 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5398 				err = -EINVAL;
5399 				goto out_free;
5400 			}
5401 			request->ssids[i].ssid_len = nla_len(attr);
5402 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5403 			i++;
5404 		}
5405 	}
5406 
5407 	if (info->attrs[NL80211_ATTR_IE]) {
5408 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5409 		memcpy((void *)request->ie,
5410 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5411 		       request->ie_len);
5412 	}
5413 
5414 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5415 		if (wiphy->bands[i])
5416 			request->rates[i] =
5417 				(1 << wiphy->bands[i]->n_bitrates) - 1;
5418 
5419 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5420 		nla_for_each_nested(attr,
5421 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5422 				    tmp) {
5423 			enum ieee80211_band band = nla_type(attr);
5424 
5425 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5426 				err = -EINVAL;
5427 				goto out_free;
5428 			}
5429 
5430 			if (!wiphy->bands[band])
5431 				continue;
5432 
5433 			err = ieee80211_get_ratemask(wiphy->bands[band],
5434 						     nla_data(attr),
5435 						     nla_len(attr),
5436 						     &request->rates[band]);
5437 			if (err)
5438 				goto out_free;
5439 		}
5440 	}
5441 
5442 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5443 		request->flags = nla_get_u32(
5444 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5445 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5446 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5447 			err = -EOPNOTSUPP;
5448 			goto out_free;
5449 		}
5450 	}
5451 
5452 	request->no_cck =
5453 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5454 
5455 	request->wdev = wdev;
5456 	request->wiphy = &rdev->wiphy;
5457 	request->scan_start = jiffies;
5458 
5459 	rdev->scan_req = request;
5460 	err = rdev_scan(rdev, request);
5461 
5462 	if (!err) {
5463 		nl80211_send_scan_start(rdev, wdev);
5464 		if (wdev->netdev)
5465 			dev_hold(wdev->netdev);
5466 	} else {
5467  out_free:
5468 		rdev->scan_req = NULL;
5469 		kfree(request);
5470 	}
5471 
5472  unlock:
5473 	return err;
5474 }
5475 
5476 static int nl80211_start_sched_scan(struct sk_buff *skb,
5477 				    struct genl_info *info)
5478 {
5479 	struct cfg80211_sched_scan_request *request;
5480 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5481 	struct net_device *dev = info->user_ptr[1];
5482 	struct nlattr *attr;
5483 	struct wiphy *wiphy;
5484 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5485 	u32 interval;
5486 	enum ieee80211_band band;
5487 	size_t ie_len;
5488 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5489 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
5490 
5491 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5492 	    !rdev->ops->sched_scan_start)
5493 		return -EOPNOTSUPP;
5494 
5495 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5496 		return -EINVAL;
5497 
5498 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5499 		return -EINVAL;
5500 
5501 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5502 	if (interval == 0)
5503 		return -EINVAL;
5504 
5505 	wiphy = &rdev->wiphy;
5506 
5507 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5508 		n_channels = validate_scan_freqs(
5509 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5510 		if (!n_channels)
5511 			return -EINVAL;
5512 	} else {
5513 		n_channels = ieee80211_get_num_supported_channels(wiphy);
5514 	}
5515 
5516 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5517 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5518 				    tmp)
5519 			n_ssids++;
5520 
5521 	if (n_ssids > wiphy->max_sched_scan_ssids)
5522 		return -EINVAL;
5523 
5524 	/*
5525 	 * First, count the number of 'real' matchsets. Due to an issue with
5526 	 * the old implementation, matchsets containing only the RSSI attribute
5527 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
5528 	 * RSSI for all matchsets, rather than their own matchset for reporting
5529 	 * all APs with a strong RSSI. This is needed to be compatible with
5530 	 * older userspace that treated a matchset with only the RSSI as the
5531 	 * global RSSI for all other matchsets - if there are other matchsets.
5532 	 */
5533 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5534 		nla_for_each_nested(attr,
5535 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5536 				    tmp) {
5537 			struct nlattr *rssi;
5538 
5539 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5540 					nla_data(attr), nla_len(attr),
5541 					nl80211_match_policy);
5542 			if (err)
5543 				return err;
5544 			/* add other standalone attributes here */
5545 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
5546 				n_match_sets++;
5547 				continue;
5548 			}
5549 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5550 			if (rssi)
5551 				default_match_rssi = nla_get_s32(rssi);
5552 		}
5553 	}
5554 
5555 	/* However, if there's no other matchset, add the RSSI one */
5556 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
5557 		n_match_sets = 1;
5558 
5559 	if (n_match_sets > wiphy->max_match_sets)
5560 		return -EINVAL;
5561 
5562 	if (info->attrs[NL80211_ATTR_IE])
5563 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5564 	else
5565 		ie_len = 0;
5566 
5567 	if (ie_len > wiphy->max_sched_scan_ie_len)
5568 		return -EINVAL;
5569 
5570 	if (rdev->sched_scan_req) {
5571 		err = -EINPROGRESS;
5572 		goto out;
5573 	}
5574 
5575 	request = kzalloc(sizeof(*request)
5576 			+ sizeof(*request->ssids) * n_ssids
5577 			+ sizeof(*request->match_sets) * n_match_sets
5578 			+ sizeof(*request->channels) * n_channels
5579 			+ ie_len, GFP_KERNEL);
5580 	if (!request) {
5581 		err = -ENOMEM;
5582 		goto out;
5583 	}
5584 
5585 	if (n_ssids)
5586 		request->ssids = (void *)&request->channels[n_channels];
5587 	request->n_ssids = n_ssids;
5588 	if (ie_len) {
5589 		if (request->ssids)
5590 			request->ie = (void *)(request->ssids + n_ssids);
5591 		else
5592 			request->ie = (void *)(request->channels + n_channels);
5593 	}
5594 
5595 	if (n_match_sets) {
5596 		if (request->ie)
5597 			request->match_sets = (void *)(request->ie + ie_len);
5598 		else if (request->ssids)
5599 			request->match_sets =
5600 				(void *)(request->ssids + n_ssids);
5601 		else
5602 			request->match_sets =
5603 				(void *)(request->channels + n_channels);
5604 	}
5605 	request->n_match_sets = n_match_sets;
5606 
5607 	i = 0;
5608 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5609 		/* user specified, bail out if channel not found */
5610 		nla_for_each_nested(attr,
5611 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5612 				    tmp) {
5613 			struct ieee80211_channel *chan;
5614 
5615 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5616 
5617 			if (!chan) {
5618 				err = -EINVAL;
5619 				goto out_free;
5620 			}
5621 
5622 			/* ignore disabled channels */
5623 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5624 				continue;
5625 
5626 			request->channels[i] = chan;
5627 			i++;
5628 		}
5629 	} else {
5630 		/* all channels */
5631 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5632 			int j;
5633 			if (!wiphy->bands[band])
5634 				continue;
5635 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5636 				struct ieee80211_channel *chan;
5637 
5638 				chan = &wiphy->bands[band]->channels[j];
5639 
5640 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5641 					continue;
5642 
5643 				request->channels[i] = chan;
5644 				i++;
5645 			}
5646 		}
5647 	}
5648 
5649 	if (!i) {
5650 		err = -EINVAL;
5651 		goto out_free;
5652 	}
5653 
5654 	request->n_channels = i;
5655 
5656 	i = 0;
5657 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5658 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5659 				    tmp) {
5660 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5661 				err = -EINVAL;
5662 				goto out_free;
5663 			}
5664 			request->ssids[i].ssid_len = nla_len(attr);
5665 			memcpy(request->ssids[i].ssid, nla_data(attr),
5666 			       nla_len(attr));
5667 			i++;
5668 		}
5669 	}
5670 
5671 	i = 0;
5672 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5673 		nla_for_each_nested(attr,
5674 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5675 				    tmp) {
5676 			struct nlattr *ssid, *rssi;
5677 
5678 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5679 					nla_data(attr), nla_len(attr),
5680 					nl80211_match_policy);
5681 			if (err)
5682 				goto out_free;
5683 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5684 			if (ssid) {
5685 				if (WARN_ON(i >= n_match_sets)) {
5686 					/* this indicates a programming error,
5687 					 * the loop above should have verified
5688 					 * things properly
5689 					 */
5690 					err = -EINVAL;
5691 					goto out_free;
5692 				}
5693 
5694 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5695 					err = -EINVAL;
5696 					goto out_free;
5697 				}
5698 				memcpy(request->match_sets[i].ssid.ssid,
5699 				       nla_data(ssid), nla_len(ssid));
5700 				request->match_sets[i].ssid.ssid_len =
5701 					nla_len(ssid);
5702 				/* special attribute - old implemenation w/a */
5703 				request->match_sets[i].rssi_thold =
5704 					default_match_rssi;
5705 				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5706 				if (rssi)
5707 					request->match_sets[i].rssi_thold =
5708 						nla_get_s32(rssi);
5709 			}
5710 			i++;
5711 		}
5712 
5713 		/* there was no other matchset, so the RSSI one is alone */
5714 		if (i == 0)
5715 			request->match_sets[0].rssi_thold = default_match_rssi;
5716 
5717 		request->min_rssi_thold = INT_MAX;
5718 		for (i = 0; i < n_match_sets; i++)
5719 			request->min_rssi_thold =
5720 				min(request->match_sets[i].rssi_thold,
5721 				    request->min_rssi_thold);
5722 	} else {
5723 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
5724 	}
5725 
5726 	if (ie_len) {
5727 		request->ie_len = ie_len;
5728 		memcpy((void *)request->ie,
5729 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5730 		       request->ie_len);
5731 	}
5732 
5733 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5734 		request->flags = nla_get_u32(
5735 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5736 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5737 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5738 			err = -EOPNOTSUPP;
5739 			goto out_free;
5740 		}
5741 	}
5742 
5743 	request->dev = dev;
5744 	request->wiphy = &rdev->wiphy;
5745 	request->interval = interval;
5746 	request->scan_start = jiffies;
5747 
5748 	err = rdev_sched_scan_start(rdev, dev, request);
5749 	if (!err) {
5750 		rdev->sched_scan_req = request;
5751 		nl80211_send_sched_scan(rdev, dev,
5752 					NL80211_CMD_START_SCHED_SCAN);
5753 		goto out;
5754 	}
5755 
5756 out_free:
5757 	kfree(request);
5758 out:
5759 	return err;
5760 }
5761 
5762 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5763 				   struct genl_info *info)
5764 {
5765 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5766 
5767 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5768 	    !rdev->ops->sched_scan_stop)
5769 		return -EOPNOTSUPP;
5770 
5771 	return __cfg80211_stop_sched_scan(rdev, false);
5772 }
5773 
5774 static int nl80211_start_radar_detection(struct sk_buff *skb,
5775 					 struct genl_info *info)
5776 {
5777 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5778 	struct net_device *dev = info->user_ptr[1];
5779 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5780 	struct cfg80211_chan_def chandef;
5781 	enum nl80211_dfs_regions dfs_region;
5782 	unsigned int cac_time_ms;
5783 	int err;
5784 
5785 	dfs_region = reg_get_dfs_region(wdev->wiphy);
5786 	if (dfs_region == NL80211_DFS_UNSET)
5787 		return -EINVAL;
5788 
5789 	err = nl80211_parse_chandef(rdev, info, &chandef);
5790 	if (err)
5791 		return err;
5792 
5793 	if (netif_carrier_ok(dev))
5794 		return -EBUSY;
5795 
5796 	if (wdev->cac_started)
5797 		return -EBUSY;
5798 
5799 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef);
5800 	if (err < 0)
5801 		return err;
5802 
5803 	if (err == 0)
5804 		return -EINVAL;
5805 
5806 	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
5807 		return -EINVAL;
5808 
5809 	if (!rdev->ops->start_radar_detection)
5810 		return -EOPNOTSUPP;
5811 
5812 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5813 					   chandef.chan, CHAN_MODE_SHARED,
5814 					   BIT(chandef.width));
5815 	if (err)
5816 		return err;
5817 
5818 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
5819 	if (WARN_ON(!cac_time_ms))
5820 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
5821 
5822 	err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef,
5823 					       cac_time_ms);
5824 	if (!err) {
5825 		wdev->chandef = chandef;
5826 		wdev->cac_started = true;
5827 		wdev->cac_start_time = jiffies;
5828 		wdev->cac_time_ms = cac_time_ms;
5829 	}
5830 	return err;
5831 }
5832 
5833 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
5834 {
5835 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5836 	struct net_device *dev = info->user_ptr[1];
5837 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5838 	struct cfg80211_csa_settings params;
5839 	/* csa_attrs is defined static to avoid waste of stack size - this
5840 	 * function is called under RTNL lock, so this should not be a problem.
5841 	 */
5842 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
5843 	u8 radar_detect_width = 0;
5844 	int err;
5845 	bool need_new_beacon = false;
5846 
5847 	if (!rdev->ops->channel_switch ||
5848 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
5849 		return -EOPNOTSUPP;
5850 
5851 	switch (dev->ieee80211_ptr->iftype) {
5852 	case NL80211_IFTYPE_AP:
5853 	case NL80211_IFTYPE_P2P_GO:
5854 		need_new_beacon = true;
5855 
5856 		/* useless if AP is not running */
5857 		if (!wdev->beacon_interval)
5858 			return -ENOTCONN;
5859 		break;
5860 	case NL80211_IFTYPE_ADHOC:
5861 		if (!wdev->ssid_len)
5862 			return -ENOTCONN;
5863 		break;
5864 	case NL80211_IFTYPE_MESH_POINT:
5865 		if (!wdev->mesh_id_len)
5866 			return -ENOTCONN;
5867 		break;
5868 	default:
5869 		return -EOPNOTSUPP;
5870 	}
5871 
5872 	memset(&params, 0, sizeof(params));
5873 
5874 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5875 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
5876 		return -EINVAL;
5877 
5878 	/* only important for AP, IBSS and mesh create IEs internally */
5879 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
5880 		return -EINVAL;
5881 
5882 	params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
5883 
5884 	if (!need_new_beacon)
5885 		goto skip_beacons;
5886 
5887 	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
5888 	if (err)
5889 		return err;
5890 
5891 	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
5892 			       info->attrs[NL80211_ATTR_CSA_IES],
5893 			       nl80211_policy);
5894 	if (err)
5895 		return err;
5896 
5897 	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
5898 	if (err)
5899 		return err;
5900 
5901 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
5902 		return -EINVAL;
5903 
5904 	params.counter_offset_beacon =
5905 		nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5906 	if (params.counter_offset_beacon >= params.beacon_csa.tail_len)
5907 		return -EINVAL;
5908 
5909 	/* sanity check - counters should be the same */
5910 	if (params.beacon_csa.tail[params.counter_offset_beacon] !=
5911 	    params.count)
5912 		return -EINVAL;
5913 
5914 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
5915 		params.counter_offset_presp =
5916 			nla_get_u16(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
5917 		if (params.counter_offset_presp >=
5918 		    params.beacon_csa.probe_resp_len)
5919 			return -EINVAL;
5920 
5921 		if (params.beacon_csa.probe_resp[params.counter_offset_presp] !=
5922 		    params.count)
5923 			return -EINVAL;
5924 	}
5925 
5926 skip_beacons:
5927 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
5928 	if (err)
5929 		return err;
5930 
5931 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef))
5932 		return -EINVAL;
5933 
5934 	switch (dev->ieee80211_ptr->iftype) {
5935 	case NL80211_IFTYPE_AP:
5936 	case NL80211_IFTYPE_P2P_GO:
5937 	case NL80211_IFTYPE_ADHOC:
5938 	case NL80211_IFTYPE_MESH_POINT:
5939 		err = cfg80211_chandef_dfs_required(wdev->wiphy,
5940 						    &params.chandef);
5941 		if (err < 0)
5942 			return err;
5943 		if (err) {
5944 			radar_detect_width = BIT(params.chandef.width);
5945 			params.radar_required = true;
5946 		}
5947 		break;
5948 	default:
5949 		break;
5950 	}
5951 
5952 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
5953 					   params.chandef.chan,
5954 					   CHAN_MODE_SHARED,
5955 					   radar_detect_width);
5956 	if (err)
5957 		return err;
5958 
5959 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
5960 		params.block_tx = true;
5961 
5962 	wdev_lock(wdev);
5963 	err = rdev_channel_switch(rdev, dev, &params);
5964 	wdev_unlock(wdev);
5965 
5966 	return err;
5967 }
5968 
5969 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5970 			    u32 seq, int flags,
5971 			    struct cfg80211_registered_device *rdev,
5972 			    struct wireless_dev *wdev,
5973 			    struct cfg80211_internal_bss *intbss)
5974 {
5975 	struct cfg80211_bss *res = &intbss->pub;
5976 	const struct cfg80211_bss_ies *ies;
5977 	void *hdr;
5978 	struct nlattr *bss;
5979 	bool tsf = false;
5980 
5981 	ASSERT_WDEV_LOCK(wdev);
5982 
5983 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5984 			     NL80211_CMD_NEW_SCAN_RESULTS);
5985 	if (!hdr)
5986 		return -1;
5987 
5988 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5989 
5990 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
5991 		goto nla_put_failure;
5992 	if (wdev->netdev &&
5993 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5994 		goto nla_put_failure;
5995 	if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
5996 		goto nla_put_failure;
5997 
5998 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5999 	if (!bss)
6000 		goto nla_put_failure;
6001 	if ((!is_zero_ether_addr(res->bssid) &&
6002 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6003 		goto nla_put_failure;
6004 
6005 	rcu_read_lock();
6006 	ies = rcu_dereference(res->ies);
6007 	if (ies) {
6008 		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6009 			goto fail_unlock_rcu;
6010 		tsf = true;
6011 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
6012 					ies->len, ies->data))
6013 			goto fail_unlock_rcu;
6014 	}
6015 	ies = rcu_dereference(res->beacon_ies);
6016 	if (ies) {
6017 		if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6018 			goto fail_unlock_rcu;
6019 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
6020 					ies->len, ies->data))
6021 			goto fail_unlock_rcu;
6022 	}
6023 	rcu_read_unlock();
6024 
6025 	if (res->beacon_interval &&
6026 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
6027 		goto nla_put_failure;
6028 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
6029 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6030 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6031 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6032 			jiffies_to_msecs(jiffies - intbss->ts)))
6033 		goto nla_put_failure;
6034 
6035 	switch (rdev->wiphy.signal_type) {
6036 	case CFG80211_SIGNAL_TYPE_MBM:
6037 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6038 			goto nla_put_failure;
6039 		break;
6040 	case CFG80211_SIGNAL_TYPE_UNSPEC:
6041 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6042 			goto nla_put_failure;
6043 		break;
6044 	default:
6045 		break;
6046 	}
6047 
6048 	switch (wdev->iftype) {
6049 	case NL80211_IFTYPE_P2P_CLIENT:
6050 	case NL80211_IFTYPE_STATION:
6051 		if (intbss == wdev->current_bss &&
6052 		    nla_put_u32(msg, NL80211_BSS_STATUS,
6053 				NL80211_BSS_STATUS_ASSOCIATED))
6054 			goto nla_put_failure;
6055 		break;
6056 	case NL80211_IFTYPE_ADHOC:
6057 		if (intbss == wdev->current_bss &&
6058 		    nla_put_u32(msg, NL80211_BSS_STATUS,
6059 				NL80211_BSS_STATUS_IBSS_JOINED))
6060 			goto nla_put_failure;
6061 		break;
6062 	default:
6063 		break;
6064 	}
6065 
6066 	nla_nest_end(msg, bss);
6067 
6068 	return genlmsg_end(msg, hdr);
6069 
6070  fail_unlock_rcu:
6071 	rcu_read_unlock();
6072  nla_put_failure:
6073 	genlmsg_cancel(msg, hdr);
6074 	return -EMSGSIZE;
6075 }
6076 
6077 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6078 {
6079 	struct cfg80211_registered_device *rdev;
6080 	struct cfg80211_internal_bss *scan;
6081 	struct wireless_dev *wdev;
6082 	int start = cb->args[2], idx = 0;
6083 	int err;
6084 
6085 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6086 	if (err)
6087 		return err;
6088 
6089 	wdev_lock(wdev);
6090 	spin_lock_bh(&rdev->bss_lock);
6091 	cfg80211_bss_expire(rdev);
6092 
6093 	cb->seq = rdev->bss_generation;
6094 
6095 	list_for_each_entry(scan, &rdev->bss_list, list) {
6096 		if (++idx <= start)
6097 			continue;
6098 		if (nl80211_send_bss(skb, cb,
6099 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6100 				rdev, wdev, scan) < 0) {
6101 			idx--;
6102 			break;
6103 		}
6104 	}
6105 
6106 	spin_unlock_bh(&rdev->bss_lock);
6107 	wdev_unlock(wdev);
6108 
6109 	cb->args[2] = idx;
6110 	nl80211_finish_wdev_dump(rdev);
6111 
6112 	return skb->len;
6113 }
6114 
6115 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6116 				int flags, struct net_device *dev,
6117 				struct survey_info *survey)
6118 {
6119 	void *hdr;
6120 	struct nlattr *infoattr;
6121 
6122 	hdr = nl80211hdr_put(msg, portid, seq, flags,
6123 			     NL80211_CMD_NEW_SURVEY_RESULTS);
6124 	if (!hdr)
6125 		return -ENOMEM;
6126 
6127 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6128 		goto nla_put_failure;
6129 
6130 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6131 	if (!infoattr)
6132 		goto nla_put_failure;
6133 
6134 	if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6135 			survey->channel->center_freq))
6136 		goto nla_put_failure;
6137 
6138 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6139 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6140 		goto nla_put_failure;
6141 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
6142 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6143 		goto nla_put_failure;
6144 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
6145 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
6146 			survey->channel_time))
6147 		goto nla_put_failure;
6148 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
6149 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
6150 			survey->channel_time_busy))
6151 		goto nla_put_failure;
6152 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
6153 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
6154 			survey->channel_time_ext_busy))
6155 		goto nla_put_failure;
6156 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
6157 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
6158 			survey->channel_time_rx))
6159 		goto nla_put_failure;
6160 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
6161 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
6162 			survey->channel_time_tx))
6163 		goto nla_put_failure;
6164 
6165 	nla_nest_end(msg, infoattr);
6166 
6167 	return genlmsg_end(msg, hdr);
6168 
6169  nla_put_failure:
6170 	genlmsg_cancel(msg, hdr);
6171 	return -EMSGSIZE;
6172 }
6173 
6174 static int nl80211_dump_survey(struct sk_buff *skb,
6175 			struct netlink_callback *cb)
6176 {
6177 	struct survey_info survey;
6178 	struct cfg80211_registered_device *dev;
6179 	struct wireless_dev *wdev;
6180 	int survey_idx = cb->args[2];
6181 	int res;
6182 
6183 	res = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
6184 	if (res)
6185 		return res;
6186 
6187 	if (!wdev->netdev) {
6188 		res = -EINVAL;
6189 		goto out_err;
6190 	}
6191 
6192 	if (!dev->ops->dump_survey) {
6193 		res = -EOPNOTSUPP;
6194 		goto out_err;
6195 	}
6196 
6197 	while (1) {
6198 		struct ieee80211_channel *chan;
6199 
6200 		res = rdev_dump_survey(dev, wdev->netdev, survey_idx, &survey);
6201 		if (res == -ENOENT)
6202 			break;
6203 		if (res)
6204 			goto out_err;
6205 
6206 		/* Survey without a channel doesn't make sense */
6207 		if (!survey.channel) {
6208 			res = -EINVAL;
6209 			goto out;
6210 		}
6211 
6212 		chan = ieee80211_get_channel(&dev->wiphy,
6213 					     survey.channel->center_freq);
6214 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
6215 			survey_idx++;
6216 			continue;
6217 		}
6218 
6219 		if (nl80211_send_survey(skb,
6220 				NETLINK_CB(cb->skb).portid,
6221 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6222 				wdev->netdev, &survey) < 0)
6223 			goto out;
6224 		survey_idx++;
6225 	}
6226 
6227  out:
6228 	cb->args[2] = survey_idx;
6229 	res = skb->len;
6230  out_err:
6231 	nl80211_finish_wdev_dump(dev);
6232 	return res;
6233 }
6234 
6235 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6236 {
6237 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6238 				  NL80211_WPA_VERSION_2));
6239 }
6240 
6241 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6242 {
6243 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6244 	struct net_device *dev = info->user_ptr[1];
6245 	struct ieee80211_channel *chan;
6246 	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6247 	int err, ssid_len, ie_len = 0, sae_data_len = 0;
6248 	enum nl80211_auth_type auth_type;
6249 	struct key_parse key;
6250 	bool local_state_change;
6251 
6252 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6253 		return -EINVAL;
6254 
6255 	if (!info->attrs[NL80211_ATTR_MAC])
6256 		return -EINVAL;
6257 
6258 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6259 		return -EINVAL;
6260 
6261 	if (!info->attrs[NL80211_ATTR_SSID])
6262 		return -EINVAL;
6263 
6264 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6265 		return -EINVAL;
6266 
6267 	err = nl80211_parse_key(info, &key);
6268 	if (err)
6269 		return err;
6270 
6271 	if (key.idx >= 0) {
6272 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
6273 			return -EINVAL;
6274 		if (!key.p.key || !key.p.key_len)
6275 			return -EINVAL;
6276 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
6277 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
6278 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
6279 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
6280 			return -EINVAL;
6281 		if (key.idx > 4)
6282 			return -EINVAL;
6283 	} else {
6284 		key.p.key_len = 0;
6285 		key.p.key = NULL;
6286 	}
6287 
6288 	if (key.idx >= 0) {
6289 		int i;
6290 		bool ok = false;
6291 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
6292 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
6293 				ok = true;
6294 				break;
6295 			}
6296 		}
6297 		if (!ok)
6298 			return -EINVAL;
6299 	}
6300 
6301 	if (!rdev->ops->auth)
6302 		return -EOPNOTSUPP;
6303 
6304 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6305 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6306 		return -EOPNOTSUPP;
6307 
6308 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6309 	chan = nl80211_get_valid_chan(&rdev->wiphy,
6310 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6311 	if (!chan)
6312 		return -EINVAL;
6313 
6314 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6315 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6316 
6317 	if (info->attrs[NL80211_ATTR_IE]) {
6318 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6319 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6320 	}
6321 
6322 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6323 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6324 		return -EINVAL;
6325 
6326 	if (auth_type == NL80211_AUTHTYPE_SAE &&
6327 	    !info->attrs[NL80211_ATTR_SAE_DATA])
6328 		return -EINVAL;
6329 
6330 	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
6331 		if (auth_type != NL80211_AUTHTYPE_SAE)
6332 			return -EINVAL;
6333 		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
6334 		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
6335 		/* need to include at least Auth Transaction and Status Code */
6336 		if (sae_data_len < 4)
6337 			return -EINVAL;
6338 	}
6339 
6340 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6341 
6342 	/*
6343 	 * Since we no longer track auth state, ignore
6344 	 * requests to only change local state.
6345 	 */
6346 	if (local_state_change)
6347 		return 0;
6348 
6349 	wdev_lock(dev->ieee80211_ptr);
6350 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
6351 				 ssid, ssid_len, ie, ie_len,
6352 				 key.p.key, key.p.key_len, key.idx,
6353 				 sae_data, sae_data_len);
6354 	wdev_unlock(dev->ieee80211_ptr);
6355 	return err;
6356 }
6357 
6358 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
6359 				   struct genl_info *info,
6360 				   struct cfg80211_crypto_settings *settings,
6361 				   int cipher_limit)
6362 {
6363 	memset(settings, 0, sizeof(*settings));
6364 
6365 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
6366 
6367 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
6368 		u16 proto;
6369 		proto = nla_get_u16(
6370 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
6371 		settings->control_port_ethertype = cpu_to_be16(proto);
6372 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
6373 		    proto != ETH_P_PAE)
6374 			return -EINVAL;
6375 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
6376 			settings->control_port_no_encrypt = true;
6377 	} else
6378 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
6379 
6380 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
6381 		void *data;
6382 		int len, i;
6383 
6384 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6385 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6386 		settings->n_ciphers_pairwise = len / sizeof(u32);
6387 
6388 		if (len % sizeof(u32))
6389 			return -EINVAL;
6390 
6391 		if (settings->n_ciphers_pairwise > cipher_limit)
6392 			return -EINVAL;
6393 
6394 		memcpy(settings->ciphers_pairwise, data, len);
6395 
6396 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
6397 			if (!cfg80211_supported_cipher_suite(
6398 					&rdev->wiphy,
6399 					settings->ciphers_pairwise[i]))
6400 				return -EINVAL;
6401 	}
6402 
6403 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6404 		settings->cipher_group =
6405 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6406 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6407 						     settings->cipher_group))
6408 			return -EINVAL;
6409 	}
6410 
6411 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6412 		settings->wpa_versions =
6413 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6414 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6415 			return -EINVAL;
6416 	}
6417 
6418 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6419 		void *data;
6420 		int len;
6421 
6422 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6423 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6424 		settings->n_akm_suites = len / sizeof(u32);
6425 
6426 		if (len % sizeof(u32))
6427 			return -EINVAL;
6428 
6429 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6430 			return -EINVAL;
6431 
6432 		memcpy(settings->akm_suites, data, len);
6433 	}
6434 
6435 	return 0;
6436 }
6437 
6438 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
6439 {
6440 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6441 	struct net_device *dev = info->user_ptr[1];
6442 	struct ieee80211_channel *chan;
6443 	struct cfg80211_assoc_request req = {};
6444 	const u8 *bssid, *ssid;
6445 	int err, ssid_len = 0;
6446 
6447 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6448 		return -EINVAL;
6449 
6450 	if (!info->attrs[NL80211_ATTR_MAC] ||
6451 	    !info->attrs[NL80211_ATTR_SSID] ||
6452 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6453 		return -EINVAL;
6454 
6455 	if (!rdev->ops->assoc)
6456 		return -EOPNOTSUPP;
6457 
6458 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6459 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6460 		return -EOPNOTSUPP;
6461 
6462 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6463 
6464 	chan = nl80211_get_valid_chan(&rdev->wiphy,
6465 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6466 	if (!chan)
6467 		return -EINVAL;
6468 
6469 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6470 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6471 
6472 	if (info->attrs[NL80211_ATTR_IE]) {
6473 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6474 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6475 	}
6476 
6477 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
6478 		enum nl80211_mfp mfp =
6479 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6480 		if (mfp == NL80211_MFP_REQUIRED)
6481 			req.use_mfp = true;
6482 		else if (mfp != NL80211_MFP_NO)
6483 			return -EINVAL;
6484 	}
6485 
6486 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
6487 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6488 
6489 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6490 		req.flags |= ASSOC_REQ_DISABLE_HT;
6491 
6492 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6493 		memcpy(&req.ht_capa_mask,
6494 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6495 		       sizeof(req.ht_capa_mask));
6496 
6497 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6498 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6499 			return -EINVAL;
6500 		memcpy(&req.ht_capa,
6501 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6502 		       sizeof(req.ht_capa));
6503 	}
6504 
6505 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6506 		req.flags |= ASSOC_REQ_DISABLE_VHT;
6507 
6508 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6509 		memcpy(&req.vht_capa_mask,
6510 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6511 		       sizeof(req.vht_capa_mask));
6512 
6513 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6514 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6515 			return -EINVAL;
6516 		memcpy(&req.vht_capa,
6517 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6518 		       sizeof(req.vht_capa));
6519 	}
6520 
6521 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6522 	if (!err) {
6523 		wdev_lock(dev->ieee80211_ptr);
6524 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
6525 					  ssid, ssid_len, &req);
6526 		wdev_unlock(dev->ieee80211_ptr);
6527 	}
6528 
6529 	return err;
6530 }
6531 
6532 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
6533 {
6534 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6535 	struct net_device *dev = info->user_ptr[1];
6536 	const u8 *ie = NULL, *bssid;
6537 	int ie_len = 0, err;
6538 	u16 reason_code;
6539 	bool local_state_change;
6540 
6541 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6542 		return -EINVAL;
6543 
6544 	if (!info->attrs[NL80211_ATTR_MAC])
6545 		return -EINVAL;
6546 
6547 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6548 		return -EINVAL;
6549 
6550 	if (!rdev->ops->deauth)
6551 		return -EOPNOTSUPP;
6552 
6553 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6554 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6555 		return -EOPNOTSUPP;
6556 
6557 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6558 
6559 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6560 	if (reason_code == 0) {
6561 		/* Reason Code 0 is reserved */
6562 		return -EINVAL;
6563 	}
6564 
6565 	if (info->attrs[NL80211_ATTR_IE]) {
6566 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6567 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6568 	}
6569 
6570 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6571 
6572 	wdev_lock(dev->ieee80211_ptr);
6573 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
6574 				   local_state_change);
6575 	wdev_unlock(dev->ieee80211_ptr);
6576 	return err;
6577 }
6578 
6579 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
6580 {
6581 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6582 	struct net_device *dev = info->user_ptr[1];
6583 	const u8 *ie = NULL, *bssid;
6584 	int ie_len = 0, err;
6585 	u16 reason_code;
6586 	bool local_state_change;
6587 
6588 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6589 		return -EINVAL;
6590 
6591 	if (!info->attrs[NL80211_ATTR_MAC])
6592 		return -EINVAL;
6593 
6594 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6595 		return -EINVAL;
6596 
6597 	if (!rdev->ops->disassoc)
6598 		return -EOPNOTSUPP;
6599 
6600 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6601 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6602 		return -EOPNOTSUPP;
6603 
6604 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6605 
6606 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6607 	if (reason_code == 0) {
6608 		/* Reason Code 0 is reserved */
6609 		return -EINVAL;
6610 	}
6611 
6612 	if (info->attrs[NL80211_ATTR_IE]) {
6613 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6614 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6615 	}
6616 
6617 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6618 
6619 	wdev_lock(dev->ieee80211_ptr);
6620 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
6621 				     local_state_change);
6622 	wdev_unlock(dev->ieee80211_ptr);
6623 	return err;
6624 }
6625 
6626 static bool
6627 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
6628 			 int mcast_rate[IEEE80211_NUM_BANDS],
6629 			 int rateval)
6630 {
6631 	struct wiphy *wiphy = &rdev->wiphy;
6632 	bool found = false;
6633 	int band, i;
6634 
6635 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6636 		struct ieee80211_supported_band *sband;
6637 
6638 		sband = wiphy->bands[band];
6639 		if (!sband)
6640 			continue;
6641 
6642 		for (i = 0; i < sband->n_bitrates; i++) {
6643 			if (sband->bitrates[i].bitrate == rateval) {
6644 				mcast_rate[band] = i + 1;
6645 				found = true;
6646 				break;
6647 			}
6648 		}
6649 	}
6650 
6651 	return found;
6652 }
6653 
6654 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
6655 {
6656 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6657 	struct net_device *dev = info->user_ptr[1];
6658 	struct cfg80211_ibss_params ibss;
6659 	struct wiphy *wiphy;
6660 	struct cfg80211_cached_keys *connkeys = NULL;
6661 	int err;
6662 
6663 	memset(&ibss, 0, sizeof(ibss));
6664 
6665 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6666 		return -EINVAL;
6667 
6668 	if (!info->attrs[NL80211_ATTR_SSID] ||
6669 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
6670 		return -EINVAL;
6671 
6672 	ibss.beacon_interval = 100;
6673 
6674 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
6675 		ibss.beacon_interval =
6676 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6677 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
6678 			return -EINVAL;
6679 	}
6680 
6681 	if (!rdev->ops->join_ibss)
6682 		return -EOPNOTSUPP;
6683 
6684 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6685 		return -EOPNOTSUPP;
6686 
6687 	wiphy = &rdev->wiphy;
6688 
6689 	if (info->attrs[NL80211_ATTR_MAC]) {
6690 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6691 
6692 		if (!is_valid_ether_addr(ibss.bssid))
6693 			return -EINVAL;
6694 	}
6695 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6696 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6697 
6698 	if (info->attrs[NL80211_ATTR_IE]) {
6699 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6700 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6701 	}
6702 
6703 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
6704 	if (err)
6705 		return err;
6706 
6707 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef))
6708 		return -EINVAL;
6709 
6710 	switch (ibss.chandef.width) {
6711 	case NL80211_CHAN_WIDTH_5:
6712 	case NL80211_CHAN_WIDTH_10:
6713 	case NL80211_CHAN_WIDTH_20_NOHT:
6714 		break;
6715 	case NL80211_CHAN_WIDTH_20:
6716 	case NL80211_CHAN_WIDTH_40:
6717 		if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)
6718 			break;
6719 	default:
6720 		return -EINVAL;
6721 	}
6722 
6723 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
6724 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6725 
6726 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6727 		u8 *rates =
6728 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6729 		int n_rates =
6730 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6731 		struct ieee80211_supported_band *sband =
6732 			wiphy->bands[ibss.chandef.chan->band];
6733 
6734 		err = ieee80211_get_ratemask(sband, rates, n_rates,
6735 					     &ibss.basic_rates);
6736 		if (err)
6737 			return err;
6738 	}
6739 
6740 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6741 		memcpy(&ibss.ht_capa_mask,
6742 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6743 		       sizeof(ibss.ht_capa_mask));
6744 
6745 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6746 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6747 			return -EINVAL;
6748 		memcpy(&ibss.ht_capa,
6749 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6750 		       sizeof(ibss.ht_capa));
6751 	}
6752 
6753 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6754 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
6755 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6756 		return -EINVAL;
6757 
6758 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6759 		bool no_ht = false;
6760 
6761 		connkeys = nl80211_parse_connkeys(rdev,
6762 					  info->attrs[NL80211_ATTR_KEYS],
6763 					  &no_ht);
6764 		if (IS_ERR(connkeys))
6765 			return PTR_ERR(connkeys);
6766 
6767 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
6768 		    no_ht) {
6769 			kfree(connkeys);
6770 			return -EINVAL;
6771 		}
6772 	}
6773 
6774 	ibss.control_port =
6775 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
6776 
6777 	ibss.userspace_handles_dfs =
6778 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
6779 
6780 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
6781 	if (err)
6782 		kfree(connkeys);
6783 	return err;
6784 }
6785 
6786 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
6787 {
6788 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6789 	struct net_device *dev = info->user_ptr[1];
6790 
6791 	if (!rdev->ops->leave_ibss)
6792 		return -EOPNOTSUPP;
6793 
6794 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6795 		return -EOPNOTSUPP;
6796 
6797 	return cfg80211_leave_ibss(rdev, dev, false);
6798 }
6799 
6800 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
6801 {
6802 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6803 	struct net_device *dev = info->user_ptr[1];
6804 	int mcast_rate[IEEE80211_NUM_BANDS];
6805 	u32 nla_rate;
6806 	int err;
6807 
6808 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
6809 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6810 		return -EOPNOTSUPP;
6811 
6812 	if (!rdev->ops->set_mcast_rate)
6813 		return -EOPNOTSUPP;
6814 
6815 	memset(mcast_rate, 0, sizeof(mcast_rate));
6816 
6817 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
6818 		return -EINVAL;
6819 
6820 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6821 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6822 		return -EINVAL;
6823 
6824 	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6825 
6826 	return err;
6827 }
6828 
6829 static struct sk_buff *
6830 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
6831 			    int approxlen, u32 portid, u32 seq,
6832 			    enum nl80211_commands cmd,
6833 			    enum nl80211_attrs attr,
6834 			    const struct nl80211_vendor_cmd_info *info,
6835 			    gfp_t gfp)
6836 {
6837 	struct sk_buff *skb;
6838 	void *hdr;
6839 	struct nlattr *data;
6840 
6841 	skb = nlmsg_new(approxlen + 100, gfp);
6842 	if (!skb)
6843 		return NULL;
6844 
6845 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
6846 	if (!hdr) {
6847 		kfree_skb(skb);
6848 		return NULL;
6849 	}
6850 
6851 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6852 		goto nla_put_failure;
6853 
6854 	if (info) {
6855 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
6856 				info->vendor_id))
6857 			goto nla_put_failure;
6858 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
6859 				info->subcmd))
6860 			goto nla_put_failure;
6861 	}
6862 
6863 	data = nla_nest_start(skb, attr);
6864 
6865 	((void **)skb->cb)[0] = rdev;
6866 	((void **)skb->cb)[1] = hdr;
6867 	((void **)skb->cb)[2] = data;
6868 
6869 	return skb;
6870 
6871  nla_put_failure:
6872 	kfree_skb(skb);
6873 	return NULL;
6874 }
6875 
6876 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
6877 					   enum nl80211_commands cmd,
6878 					   enum nl80211_attrs attr,
6879 					   int vendor_event_idx,
6880 					   int approxlen, gfp_t gfp)
6881 {
6882 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
6883 	const struct nl80211_vendor_cmd_info *info;
6884 
6885 	switch (cmd) {
6886 	case NL80211_CMD_TESTMODE:
6887 		if (WARN_ON(vendor_event_idx != -1))
6888 			return NULL;
6889 		info = NULL;
6890 		break;
6891 	case NL80211_CMD_VENDOR:
6892 		if (WARN_ON(vendor_event_idx < 0 ||
6893 			    vendor_event_idx >= wiphy->n_vendor_events))
6894 			return NULL;
6895 		info = &wiphy->vendor_events[vendor_event_idx];
6896 		break;
6897 	default:
6898 		WARN_ON(1);
6899 		return NULL;
6900 	}
6901 
6902 	return __cfg80211_alloc_vendor_skb(rdev, approxlen, 0, 0,
6903 					   cmd, attr, info, gfp);
6904 }
6905 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
6906 
6907 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
6908 {
6909 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6910 	void *hdr = ((void **)skb->cb)[1];
6911 	struct nlattr *data = ((void **)skb->cb)[2];
6912 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
6913 
6914 	nla_nest_end(skb, data);
6915 	genlmsg_end(skb, hdr);
6916 
6917 	if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
6918 		mcgrp = NL80211_MCGRP_VENDOR;
6919 
6920 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
6921 				mcgrp, gfp);
6922 }
6923 EXPORT_SYMBOL(__cfg80211_send_event_skb);
6924 
6925 #ifdef CONFIG_NL80211_TESTMODE
6926 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
6927 {
6928 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6929 	struct wireless_dev *wdev =
6930 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
6931 	int err;
6932 
6933 	if (!rdev->ops->testmode_cmd)
6934 		return -EOPNOTSUPP;
6935 
6936 	if (IS_ERR(wdev)) {
6937 		err = PTR_ERR(wdev);
6938 		if (err != -EINVAL)
6939 			return err;
6940 		wdev = NULL;
6941 	} else if (wdev->wiphy != &rdev->wiphy) {
6942 		return -EINVAL;
6943 	}
6944 
6945 	if (!info->attrs[NL80211_ATTR_TESTDATA])
6946 		return -EINVAL;
6947 
6948 	rdev->cur_cmd_info = info;
6949 	err = rdev_testmode_cmd(rdev, wdev,
6950 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
6951 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
6952 	rdev->cur_cmd_info = NULL;
6953 
6954 	return err;
6955 }
6956 
6957 static int nl80211_testmode_dump(struct sk_buff *skb,
6958 				 struct netlink_callback *cb)
6959 {
6960 	struct cfg80211_registered_device *rdev;
6961 	int err;
6962 	long phy_idx;
6963 	void *data = NULL;
6964 	int data_len = 0;
6965 
6966 	rtnl_lock();
6967 
6968 	if (cb->args[0]) {
6969 		/*
6970 		 * 0 is a valid index, but not valid for args[0],
6971 		 * so we need to offset by 1.
6972 		 */
6973 		phy_idx = cb->args[0] - 1;
6974 	} else {
6975 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
6976 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
6977 				  nl80211_policy);
6978 		if (err)
6979 			goto out_err;
6980 
6981 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
6982 						  nl80211_fam.attrbuf);
6983 		if (IS_ERR(rdev)) {
6984 			err = PTR_ERR(rdev);
6985 			goto out_err;
6986 		}
6987 		phy_idx = rdev->wiphy_idx;
6988 		rdev = NULL;
6989 
6990 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
6991 			cb->args[1] =
6992 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
6993 	}
6994 
6995 	if (cb->args[1]) {
6996 		data = nla_data((void *)cb->args[1]);
6997 		data_len = nla_len((void *)cb->args[1]);
6998 	}
6999 
7000 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
7001 	if (!rdev) {
7002 		err = -ENOENT;
7003 		goto out_err;
7004 	}
7005 
7006 	if (!rdev->ops->testmode_dump) {
7007 		err = -EOPNOTSUPP;
7008 		goto out_err;
7009 	}
7010 
7011 	while (1) {
7012 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
7013 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
7014 					   NL80211_CMD_TESTMODE);
7015 		struct nlattr *tmdata;
7016 
7017 		if (!hdr)
7018 			break;
7019 
7020 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
7021 			genlmsg_cancel(skb, hdr);
7022 			break;
7023 		}
7024 
7025 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
7026 		if (!tmdata) {
7027 			genlmsg_cancel(skb, hdr);
7028 			break;
7029 		}
7030 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7031 		nla_nest_end(skb, tmdata);
7032 
7033 		if (err == -ENOBUFS || err == -ENOENT) {
7034 			genlmsg_cancel(skb, hdr);
7035 			break;
7036 		} else if (err) {
7037 			genlmsg_cancel(skb, hdr);
7038 			goto out_err;
7039 		}
7040 
7041 		genlmsg_end(skb, hdr);
7042 	}
7043 
7044 	err = skb->len;
7045 	/* see above */
7046 	cb->args[0] = phy_idx + 1;
7047  out_err:
7048 	rtnl_unlock();
7049 	return err;
7050 }
7051 #endif
7052 
7053 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7054 {
7055 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7056 	struct net_device *dev = info->user_ptr[1];
7057 	struct cfg80211_connect_params connect;
7058 	struct wiphy *wiphy;
7059 	struct cfg80211_cached_keys *connkeys = NULL;
7060 	int err;
7061 
7062 	memset(&connect, 0, sizeof(connect));
7063 
7064 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7065 		return -EINVAL;
7066 
7067 	if (!info->attrs[NL80211_ATTR_SSID] ||
7068 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7069 		return -EINVAL;
7070 
7071 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7072 		connect.auth_type =
7073 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7074 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7075 					     NL80211_CMD_CONNECT))
7076 			return -EINVAL;
7077 	} else
7078 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7079 
7080 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7081 
7082 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7083 				      NL80211_MAX_NR_CIPHER_SUITES);
7084 	if (err)
7085 		return err;
7086 
7087 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7088 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7089 		return -EOPNOTSUPP;
7090 
7091 	wiphy = &rdev->wiphy;
7092 
7093 	connect.bg_scan_period = -1;
7094 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7095 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7096 		connect.bg_scan_period =
7097 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7098 	}
7099 
7100 	if (info->attrs[NL80211_ATTR_MAC])
7101 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7102 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
7103 		connect.bssid_hint =
7104 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7105 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7106 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7107 
7108 	if (info->attrs[NL80211_ATTR_IE]) {
7109 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7110 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7111 	}
7112 
7113 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7114 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7115 		if (connect.mfp != NL80211_MFP_REQUIRED &&
7116 		    connect.mfp != NL80211_MFP_NO)
7117 			return -EINVAL;
7118 	} else {
7119 		connect.mfp = NL80211_MFP_NO;
7120 	}
7121 
7122 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7123 		connect.channel = nl80211_get_valid_chan(
7124 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7125 		if (!connect.channel)
7126 			return -EINVAL;
7127 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7128 		connect.channel_hint = nl80211_get_valid_chan(
7129 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7130 		if (!connect.channel_hint)
7131 			return -EINVAL;
7132 	}
7133 
7134 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7135 		connkeys = nl80211_parse_connkeys(rdev,
7136 					  info->attrs[NL80211_ATTR_KEYS], NULL);
7137 		if (IS_ERR(connkeys))
7138 			return PTR_ERR(connkeys);
7139 	}
7140 
7141 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7142 		connect.flags |= ASSOC_REQ_DISABLE_HT;
7143 
7144 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7145 		memcpy(&connect.ht_capa_mask,
7146 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7147 		       sizeof(connect.ht_capa_mask));
7148 
7149 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7150 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7151 			kfree(connkeys);
7152 			return -EINVAL;
7153 		}
7154 		memcpy(&connect.ht_capa,
7155 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7156 		       sizeof(connect.ht_capa));
7157 	}
7158 
7159 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7160 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
7161 
7162 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7163 		memcpy(&connect.vht_capa_mask,
7164 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7165 		       sizeof(connect.vht_capa_mask));
7166 
7167 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7168 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7169 			kfree(connkeys);
7170 			return -EINVAL;
7171 		}
7172 		memcpy(&connect.vht_capa,
7173 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7174 		       sizeof(connect.vht_capa));
7175 	}
7176 
7177 	wdev_lock(dev->ieee80211_ptr);
7178 	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7179 	wdev_unlock(dev->ieee80211_ptr);
7180 	if (err)
7181 		kfree(connkeys);
7182 	return err;
7183 }
7184 
7185 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7186 {
7187 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7188 	struct net_device *dev = info->user_ptr[1];
7189 	u16 reason;
7190 	int ret;
7191 
7192 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7193 		reason = WLAN_REASON_DEAUTH_LEAVING;
7194 	else
7195 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7196 
7197 	if (reason == 0)
7198 		return -EINVAL;
7199 
7200 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7201 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7202 		return -EOPNOTSUPP;
7203 
7204 	wdev_lock(dev->ieee80211_ptr);
7205 	ret = cfg80211_disconnect(rdev, dev, reason, true);
7206 	wdev_unlock(dev->ieee80211_ptr);
7207 	return ret;
7208 }
7209 
7210 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7211 {
7212 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7213 	struct net *net;
7214 	int err;
7215 	u32 pid;
7216 
7217 	if (!info->attrs[NL80211_ATTR_PID])
7218 		return -EINVAL;
7219 
7220 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7221 
7222 	net = get_net_ns_by_pid(pid);
7223 	if (IS_ERR(net))
7224 		return PTR_ERR(net);
7225 
7226 	err = 0;
7227 
7228 	/* check if anything to do */
7229 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
7230 		err = cfg80211_switch_netns(rdev, net);
7231 
7232 	put_net(net);
7233 	return err;
7234 }
7235 
7236 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
7237 {
7238 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7239 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
7240 			struct cfg80211_pmksa *pmksa) = NULL;
7241 	struct net_device *dev = info->user_ptr[1];
7242 	struct cfg80211_pmksa pmksa;
7243 
7244 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
7245 
7246 	if (!info->attrs[NL80211_ATTR_MAC])
7247 		return -EINVAL;
7248 
7249 	if (!info->attrs[NL80211_ATTR_PMKID])
7250 		return -EINVAL;
7251 
7252 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
7253 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7254 
7255 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7256 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7257 		return -EOPNOTSUPP;
7258 
7259 	switch (info->genlhdr->cmd) {
7260 	case NL80211_CMD_SET_PMKSA:
7261 		rdev_ops = rdev->ops->set_pmksa;
7262 		break;
7263 	case NL80211_CMD_DEL_PMKSA:
7264 		rdev_ops = rdev->ops->del_pmksa;
7265 		break;
7266 	default:
7267 		WARN_ON(1);
7268 		break;
7269 	}
7270 
7271 	if (!rdev_ops)
7272 		return -EOPNOTSUPP;
7273 
7274 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
7275 }
7276 
7277 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
7278 {
7279 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7280 	struct net_device *dev = info->user_ptr[1];
7281 
7282 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7283 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7284 		return -EOPNOTSUPP;
7285 
7286 	if (!rdev->ops->flush_pmksa)
7287 		return -EOPNOTSUPP;
7288 
7289 	return rdev_flush_pmksa(rdev, dev);
7290 }
7291 
7292 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
7293 {
7294 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7295 	struct net_device *dev = info->user_ptr[1];
7296 	u8 action_code, dialog_token;
7297 	u32 peer_capability = 0;
7298 	u16 status_code;
7299 	u8 *peer;
7300 
7301 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7302 	    !rdev->ops->tdls_mgmt)
7303 		return -EOPNOTSUPP;
7304 
7305 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
7306 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
7307 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
7308 	    !info->attrs[NL80211_ATTR_IE] ||
7309 	    !info->attrs[NL80211_ATTR_MAC])
7310 		return -EINVAL;
7311 
7312 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7313 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
7314 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
7315 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
7316 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
7317 		peer_capability =
7318 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
7319 
7320 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
7321 			      dialog_token, status_code, peer_capability,
7322 			      nla_data(info->attrs[NL80211_ATTR_IE]),
7323 			      nla_len(info->attrs[NL80211_ATTR_IE]));
7324 }
7325 
7326 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
7327 {
7328 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7329 	struct net_device *dev = info->user_ptr[1];
7330 	enum nl80211_tdls_operation operation;
7331 	u8 *peer;
7332 
7333 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7334 	    !rdev->ops->tdls_oper)
7335 		return -EOPNOTSUPP;
7336 
7337 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
7338 	    !info->attrs[NL80211_ATTR_MAC])
7339 		return -EINVAL;
7340 
7341 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
7342 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7343 
7344 	return rdev_tdls_oper(rdev, dev, peer, operation);
7345 }
7346 
7347 static int nl80211_remain_on_channel(struct sk_buff *skb,
7348 				     struct genl_info *info)
7349 {
7350 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7351 	struct wireless_dev *wdev = info->user_ptr[1];
7352 	struct cfg80211_chan_def chandef;
7353 	struct sk_buff *msg;
7354 	void *hdr;
7355 	u64 cookie;
7356 	u32 duration;
7357 	int err;
7358 
7359 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7360 	    !info->attrs[NL80211_ATTR_DURATION])
7361 		return -EINVAL;
7362 
7363 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7364 
7365 	if (!rdev->ops->remain_on_channel ||
7366 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
7367 		return -EOPNOTSUPP;
7368 
7369 	/*
7370 	 * We should be on that channel for at least a minimum amount of
7371 	 * time (10ms) but no longer than the driver supports.
7372 	 */
7373 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7374 	    duration > rdev->wiphy.max_remain_on_channel_duration)
7375 		return -EINVAL;
7376 
7377 	err = nl80211_parse_chandef(rdev, info, &chandef);
7378 	if (err)
7379 		return err;
7380 
7381 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7382 	if (!msg)
7383 		return -ENOMEM;
7384 
7385 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7386 			     NL80211_CMD_REMAIN_ON_CHANNEL);
7387 	if (!hdr) {
7388 		err = -ENOBUFS;
7389 		goto free_msg;
7390 	}
7391 
7392 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
7393 				     duration, &cookie);
7394 
7395 	if (err)
7396 		goto free_msg;
7397 
7398 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7399 		goto nla_put_failure;
7400 
7401 	genlmsg_end(msg, hdr);
7402 
7403 	return genlmsg_reply(msg, info);
7404 
7405  nla_put_failure:
7406 	err = -ENOBUFS;
7407  free_msg:
7408 	nlmsg_free(msg);
7409 	return err;
7410 }
7411 
7412 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
7413 					    struct genl_info *info)
7414 {
7415 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7416 	struct wireless_dev *wdev = info->user_ptr[1];
7417 	u64 cookie;
7418 
7419 	if (!info->attrs[NL80211_ATTR_COOKIE])
7420 		return -EINVAL;
7421 
7422 	if (!rdev->ops->cancel_remain_on_channel)
7423 		return -EOPNOTSUPP;
7424 
7425 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7426 
7427 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
7428 }
7429 
7430 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
7431 			   u8 *rates, u8 rates_len)
7432 {
7433 	u8 i;
7434 	u32 mask = 0;
7435 
7436 	for (i = 0; i < rates_len; i++) {
7437 		int rate = (rates[i] & 0x7f) * 5;
7438 		int ridx;
7439 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
7440 			struct ieee80211_rate *srate =
7441 				&sband->bitrates[ridx];
7442 			if (rate == srate->bitrate) {
7443 				mask |= 1 << ridx;
7444 				break;
7445 			}
7446 		}
7447 		if (ridx == sband->n_bitrates)
7448 			return 0; /* rate not found */
7449 	}
7450 
7451 	return mask;
7452 }
7453 
7454 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
7455 			       u8 *rates, u8 rates_len,
7456 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
7457 {
7458 	u8 i;
7459 
7460 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
7461 
7462 	for (i = 0; i < rates_len; i++) {
7463 		int ridx, rbit;
7464 
7465 		ridx = rates[i] / 8;
7466 		rbit = BIT(rates[i] % 8);
7467 
7468 		/* check validity */
7469 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7470 			return false;
7471 
7472 		/* check availability */
7473 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
7474 			mcs[ridx] |= rbit;
7475 		else
7476 			return false;
7477 	}
7478 
7479 	return true;
7480 }
7481 
7482 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
7483 {
7484 	u16 mcs_mask = 0;
7485 
7486 	switch (vht_mcs_map) {
7487 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
7488 		break;
7489 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
7490 		mcs_mask = 0x00FF;
7491 		break;
7492 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
7493 		mcs_mask = 0x01FF;
7494 		break;
7495 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
7496 		mcs_mask = 0x03FF;
7497 		break;
7498 	default:
7499 		break;
7500 	}
7501 
7502 	return mcs_mask;
7503 }
7504 
7505 static void vht_build_mcs_mask(u16 vht_mcs_map,
7506 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
7507 {
7508 	u8 nss;
7509 
7510 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
7511 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
7512 		vht_mcs_map >>= 2;
7513 	}
7514 }
7515 
7516 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
7517 			     struct nl80211_txrate_vht *txrate,
7518 			     u16 mcs[NL80211_VHT_NSS_MAX])
7519 {
7520 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7521 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
7522 	u8 i;
7523 
7524 	if (!sband->vht_cap.vht_supported)
7525 		return false;
7526 
7527 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
7528 
7529 	/* Build vht_mcs_mask from VHT capabilities */
7530 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
7531 
7532 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
7533 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
7534 			mcs[i] = txrate->mcs[i];
7535 		else
7536 			return false;
7537 	}
7538 
7539 	return true;
7540 }
7541 
7542 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7543 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
7544 				    .len = NL80211_MAX_SUPP_RATES },
7545 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
7546 				.len = NL80211_MAX_SUPP_HT_RATES },
7547 	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
7548 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
7549 };
7550 
7551 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
7552 				       struct genl_info *info)
7553 {
7554 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7555 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7556 	struct cfg80211_bitrate_mask mask;
7557 	int rem, i;
7558 	struct net_device *dev = info->user_ptr[1];
7559 	struct nlattr *tx_rates;
7560 	struct ieee80211_supported_band *sband;
7561 	u16 vht_tx_mcs_map;
7562 
7563 	if (!rdev->ops->set_bitrate_mask)
7564 		return -EOPNOTSUPP;
7565 
7566 	memset(&mask, 0, sizeof(mask));
7567 	/* Default to all rates enabled */
7568 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
7569 		sband = rdev->wiphy.bands[i];
7570 
7571 		if (!sband)
7572 			continue;
7573 
7574 		mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
7575 		memcpy(mask.control[i].ht_mcs,
7576 		       sband->ht_cap.mcs.rx_mask,
7577 		       sizeof(mask.control[i].ht_mcs));
7578 
7579 		if (!sband->vht_cap.vht_supported)
7580 			continue;
7581 
7582 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7583 		vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
7584 	}
7585 
7586 	/* if no rates are given set it back to the defaults */
7587 	if (!info->attrs[NL80211_ATTR_TX_RATES])
7588 		goto out;
7589 
7590 	/*
7591 	 * The nested attribute uses enum nl80211_band as the index. This maps
7592 	 * directly to the enum ieee80211_band values used in cfg80211.
7593 	 */
7594 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7595 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
7596 		enum ieee80211_band band = nla_type(tx_rates);
7597 		int err;
7598 
7599 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
7600 			return -EINVAL;
7601 		sband = rdev->wiphy.bands[band];
7602 		if (sband == NULL)
7603 			return -EINVAL;
7604 		err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
7605 				nla_len(tx_rates), nl80211_txattr_policy);
7606 		if (err)
7607 			return err;
7608 		if (tb[NL80211_TXRATE_LEGACY]) {
7609 			mask.control[band].legacy = rateset_to_mask(
7610 				sband,
7611 				nla_data(tb[NL80211_TXRATE_LEGACY]),
7612 				nla_len(tb[NL80211_TXRATE_LEGACY]));
7613 			if ((mask.control[band].legacy == 0) &&
7614 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
7615 				return -EINVAL;
7616 		}
7617 		if (tb[NL80211_TXRATE_HT]) {
7618 			if (!ht_rateset_to_mask(
7619 					sband,
7620 					nla_data(tb[NL80211_TXRATE_HT]),
7621 					nla_len(tb[NL80211_TXRATE_HT]),
7622 					mask.control[band].ht_mcs))
7623 				return -EINVAL;
7624 		}
7625 		if (tb[NL80211_TXRATE_VHT]) {
7626 			if (!vht_set_mcs_mask(
7627 					sband,
7628 					nla_data(tb[NL80211_TXRATE_VHT]),
7629 					mask.control[band].vht_mcs))
7630 				return -EINVAL;
7631 		}
7632 		if (tb[NL80211_TXRATE_GI]) {
7633 			mask.control[band].gi =
7634 				nla_get_u8(tb[NL80211_TXRATE_GI]);
7635 			if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
7636 				return -EINVAL;
7637 		}
7638 
7639 		if (mask.control[band].legacy == 0) {
7640 			/* don't allow empty legacy rates if HT or VHT
7641 			 * are not even supported.
7642 			 */
7643 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
7644 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
7645 				return -EINVAL;
7646 
7647 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7648 				if (mask.control[band].ht_mcs[i])
7649 					goto out;
7650 
7651 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
7652 				if (mask.control[band].vht_mcs[i])
7653 					goto out;
7654 
7655 			/* legacy and mcs rates may not be both empty */
7656 			return -EINVAL;
7657 		}
7658 	}
7659 
7660 out:
7661 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7662 }
7663 
7664 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7665 {
7666 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7667 	struct wireless_dev *wdev = info->user_ptr[1];
7668 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7669 
7670 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
7671 		return -EINVAL;
7672 
7673 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
7674 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7675 
7676 	switch (wdev->iftype) {
7677 	case NL80211_IFTYPE_STATION:
7678 	case NL80211_IFTYPE_ADHOC:
7679 	case NL80211_IFTYPE_P2P_CLIENT:
7680 	case NL80211_IFTYPE_AP:
7681 	case NL80211_IFTYPE_AP_VLAN:
7682 	case NL80211_IFTYPE_MESH_POINT:
7683 	case NL80211_IFTYPE_P2P_GO:
7684 	case NL80211_IFTYPE_P2P_DEVICE:
7685 		break;
7686 	default:
7687 		return -EOPNOTSUPP;
7688 	}
7689 
7690 	/* not much point in registering if we can't reply */
7691 	if (!rdev->ops->mgmt_tx)
7692 		return -EOPNOTSUPP;
7693 
7694 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7695 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
7696 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
7697 }
7698 
7699 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7700 {
7701 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7702 	struct wireless_dev *wdev = info->user_ptr[1];
7703 	struct cfg80211_chan_def chandef;
7704 	int err;
7705 	void *hdr = NULL;
7706 	u64 cookie;
7707 	struct sk_buff *msg = NULL;
7708 	struct cfg80211_mgmt_tx_params params = {
7709 		.dont_wait_for_ack =
7710 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
7711 	};
7712 
7713 	if (!info->attrs[NL80211_ATTR_FRAME])
7714 		return -EINVAL;
7715 
7716 	if (!rdev->ops->mgmt_tx)
7717 		return -EOPNOTSUPP;
7718 
7719 	switch (wdev->iftype) {
7720 	case NL80211_IFTYPE_P2P_DEVICE:
7721 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7722 			return -EINVAL;
7723 	case NL80211_IFTYPE_STATION:
7724 	case NL80211_IFTYPE_ADHOC:
7725 	case NL80211_IFTYPE_P2P_CLIENT:
7726 	case NL80211_IFTYPE_AP:
7727 	case NL80211_IFTYPE_AP_VLAN:
7728 	case NL80211_IFTYPE_MESH_POINT:
7729 	case NL80211_IFTYPE_P2P_GO:
7730 		break;
7731 	default:
7732 		return -EOPNOTSUPP;
7733 	}
7734 
7735 	if (info->attrs[NL80211_ATTR_DURATION]) {
7736 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7737 			return -EINVAL;
7738 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7739 
7740 		/*
7741 		 * We should wait on the channel for at least a minimum amount
7742 		 * of time (10ms) but no longer than the driver supports.
7743 		 */
7744 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7745 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
7746 			return -EINVAL;
7747 
7748 	}
7749 
7750 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
7751 
7752 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7753 		return -EINVAL;
7754 
7755 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7756 
7757 	/* get the channel if any has been specified, otherwise pass NULL to
7758 	 * the driver. The latter will use the current one
7759 	 */
7760 	chandef.chan = NULL;
7761 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7762 		err = nl80211_parse_chandef(rdev, info, &chandef);
7763 		if (err)
7764 			return err;
7765 	}
7766 
7767 	if (!chandef.chan && params.offchan)
7768 		return -EINVAL;
7769 
7770 	if (!params.dont_wait_for_ack) {
7771 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7772 		if (!msg)
7773 			return -ENOMEM;
7774 
7775 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7776 				     NL80211_CMD_FRAME);
7777 		if (!hdr) {
7778 			err = -ENOBUFS;
7779 			goto free_msg;
7780 		}
7781 	}
7782 
7783 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
7784 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
7785 	params.chan = chandef.chan;
7786 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
7787 	if (err)
7788 		goto free_msg;
7789 
7790 	if (msg) {
7791 		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7792 			goto nla_put_failure;
7793 
7794 		genlmsg_end(msg, hdr);
7795 		return genlmsg_reply(msg, info);
7796 	}
7797 
7798 	return 0;
7799 
7800  nla_put_failure:
7801 	err = -ENOBUFS;
7802  free_msg:
7803 	nlmsg_free(msg);
7804 	return err;
7805 }
7806 
7807 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
7808 {
7809 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7810 	struct wireless_dev *wdev = info->user_ptr[1];
7811 	u64 cookie;
7812 
7813 	if (!info->attrs[NL80211_ATTR_COOKIE])
7814 		return -EINVAL;
7815 
7816 	if (!rdev->ops->mgmt_tx_cancel_wait)
7817 		return -EOPNOTSUPP;
7818 
7819 	switch (wdev->iftype) {
7820 	case NL80211_IFTYPE_STATION:
7821 	case NL80211_IFTYPE_ADHOC:
7822 	case NL80211_IFTYPE_P2P_CLIENT:
7823 	case NL80211_IFTYPE_AP:
7824 	case NL80211_IFTYPE_AP_VLAN:
7825 	case NL80211_IFTYPE_P2P_GO:
7826 	case NL80211_IFTYPE_P2P_DEVICE:
7827 		break;
7828 	default:
7829 		return -EOPNOTSUPP;
7830 	}
7831 
7832 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7833 
7834 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
7835 }
7836 
7837 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
7838 {
7839 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7840 	struct wireless_dev *wdev;
7841 	struct net_device *dev = info->user_ptr[1];
7842 	u8 ps_state;
7843 	bool state;
7844 	int err;
7845 
7846 	if (!info->attrs[NL80211_ATTR_PS_STATE])
7847 		return -EINVAL;
7848 
7849 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
7850 
7851 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
7852 		return -EINVAL;
7853 
7854 	wdev = dev->ieee80211_ptr;
7855 
7856 	if (!rdev->ops->set_power_mgmt)
7857 		return -EOPNOTSUPP;
7858 
7859 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
7860 
7861 	if (state == wdev->ps)
7862 		return 0;
7863 
7864 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
7865 	if (!err)
7866 		wdev->ps = state;
7867 	return err;
7868 }
7869 
7870 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
7871 {
7872 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7873 	enum nl80211_ps_state ps_state;
7874 	struct wireless_dev *wdev;
7875 	struct net_device *dev = info->user_ptr[1];
7876 	struct sk_buff *msg;
7877 	void *hdr;
7878 	int err;
7879 
7880 	wdev = dev->ieee80211_ptr;
7881 
7882 	if (!rdev->ops->set_power_mgmt)
7883 		return -EOPNOTSUPP;
7884 
7885 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7886 	if (!msg)
7887 		return -ENOMEM;
7888 
7889 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7890 			     NL80211_CMD_GET_POWER_SAVE);
7891 	if (!hdr) {
7892 		err = -ENOBUFS;
7893 		goto free_msg;
7894 	}
7895 
7896 	if (wdev->ps)
7897 		ps_state = NL80211_PS_ENABLED;
7898 	else
7899 		ps_state = NL80211_PS_DISABLED;
7900 
7901 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
7902 		goto nla_put_failure;
7903 
7904 	genlmsg_end(msg, hdr);
7905 	return genlmsg_reply(msg, info);
7906 
7907  nla_put_failure:
7908 	err = -ENOBUFS;
7909  free_msg:
7910 	nlmsg_free(msg);
7911 	return err;
7912 }
7913 
7914 static const struct nla_policy
7915 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
7916 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
7917 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
7918 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
7919 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
7920 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
7921 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
7922 };
7923 
7924 static int nl80211_set_cqm_txe(struct genl_info *info,
7925 			       u32 rate, u32 pkts, u32 intvl)
7926 {
7927 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7928 	struct net_device *dev = info->user_ptr[1];
7929 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7930 
7931 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
7932 		return -EINVAL;
7933 
7934 	if (!rdev->ops->set_cqm_txe_config)
7935 		return -EOPNOTSUPP;
7936 
7937 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
7938 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7939 		return -EOPNOTSUPP;
7940 
7941 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
7942 }
7943 
7944 static int nl80211_set_cqm_rssi(struct genl_info *info,
7945 				s32 threshold, u32 hysteresis)
7946 {
7947 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7948 	struct net_device *dev = info->user_ptr[1];
7949 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7950 
7951 	if (threshold > 0)
7952 		return -EINVAL;
7953 
7954 	/* disabling - hysteresis should also be zero then */
7955 	if (threshold == 0)
7956 		hysteresis = 0;
7957 
7958 	if (!rdev->ops->set_cqm_rssi_config)
7959 		return -EOPNOTSUPP;
7960 
7961 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
7962 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
7963 		return -EOPNOTSUPP;
7964 
7965 	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
7966 }
7967 
7968 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
7969 {
7970 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
7971 	struct nlattr *cqm;
7972 	int err;
7973 
7974 	cqm = info->attrs[NL80211_ATTR_CQM];
7975 	if (!cqm)
7976 		return -EINVAL;
7977 
7978 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
7979 			       nl80211_attr_cqm_policy);
7980 	if (err)
7981 		return err;
7982 
7983 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
7984 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
7985 		s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
7986 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
7987 
7988 		return nl80211_set_cqm_rssi(info, threshold, hysteresis);
7989 	}
7990 
7991 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
7992 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
7993 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
7994 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
7995 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
7996 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
7997 
7998 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
7999 	}
8000 
8001 	return -EINVAL;
8002 }
8003 
8004 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
8005 {
8006 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8007 	struct net_device *dev = info->user_ptr[1];
8008 	struct mesh_config cfg;
8009 	struct mesh_setup setup;
8010 	int err;
8011 
8012 	/* start with default */
8013 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8014 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
8015 
8016 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8017 		/* and parse parameters if given */
8018 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
8019 		if (err)
8020 			return err;
8021 	}
8022 
8023 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
8024 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
8025 		return -EINVAL;
8026 
8027 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
8028 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
8029 
8030 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8031 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
8032 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8033 			return -EINVAL;
8034 
8035 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8036 		setup.beacon_interval =
8037 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8038 		if (setup.beacon_interval < 10 ||
8039 		    setup.beacon_interval > 10000)
8040 			return -EINVAL;
8041 	}
8042 
8043 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8044 		setup.dtim_period =
8045 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8046 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
8047 			return -EINVAL;
8048 	}
8049 
8050 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8051 		/* parse additional setup parameters if given */
8052 		err = nl80211_parse_mesh_setup(info, &setup);
8053 		if (err)
8054 			return err;
8055 	}
8056 
8057 	if (setup.user_mpm)
8058 		cfg.auto_open_plinks = false;
8059 
8060 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8061 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8062 		if (err)
8063 			return err;
8064 	} else {
8065 		/* cfg80211_join_mesh() will sort it out */
8066 		setup.chandef.chan = NULL;
8067 	}
8068 
8069 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8070 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8071 		int n_rates =
8072 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8073 		struct ieee80211_supported_band *sband;
8074 
8075 		if (!setup.chandef.chan)
8076 			return -EINVAL;
8077 
8078 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
8079 
8080 		err = ieee80211_get_ratemask(sband, rates, n_rates,
8081 					     &setup.basic_rates);
8082 		if (err)
8083 			return err;
8084 	}
8085 
8086 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8087 }
8088 
8089 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8090 {
8091 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8092 	struct net_device *dev = info->user_ptr[1];
8093 
8094 	return cfg80211_leave_mesh(rdev, dev);
8095 }
8096 
8097 #ifdef CONFIG_PM
8098 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8099 					struct cfg80211_registered_device *rdev)
8100 {
8101 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8102 	struct nlattr *nl_pats, *nl_pat;
8103 	int i, pat_len;
8104 
8105 	if (!wowlan->n_patterns)
8106 		return 0;
8107 
8108 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8109 	if (!nl_pats)
8110 		return -ENOBUFS;
8111 
8112 	for (i = 0; i < wowlan->n_patterns; i++) {
8113 		nl_pat = nla_nest_start(msg, i + 1);
8114 		if (!nl_pat)
8115 			return -ENOBUFS;
8116 		pat_len = wowlan->patterns[i].pattern_len;
8117 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8118 			    wowlan->patterns[i].mask) ||
8119 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8120 			    wowlan->patterns[i].pattern) ||
8121 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8122 				wowlan->patterns[i].pkt_offset))
8123 			return -ENOBUFS;
8124 		nla_nest_end(msg, nl_pat);
8125 	}
8126 	nla_nest_end(msg, nl_pats);
8127 
8128 	return 0;
8129 }
8130 
8131 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
8132 				   struct cfg80211_wowlan_tcp *tcp)
8133 {
8134 	struct nlattr *nl_tcp;
8135 
8136 	if (!tcp)
8137 		return 0;
8138 
8139 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
8140 	if (!nl_tcp)
8141 		return -ENOBUFS;
8142 
8143 	if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
8144 	    nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
8145 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
8146 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
8147 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
8148 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
8149 		    tcp->payload_len, tcp->payload) ||
8150 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
8151 			tcp->data_interval) ||
8152 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
8153 		    tcp->wake_len, tcp->wake_data) ||
8154 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
8155 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
8156 		return -ENOBUFS;
8157 
8158 	if (tcp->payload_seq.len &&
8159 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
8160 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
8161 		return -ENOBUFS;
8162 
8163 	if (tcp->payload_tok.len &&
8164 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
8165 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
8166 		    &tcp->payload_tok))
8167 		return -ENOBUFS;
8168 
8169 	nla_nest_end(msg, nl_tcp);
8170 
8171 	return 0;
8172 }
8173 
8174 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
8175 {
8176 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8177 	struct sk_buff *msg;
8178 	void *hdr;
8179 	u32 size = NLMSG_DEFAULT_SIZE;
8180 
8181 	if (!rdev->wiphy.wowlan)
8182 		return -EOPNOTSUPP;
8183 
8184 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
8185 		/* adjust size to have room for all the data */
8186 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
8187 			rdev->wiphy.wowlan_config->tcp->payload_len +
8188 			rdev->wiphy.wowlan_config->tcp->wake_len +
8189 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
8190 	}
8191 
8192 	msg = nlmsg_new(size, GFP_KERNEL);
8193 	if (!msg)
8194 		return -ENOMEM;
8195 
8196 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8197 			     NL80211_CMD_GET_WOWLAN);
8198 	if (!hdr)
8199 		goto nla_put_failure;
8200 
8201 	if (rdev->wiphy.wowlan_config) {
8202 		struct nlattr *nl_wowlan;
8203 
8204 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
8205 		if (!nl_wowlan)
8206 			goto nla_put_failure;
8207 
8208 		if ((rdev->wiphy.wowlan_config->any &&
8209 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
8210 		    (rdev->wiphy.wowlan_config->disconnect &&
8211 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
8212 		    (rdev->wiphy.wowlan_config->magic_pkt &&
8213 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
8214 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
8215 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
8216 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
8217 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
8218 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
8219 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
8220 		    (rdev->wiphy.wowlan_config->rfkill_release &&
8221 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
8222 			goto nla_put_failure;
8223 
8224 		if (nl80211_send_wowlan_patterns(msg, rdev))
8225 			goto nla_put_failure;
8226 
8227 		if (nl80211_send_wowlan_tcp(msg,
8228 					    rdev->wiphy.wowlan_config->tcp))
8229 			goto nla_put_failure;
8230 
8231 		nla_nest_end(msg, nl_wowlan);
8232 	}
8233 
8234 	genlmsg_end(msg, hdr);
8235 	return genlmsg_reply(msg, info);
8236 
8237 nla_put_failure:
8238 	nlmsg_free(msg);
8239 	return -ENOBUFS;
8240 }
8241 
8242 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
8243 				    struct nlattr *attr,
8244 				    struct cfg80211_wowlan *trig)
8245 {
8246 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
8247 	struct cfg80211_wowlan_tcp *cfg;
8248 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
8249 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
8250 	u32 size;
8251 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
8252 	int err, port;
8253 
8254 	if (!rdev->wiphy.wowlan->tcp)
8255 		return -EINVAL;
8256 
8257 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
8258 			nla_data(attr), nla_len(attr),
8259 			nl80211_wowlan_tcp_policy);
8260 	if (err)
8261 		return err;
8262 
8263 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
8264 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
8265 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
8266 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
8267 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
8268 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
8269 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
8270 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
8271 		return -EINVAL;
8272 
8273 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
8274 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
8275 		return -EINVAL;
8276 
8277 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
8278 			rdev->wiphy.wowlan->tcp->data_interval_max ||
8279 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
8280 		return -EINVAL;
8281 
8282 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
8283 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
8284 		return -EINVAL;
8285 
8286 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
8287 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
8288 		return -EINVAL;
8289 
8290 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
8291 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8292 
8293 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8294 		tokens_size = tokln - sizeof(*tok);
8295 
8296 		if (!tok->len || tokens_size % tok->len)
8297 			return -EINVAL;
8298 		if (!rdev->wiphy.wowlan->tcp->tok)
8299 			return -EINVAL;
8300 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
8301 			return -EINVAL;
8302 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
8303 			return -EINVAL;
8304 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
8305 			return -EINVAL;
8306 		if (tok->offset + tok->len > data_size)
8307 			return -EINVAL;
8308 	}
8309 
8310 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
8311 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
8312 		if (!rdev->wiphy.wowlan->tcp->seq)
8313 			return -EINVAL;
8314 		if (seq->len == 0 || seq->len > 4)
8315 			return -EINVAL;
8316 		if (seq->len + seq->offset > data_size)
8317 			return -EINVAL;
8318 	}
8319 
8320 	size = sizeof(*cfg);
8321 	size += data_size;
8322 	size += wake_size + wake_mask_size;
8323 	size += tokens_size;
8324 
8325 	cfg = kzalloc(size, GFP_KERNEL);
8326 	if (!cfg)
8327 		return -ENOMEM;
8328 	cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
8329 	cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
8330 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
8331 	       ETH_ALEN);
8332 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
8333 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
8334 	else
8335 		port = 0;
8336 #ifdef CONFIG_INET
8337 	/* allocate a socket and port for it and use it */
8338 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
8339 			    IPPROTO_TCP, &cfg->sock, 1);
8340 	if (err) {
8341 		kfree(cfg);
8342 		return err;
8343 	}
8344 	if (inet_csk_get_port(cfg->sock->sk, port)) {
8345 		sock_release(cfg->sock);
8346 		kfree(cfg);
8347 		return -EADDRINUSE;
8348 	}
8349 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
8350 #else
8351 	if (!port) {
8352 		kfree(cfg);
8353 		return -EINVAL;
8354 	}
8355 	cfg->src_port = port;
8356 #endif
8357 
8358 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
8359 	cfg->payload_len = data_size;
8360 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
8361 	memcpy((void *)cfg->payload,
8362 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
8363 	       data_size);
8364 	if (seq)
8365 		cfg->payload_seq = *seq;
8366 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
8367 	cfg->wake_len = wake_size;
8368 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
8369 	memcpy((void *)cfg->wake_data,
8370 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
8371 	       wake_size);
8372 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
8373 			 data_size + wake_size;
8374 	memcpy((void *)cfg->wake_mask,
8375 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
8376 	       wake_mask_size);
8377 	if (tok) {
8378 		cfg->tokens_size = tokens_size;
8379 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
8380 	}
8381 
8382 	trig->tcp = cfg;
8383 
8384 	return 0;
8385 }
8386 
8387 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
8388 {
8389 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8390 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
8391 	struct cfg80211_wowlan new_triggers = {};
8392 	struct cfg80211_wowlan *ntrig;
8393 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
8394 	int err, i;
8395 	bool prev_enabled = rdev->wiphy.wowlan_config;
8396 
8397 	if (!wowlan)
8398 		return -EOPNOTSUPP;
8399 
8400 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
8401 		cfg80211_rdev_free_wowlan(rdev);
8402 		rdev->wiphy.wowlan_config = NULL;
8403 		goto set_wakeup;
8404 	}
8405 
8406 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
8407 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8408 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8409 			nl80211_wowlan_policy);
8410 	if (err)
8411 		return err;
8412 
8413 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
8414 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
8415 			return -EINVAL;
8416 		new_triggers.any = true;
8417 	}
8418 
8419 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
8420 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
8421 			return -EINVAL;
8422 		new_triggers.disconnect = true;
8423 	}
8424 
8425 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
8426 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
8427 			return -EINVAL;
8428 		new_triggers.magic_pkt = true;
8429 	}
8430 
8431 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
8432 		return -EINVAL;
8433 
8434 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
8435 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
8436 			return -EINVAL;
8437 		new_triggers.gtk_rekey_failure = true;
8438 	}
8439 
8440 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
8441 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
8442 			return -EINVAL;
8443 		new_triggers.eap_identity_req = true;
8444 	}
8445 
8446 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
8447 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
8448 			return -EINVAL;
8449 		new_triggers.four_way_handshake = true;
8450 	}
8451 
8452 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
8453 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
8454 			return -EINVAL;
8455 		new_triggers.rfkill_release = true;
8456 	}
8457 
8458 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
8459 		struct nlattr *pat;
8460 		int n_patterns = 0;
8461 		int rem, pat_len, mask_len, pkt_offset;
8462 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8463 
8464 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8465 				    rem)
8466 			n_patterns++;
8467 		if (n_patterns > wowlan->n_patterns)
8468 			return -EINVAL;
8469 
8470 		new_triggers.patterns = kcalloc(n_patterns,
8471 						sizeof(new_triggers.patterns[0]),
8472 						GFP_KERNEL);
8473 		if (!new_triggers.patterns)
8474 			return -ENOMEM;
8475 
8476 		new_triggers.n_patterns = n_patterns;
8477 		i = 0;
8478 
8479 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8480 				    rem) {
8481 			nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8482 				  nla_len(pat), NULL);
8483 			err = -EINVAL;
8484 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
8485 			    !pat_tb[NL80211_PKTPAT_PATTERN])
8486 				goto error;
8487 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8488 			mask_len = DIV_ROUND_UP(pat_len, 8);
8489 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8490 				goto error;
8491 			if (pat_len > wowlan->pattern_max_len ||
8492 			    pat_len < wowlan->pattern_min_len)
8493 				goto error;
8494 
8495 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
8496 				pkt_offset = 0;
8497 			else
8498 				pkt_offset = nla_get_u32(
8499 					pat_tb[NL80211_PKTPAT_OFFSET]);
8500 			if (pkt_offset > wowlan->max_pkt_offset)
8501 				goto error;
8502 			new_triggers.patterns[i].pkt_offset = pkt_offset;
8503 
8504 			new_triggers.patterns[i].mask =
8505 				kmalloc(mask_len + pat_len, GFP_KERNEL);
8506 			if (!new_triggers.patterns[i].mask) {
8507 				err = -ENOMEM;
8508 				goto error;
8509 			}
8510 			new_triggers.patterns[i].pattern =
8511 				new_triggers.patterns[i].mask + mask_len;
8512 			memcpy(new_triggers.patterns[i].mask,
8513 			       nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8514 			       mask_len);
8515 			new_triggers.patterns[i].pattern_len = pat_len;
8516 			memcpy(new_triggers.patterns[i].pattern,
8517 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8518 			       pat_len);
8519 			i++;
8520 		}
8521 	}
8522 
8523 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
8524 		err = nl80211_parse_wowlan_tcp(
8525 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
8526 			&new_triggers);
8527 		if (err)
8528 			goto error;
8529 	}
8530 
8531 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
8532 	if (!ntrig) {
8533 		err = -ENOMEM;
8534 		goto error;
8535 	}
8536 	cfg80211_rdev_free_wowlan(rdev);
8537 	rdev->wiphy.wowlan_config = ntrig;
8538 
8539  set_wakeup:
8540 	if (rdev->ops->set_wakeup &&
8541 	    prev_enabled != !!rdev->wiphy.wowlan_config)
8542 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
8543 
8544 	return 0;
8545  error:
8546 	for (i = 0; i < new_triggers.n_patterns; i++)
8547 		kfree(new_triggers.patterns[i].mask);
8548 	kfree(new_triggers.patterns);
8549 	if (new_triggers.tcp && new_triggers.tcp->sock)
8550 		sock_release(new_triggers.tcp->sock);
8551 	kfree(new_triggers.tcp);
8552 	return err;
8553 }
8554 #endif
8555 
8556 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
8557 				       struct cfg80211_registered_device *rdev)
8558 {
8559 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
8560 	int i, j, pat_len;
8561 	struct cfg80211_coalesce_rules *rule;
8562 
8563 	if (!rdev->coalesce->n_rules)
8564 		return 0;
8565 
8566 	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
8567 	if (!nl_rules)
8568 		return -ENOBUFS;
8569 
8570 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
8571 		nl_rule = nla_nest_start(msg, i + 1);
8572 		if (!nl_rule)
8573 			return -ENOBUFS;
8574 
8575 		rule = &rdev->coalesce->rules[i];
8576 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
8577 				rule->delay))
8578 			return -ENOBUFS;
8579 
8580 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
8581 				rule->condition))
8582 			return -ENOBUFS;
8583 
8584 		nl_pats = nla_nest_start(msg,
8585 				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
8586 		if (!nl_pats)
8587 			return -ENOBUFS;
8588 
8589 		for (j = 0; j < rule->n_patterns; j++) {
8590 			nl_pat = nla_nest_start(msg, j + 1);
8591 			if (!nl_pat)
8592 				return -ENOBUFS;
8593 			pat_len = rule->patterns[j].pattern_len;
8594 			if (nla_put(msg, NL80211_PKTPAT_MASK,
8595 				    DIV_ROUND_UP(pat_len, 8),
8596 				    rule->patterns[j].mask) ||
8597 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8598 				    rule->patterns[j].pattern) ||
8599 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8600 					rule->patterns[j].pkt_offset))
8601 				return -ENOBUFS;
8602 			nla_nest_end(msg, nl_pat);
8603 		}
8604 		nla_nest_end(msg, nl_pats);
8605 		nla_nest_end(msg, nl_rule);
8606 	}
8607 	nla_nest_end(msg, nl_rules);
8608 
8609 	return 0;
8610 }
8611 
8612 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
8613 {
8614 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8615 	struct sk_buff *msg;
8616 	void *hdr;
8617 
8618 	if (!rdev->wiphy.coalesce)
8619 		return -EOPNOTSUPP;
8620 
8621 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8622 	if (!msg)
8623 		return -ENOMEM;
8624 
8625 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8626 			     NL80211_CMD_GET_COALESCE);
8627 	if (!hdr)
8628 		goto nla_put_failure;
8629 
8630 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
8631 		goto nla_put_failure;
8632 
8633 	genlmsg_end(msg, hdr);
8634 	return genlmsg_reply(msg, info);
8635 
8636 nla_put_failure:
8637 	nlmsg_free(msg);
8638 	return -ENOBUFS;
8639 }
8640 
8641 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
8642 {
8643 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
8644 	int i, j;
8645 	struct cfg80211_coalesce_rules *rule;
8646 
8647 	if (!coalesce)
8648 		return;
8649 
8650 	for (i = 0; i < coalesce->n_rules; i++) {
8651 		rule = &coalesce->rules[i];
8652 		for (j = 0; j < rule->n_patterns; j++)
8653 			kfree(rule->patterns[j].mask);
8654 		kfree(rule->patterns);
8655 	}
8656 	kfree(coalesce->rules);
8657 	kfree(coalesce);
8658 	rdev->coalesce = NULL;
8659 }
8660 
8661 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
8662 				       struct nlattr *rule,
8663 				       struct cfg80211_coalesce_rules *new_rule)
8664 {
8665 	int err, i;
8666 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8667 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
8668 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
8669 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8670 
8671 	err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
8672 			nla_len(rule), nl80211_coalesce_policy);
8673 	if (err)
8674 		return err;
8675 
8676 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
8677 		new_rule->delay =
8678 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
8679 	if (new_rule->delay > coalesce->max_delay)
8680 		return -EINVAL;
8681 
8682 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
8683 		new_rule->condition =
8684 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
8685 	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
8686 	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
8687 		return -EINVAL;
8688 
8689 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
8690 		return -EINVAL;
8691 
8692 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8693 			    rem)
8694 		n_patterns++;
8695 	if (n_patterns > coalesce->n_patterns)
8696 		return -EINVAL;
8697 
8698 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
8699 				     GFP_KERNEL);
8700 	if (!new_rule->patterns)
8701 		return -ENOMEM;
8702 
8703 	new_rule->n_patterns = n_patterns;
8704 	i = 0;
8705 
8706 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8707 			    rem) {
8708 		nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8709 			  nla_len(pat), NULL);
8710 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
8711 		    !pat_tb[NL80211_PKTPAT_PATTERN])
8712 			return -EINVAL;
8713 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8714 		mask_len = DIV_ROUND_UP(pat_len, 8);
8715 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8716 			return -EINVAL;
8717 		if (pat_len > coalesce->pattern_max_len ||
8718 		    pat_len < coalesce->pattern_min_len)
8719 			return -EINVAL;
8720 
8721 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
8722 			pkt_offset = 0;
8723 		else
8724 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
8725 		if (pkt_offset > coalesce->max_pkt_offset)
8726 			return -EINVAL;
8727 		new_rule->patterns[i].pkt_offset = pkt_offset;
8728 
8729 		new_rule->patterns[i].mask =
8730 			kmalloc(mask_len + pat_len, GFP_KERNEL);
8731 		if (!new_rule->patterns[i].mask)
8732 			return -ENOMEM;
8733 		new_rule->patterns[i].pattern =
8734 			new_rule->patterns[i].mask + mask_len;
8735 		memcpy(new_rule->patterns[i].mask,
8736 		       nla_data(pat_tb[NL80211_PKTPAT_MASK]), mask_len);
8737 		new_rule->patterns[i].pattern_len = pat_len;
8738 		memcpy(new_rule->patterns[i].pattern,
8739 		       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]), pat_len);
8740 		i++;
8741 	}
8742 
8743 	return 0;
8744 }
8745 
8746 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
8747 {
8748 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8749 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8750 	struct cfg80211_coalesce new_coalesce = {};
8751 	struct cfg80211_coalesce *n_coalesce;
8752 	int err, rem_rule, n_rules = 0, i, j;
8753 	struct nlattr *rule;
8754 	struct cfg80211_coalesce_rules *tmp_rule;
8755 
8756 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
8757 		return -EOPNOTSUPP;
8758 
8759 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
8760 		cfg80211_rdev_free_coalesce(rdev);
8761 		rdev->ops->set_coalesce(&rdev->wiphy, NULL);
8762 		return 0;
8763 	}
8764 
8765 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8766 			    rem_rule)
8767 		n_rules++;
8768 	if (n_rules > coalesce->n_rules)
8769 		return -EINVAL;
8770 
8771 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
8772 				     GFP_KERNEL);
8773 	if (!new_coalesce.rules)
8774 		return -ENOMEM;
8775 
8776 	new_coalesce.n_rules = n_rules;
8777 	i = 0;
8778 
8779 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8780 			    rem_rule) {
8781 		err = nl80211_parse_coalesce_rule(rdev, rule,
8782 						  &new_coalesce.rules[i]);
8783 		if (err)
8784 			goto error;
8785 
8786 		i++;
8787 	}
8788 
8789 	err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
8790 	if (err)
8791 		goto error;
8792 
8793 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
8794 	if (!n_coalesce) {
8795 		err = -ENOMEM;
8796 		goto error;
8797 	}
8798 	cfg80211_rdev_free_coalesce(rdev);
8799 	rdev->coalesce = n_coalesce;
8800 
8801 	return 0;
8802 error:
8803 	for (i = 0; i < new_coalesce.n_rules; i++) {
8804 		tmp_rule = &new_coalesce.rules[i];
8805 		for (j = 0; j < tmp_rule->n_patterns; j++)
8806 			kfree(tmp_rule->patterns[j].mask);
8807 		kfree(tmp_rule->patterns);
8808 	}
8809 	kfree(new_coalesce.rules);
8810 
8811 	return err;
8812 }
8813 
8814 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
8815 {
8816 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8817 	struct net_device *dev = info->user_ptr[1];
8818 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8819 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
8820 	struct cfg80211_gtk_rekey_data rekey_data;
8821 	int err;
8822 
8823 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
8824 		return -EINVAL;
8825 
8826 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
8827 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
8828 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
8829 			nl80211_rekey_policy);
8830 	if (err)
8831 		return err;
8832 
8833 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
8834 		return -ERANGE;
8835 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
8836 		return -ERANGE;
8837 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
8838 		return -ERANGE;
8839 
8840 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
8841 	       NL80211_KEK_LEN);
8842 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
8843 	       NL80211_KCK_LEN);
8844 	memcpy(rekey_data.replay_ctr,
8845 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
8846 	       NL80211_REPLAY_CTR_LEN);
8847 
8848 	wdev_lock(wdev);
8849 	if (!wdev->current_bss) {
8850 		err = -ENOTCONN;
8851 		goto out;
8852 	}
8853 
8854 	if (!rdev->ops->set_rekey_data) {
8855 		err = -EOPNOTSUPP;
8856 		goto out;
8857 	}
8858 
8859 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
8860  out:
8861 	wdev_unlock(wdev);
8862 	return err;
8863 }
8864 
8865 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
8866 					     struct genl_info *info)
8867 {
8868 	struct net_device *dev = info->user_ptr[1];
8869 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8870 
8871 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8872 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8873 		return -EINVAL;
8874 
8875 	if (wdev->ap_unexpected_nlportid)
8876 		return -EBUSY;
8877 
8878 	wdev->ap_unexpected_nlportid = info->snd_portid;
8879 	return 0;
8880 }
8881 
8882 static int nl80211_probe_client(struct sk_buff *skb,
8883 				struct genl_info *info)
8884 {
8885 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8886 	struct net_device *dev = info->user_ptr[1];
8887 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8888 	struct sk_buff *msg;
8889 	void *hdr;
8890 	const u8 *addr;
8891 	u64 cookie;
8892 	int err;
8893 
8894 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8895 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8896 		return -EOPNOTSUPP;
8897 
8898 	if (!info->attrs[NL80211_ATTR_MAC])
8899 		return -EINVAL;
8900 
8901 	if (!rdev->ops->probe_client)
8902 		return -EOPNOTSUPP;
8903 
8904 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8905 	if (!msg)
8906 		return -ENOMEM;
8907 
8908 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8909 			     NL80211_CMD_PROBE_CLIENT);
8910 	if (!hdr) {
8911 		err = -ENOBUFS;
8912 		goto free_msg;
8913 	}
8914 
8915 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
8916 
8917 	err = rdev_probe_client(rdev, dev, addr, &cookie);
8918 	if (err)
8919 		goto free_msg;
8920 
8921 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8922 		goto nla_put_failure;
8923 
8924 	genlmsg_end(msg, hdr);
8925 
8926 	return genlmsg_reply(msg, info);
8927 
8928  nla_put_failure:
8929 	err = -ENOBUFS;
8930  free_msg:
8931 	nlmsg_free(msg);
8932 	return err;
8933 }
8934 
8935 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
8936 {
8937 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8938 	struct cfg80211_beacon_registration *reg, *nreg;
8939 	int rv;
8940 
8941 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
8942 		return -EOPNOTSUPP;
8943 
8944 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
8945 	if (!nreg)
8946 		return -ENOMEM;
8947 
8948 	/* First, check if already registered. */
8949 	spin_lock_bh(&rdev->beacon_registrations_lock);
8950 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
8951 		if (reg->nlportid == info->snd_portid) {
8952 			rv = -EALREADY;
8953 			goto out_err;
8954 		}
8955 	}
8956 	/* Add it to the list */
8957 	nreg->nlportid = info->snd_portid;
8958 	list_add(&nreg->list, &rdev->beacon_registrations);
8959 
8960 	spin_unlock_bh(&rdev->beacon_registrations_lock);
8961 
8962 	return 0;
8963 out_err:
8964 	spin_unlock_bh(&rdev->beacon_registrations_lock);
8965 	kfree(nreg);
8966 	return rv;
8967 }
8968 
8969 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
8970 {
8971 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8972 	struct wireless_dev *wdev = info->user_ptr[1];
8973 	int err;
8974 
8975 	if (!rdev->ops->start_p2p_device)
8976 		return -EOPNOTSUPP;
8977 
8978 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
8979 		return -EOPNOTSUPP;
8980 
8981 	if (wdev->p2p_started)
8982 		return 0;
8983 
8984 	err = cfg80211_can_add_interface(rdev, wdev->iftype);
8985 	if (err)
8986 		return err;
8987 
8988 	err = rdev_start_p2p_device(rdev, wdev);
8989 	if (err)
8990 		return err;
8991 
8992 	wdev->p2p_started = true;
8993 	rdev->opencount++;
8994 
8995 	return 0;
8996 }
8997 
8998 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
8999 {
9000 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9001 	struct wireless_dev *wdev = info->user_ptr[1];
9002 
9003 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9004 		return -EOPNOTSUPP;
9005 
9006 	if (!rdev->ops->stop_p2p_device)
9007 		return -EOPNOTSUPP;
9008 
9009 	cfg80211_stop_p2p_device(rdev, wdev);
9010 
9011 	return 0;
9012 }
9013 
9014 static int nl80211_get_protocol_features(struct sk_buff *skb,
9015 					 struct genl_info *info)
9016 {
9017 	void *hdr;
9018 	struct sk_buff *msg;
9019 
9020 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9021 	if (!msg)
9022 		return -ENOMEM;
9023 
9024 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9025 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
9026 	if (!hdr)
9027 		goto nla_put_failure;
9028 
9029 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
9030 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
9031 		goto nla_put_failure;
9032 
9033 	genlmsg_end(msg, hdr);
9034 	return genlmsg_reply(msg, info);
9035 
9036  nla_put_failure:
9037 	kfree_skb(msg);
9038 	return -ENOBUFS;
9039 }
9040 
9041 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
9042 {
9043 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9044 	struct cfg80211_update_ft_ies_params ft_params;
9045 	struct net_device *dev = info->user_ptr[1];
9046 
9047 	if (!rdev->ops->update_ft_ies)
9048 		return -EOPNOTSUPP;
9049 
9050 	if (!info->attrs[NL80211_ATTR_MDID] ||
9051 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9052 		return -EINVAL;
9053 
9054 	memset(&ft_params, 0, sizeof(ft_params));
9055 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
9056 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9057 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9058 
9059 	return rdev_update_ft_ies(rdev, dev, &ft_params);
9060 }
9061 
9062 static int nl80211_crit_protocol_start(struct sk_buff *skb,
9063 				       struct genl_info *info)
9064 {
9065 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9066 	struct wireless_dev *wdev = info->user_ptr[1];
9067 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
9068 	u16 duration;
9069 	int ret;
9070 
9071 	if (!rdev->ops->crit_proto_start)
9072 		return -EOPNOTSUPP;
9073 
9074 	if (WARN_ON(!rdev->ops->crit_proto_stop))
9075 		return -EINVAL;
9076 
9077 	if (rdev->crit_proto_nlportid)
9078 		return -EBUSY;
9079 
9080 	/* determine protocol if provided */
9081 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
9082 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
9083 
9084 	if (proto >= NUM_NL80211_CRIT_PROTO)
9085 		return -EINVAL;
9086 
9087 	/* timeout must be provided */
9088 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
9089 		return -EINVAL;
9090 
9091 	duration =
9092 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
9093 
9094 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
9095 		return -ERANGE;
9096 
9097 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
9098 	if (!ret)
9099 		rdev->crit_proto_nlportid = info->snd_portid;
9100 
9101 	return ret;
9102 }
9103 
9104 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
9105 				      struct genl_info *info)
9106 {
9107 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9108 	struct wireless_dev *wdev = info->user_ptr[1];
9109 
9110 	if (!rdev->ops->crit_proto_stop)
9111 		return -EOPNOTSUPP;
9112 
9113 	if (rdev->crit_proto_nlportid) {
9114 		rdev->crit_proto_nlportid = 0;
9115 		rdev_crit_proto_stop(rdev, wdev);
9116 	}
9117 	return 0;
9118 }
9119 
9120 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
9121 {
9122 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9123 	struct wireless_dev *wdev =
9124 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9125 	int i, err;
9126 	u32 vid, subcmd;
9127 
9128 	if (!rdev->wiphy.vendor_commands)
9129 		return -EOPNOTSUPP;
9130 
9131 	if (IS_ERR(wdev)) {
9132 		err = PTR_ERR(wdev);
9133 		if (err != -EINVAL)
9134 			return err;
9135 		wdev = NULL;
9136 	} else if (wdev->wiphy != &rdev->wiphy) {
9137 		return -EINVAL;
9138 	}
9139 
9140 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
9141 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
9142 		return -EINVAL;
9143 
9144 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
9145 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
9146 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
9147 		const struct wiphy_vendor_command *vcmd;
9148 		void *data = NULL;
9149 		int len = 0;
9150 
9151 		vcmd = &rdev->wiphy.vendor_commands[i];
9152 
9153 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
9154 			continue;
9155 
9156 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
9157 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
9158 			if (!wdev)
9159 				return -EINVAL;
9160 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
9161 			    !wdev->netdev)
9162 				return -EINVAL;
9163 
9164 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
9165 				if (wdev->netdev &&
9166 				    !netif_running(wdev->netdev))
9167 					return -ENETDOWN;
9168 				if (!wdev->netdev && !wdev->p2p_started)
9169 					return -ENETDOWN;
9170 			}
9171 		} else {
9172 			wdev = NULL;
9173 		}
9174 
9175 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
9176 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9177 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9178 		}
9179 
9180 		rdev->cur_cmd_info = info;
9181 		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
9182 							  data, len);
9183 		rdev->cur_cmd_info = NULL;
9184 		return err;
9185 	}
9186 
9187 	return -EOPNOTSUPP;
9188 }
9189 
9190 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
9191 					   enum nl80211_commands cmd,
9192 					   enum nl80211_attrs attr,
9193 					   int approxlen)
9194 {
9195 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
9196 
9197 	if (WARN_ON(!rdev->cur_cmd_info))
9198 		return NULL;
9199 
9200 	return __cfg80211_alloc_vendor_skb(rdev, approxlen,
9201 					   rdev->cur_cmd_info->snd_portid,
9202 					   rdev->cur_cmd_info->snd_seq,
9203 					   cmd, attr, NULL, GFP_KERNEL);
9204 }
9205 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
9206 
9207 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
9208 {
9209 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9210 	void *hdr = ((void **)skb->cb)[1];
9211 	struct nlattr *data = ((void **)skb->cb)[2];
9212 
9213 	if (WARN_ON(!rdev->cur_cmd_info)) {
9214 		kfree_skb(skb);
9215 		return -EINVAL;
9216 	}
9217 
9218 	nla_nest_end(skb, data);
9219 	genlmsg_end(skb, hdr);
9220 	return genlmsg_reply(skb, rdev->cur_cmd_info);
9221 }
9222 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
9223 
9224 
9225 static int nl80211_set_qos_map(struct sk_buff *skb,
9226 			       struct genl_info *info)
9227 {
9228 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9229 	struct cfg80211_qos_map *qos_map = NULL;
9230 	struct net_device *dev = info->user_ptr[1];
9231 	u8 *pos, len, num_des, des_len, des;
9232 	int ret;
9233 
9234 	if (!rdev->ops->set_qos_map)
9235 		return -EOPNOTSUPP;
9236 
9237 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
9238 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
9239 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
9240 
9241 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
9242 		    len > IEEE80211_QOS_MAP_LEN_MAX)
9243 			return -EINVAL;
9244 
9245 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
9246 		if (!qos_map)
9247 			return -ENOMEM;
9248 
9249 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
9250 		if (num_des) {
9251 			des_len = num_des *
9252 				sizeof(struct cfg80211_dscp_exception);
9253 			memcpy(qos_map->dscp_exception, pos, des_len);
9254 			qos_map->num_des = num_des;
9255 			for (des = 0; des < num_des; des++) {
9256 				if (qos_map->dscp_exception[des].up > 7) {
9257 					kfree(qos_map);
9258 					return -EINVAL;
9259 				}
9260 			}
9261 			pos += des_len;
9262 		}
9263 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
9264 	}
9265 
9266 	wdev_lock(dev->ieee80211_ptr);
9267 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
9268 	if (!ret)
9269 		ret = rdev_set_qos_map(rdev, dev, qos_map);
9270 	wdev_unlock(dev->ieee80211_ptr);
9271 
9272 	kfree(qos_map);
9273 	return ret;
9274 }
9275 
9276 #define NL80211_FLAG_NEED_WIPHY		0x01
9277 #define NL80211_FLAG_NEED_NETDEV	0x02
9278 #define NL80211_FLAG_NEED_RTNL		0x04
9279 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
9280 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
9281 					 NL80211_FLAG_CHECK_NETDEV_UP)
9282 #define NL80211_FLAG_NEED_WDEV		0x10
9283 /* If a netdev is associated, it must be UP, P2P must be started */
9284 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
9285 					 NL80211_FLAG_CHECK_NETDEV_UP)
9286 
9287 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
9288 			    struct genl_info *info)
9289 {
9290 	struct cfg80211_registered_device *rdev;
9291 	struct wireless_dev *wdev;
9292 	struct net_device *dev;
9293 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
9294 
9295 	if (rtnl)
9296 		rtnl_lock();
9297 
9298 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
9299 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
9300 		if (IS_ERR(rdev)) {
9301 			if (rtnl)
9302 				rtnl_unlock();
9303 			return PTR_ERR(rdev);
9304 		}
9305 		info->user_ptr[0] = rdev;
9306 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
9307 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9308 		ASSERT_RTNL();
9309 
9310 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
9311 						  info->attrs);
9312 		if (IS_ERR(wdev)) {
9313 			if (rtnl)
9314 				rtnl_unlock();
9315 			return PTR_ERR(wdev);
9316 		}
9317 
9318 		dev = wdev->netdev;
9319 		rdev = wiphy_to_dev(wdev->wiphy);
9320 
9321 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
9322 			if (!dev) {
9323 				if (rtnl)
9324 					rtnl_unlock();
9325 				return -EINVAL;
9326 			}
9327 
9328 			info->user_ptr[1] = dev;
9329 		} else {
9330 			info->user_ptr[1] = wdev;
9331 		}
9332 
9333 		if (dev) {
9334 			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
9335 			    !netif_running(dev)) {
9336 				if (rtnl)
9337 					rtnl_unlock();
9338 				return -ENETDOWN;
9339 			}
9340 
9341 			dev_hold(dev);
9342 		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
9343 			if (!wdev->p2p_started) {
9344 				if (rtnl)
9345 					rtnl_unlock();
9346 				return -ENETDOWN;
9347 			}
9348 		}
9349 
9350 		info->user_ptr[0] = rdev;
9351 	}
9352 
9353 	return 0;
9354 }
9355 
9356 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
9357 			      struct genl_info *info)
9358 {
9359 	if (info->user_ptr[1]) {
9360 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9361 			struct wireless_dev *wdev = info->user_ptr[1];
9362 
9363 			if (wdev->netdev)
9364 				dev_put(wdev->netdev);
9365 		} else {
9366 			dev_put(info->user_ptr[1]);
9367 		}
9368 	}
9369 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
9370 		rtnl_unlock();
9371 }
9372 
9373 static const struct genl_ops nl80211_ops[] = {
9374 	{
9375 		.cmd = NL80211_CMD_GET_WIPHY,
9376 		.doit = nl80211_get_wiphy,
9377 		.dumpit = nl80211_dump_wiphy,
9378 		.done = nl80211_dump_wiphy_done,
9379 		.policy = nl80211_policy,
9380 		/* can be retrieved by unprivileged users */
9381 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9382 				  NL80211_FLAG_NEED_RTNL,
9383 	},
9384 	{
9385 		.cmd = NL80211_CMD_SET_WIPHY,
9386 		.doit = nl80211_set_wiphy,
9387 		.policy = nl80211_policy,
9388 		.flags = GENL_ADMIN_PERM,
9389 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9390 	},
9391 	{
9392 		.cmd = NL80211_CMD_GET_INTERFACE,
9393 		.doit = nl80211_get_interface,
9394 		.dumpit = nl80211_dump_interface,
9395 		.policy = nl80211_policy,
9396 		/* can be retrieved by unprivileged users */
9397 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9398 				  NL80211_FLAG_NEED_RTNL,
9399 	},
9400 	{
9401 		.cmd = NL80211_CMD_SET_INTERFACE,
9402 		.doit = nl80211_set_interface,
9403 		.policy = nl80211_policy,
9404 		.flags = GENL_ADMIN_PERM,
9405 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9406 				  NL80211_FLAG_NEED_RTNL,
9407 	},
9408 	{
9409 		.cmd = NL80211_CMD_NEW_INTERFACE,
9410 		.doit = nl80211_new_interface,
9411 		.policy = nl80211_policy,
9412 		.flags = GENL_ADMIN_PERM,
9413 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9414 				  NL80211_FLAG_NEED_RTNL,
9415 	},
9416 	{
9417 		.cmd = NL80211_CMD_DEL_INTERFACE,
9418 		.doit = nl80211_del_interface,
9419 		.policy = nl80211_policy,
9420 		.flags = GENL_ADMIN_PERM,
9421 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9422 				  NL80211_FLAG_NEED_RTNL,
9423 	},
9424 	{
9425 		.cmd = NL80211_CMD_GET_KEY,
9426 		.doit = nl80211_get_key,
9427 		.policy = nl80211_policy,
9428 		.flags = GENL_ADMIN_PERM,
9429 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9430 				  NL80211_FLAG_NEED_RTNL,
9431 	},
9432 	{
9433 		.cmd = NL80211_CMD_SET_KEY,
9434 		.doit = nl80211_set_key,
9435 		.policy = nl80211_policy,
9436 		.flags = GENL_ADMIN_PERM,
9437 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9438 				  NL80211_FLAG_NEED_RTNL,
9439 	},
9440 	{
9441 		.cmd = NL80211_CMD_NEW_KEY,
9442 		.doit = nl80211_new_key,
9443 		.policy = nl80211_policy,
9444 		.flags = GENL_ADMIN_PERM,
9445 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9446 				  NL80211_FLAG_NEED_RTNL,
9447 	},
9448 	{
9449 		.cmd = NL80211_CMD_DEL_KEY,
9450 		.doit = nl80211_del_key,
9451 		.policy = nl80211_policy,
9452 		.flags = GENL_ADMIN_PERM,
9453 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9454 				  NL80211_FLAG_NEED_RTNL,
9455 	},
9456 	{
9457 		.cmd = NL80211_CMD_SET_BEACON,
9458 		.policy = nl80211_policy,
9459 		.flags = GENL_ADMIN_PERM,
9460 		.doit = nl80211_set_beacon,
9461 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9462 				  NL80211_FLAG_NEED_RTNL,
9463 	},
9464 	{
9465 		.cmd = NL80211_CMD_START_AP,
9466 		.policy = nl80211_policy,
9467 		.flags = GENL_ADMIN_PERM,
9468 		.doit = nl80211_start_ap,
9469 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9470 				  NL80211_FLAG_NEED_RTNL,
9471 	},
9472 	{
9473 		.cmd = NL80211_CMD_STOP_AP,
9474 		.policy = nl80211_policy,
9475 		.flags = GENL_ADMIN_PERM,
9476 		.doit = nl80211_stop_ap,
9477 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9478 				  NL80211_FLAG_NEED_RTNL,
9479 	},
9480 	{
9481 		.cmd = NL80211_CMD_GET_STATION,
9482 		.doit = nl80211_get_station,
9483 		.dumpit = nl80211_dump_station,
9484 		.policy = nl80211_policy,
9485 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9486 				  NL80211_FLAG_NEED_RTNL,
9487 	},
9488 	{
9489 		.cmd = NL80211_CMD_SET_STATION,
9490 		.doit = nl80211_set_station,
9491 		.policy = nl80211_policy,
9492 		.flags = GENL_ADMIN_PERM,
9493 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9494 				  NL80211_FLAG_NEED_RTNL,
9495 	},
9496 	{
9497 		.cmd = NL80211_CMD_NEW_STATION,
9498 		.doit = nl80211_new_station,
9499 		.policy = nl80211_policy,
9500 		.flags = GENL_ADMIN_PERM,
9501 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9502 				  NL80211_FLAG_NEED_RTNL,
9503 	},
9504 	{
9505 		.cmd = NL80211_CMD_DEL_STATION,
9506 		.doit = nl80211_del_station,
9507 		.policy = nl80211_policy,
9508 		.flags = GENL_ADMIN_PERM,
9509 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9510 				  NL80211_FLAG_NEED_RTNL,
9511 	},
9512 	{
9513 		.cmd = NL80211_CMD_GET_MPATH,
9514 		.doit = nl80211_get_mpath,
9515 		.dumpit = nl80211_dump_mpath,
9516 		.policy = nl80211_policy,
9517 		.flags = GENL_ADMIN_PERM,
9518 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9519 				  NL80211_FLAG_NEED_RTNL,
9520 	},
9521 	{
9522 		.cmd = NL80211_CMD_SET_MPATH,
9523 		.doit = nl80211_set_mpath,
9524 		.policy = nl80211_policy,
9525 		.flags = GENL_ADMIN_PERM,
9526 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9527 				  NL80211_FLAG_NEED_RTNL,
9528 	},
9529 	{
9530 		.cmd = NL80211_CMD_NEW_MPATH,
9531 		.doit = nl80211_new_mpath,
9532 		.policy = nl80211_policy,
9533 		.flags = GENL_ADMIN_PERM,
9534 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9535 				  NL80211_FLAG_NEED_RTNL,
9536 	},
9537 	{
9538 		.cmd = NL80211_CMD_DEL_MPATH,
9539 		.doit = nl80211_del_mpath,
9540 		.policy = nl80211_policy,
9541 		.flags = GENL_ADMIN_PERM,
9542 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9543 				  NL80211_FLAG_NEED_RTNL,
9544 	},
9545 	{
9546 		.cmd = NL80211_CMD_SET_BSS,
9547 		.doit = nl80211_set_bss,
9548 		.policy = nl80211_policy,
9549 		.flags = GENL_ADMIN_PERM,
9550 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9551 				  NL80211_FLAG_NEED_RTNL,
9552 	},
9553 	{
9554 		.cmd = NL80211_CMD_GET_REG,
9555 		.doit = nl80211_get_reg,
9556 		.policy = nl80211_policy,
9557 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9558 		/* can be retrieved by unprivileged users */
9559 	},
9560 	{
9561 		.cmd = NL80211_CMD_SET_REG,
9562 		.doit = nl80211_set_reg,
9563 		.policy = nl80211_policy,
9564 		.flags = GENL_ADMIN_PERM,
9565 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9566 	},
9567 	{
9568 		.cmd = NL80211_CMD_REQ_SET_REG,
9569 		.doit = nl80211_req_set_reg,
9570 		.policy = nl80211_policy,
9571 		.flags = GENL_ADMIN_PERM,
9572 	},
9573 	{
9574 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
9575 		.doit = nl80211_get_mesh_config,
9576 		.policy = nl80211_policy,
9577 		/* can be retrieved by unprivileged users */
9578 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9579 				  NL80211_FLAG_NEED_RTNL,
9580 	},
9581 	{
9582 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
9583 		.doit = nl80211_update_mesh_config,
9584 		.policy = nl80211_policy,
9585 		.flags = GENL_ADMIN_PERM,
9586 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9587 				  NL80211_FLAG_NEED_RTNL,
9588 	},
9589 	{
9590 		.cmd = NL80211_CMD_TRIGGER_SCAN,
9591 		.doit = nl80211_trigger_scan,
9592 		.policy = nl80211_policy,
9593 		.flags = GENL_ADMIN_PERM,
9594 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9595 				  NL80211_FLAG_NEED_RTNL,
9596 	},
9597 	{
9598 		.cmd = NL80211_CMD_GET_SCAN,
9599 		.policy = nl80211_policy,
9600 		.dumpit = nl80211_dump_scan,
9601 	},
9602 	{
9603 		.cmd = NL80211_CMD_START_SCHED_SCAN,
9604 		.doit = nl80211_start_sched_scan,
9605 		.policy = nl80211_policy,
9606 		.flags = GENL_ADMIN_PERM,
9607 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9608 				  NL80211_FLAG_NEED_RTNL,
9609 	},
9610 	{
9611 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
9612 		.doit = nl80211_stop_sched_scan,
9613 		.policy = nl80211_policy,
9614 		.flags = GENL_ADMIN_PERM,
9615 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9616 				  NL80211_FLAG_NEED_RTNL,
9617 	},
9618 	{
9619 		.cmd = NL80211_CMD_AUTHENTICATE,
9620 		.doit = nl80211_authenticate,
9621 		.policy = nl80211_policy,
9622 		.flags = GENL_ADMIN_PERM,
9623 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9624 				  NL80211_FLAG_NEED_RTNL,
9625 	},
9626 	{
9627 		.cmd = NL80211_CMD_ASSOCIATE,
9628 		.doit = nl80211_associate,
9629 		.policy = nl80211_policy,
9630 		.flags = GENL_ADMIN_PERM,
9631 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9632 				  NL80211_FLAG_NEED_RTNL,
9633 	},
9634 	{
9635 		.cmd = NL80211_CMD_DEAUTHENTICATE,
9636 		.doit = nl80211_deauthenticate,
9637 		.policy = nl80211_policy,
9638 		.flags = GENL_ADMIN_PERM,
9639 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9640 				  NL80211_FLAG_NEED_RTNL,
9641 	},
9642 	{
9643 		.cmd = NL80211_CMD_DISASSOCIATE,
9644 		.doit = nl80211_disassociate,
9645 		.policy = nl80211_policy,
9646 		.flags = GENL_ADMIN_PERM,
9647 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9648 				  NL80211_FLAG_NEED_RTNL,
9649 	},
9650 	{
9651 		.cmd = NL80211_CMD_JOIN_IBSS,
9652 		.doit = nl80211_join_ibss,
9653 		.policy = nl80211_policy,
9654 		.flags = GENL_ADMIN_PERM,
9655 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9656 				  NL80211_FLAG_NEED_RTNL,
9657 	},
9658 	{
9659 		.cmd = NL80211_CMD_LEAVE_IBSS,
9660 		.doit = nl80211_leave_ibss,
9661 		.policy = nl80211_policy,
9662 		.flags = GENL_ADMIN_PERM,
9663 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9664 				  NL80211_FLAG_NEED_RTNL,
9665 	},
9666 #ifdef CONFIG_NL80211_TESTMODE
9667 	{
9668 		.cmd = NL80211_CMD_TESTMODE,
9669 		.doit = nl80211_testmode_do,
9670 		.dumpit = nl80211_testmode_dump,
9671 		.policy = nl80211_policy,
9672 		.flags = GENL_ADMIN_PERM,
9673 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9674 				  NL80211_FLAG_NEED_RTNL,
9675 	},
9676 #endif
9677 	{
9678 		.cmd = NL80211_CMD_CONNECT,
9679 		.doit = nl80211_connect,
9680 		.policy = nl80211_policy,
9681 		.flags = GENL_ADMIN_PERM,
9682 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9683 				  NL80211_FLAG_NEED_RTNL,
9684 	},
9685 	{
9686 		.cmd = NL80211_CMD_DISCONNECT,
9687 		.doit = nl80211_disconnect,
9688 		.policy = nl80211_policy,
9689 		.flags = GENL_ADMIN_PERM,
9690 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9691 				  NL80211_FLAG_NEED_RTNL,
9692 	},
9693 	{
9694 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
9695 		.doit = nl80211_wiphy_netns,
9696 		.policy = nl80211_policy,
9697 		.flags = GENL_ADMIN_PERM,
9698 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9699 				  NL80211_FLAG_NEED_RTNL,
9700 	},
9701 	{
9702 		.cmd = NL80211_CMD_GET_SURVEY,
9703 		.policy = nl80211_policy,
9704 		.dumpit = nl80211_dump_survey,
9705 	},
9706 	{
9707 		.cmd = NL80211_CMD_SET_PMKSA,
9708 		.doit = nl80211_setdel_pmksa,
9709 		.policy = nl80211_policy,
9710 		.flags = GENL_ADMIN_PERM,
9711 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9712 				  NL80211_FLAG_NEED_RTNL,
9713 	},
9714 	{
9715 		.cmd = NL80211_CMD_DEL_PMKSA,
9716 		.doit = nl80211_setdel_pmksa,
9717 		.policy = nl80211_policy,
9718 		.flags = GENL_ADMIN_PERM,
9719 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9720 				  NL80211_FLAG_NEED_RTNL,
9721 	},
9722 	{
9723 		.cmd = NL80211_CMD_FLUSH_PMKSA,
9724 		.doit = nl80211_flush_pmksa,
9725 		.policy = nl80211_policy,
9726 		.flags = GENL_ADMIN_PERM,
9727 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9728 				  NL80211_FLAG_NEED_RTNL,
9729 	},
9730 	{
9731 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
9732 		.doit = nl80211_remain_on_channel,
9733 		.policy = nl80211_policy,
9734 		.flags = GENL_ADMIN_PERM,
9735 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9736 				  NL80211_FLAG_NEED_RTNL,
9737 	},
9738 	{
9739 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
9740 		.doit = nl80211_cancel_remain_on_channel,
9741 		.policy = nl80211_policy,
9742 		.flags = GENL_ADMIN_PERM,
9743 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9744 				  NL80211_FLAG_NEED_RTNL,
9745 	},
9746 	{
9747 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
9748 		.doit = nl80211_set_tx_bitrate_mask,
9749 		.policy = nl80211_policy,
9750 		.flags = GENL_ADMIN_PERM,
9751 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9752 				  NL80211_FLAG_NEED_RTNL,
9753 	},
9754 	{
9755 		.cmd = NL80211_CMD_REGISTER_FRAME,
9756 		.doit = nl80211_register_mgmt,
9757 		.policy = nl80211_policy,
9758 		.flags = GENL_ADMIN_PERM,
9759 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9760 				  NL80211_FLAG_NEED_RTNL,
9761 	},
9762 	{
9763 		.cmd = NL80211_CMD_FRAME,
9764 		.doit = nl80211_tx_mgmt,
9765 		.policy = nl80211_policy,
9766 		.flags = GENL_ADMIN_PERM,
9767 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9768 				  NL80211_FLAG_NEED_RTNL,
9769 	},
9770 	{
9771 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
9772 		.doit = nl80211_tx_mgmt_cancel_wait,
9773 		.policy = nl80211_policy,
9774 		.flags = GENL_ADMIN_PERM,
9775 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9776 				  NL80211_FLAG_NEED_RTNL,
9777 	},
9778 	{
9779 		.cmd = NL80211_CMD_SET_POWER_SAVE,
9780 		.doit = nl80211_set_power_save,
9781 		.policy = nl80211_policy,
9782 		.flags = GENL_ADMIN_PERM,
9783 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9784 				  NL80211_FLAG_NEED_RTNL,
9785 	},
9786 	{
9787 		.cmd = NL80211_CMD_GET_POWER_SAVE,
9788 		.doit = nl80211_get_power_save,
9789 		.policy = nl80211_policy,
9790 		/* can be retrieved by unprivileged users */
9791 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9792 				  NL80211_FLAG_NEED_RTNL,
9793 	},
9794 	{
9795 		.cmd = NL80211_CMD_SET_CQM,
9796 		.doit = nl80211_set_cqm,
9797 		.policy = nl80211_policy,
9798 		.flags = GENL_ADMIN_PERM,
9799 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9800 				  NL80211_FLAG_NEED_RTNL,
9801 	},
9802 	{
9803 		.cmd = NL80211_CMD_SET_CHANNEL,
9804 		.doit = nl80211_set_channel,
9805 		.policy = nl80211_policy,
9806 		.flags = GENL_ADMIN_PERM,
9807 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9808 				  NL80211_FLAG_NEED_RTNL,
9809 	},
9810 	{
9811 		.cmd = NL80211_CMD_SET_WDS_PEER,
9812 		.doit = nl80211_set_wds_peer,
9813 		.policy = nl80211_policy,
9814 		.flags = GENL_ADMIN_PERM,
9815 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9816 				  NL80211_FLAG_NEED_RTNL,
9817 	},
9818 	{
9819 		.cmd = NL80211_CMD_JOIN_MESH,
9820 		.doit = nl80211_join_mesh,
9821 		.policy = nl80211_policy,
9822 		.flags = GENL_ADMIN_PERM,
9823 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9824 				  NL80211_FLAG_NEED_RTNL,
9825 	},
9826 	{
9827 		.cmd = NL80211_CMD_LEAVE_MESH,
9828 		.doit = nl80211_leave_mesh,
9829 		.policy = nl80211_policy,
9830 		.flags = GENL_ADMIN_PERM,
9831 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9832 				  NL80211_FLAG_NEED_RTNL,
9833 	},
9834 #ifdef CONFIG_PM
9835 	{
9836 		.cmd = NL80211_CMD_GET_WOWLAN,
9837 		.doit = nl80211_get_wowlan,
9838 		.policy = nl80211_policy,
9839 		/* can be retrieved by unprivileged users */
9840 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9841 				  NL80211_FLAG_NEED_RTNL,
9842 	},
9843 	{
9844 		.cmd = NL80211_CMD_SET_WOWLAN,
9845 		.doit = nl80211_set_wowlan,
9846 		.policy = nl80211_policy,
9847 		.flags = GENL_ADMIN_PERM,
9848 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9849 				  NL80211_FLAG_NEED_RTNL,
9850 	},
9851 #endif
9852 	{
9853 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
9854 		.doit = nl80211_set_rekey_data,
9855 		.policy = nl80211_policy,
9856 		.flags = GENL_ADMIN_PERM,
9857 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9858 				  NL80211_FLAG_NEED_RTNL,
9859 	},
9860 	{
9861 		.cmd = NL80211_CMD_TDLS_MGMT,
9862 		.doit = nl80211_tdls_mgmt,
9863 		.policy = nl80211_policy,
9864 		.flags = GENL_ADMIN_PERM,
9865 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9866 				  NL80211_FLAG_NEED_RTNL,
9867 	},
9868 	{
9869 		.cmd = NL80211_CMD_TDLS_OPER,
9870 		.doit = nl80211_tdls_oper,
9871 		.policy = nl80211_policy,
9872 		.flags = GENL_ADMIN_PERM,
9873 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9874 				  NL80211_FLAG_NEED_RTNL,
9875 	},
9876 	{
9877 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
9878 		.doit = nl80211_register_unexpected_frame,
9879 		.policy = nl80211_policy,
9880 		.flags = GENL_ADMIN_PERM,
9881 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9882 				  NL80211_FLAG_NEED_RTNL,
9883 	},
9884 	{
9885 		.cmd = NL80211_CMD_PROBE_CLIENT,
9886 		.doit = nl80211_probe_client,
9887 		.policy = nl80211_policy,
9888 		.flags = GENL_ADMIN_PERM,
9889 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9890 				  NL80211_FLAG_NEED_RTNL,
9891 	},
9892 	{
9893 		.cmd = NL80211_CMD_REGISTER_BEACONS,
9894 		.doit = nl80211_register_beacons,
9895 		.policy = nl80211_policy,
9896 		.flags = GENL_ADMIN_PERM,
9897 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9898 				  NL80211_FLAG_NEED_RTNL,
9899 	},
9900 	{
9901 		.cmd = NL80211_CMD_SET_NOACK_MAP,
9902 		.doit = nl80211_set_noack_map,
9903 		.policy = nl80211_policy,
9904 		.flags = GENL_ADMIN_PERM,
9905 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9906 				  NL80211_FLAG_NEED_RTNL,
9907 	},
9908 	{
9909 		.cmd = NL80211_CMD_START_P2P_DEVICE,
9910 		.doit = nl80211_start_p2p_device,
9911 		.policy = nl80211_policy,
9912 		.flags = GENL_ADMIN_PERM,
9913 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9914 				  NL80211_FLAG_NEED_RTNL,
9915 	},
9916 	{
9917 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
9918 		.doit = nl80211_stop_p2p_device,
9919 		.policy = nl80211_policy,
9920 		.flags = GENL_ADMIN_PERM,
9921 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9922 				  NL80211_FLAG_NEED_RTNL,
9923 	},
9924 	{
9925 		.cmd = NL80211_CMD_SET_MCAST_RATE,
9926 		.doit = nl80211_set_mcast_rate,
9927 		.policy = nl80211_policy,
9928 		.flags = GENL_ADMIN_PERM,
9929 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9930 				  NL80211_FLAG_NEED_RTNL,
9931 	},
9932 	{
9933 		.cmd = NL80211_CMD_SET_MAC_ACL,
9934 		.doit = nl80211_set_mac_acl,
9935 		.policy = nl80211_policy,
9936 		.flags = GENL_ADMIN_PERM,
9937 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9938 				  NL80211_FLAG_NEED_RTNL,
9939 	},
9940 	{
9941 		.cmd = NL80211_CMD_RADAR_DETECT,
9942 		.doit = nl80211_start_radar_detection,
9943 		.policy = nl80211_policy,
9944 		.flags = GENL_ADMIN_PERM,
9945 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9946 				  NL80211_FLAG_NEED_RTNL,
9947 	},
9948 	{
9949 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
9950 		.doit = nl80211_get_protocol_features,
9951 		.policy = nl80211_policy,
9952 	},
9953 	{
9954 		.cmd = NL80211_CMD_UPDATE_FT_IES,
9955 		.doit = nl80211_update_ft_ies,
9956 		.policy = nl80211_policy,
9957 		.flags = GENL_ADMIN_PERM,
9958 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9959 				  NL80211_FLAG_NEED_RTNL,
9960 	},
9961 	{
9962 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
9963 		.doit = nl80211_crit_protocol_start,
9964 		.policy = nl80211_policy,
9965 		.flags = GENL_ADMIN_PERM,
9966 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9967 				  NL80211_FLAG_NEED_RTNL,
9968 	},
9969 	{
9970 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
9971 		.doit = nl80211_crit_protocol_stop,
9972 		.policy = nl80211_policy,
9973 		.flags = GENL_ADMIN_PERM,
9974 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9975 				  NL80211_FLAG_NEED_RTNL,
9976 	},
9977 	{
9978 		.cmd = NL80211_CMD_GET_COALESCE,
9979 		.doit = nl80211_get_coalesce,
9980 		.policy = nl80211_policy,
9981 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9982 				  NL80211_FLAG_NEED_RTNL,
9983 	},
9984 	{
9985 		.cmd = NL80211_CMD_SET_COALESCE,
9986 		.doit = nl80211_set_coalesce,
9987 		.policy = nl80211_policy,
9988 		.flags = GENL_ADMIN_PERM,
9989 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9990 				  NL80211_FLAG_NEED_RTNL,
9991 	},
9992 	{
9993 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
9994 		.doit = nl80211_channel_switch,
9995 		.policy = nl80211_policy,
9996 		.flags = GENL_ADMIN_PERM,
9997 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9998 				  NL80211_FLAG_NEED_RTNL,
9999 	},
10000 	{
10001 		.cmd = NL80211_CMD_VENDOR,
10002 		.doit = nl80211_vendor_cmd,
10003 		.policy = nl80211_policy,
10004 		.flags = GENL_ADMIN_PERM,
10005 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10006 				  NL80211_FLAG_NEED_RTNL,
10007 	},
10008 	{
10009 		.cmd = NL80211_CMD_SET_QOS_MAP,
10010 		.doit = nl80211_set_qos_map,
10011 		.policy = nl80211_policy,
10012 		.flags = GENL_ADMIN_PERM,
10013 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10014 				  NL80211_FLAG_NEED_RTNL,
10015 	},
10016 };
10017 
10018 /* notification functions */
10019 
10020 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
10021 {
10022 	struct sk_buff *msg;
10023 	struct nl80211_dump_wiphy_state state = {};
10024 
10025 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10026 	if (!msg)
10027 		return;
10028 
10029 	if (nl80211_send_wiphy(rdev, msg, 0, 0, 0, &state) < 0) {
10030 		nlmsg_free(msg);
10031 		return;
10032 	}
10033 
10034 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10035 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
10036 }
10037 
10038 static int nl80211_add_scan_req(struct sk_buff *msg,
10039 				struct cfg80211_registered_device *rdev)
10040 {
10041 	struct cfg80211_scan_request *req = rdev->scan_req;
10042 	struct nlattr *nest;
10043 	int i;
10044 
10045 	if (WARN_ON(!req))
10046 		return 0;
10047 
10048 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
10049 	if (!nest)
10050 		goto nla_put_failure;
10051 	for (i = 0; i < req->n_ssids; i++) {
10052 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
10053 			goto nla_put_failure;
10054 	}
10055 	nla_nest_end(msg, nest);
10056 
10057 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10058 	if (!nest)
10059 		goto nla_put_failure;
10060 	for (i = 0; i < req->n_channels; i++) {
10061 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10062 			goto nla_put_failure;
10063 	}
10064 	nla_nest_end(msg, nest);
10065 
10066 	if (req->ie &&
10067 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
10068 		goto nla_put_failure;
10069 
10070 	if (req->flags &&
10071 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
10072 		goto nla_put_failure;
10073 
10074 	return 0;
10075  nla_put_failure:
10076 	return -ENOBUFS;
10077 }
10078 
10079 static int nl80211_send_scan_msg(struct sk_buff *msg,
10080 				 struct cfg80211_registered_device *rdev,
10081 				 struct wireless_dev *wdev,
10082 				 u32 portid, u32 seq, int flags,
10083 				 u32 cmd)
10084 {
10085 	void *hdr;
10086 
10087 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10088 	if (!hdr)
10089 		return -1;
10090 
10091 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10092 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10093 					 wdev->netdev->ifindex)) ||
10094 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10095 		goto nla_put_failure;
10096 
10097 	/* ignore errors and send incomplete event anyway */
10098 	nl80211_add_scan_req(msg, rdev);
10099 
10100 	return genlmsg_end(msg, hdr);
10101 
10102  nla_put_failure:
10103 	genlmsg_cancel(msg, hdr);
10104 	return -EMSGSIZE;
10105 }
10106 
10107 static int
10108 nl80211_send_sched_scan_msg(struct sk_buff *msg,
10109 			    struct cfg80211_registered_device *rdev,
10110 			    struct net_device *netdev,
10111 			    u32 portid, u32 seq, int flags, u32 cmd)
10112 {
10113 	void *hdr;
10114 
10115 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10116 	if (!hdr)
10117 		return -1;
10118 
10119 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10120 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10121 		goto nla_put_failure;
10122 
10123 	return genlmsg_end(msg, hdr);
10124 
10125  nla_put_failure:
10126 	genlmsg_cancel(msg, hdr);
10127 	return -EMSGSIZE;
10128 }
10129 
10130 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
10131 			     struct wireless_dev *wdev)
10132 {
10133 	struct sk_buff *msg;
10134 
10135 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10136 	if (!msg)
10137 		return;
10138 
10139 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10140 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
10141 		nlmsg_free(msg);
10142 		return;
10143 	}
10144 
10145 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10146 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10147 }
10148 
10149 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
10150 				       struct wireless_dev *wdev, bool aborted)
10151 {
10152 	struct sk_buff *msg;
10153 
10154 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10155 	if (!msg)
10156 		return NULL;
10157 
10158 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10159 				  aborted ? NL80211_CMD_SCAN_ABORTED :
10160 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
10161 		nlmsg_free(msg);
10162 		return NULL;
10163 	}
10164 
10165 	return msg;
10166 }
10167 
10168 void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
10169 			      struct sk_buff *msg)
10170 {
10171 	if (!msg)
10172 		return;
10173 
10174 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10175 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10176 }
10177 
10178 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
10179 				     struct net_device *netdev)
10180 {
10181 	struct sk_buff *msg;
10182 
10183 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10184 	if (!msg)
10185 		return;
10186 
10187 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
10188 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
10189 		nlmsg_free(msg);
10190 		return;
10191 	}
10192 
10193 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10194 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10195 }
10196 
10197 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
10198 			     struct net_device *netdev, u32 cmd)
10199 {
10200 	struct sk_buff *msg;
10201 
10202 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10203 	if (!msg)
10204 		return;
10205 
10206 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
10207 		nlmsg_free(msg);
10208 		return;
10209 	}
10210 
10211 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10212 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10213 }
10214 
10215 /*
10216  * This can happen on global regulatory changes or device specific settings
10217  * based on custom world regulatory domains.
10218  */
10219 void nl80211_send_reg_change_event(struct regulatory_request *request)
10220 {
10221 	struct sk_buff *msg;
10222 	void *hdr;
10223 
10224 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10225 	if (!msg)
10226 		return;
10227 
10228 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
10229 	if (!hdr) {
10230 		nlmsg_free(msg);
10231 		return;
10232 	}
10233 
10234 	/* Userspace can always count this one always being set */
10235 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
10236 		goto nla_put_failure;
10237 
10238 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
10239 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10240 			       NL80211_REGDOM_TYPE_WORLD))
10241 			goto nla_put_failure;
10242 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
10243 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10244 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
10245 			goto nla_put_failure;
10246 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
10247 		   request->intersect) {
10248 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10249 			       NL80211_REGDOM_TYPE_INTERSECTION))
10250 			goto nla_put_failure;
10251 	} else {
10252 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10253 			       NL80211_REGDOM_TYPE_COUNTRY) ||
10254 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
10255 				   request->alpha2))
10256 			goto nla_put_failure;
10257 	}
10258 
10259 	if (request->wiphy_idx != WIPHY_IDX_INVALID &&
10260 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
10261 		goto nla_put_failure;
10262 
10263 	genlmsg_end(msg, hdr);
10264 
10265 	rcu_read_lock();
10266 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10267 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10268 	rcu_read_unlock();
10269 
10270 	return;
10271 
10272 nla_put_failure:
10273 	genlmsg_cancel(msg, hdr);
10274 	nlmsg_free(msg);
10275 }
10276 
10277 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
10278 				    struct net_device *netdev,
10279 				    const u8 *buf, size_t len,
10280 				    enum nl80211_commands cmd, gfp_t gfp)
10281 {
10282 	struct sk_buff *msg;
10283 	void *hdr;
10284 
10285 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10286 	if (!msg)
10287 		return;
10288 
10289 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10290 	if (!hdr) {
10291 		nlmsg_free(msg);
10292 		return;
10293 	}
10294 
10295 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10296 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10297 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
10298 		goto nla_put_failure;
10299 
10300 	genlmsg_end(msg, hdr);
10301 
10302 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10303 				NL80211_MCGRP_MLME, gfp);
10304 	return;
10305 
10306  nla_put_failure:
10307 	genlmsg_cancel(msg, hdr);
10308 	nlmsg_free(msg);
10309 }
10310 
10311 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
10312 			  struct net_device *netdev, const u8 *buf,
10313 			  size_t len, gfp_t gfp)
10314 {
10315 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10316 				NL80211_CMD_AUTHENTICATE, gfp);
10317 }
10318 
10319 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
10320 			   struct net_device *netdev, const u8 *buf,
10321 			   size_t len, gfp_t gfp)
10322 {
10323 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10324 				NL80211_CMD_ASSOCIATE, gfp);
10325 }
10326 
10327 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
10328 			 struct net_device *netdev, const u8 *buf,
10329 			 size_t len, gfp_t gfp)
10330 {
10331 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10332 				NL80211_CMD_DEAUTHENTICATE, gfp);
10333 }
10334 
10335 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
10336 			   struct net_device *netdev, const u8 *buf,
10337 			   size_t len, gfp_t gfp)
10338 {
10339 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10340 				NL80211_CMD_DISASSOCIATE, gfp);
10341 }
10342 
10343 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
10344 				  size_t len)
10345 {
10346 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10347 	struct wiphy *wiphy = wdev->wiphy;
10348 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10349 	const struct ieee80211_mgmt *mgmt = (void *)buf;
10350 	u32 cmd;
10351 
10352 	if (WARN_ON(len < 2))
10353 		return;
10354 
10355 	if (ieee80211_is_deauth(mgmt->frame_control))
10356 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
10357 	else
10358 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
10359 
10360 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
10361 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC);
10362 }
10363 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
10364 
10365 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
10366 				      struct net_device *netdev, int cmd,
10367 				      const u8 *addr, gfp_t gfp)
10368 {
10369 	struct sk_buff *msg;
10370 	void *hdr;
10371 
10372 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10373 	if (!msg)
10374 		return;
10375 
10376 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10377 	if (!hdr) {
10378 		nlmsg_free(msg);
10379 		return;
10380 	}
10381 
10382 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10383 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10384 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
10385 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10386 		goto nla_put_failure;
10387 
10388 	genlmsg_end(msg, hdr);
10389 
10390 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10391 				NL80211_MCGRP_MLME, gfp);
10392 	return;
10393 
10394  nla_put_failure:
10395 	genlmsg_cancel(msg, hdr);
10396 	nlmsg_free(msg);
10397 }
10398 
10399 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
10400 			       struct net_device *netdev, const u8 *addr,
10401 			       gfp_t gfp)
10402 {
10403 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
10404 				  addr, gfp);
10405 }
10406 
10407 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
10408 				struct net_device *netdev, const u8 *addr,
10409 				gfp_t gfp)
10410 {
10411 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
10412 				  addr, gfp);
10413 }
10414 
10415 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
10416 				 struct net_device *netdev, const u8 *bssid,
10417 				 const u8 *req_ie, size_t req_ie_len,
10418 				 const u8 *resp_ie, size_t resp_ie_len,
10419 				 u16 status, gfp_t gfp)
10420 {
10421 	struct sk_buff *msg;
10422 	void *hdr;
10423 
10424 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10425 	if (!msg)
10426 		return;
10427 
10428 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
10429 	if (!hdr) {
10430 		nlmsg_free(msg);
10431 		return;
10432 	}
10433 
10434 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10435 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10436 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
10437 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
10438 	    (req_ie &&
10439 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10440 	    (resp_ie &&
10441 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10442 		goto nla_put_failure;
10443 
10444 	genlmsg_end(msg, hdr);
10445 
10446 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10447 				NL80211_MCGRP_MLME, gfp);
10448 	return;
10449 
10450  nla_put_failure:
10451 	genlmsg_cancel(msg, hdr);
10452 	nlmsg_free(msg);
10453 
10454 }
10455 
10456 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
10457 			 struct net_device *netdev, const u8 *bssid,
10458 			 const u8 *req_ie, size_t req_ie_len,
10459 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
10460 {
10461 	struct sk_buff *msg;
10462 	void *hdr;
10463 
10464 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10465 	if (!msg)
10466 		return;
10467 
10468 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
10469 	if (!hdr) {
10470 		nlmsg_free(msg);
10471 		return;
10472 	}
10473 
10474 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10475 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10476 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
10477 	    (req_ie &&
10478 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10479 	    (resp_ie &&
10480 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10481 		goto nla_put_failure;
10482 
10483 	genlmsg_end(msg, hdr);
10484 
10485 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10486 				NL80211_MCGRP_MLME, gfp);
10487 	return;
10488 
10489  nla_put_failure:
10490 	genlmsg_cancel(msg, hdr);
10491 	nlmsg_free(msg);
10492 
10493 }
10494 
10495 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
10496 			       struct net_device *netdev, u16 reason,
10497 			       const u8 *ie, size_t ie_len, bool from_ap)
10498 {
10499 	struct sk_buff *msg;
10500 	void *hdr;
10501 
10502 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10503 	if (!msg)
10504 		return;
10505 
10506 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
10507 	if (!hdr) {
10508 		nlmsg_free(msg);
10509 		return;
10510 	}
10511 
10512 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10513 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10514 	    (from_ap && reason &&
10515 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
10516 	    (from_ap &&
10517 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
10518 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
10519 		goto nla_put_failure;
10520 
10521 	genlmsg_end(msg, hdr);
10522 
10523 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10524 				NL80211_MCGRP_MLME, GFP_KERNEL);
10525 	return;
10526 
10527  nla_put_failure:
10528 	genlmsg_cancel(msg, hdr);
10529 	nlmsg_free(msg);
10530 
10531 }
10532 
10533 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
10534 			     struct net_device *netdev, const u8 *bssid,
10535 			     gfp_t gfp)
10536 {
10537 	struct sk_buff *msg;
10538 	void *hdr;
10539 
10540 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10541 	if (!msg)
10542 		return;
10543 
10544 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
10545 	if (!hdr) {
10546 		nlmsg_free(msg);
10547 		return;
10548 	}
10549 
10550 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10551 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10552 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10553 		goto nla_put_failure;
10554 
10555 	genlmsg_end(msg, hdr);
10556 
10557 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10558 				NL80211_MCGRP_MLME, gfp);
10559 	return;
10560 
10561  nla_put_failure:
10562 	genlmsg_cancel(msg, hdr);
10563 	nlmsg_free(msg);
10564 }
10565 
10566 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
10567 					const u8* ie, u8 ie_len, gfp_t gfp)
10568 {
10569 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10570 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10571 	struct sk_buff *msg;
10572 	void *hdr;
10573 
10574 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
10575 		return;
10576 
10577 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
10578 
10579 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10580 	if (!msg)
10581 		return;
10582 
10583 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
10584 	if (!hdr) {
10585 		nlmsg_free(msg);
10586 		return;
10587 	}
10588 
10589 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10590 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10591 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10592 	    (ie_len && ie &&
10593 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
10594 		goto nla_put_failure;
10595 
10596 	genlmsg_end(msg, hdr);
10597 
10598 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10599 				NL80211_MCGRP_MLME, gfp);
10600 	return;
10601 
10602  nla_put_failure:
10603 	genlmsg_cancel(msg, hdr);
10604 	nlmsg_free(msg);
10605 }
10606 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
10607 
10608 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
10609 				 struct net_device *netdev, const u8 *addr,
10610 				 enum nl80211_key_type key_type, int key_id,
10611 				 const u8 *tsc, gfp_t gfp)
10612 {
10613 	struct sk_buff *msg;
10614 	void *hdr;
10615 
10616 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10617 	if (!msg)
10618 		return;
10619 
10620 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
10621 	if (!hdr) {
10622 		nlmsg_free(msg);
10623 		return;
10624 	}
10625 
10626 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10627 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10628 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
10629 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
10630 	    (key_id != -1 &&
10631 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
10632 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
10633 		goto nla_put_failure;
10634 
10635 	genlmsg_end(msg, hdr);
10636 
10637 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10638 				NL80211_MCGRP_MLME, gfp);
10639 	return;
10640 
10641  nla_put_failure:
10642 	genlmsg_cancel(msg, hdr);
10643 	nlmsg_free(msg);
10644 }
10645 
10646 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
10647 				    struct ieee80211_channel *channel_before,
10648 				    struct ieee80211_channel *channel_after)
10649 {
10650 	struct sk_buff *msg;
10651 	void *hdr;
10652 	struct nlattr *nl_freq;
10653 
10654 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
10655 	if (!msg)
10656 		return;
10657 
10658 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
10659 	if (!hdr) {
10660 		nlmsg_free(msg);
10661 		return;
10662 	}
10663 
10664 	/*
10665 	 * Since we are applying the beacon hint to a wiphy we know its
10666 	 * wiphy_idx is valid
10667 	 */
10668 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10669 		goto nla_put_failure;
10670 
10671 	/* Before */
10672 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
10673 	if (!nl_freq)
10674 		goto nla_put_failure;
10675 	if (nl80211_msg_put_channel(msg, channel_before, false))
10676 		goto nla_put_failure;
10677 	nla_nest_end(msg, nl_freq);
10678 
10679 	/* After */
10680 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
10681 	if (!nl_freq)
10682 		goto nla_put_failure;
10683 	if (nl80211_msg_put_channel(msg, channel_after, false))
10684 		goto nla_put_failure;
10685 	nla_nest_end(msg, nl_freq);
10686 
10687 	genlmsg_end(msg, hdr);
10688 
10689 	rcu_read_lock();
10690 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10691 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10692 	rcu_read_unlock();
10693 
10694 	return;
10695 
10696 nla_put_failure:
10697 	genlmsg_cancel(msg, hdr);
10698 	nlmsg_free(msg);
10699 }
10700 
10701 static void nl80211_send_remain_on_chan_event(
10702 	int cmd, struct cfg80211_registered_device *rdev,
10703 	struct wireless_dev *wdev, u64 cookie,
10704 	struct ieee80211_channel *chan,
10705 	unsigned int duration, gfp_t gfp)
10706 {
10707 	struct sk_buff *msg;
10708 	void *hdr;
10709 
10710 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10711 	if (!msg)
10712 		return;
10713 
10714 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10715 	if (!hdr) {
10716 		nlmsg_free(msg);
10717 		return;
10718 	}
10719 
10720 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10721 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10722 					 wdev->netdev->ifindex)) ||
10723 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10724 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
10725 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
10726 			NL80211_CHAN_NO_HT) ||
10727 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
10728 		goto nla_put_failure;
10729 
10730 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
10731 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
10732 		goto nla_put_failure;
10733 
10734 	genlmsg_end(msg, hdr);
10735 
10736 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10737 				NL80211_MCGRP_MLME, gfp);
10738 	return;
10739 
10740  nla_put_failure:
10741 	genlmsg_cancel(msg, hdr);
10742 	nlmsg_free(msg);
10743 }
10744 
10745 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
10746 			       struct ieee80211_channel *chan,
10747 			       unsigned int duration, gfp_t gfp)
10748 {
10749 	struct wiphy *wiphy = wdev->wiphy;
10750 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10751 
10752 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
10753 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
10754 					  rdev, wdev, cookie, chan,
10755 					  duration, gfp);
10756 }
10757 EXPORT_SYMBOL(cfg80211_ready_on_channel);
10758 
10759 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
10760 					struct ieee80211_channel *chan,
10761 					gfp_t gfp)
10762 {
10763 	struct wiphy *wiphy = wdev->wiphy;
10764 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10765 
10766 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
10767 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
10768 					  rdev, wdev, cookie, chan, 0, gfp);
10769 }
10770 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
10771 
10772 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
10773 		      struct station_info *sinfo, gfp_t gfp)
10774 {
10775 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10776 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10777 	struct sk_buff *msg;
10778 
10779 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
10780 
10781 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10782 	if (!msg)
10783 		return;
10784 
10785 	if (nl80211_send_station(msg, 0, 0, 0,
10786 				 rdev, dev, mac_addr, sinfo) < 0) {
10787 		nlmsg_free(msg);
10788 		return;
10789 	}
10790 
10791 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10792 				NL80211_MCGRP_MLME, gfp);
10793 }
10794 EXPORT_SYMBOL(cfg80211_new_sta);
10795 
10796 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
10797 {
10798 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10799 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10800 	struct sk_buff *msg;
10801 	void *hdr;
10802 
10803 	trace_cfg80211_del_sta(dev, mac_addr);
10804 
10805 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10806 	if (!msg)
10807 		return;
10808 
10809 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
10810 	if (!hdr) {
10811 		nlmsg_free(msg);
10812 		return;
10813 	}
10814 
10815 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10816 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
10817 		goto nla_put_failure;
10818 
10819 	genlmsg_end(msg, hdr);
10820 
10821 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10822 				NL80211_MCGRP_MLME, gfp);
10823 	return;
10824 
10825  nla_put_failure:
10826 	genlmsg_cancel(msg, hdr);
10827 	nlmsg_free(msg);
10828 }
10829 EXPORT_SYMBOL(cfg80211_del_sta);
10830 
10831 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
10832 			  enum nl80211_connect_failed_reason reason,
10833 			  gfp_t gfp)
10834 {
10835 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10836 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10837 	struct sk_buff *msg;
10838 	void *hdr;
10839 
10840 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10841 	if (!msg)
10842 		return;
10843 
10844 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
10845 	if (!hdr) {
10846 		nlmsg_free(msg);
10847 		return;
10848 	}
10849 
10850 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10851 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
10852 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
10853 		goto nla_put_failure;
10854 
10855 	genlmsg_end(msg, hdr);
10856 
10857 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10858 				NL80211_MCGRP_MLME, gfp);
10859 	return;
10860 
10861  nla_put_failure:
10862 	genlmsg_cancel(msg, hdr);
10863 	nlmsg_free(msg);
10864 }
10865 EXPORT_SYMBOL(cfg80211_conn_failed);
10866 
10867 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
10868 				       const u8 *addr, gfp_t gfp)
10869 {
10870 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10871 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
10872 	struct sk_buff *msg;
10873 	void *hdr;
10874 	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
10875 
10876 	if (!nlportid)
10877 		return false;
10878 
10879 	msg = nlmsg_new(100, gfp);
10880 	if (!msg)
10881 		return true;
10882 
10883 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10884 	if (!hdr) {
10885 		nlmsg_free(msg);
10886 		return true;
10887 	}
10888 
10889 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10890 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10891 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10892 		goto nla_put_failure;
10893 
10894 	genlmsg_end(msg, hdr);
10895 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10896 	return true;
10897 
10898  nla_put_failure:
10899 	genlmsg_cancel(msg, hdr);
10900 	nlmsg_free(msg);
10901 	return true;
10902 }
10903 
10904 bool cfg80211_rx_spurious_frame(struct net_device *dev,
10905 				const u8 *addr, gfp_t gfp)
10906 {
10907 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10908 	bool ret;
10909 
10910 	trace_cfg80211_rx_spurious_frame(dev, addr);
10911 
10912 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10913 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
10914 		trace_cfg80211_return_bool(false);
10915 		return false;
10916 	}
10917 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
10918 					 addr, gfp);
10919 	trace_cfg80211_return_bool(ret);
10920 	return ret;
10921 }
10922 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
10923 
10924 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
10925 					const u8 *addr, gfp_t gfp)
10926 {
10927 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10928 	bool ret;
10929 
10930 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
10931 
10932 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
10933 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
10934 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
10935 		trace_cfg80211_return_bool(false);
10936 		return false;
10937 	}
10938 	ret = __nl80211_unexpected_frame(dev,
10939 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
10940 					 addr, gfp);
10941 	trace_cfg80211_return_bool(ret);
10942 	return ret;
10943 }
10944 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
10945 
10946 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
10947 		      struct wireless_dev *wdev, u32 nlportid,
10948 		      int freq, int sig_dbm,
10949 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
10950 {
10951 	struct net_device *netdev = wdev->netdev;
10952 	struct sk_buff *msg;
10953 	void *hdr;
10954 
10955 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10956 	if (!msg)
10957 		return -ENOMEM;
10958 
10959 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
10960 	if (!hdr) {
10961 		nlmsg_free(msg);
10962 		return -ENOMEM;
10963 	}
10964 
10965 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10966 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10967 					netdev->ifindex)) ||
10968 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10969 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
10970 	    (sig_dbm &&
10971 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
10972 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
10973 	    (flags &&
10974 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
10975 		goto nla_put_failure;
10976 
10977 	genlmsg_end(msg, hdr);
10978 
10979 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10980 
10981  nla_put_failure:
10982 	genlmsg_cancel(msg, hdr);
10983 	nlmsg_free(msg);
10984 	return -ENOBUFS;
10985 }
10986 
10987 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
10988 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
10989 {
10990 	struct wiphy *wiphy = wdev->wiphy;
10991 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
10992 	struct net_device *netdev = wdev->netdev;
10993 	struct sk_buff *msg;
10994 	void *hdr;
10995 
10996 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
10997 
10998 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10999 	if (!msg)
11000 		return;
11001 
11002 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
11003 	if (!hdr) {
11004 		nlmsg_free(msg);
11005 		return;
11006 	}
11007 
11008 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11009 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11010 				   netdev->ifindex)) ||
11011 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11012 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
11013 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11014 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
11015 		goto nla_put_failure;
11016 
11017 	genlmsg_end(msg, hdr);
11018 
11019 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11020 				NL80211_MCGRP_MLME, gfp);
11021 	return;
11022 
11023  nla_put_failure:
11024 	genlmsg_cancel(msg, hdr);
11025 	nlmsg_free(msg);
11026 }
11027 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
11028 
11029 void cfg80211_cqm_rssi_notify(struct net_device *dev,
11030 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
11031 			      gfp_t gfp)
11032 {
11033 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11034 	struct wiphy *wiphy = wdev->wiphy;
11035 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11036 	struct sk_buff *msg;
11037 	struct nlattr *pinfoattr;
11038 	void *hdr;
11039 
11040 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
11041 
11042 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11043 	if (!msg)
11044 		return;
11045 
11046 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11047 	if (!hdr) {
11048 		nlmsg_free(msg);
11049 		return;
11050 	}
11051 
11052 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11053 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
11054 		goto nla_put_failure;
11055 
11056 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11057 	if (!pinfoattr)
11058 		goto nla_put_failure;
11059 
11060 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
11061 			rssi_event))
11062 		goto nla_put_failure;
11063 
11064 	nla_nest_end(msg, pinfoattr);
11065 
11066 	genlmsg_end(msg, hdr);
11067 
11068 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11069 				NL80211_MCGRP_MLME, gfp);
11070 	return;
11071 
11072  nla_put_failure:
11073 	genlmsg_cancel(msg, hdr);
11074 	nlmsg_free(msg);
11075 }
11076 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
11077 
11078 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
11079 				     struct net_device *netdev, const u8 *bssid,
11080 				     const u8 *replay_ctr, gfp_t gfp)
11081 {
11082 	struct sk_buff *msg;
11083 	struct nlattr *rekey_attr;
11084 	void *hdr;
11085 
11086 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11087 	if (!msg)
11088 		return;
11089 
11090 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
11091 	if (!hdr) {
11092 		nlmsg_free(msg);
11093 		return;
11094 	}
11095 
11096 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11097 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11098 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
11099 		goto nla_put_failure;
11100 
11101 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
11102 	if (!rekey_attr)
11103 		goto nla_put_failure;
11104 
11105 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
11106 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
11107 		goto nla_put_failure;
11108 
11109 	nla_nest_end(msg, rekey_attr);
11110 
11111 	genlmsg_end(msg, hdr);
11112 
11113 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11114 				NL80211_MCGRP_MLME, gfp);
11115 	return;
11116 
11117  nla_put_failure:
11118 	genlmsg_cancel(msg, hdr);
11119 	nlmsg_free(msg);
11120 }
11121 
11122 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
11123 			       const u8 *replay_ctr, gfp_t gfp)
11124 {
11125 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11126 	struct wiphy *wiphy = wdev->wiphy;
11127 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11128 
11129 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
11130 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
11131 }
11132 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
11133 
11134 static void
11135 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
11136 			       struct net_device *netdev, int index,
11137 			       const u8 *bssid, bool preauth, gfp_t gfp)
11138 {
11139 	struct sk_buff *msg;
11140 	struct nlattr *attr;
11141 	void *hdr;
11142 
11143 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11144 	if (!msg)
11145 		return;
11146 
11147 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
11148 	if (!hdr) {
11149 		nlmsg_free(msg);
11150 		return;
11151 	}
11152 
11153 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11154 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11155 		goto nla_put_failure;
11156 
11157 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
11158 	if (!attr)
11159 		goto nla_put_failure;
11160 
11161 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
11162 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
11163 	    (preauth &&
11164 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
11165 		goto nla_put_failure;
11166 
11167 	nla_nest_end(msg, attr);
11168 
11169 	genlmsg_end(msg, hdr);
11170 
11171 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11172 				NL80211_MCGRP_MLME, gfp);
11173 	return;
11174 
11175  nla_put_failure:
11176 	genlmsg_cancel(msg, hdr);
11177 	nlmsg_free(msg);
11178 }
11179 
11180 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
11181 				     const u8 *bssid, bool preauth, gfp_t gfp)
11182 {
11183 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11184 	struct wiphy *wiphy = wdev->wiphy;
11185 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11186 
11187 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
11188 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
11189 }
11190 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
11191 
11192 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
11193 				     struct net_device *netdev,
11194 				     struct cfg80211_chan_def *chandef,
11195 				     gfp_t gfp)
11196 {
11197 	struct sk_buff *msg;
11198 	void *hdr;
11199 
11200 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11201 	if (!msg)
11202 		return;
11203 
11204 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
11205 	if (!hdr) {
11206 		nlmsg_free(msg);
11207 		return;
11208 	}
11209 
11210 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11211 		goto nla_put_failure;
11212 
11213 	if (nl80211_send_chandef(msg, chandef))
11214 		goto nla_put_failure;
11215 
11216 	genlmsg_end(msg, hdr);
11217 
11218 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11219 				NL80211_MCGRP_MLME, gfp);
11220 	return;
11221 
11222  nla_put_failure:
11223 	genlmsg_cancel(msg, hdr);
11224 	nlmsg_free(msg);
11225 }
11226 
11227 void cfg80211_ch_switch_notify(struct net_device *dev,
11228 			       struct cfg80211_chan_def *chandef)
11229 {
11230 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11231 	struct wiphy *wiphy = wdev->wiphy;
11232 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11233 
11234 	ASSERT_WDEV_LOCK(wdev);
11235 
11236 	trace_cfg80211_ch_switch_notify(dev, chandef);
11237 
11238 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11239 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11240 		    wdev->iftype != NL80211_IFTYPE_ADHOC &&
11241 		    wdev->iftype != NL80211_IFTYPE_MESH_POINT))
11242 		return;
11243 
11244 	wdev->chandef = *chandef;
11245 	wdev->preset_chandef = *chandef;
11246 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
11247 }
11248 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
11249 
11250 void cfg80211_cqm_txe_notify(struct net_device *dev,
11251 			     const u8 *peer, u32 num_packets,
11252 			     u32 rate, u32 intvl, gfp_t gfp)
11253 {
11254 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11255 	struct wiphy *wiphy = wdev->wiphy;
11256 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11257 	struct sk_buff *msg;
11258 	struct nlattr *pinfoattr;
11259 	void *hdr;
11260 
11261 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
11262 	if (!msg)
11263 		return;
11264 
11265 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11266 	if (!hdr) {
11267 		nlmsg_free(msg);
11268 		return;
11269 	}
11270 
11271 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11272 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11273 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11274 		goto nla_put_failure;
11275 
11276 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11277 	if (!pinfoattr)
11278 		goto nla_put_failure;
11279 
11280 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
11281 		goto nla_put_failure;
11282 
11283 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
11284 		goto nla_put_failure;
11285 
11286 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
11287 		goto nla_put_failure;
11288 
11289 	nla_nest_end(msg, pinfoattr);
11290 
11291 	genlmsg_end(msg, hdr);
11292 
11293 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11294 				NL80211_MCGRP_MLME, gfp);
11295 	return;
11296 
11297  nla_put_failure:
11298 	genlmsg_cancel(msg, hdr);
11299 	nlmsg_free(msg);
11300 }
11301 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
11302 
11303 void
11304 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
11305 		     const struct cfg80211_chan_def *chandef,
11306 		     enum nl80211_radar_event event,
11307 		     struct net_device *netdev, gfp_t gfp)
11308 {
11309 	struct sk_buff *msg;
11310 	void *hdr;
11311 
11312 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11313 	if (!msg)
11314 		return;
11315 
11316 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
11317 	if (!hdr) {
11318 		nlmsg_free(msg);
11319 		return;
11320 	}
11321 
11322 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11323 		goto nla_put_failure;
11324 
11325 	/* NOP and radar events don't need a netdev parameter */
11326 	if (netdev) {
11327 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
11328 
11329 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11330 		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11331 			goto nla_put_failure;
11332 	}
11333 
11334 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
11335 		goto nla_put_failure;
11336 
11337 	if (nl80211_send_chandef(msg, chandef))
11338 		goto nla_put_failure;
11339 
11340 	genlmsg_end(msg, hdr);
11341 
11342 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11343 				NL80211_MCGRP_MLME, gfp);
11344 	return;
11345 
11346  nla_put_failure:
11347 	genlmsg_cancel(msg, hdr);
11348 	nlmsg_free(msg);
11349 }
11350 
11351 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
11352 				 const u8 *peer, u32 num_packets, gfp_t gfp)
11353 {
11354 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11355 	struct wiphy *wiphy = wdev->wiphy;
11356 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11357 	struct sk_buff *msg;
11358 	struct nlattr *pinfoattr;
11359 	void *hdr;
11360 
11361 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
11362 
11363 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11364 	if (!msg)
11365 		return;
11366 
11367 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11368 	if (!hdr) {
11369 		nlmsg_free(msg);
11370 		return;
11371 	}
11372 
11373 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11374 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11375 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11376 		goto nla_put_failure;
11377 
11378 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11379 	if (!pinfoattr)
11380 		goto nla_put_failure;
11381 
11382 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
11383 		goto nla_put_failure;
11384 
11385 	nla_nest_end(msg, pinfoattr);
11386 
11387 	genlmsg_end(msg, hdr);
11388 
11389 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11390 				NL80211_MCGRP_MLME, gfp);
11391 	return;
11392 
11393  nla_put_failure:
11394 	genlmsg_cancel(msg, hdr);
11395 	nlmsg_free(msg);
11396 }
11397 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
11398 
11399 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
11400 			   u64 cookie, bool acked, gfp_t gfp)
11401 {
11402 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11403 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11404 	struct sk_buff *msg;
11405 	void *hdr;
11406 
11407 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
11408 
11409 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11410 
11411 	if (!msg)
11412 		return;
11413 
11414 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
11415 	if (!hdr) {
11416 		nlmsg_free(msg);
11417 		return;
11418 	}
11419 
11420 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11421 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11422 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11423 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11424 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
11425 		goto nla_put_failure;
11426 
11427 	genlmsg_end(msg, hdr);
11428 
11429 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11430 				NL80211_MCGRP_MLME, gfp);
11431 	return;
11432 
11433  nla_put_failure:
11434 	genlmsg_cancel(msg, hdr);
11435 	nlmsg_free(msg);
11436 }
11437 EXPORT_SYMBOL(cfg80211_probe_status);
11438 
11439 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
11440 				 const u8 *frame, size_t len,
11441 				 int freq, int sig_dbm)
11442 {
11443 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11444 	struct sk_buff *msg;
11445 	void *hdr;
11446 	struct cfg80211_beacon_registration *reg;
11447 
11448 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
11449 
11450 	spin_lock_bh(&rdev->beacon_registrations_lock);
11451 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11452 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
11453 		if (!msg) {
11454 			spin_unlock_bh(&rdev->beacon_registrations_lock);
11455 			return;
11456 		}
11457 
11458 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11459 		if (!hdr)
11460 			goto nla_put_failure;
11461 
11462 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11463 		    (freq &&
11464 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
11465 		    (sig_dbm &&
11466 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11467 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
11468 			goto nla_put_failure;
11469 
11470 		genlmsg_end(msg, hdr);
11471 
11472 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
11473 	}
11474 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11475 	return;
11476 
11477  nla_put_failure:
11478 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11479 	if (hdr)
11480 		genlmsg_cancel(msg, hdr);
11481 	nlmsg_free(msg);
11482 }
11483 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
11484 
11485 #ifdef CONFIG_PM
11486 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
11487 				   struct cfg80211_wowlan_wakeup *wakeup,
11488 				   gfp_t gfp)
11489 {
11490 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11491 	struct sk_buff *msg;
11492 	void *hdr;
11493 	int size = 200;
11494 
11495 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
11496 
11497 	if (wakeup)
11498 		size += wakeup->packet_present_len;
11499 
11500 	msg = nlmsg_new(size, gfp);
11501 	if (!msg)
11502 		return;
11503 
11504 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
11505 	if (!hdr)
11506 		goto free_msg;
11507 
11508 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11509 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11510 		goto free_msg;
11511 
11512 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11513 					wdev->netdev->ifindex))
11514 		goto free_msg;
11515 
11516 	if (wakeup) {
11517 		struct nlattr *reasons;
11518 
11519 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
11520 		if (!reasons)
11521 			goto free_msg;
11522 
11523 		if (wakeup->disconnect &&
11524 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
11525 			goto free_msg;
11526 		if (wakeup->magic_pkt &&
11527 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
11528 			goto free_msg;
11529 		if (wakeup->gtk_rekey_failure &&
11530 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
11531 			goto free_msg;
11532 		if (wakeup->eap_identity_req &&
11533 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
11534 			goto free_msg;
11535 		if (wakeup->four_way_handshake &&
11536 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
11537 			goto free_msg;
11538 		if (wakeup->rfkill_release &&
11539 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
11540 			goto free_msg;
11541 
11542 		if (wakeup->pattern_idx >= 0 &&
11543 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
11544 				wakeup->pattern_idx))
11545 			goto free_msg;
11546 
11547 		if (wakeup->tcp_match &&
11548 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
11549 			goto free_msg;
11550 
11551 		if (wakeup->tcp_connlost &&
11552 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
11553 			goto free_msg;
11554 
11555 		if (wakeup->tcp_nomoretokens &&
11556 		    nla_put_flag(msg,
11557 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
11558 			goto free_msg;
11559 
11560 		if (wakeup->packet) {
11561 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
11562 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
11563 
11564 			if (!wakeup->packet_80211) {
11565 				pkt_attr =
11566 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
11567 				len_attr =
11568 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
11569 			}
11570 
11571 			if (wakeup->packet_len &&
11572 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
11573 				goto free_msg;
11574 
11575 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
11576 				    wakeup->packet))
11577 				goto free_msg;
11578 		}
11579 
11580 		nla_nest_end(msg, reasons);
11581 	}
11582 
11583 	genlmsg_end(msg, hdr);
11584 
11585 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11586 				NL80211_MCGRP_MLME, gfp);
11587 	return;
11588 
11589  free_msg:
11590 	nlmsg_free(msg);
11591 }
11592 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
11593 #endif
11594 
11595 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
11596 				enum nl80211_tdls_operation oper,
11597 				u16 reason_code, gfp_t gfp)
11598 {
11599 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11600 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wdev->wiphy);
11601 	struct sk_buff *msg;
11602 	void *hdr;
11603 
11604 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
11605 					 reason_code);
11606 
11607 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11608 	if (!msg)
11609 		return;
11610 
11611 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
11612 	if (!hdr) {
11613 		nlmsg_free(msg);
11614 		return;
11615 	}
11616 
11617 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11618 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11619 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
11620 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
11621 	    (reason_code > 0 &&
11622 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
11623 		goto nla_put_failure;
11624 
11625 	genlmsg_end(msg, hdr);
11626 
11627 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11628 				NL80211_MCGRP_MLME, gfp);
11629 	return;
11630 
11631  nla_put_failure:
11632 	genlmsg_cancel(msg, hdr);
11633 	nlmsg_free(msg);
11634 }
11635 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
11636 
11637 static int nl80211_netlink_notify(struct notifier_block * nb,
11638 				  unsigned long state,
11639 				  void *_notify)
11640 {
11641 	struct netlink_notify *notify = _notify;
11642 	struct cfg80211_registered_device *rdev;
11643 	struct wireless_dev *wdev;
11644 	struct cfg80211_beacon_registration *reg, *tmp;
11645 
11646 	if (state != NETLINK_URELEASE)
11647 		return NOTIFY_DONE;
11648 
11649 	rcu_read_lock();
11650 
11651 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
11652 		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list)
11653 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
11654 
11655 		spin_lock_bh(&rdev->beacon_registrations_lock);
11656 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
11657 					 list) {
11658 			if (reg->nlportid == notify->portid) {
11659 				list_del(&reg->list);
11660 				kfree(reg);
11661 				break;
11662 			}
11663 		}
11664 		spin_unlock_bh(&rdev->beacon_registrations_lock);
11665 	}
11666 
11667 	rcu_read_unlock();
11668 
11669 	return NOTIFY_DONE;
11670 }
11671 
11672 static struct notifier_block nl80211_netlink_notifier = {
11673 	.notifier_call = nl80211_netlink_notify,
11674 };
11675 
11676 void cfg80211_ft_event(struct net_device *netdev,
11677 		       struct cfg80211_ft_event_params *ft_event)
11678 {
11679 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
11680 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11681 	struct sk_buff *msg;
11682 	void *hdr;
11683 
11684 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
11685 
11686 	if (!ft_event->target_ap)
11687 		return;
11688 
11689 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11690 	if (!msg)
11691 		return;
11692 
11693 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
11694 	if (!hdr)
11695 		goto out;
11696 
11697 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11698 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11699 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
11700 		goto out;
11701 
11702 	if (ft_event->ies &&
11703 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
11704 		goto out;
11705 	if (ft_event->ric_ies &&
11706 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
11707 		    ft_event->ric_ies))
11708 		goto out;
11709 
11710 	genlmsg_end(msg, hdr);
11711 
11712 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11713 				NL80211_MCGRP_MLME, GFP_KERNEL);
11714 	return;
11715  out:
11716 	nlmsg_free(msg);
11717 }
11718 EXPORT_SYMBOL(cfg80211_ft_event);
11719 
11720 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
11721 {
11722 	struct cfg80211_registered_device *rdev;
11723 	struct sk_buff *msg;
11724 	void *hdr;
11725 	u32 nlportid;
11726 
11727 	rdev = wiphy_to_dev(wdev->wiphy);
11728 	if (!rdev->crit_proto_nlportid)
11729 		return;
11730 
11731 	nlportid = rdev->crit_proto_nlportid;
11732 	rdev->crit_proto_nlportid = 0;
11733 
11734 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11735 	if (!msg)
11736 		return;
11737 
11738 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
11739 	if (!hdr)
11740 		goto nla_put_failure;
11741 
11742 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11743 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11744 		goto nla_put_failure;
11745 
11746 	genlmsg_end(msg, hdr);
11747 
11748 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11749 	return;
11750 
11751  nla_put_failure:
11752 	if (hdr)
11753 		genlmsg_cancel(msg, hdr);
11754 	nlmsg_free(msg);
11755 
11756 }
11757 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
11758 
11759 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
11760 {
11761 	struct wiphy *wiphy = wdev->wiphy;
11762 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
11763 	struct sk_buff *msg;
11764 	void *hdr;
11765 
11766 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11767 	if (!msg)
11768 		return;
11769 
11770 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
11771 	if (!hdr)
11772 		goto out;
11773 
11774 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11775 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
11776 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11777 		goto out;
11778 
11779 	genlmsg_end(msg, hdr);
11780 
11781 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
11782 				NL80211_MCGRP_MLME, GFP_KERNEL);
11783 	return;
11784  out:
11785 	nlmsg_free(msg);
11786 }
11787 
11788 /* initialisation/exit functions */
11789 
11790 int nl80211_init(void)
11791 {
11792 	int err;
11793 
11794 	err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
11795 						   nl80211_mcgrps);
11796 	if (err)
11797 		return err;
11798 
11799 	err = netlink_register_notifier(&nl80211_netlink_notifier);
11800 	if (err)
11801 		goto err_out;
11802 
11803 	return 0;
11804  err_out:
11805 	genl_unregister_family(&nl80211_fam);
11806 	return err;
11807 }
11808 
11809 void nl80211_exit(void)
11810 {
11811 	netlink_unregister_notifier(&nl80211_netlink_notifier);
11812 	genl_unregister_family(&nl80211_fam);
11813 }
11814