xref: /openbmc/linux/net/wireless/nl80211.c (revision b6dcefde)
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2009	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/list.h>
11 #include <linux/if_ether.h>
12 #include <linux/ieee80211.h>
13 #include <linux/nl80211.h>
14 #include <linux/rtnetlink.h>
15 #include <linux/netlink.h>
16 #include <linux/etherdevice.h>
17 #include <net/net_namespace.h>
18 #include <net/genetlink.h>
19 #include <net/cfg80211.h>
20 #include <net/sock.h>
21 #include "core.h"
22 #include "nl80211.h"
23 #include "reg.h"
24 
25 /* the netlink family */
26 static struct genl_family nl80211_fam = {
27 	.id = GENL_ID_GENERATE,	/* don't bother with a hardcoded ID */
28 	.name = "nl80211",	/* have users key off the name instead */
29 	.hdrsize = 0,		/* no private header */
30 	.version = 1,		/* no particular meaning now */
31 	.maxattr = NL80211_ATTR_MAX,
32 	.netnsok = true,
33 };
34 
35 /* internal helper: get rdev and dev */
36 static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
37 				       struct cfg80211_registered_device **rdev,
38 				       struct net_device **dev)
39 {
40 	struct nlattr **attrs = info->attrs;
41 	int ifindex;
42 
43 	if (!attrs[NL80211_ATTR_IFINDEX])
44 		return -EINVAL;
45 
46 	ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
47 	*dev = dev_get_by_index(genl_info_net(info), ifindex);
48 	if (!*dev)
49 		return -ENODEV;
50 
51 	*rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex);
52 	if (IS_ERR(*rdev)) {
53 		dev_put(*dev);
54 		return PTR_ERR(*rdev);
55 	}
56 
57 	return 0;
58 }
59 
60 /* policy for the attributes */
61 static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
62 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
63 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
64 				      .len = 20-1 },
65 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
66 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
67 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
68 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
69 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
70 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
71 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
72 
73 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
74 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
75 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
76 
77 	[NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
78 	[NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
79 
80 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
81 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
82 				    .len = WLAN_MAX_KEY_LEN },
83 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
84 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
85 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
86 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
87 
88 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
89 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
90 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
91 				       .len = IEEE80211_MAX_DATA_LEN },
92 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
93 				       .len = IEEE80211_MAX_DATA_LEN },
94 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
95 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
96 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
97 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
98 					       .len = NL80211_MAX_SUPP_RATES },
99 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
100 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
101 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
102 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
103 				.len = IEEE80211_MAX_MESH_ID_LEN },
104 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
105 
106 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
107 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
108 
109 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
110 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
111 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
112 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
113 					   .len = NL80211_MAX_SUPP_RATES },
114 
115 	[NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED },
116 
117 	[NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
118 					 .len = NL80211_HT_CAPABILITY_LEN },
119 
120 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
121 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
122 			      .len = IEEE80211_MAX_DATA_LEN },
123 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
124 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
125 
126 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
127 				.len = IEEE80211_MAX_SSID_LEN },
128 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
129 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
130 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
131 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
132 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
133 	[NL80211_ATTR_STA_FLAGS2] = {
134 		.len = sizeof(struct nl80211_sta_flag_update),
135 	},
136 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
137 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
138 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
139 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
140 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
141 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
142 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
143 				 .len = WLAN_PMKID_LEN },
144 };
145 
146 /* policy for the attributes */
147 static struct nla_policy
148 nl80211_key_policy[NL80211_KEY_MAX + 1] __read_mostly = {
149 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
150 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
151 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
152 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
153 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
154 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
155 };
156 
157 /* ifidx get helper */
158 static int nl80211_get_ifidx(struct netlink_callback *cb)
159 {
160 	int res;
161 
162 	res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
163 			  nl80211_fam.attrbuf, nl80211_fam.maxattr,
164 			  nl80211_policy);
165 	if (res)
166 		return res;
167 
168 	if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
169 		return -EINVAL;
170 
171 	res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
172 	if (!res)
173 		return -EINVAL;
174 	return res;
175 }
176 
177 /* IE validation */
178 static bool is_valid_ie_attr(const struct nlattr *attr)
179 {
180 	const u8 *pos;
181 	int len;
182 
183 	if (!attr)
184 		return true;
185 
186 	pos = nla_data(attr);
187 	len = nla_len(attr);
188 
189 	while (len) {
190 		u8 elemlen;
191 
192 		if (len < 2)
193 			return false;
194 		len -= 2;
195 
196 		elemlen = pos[1];
197 		if (elemlen > len)
198 			return false;
199 
200 		len -= elemlen;
201 		pos += 2 + elemlen;
202 	}
203 
204 	return true;
205 }
206 
207 /* message building helper */
208 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
209 				   int flags, u8 cmd)
210 {
211 	/* since there is no private header just add the generic one */
212 	return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
213 }
214 
215 static int nl80211_msg_put_channel(struct sk_buff *msg,
216 				   struct ieee80211_channel *chan)
217 {
218 	NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
219 		    chan->center_freq);
220 
221 	if (chan->flags & IEEE80211_CHAN_DISABLED)
222 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
223 	if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
224 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
225 	if (chan->flags & IEEE80211_CHAN_NO_IBSS)
226 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
227 	if (chan->flags & IEEE80211_CHAN_RADAR)
228 		NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
229 
230 	NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
231 		    DBM_TO_MBM(chan->max_power));
232 
233 	return 0;
234 
235  nla_put_failure:
236 	return -ENOBUFS;
237 }
238 
239 /* netlink command implementations */
240 
241 struct key_parse {
242 	struct key_params p;
243 	int idx;
244 	bool def, defmgmt;
245 };
246 
247 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
248 {
249 	struct nlattr *tb[NL80211_KEY_MAX + 1];
250 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
251 				   nl80211_key_policy);
252 	if (err)
253 		return err;
254 
255 	k->def = !!tb[NL80211_KEY_DEFAULT];
256 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
257 
258 	if (tb[NL80211_KEY_IDX])
259 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
260 
261 	if (tb[NL80211_KEY_DATA]) {
262 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
263 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
264 	}
265 
266 	if (tb[NL80211_KEY_SEQ]) {
267 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
268 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
269 	}
270 
271 	if (tb[NL80211_KEY_CIPHER])
272 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
273 
274 	return 0;
275 }
276 
277 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
278 {
279 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
280 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
281 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
282 	}
283 
284 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
285 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
286 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
287 	}
288 
289 	if (info->attrs[NL80211_ATTR_KEY_IDX])
290 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
291 
292 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
293 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
294 
295 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
296 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
297 
298 	return 0;
299 }
300 
301 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
302 {
303 	int err;
304 
305 	memset(k, 0, sizeof(*k));
306 	k->idx = -1;
307 
308 	if (info->attrs[NL80211_ATTR_KEY])
309 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
310 	else
311 		err = nl80211_parse_key_old(info, k);
312 
313 	if (err)
314 		return err;
315 
316 	if (k->def && k->defmgmt)
317 		return -EINVAL;
318 
319 	if (k->idx != -1) {
320 		if (k->defmgmt) {
321 			if (k->idx < 4 || k->idx > 5)
322 				return -EINVAL;
323 		} else if (k->def) {
324 			if (k->idx < 0 || k->idx > 3)
325 				return -EINVAL;
326 		} else {
327 			if (k->idx < 0 || k->idx > 5)
328 				return -EINVAL;
329 		}
330 	}
331 
332 	return 0;
333 }
334 
335 static struct cfg80211_cached_keys *
336 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
337 		       struct nlattr *keys)
338 {
339 	struct key_parse parse;
340 	struct nlattr *key;
341 	struct cfg80211_cached_keys *result;
342 	int rem, err, def = 0;
343 
344 	result = kzalloc(sizeof(*result), GFP_KERNEL);
345 	if (!result)
346 		return ERR_PTR(-ENOMEM);
347 
348 	result->def = -1;
349 	result->defmgmt = -1;
350 
351 	nla_for_each_nested(key, keys, rem) {
352 		memset(&parse, 0, sizeof(parse));
353 		parse.idx = -1;
354 
355 		err = nl80211_parse_key_new(key, &parse);
356 		if (err)
357 			goto error;
358 		err = -EINVAL;
359 		if (!parse.p.key)
360 			goto error;
361 		if (parse.idx < 0 || parse.idx > 4)
362 			goto error;
363 		if (parse.def) {
364 			if (def)
365 				goto error;
366 			def = 1;
367 			result->def = parse.idx;
368 		} else if (parse.defmgmt)
369 			goto error;
370 		err = cfg80211_validate_key_settings(rdev, &parse.p,
371 						     parse.idx, NULL);
372 		if (err)
373 			goto error;
374 		result->params[parse.idx].cipher = parse.p.cipher;
375 		result->params[parse.idx].key_len = parse.p.key_len;
376 		result->params[parse.idx].key = result->data[parse.idx];
377 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
378 	}
379 
380 	return result;
381  error:
382 	kfree(result);
383 	return ERR_PTR(err);
384 }
385 
386 static int nl80211_key_allowed(struct wireless_dev *wdev)
387 {
388 	ASSERT_WDEV_LOCK(wdev);
389 
390 	if (!netif_running(wdev->netdev))
391 		return -ENETDOWN;
392 
393 	switch (wdev->iftype) {
394 	case NL80211_IFTYPE_AP:
395 	case NL80211_IFTYPE_AP_VLAN:
396 		break;
397 	case NL80211_IFTYPE_ADHOC:
398 		if (!wdev->current_bss)
399 			return -ENOLINK;
400 		break;
401 	case NL80211_IFTYPE_STATION:
402 		if (wdev->sme_state != CFG80211_SME_CONNECTED)
403 			return -ENOLINK;
404 		break;
405 	default:
406 		return -EINVAL;
407 	}
408 
409 	return 0;
410 }
411 
412 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
413 			      struct cfg80211_registered_device *dev)
414 {
415 	void *hdr;
416 	struct nlattr *nl_bands, *nl_band;
417 	struct nlattr *nl_freqs, *nl_freq;
418 	struct nlattr *nl_rates, *nl_rate;
419 	struct nlattr *nl_modes;
420 	struct nlattr *nl_cmds;
421 	enum ieee80211_band band;
422 	struct ieee80211_channel *chan;
423 	struct ieee80211_rate *rate;
424 	int i;
425 	u16 ifmodes = dev->wiphy.interface_modes;
426 
427 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
428 	if (!hdr)
429 		return -1;
430 
431 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
432 	NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
433 
434 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
435 		    cfg80211_rdev_list_generation);
436 
437 	NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
438 		   dev->wiphy.retry_short);
439 	NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
440 		   dev->wiphy.retry_long);
441 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
442 		    dev->wiphy.frag_threshold);
443 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
444 		    dev->wiphy.rts_threshold);
445 
446 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
447 		   dev->wiphy.max_scan_ssids);
448 	NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
449 		    dev->wiphy.max_scan_ie_len);
450 
451 	NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
452 		sizeof(u32) * dev->wiphy.n_cipher_suites,
453 		dev->wiphy.cipher_suites);
454 
455 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
456 		   dev->wiphy.max_num_pmkids);
457 
458 	nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES);
459 	if (!nl_modes)
460 		goto nla_put_failure;
461 
462 	i = 0;
463 	while (ifmodes) {
464 		if (ifmodes & 1)
465 			NLA_PUT_FLAG(msg, i);
466 		ifmodes >>= 1;
467 		i++;
468 	}
469 
470 	nla_nest_end(msg, nl_modes);
471 
472 	nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
473 	if (!nl_bands)
474 		goto nla_put_failure;
475 
476 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
477 		if (!dev->wiphy.bands[band])
478 			continue;
479 
480 		nl_band = nla_nest_start(msg, band);
481 		if (!nl_band)
482 			goto nla_put_failure;
483 
484 		/* add HT info */
485 		if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
486 			NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
487 				sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
488 				&dev->wiphy.bands[band]->ht_cap.mcs);
489 			NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
490 				dev->wiphy.bands[band]->ht_cap.cap);
491 			NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
492 				dev->wiphy.bands[band]->ht_cap.ampdu_factor);
493 			NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
494 				dev->wiphy.bands[band]->ht_cap.ampdu_density);
495 		}
496 
497 		/* add frequencies */
498 		nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
499 		if (!nl_freqs)
500 			goto nla_put_failure;
501 
502 		for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
503 			nl_freq = nla_nest_start(msg, i);
504 			if (!nl_freq)
505 				goto nla_put_failure;
506 
507 			chan = &dev->wiphy.bands[band]->channels[i];
508 
509 			if (nl80211_msg_put_channel(msg, chan))
510 				goto nla_put_failure;
511 
512 			nla_nest_end(msg, nl_freq);
513 		}
514 
515 		nla_nest_end(msg, nl_freqs);
516 
517 		/* add bitrates */
518 		nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
519 		if (!nl_rates)
520 			goto nla_put_failure;
521 
522 		for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
523 			nl_rate = nla_nest_start(msg, i);
524 			if (!nl_rate)
525 				goto nla_put_failure;
526 
527 			rate = &dev->wiphy.bands[band]->bitrates[i];
528 			NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
529 				    rate->bitrate);
530 			if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
531 				NLA_PUT_FLAG(msg,
532 					NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
533 
534 			nla_nest_end(msg, nl_rate);
535 		}
536 
537 		nla_nest_end(msg, nl_rates);
538 
539 		nla_nest_end(msg, nl_band);
540 	}
541 	nla_nest_end(msg, nl_bands);
542 
543 	nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
544 	if (!nl_cmds)
545 		goto nla_put_failure;
546 
547 	i = 0;
548 #define CMD(op, n)						\
549 	 do {							\
550 		if (dev->ops->op) {				\
551 			i++;					\
552 			NLA_PUT_U32(msg, i, NL80211_CMD_ ## n);	\
553 		}						\
554 	} while (0)
555 
556 	CMD(add_virtual_intf, NEW_INTERFACE);
557 	CMD(change_virtual_intf, SET_INTERFACE);
558 	CMD(add_key, NEW_KEY);
559 	CMD(add_beacon, NEW_BEACON);
560 	CMD(add_station, NEW_STATION);
561 	CMD(add_mpath, NEW_MPATH);
562 	CMD(set_mesh_params, SET_MESH_PARAMS);
563 	CMD(change_bss, SET_BSS);
564 	CMD(auth, AUTHENTICATE);
565 	CMD(assoc, ASSOCIATE);
566 	CMD(deauth, DEAUTHENTICATE);
567 	CMD(disassoc, DISASSOCIATE);
568 	CMD(join_ibss, JOIN_IBSS);
569 	CMD(set_pmksa, SET_PMKSA);
570 	CMD(del_pmksa, DEL_PMKSA);
571 	CMD(flush_pmksa, FLUSH_PMKSA);
572 	if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
573 		i++;
574 		NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
575 	}
576 
577 #undef CMD
578 
579 	if (dev->ops->connect || dev->ops->auth) {
580 		i++;
581 		NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
582 	}
583 
584 	if (dev->ops->disconnect || dev->ops->deauth) {
585 		i++;
586 		NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
587 	}
588 
589 	nla_nest_end(msg, nl_cmds);
590 
591 	return genlmsg_end(msg, hdr);
592 
593  nla_put_failure:
594 	genlmsg_cancel(msg, hdr);
595 	return -EMSGSIZE;
596 }
597 
598 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
599 {
600 	int idx = 0;
601 	int start = cb->args[0];
602 	struct cfg80211_registered_device *dev;
603 
604 	mutex_lock(&cfg80211_mutex);
605 	list_for_each_entry(dev, &cfg80211_rdev_list, list) {
606 		if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
607 			continue;
608 		if (++idx <= start)
609 			continue;
610 		if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
611 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
612 				       dev) < 0) {
613 			idx--;
614 			break;
615 		}
616 	}
617 	mutex_unlock(&cfg80211_mutex);
618 
619 	cb->args[0] = idx;
620 
621 	return skb->len;
622 }
623 
624 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
625 {
626 	struct sk_buff *msg;
627 	struct cfg80211_registered_device *dev;
628 
629 	dev = cfg80211_get_dev_from_info(info);
630 	if (IS_ERR(dev))
631 		return PTR_ERR(dev);
632 
633 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
634 	if (!msg)
635 		goto out_err;
636 
637 	if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0)
638 		goto out_free;
639 
640 	cfg80211_unlock_rdev(dev);
641 
642 	return genlmsg_reply(msg, info);
643 
644  out_free:
645 	nlmsg_free(msg);
646  out_err:
647 	cfg80211_unlock_rdev(dev);
648 	return -ENOBUFS;
649 }
650 
651 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
652 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
653 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
654 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
655 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
656 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
657 };
658 
659 static int parse_txq_params(struct nlattr *tb[],
660 			    struct ieee80211_txq_params *txq_params)
661 {
662 	if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
663 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
664 	    !tb[NL80211_TXQ_ATTR_AIFS])
665 		return -EINVAL;
666 
667 	txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
668 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
669 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
670 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
671 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
672 
673 	return 0;
674 }
675 
676 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
677 {
678 	struct cfg80211_registered_device *rdev;
679 	int result = 0, rem_txq_params = 0;
680 	struct nlattr *nl_txq_params;
681 	u32 changed;
682 	u8 retry_short = 0, retry_long = 0;
683 	u32 frag_threshold = 0, rts_threshold = 0;
684 
685 	rtnl_lock();
686 
687 	mutex_lock(&cfg80211_mutex);
688 
689 	rdev = __cfg80211_rdev_from_info(info);
690 	if (IS_ERR(rdev)) {
691 		mutex_unlock(&cfg80211_mutex);
692 		result = PTR_ERR(rdev);
693 		goto unlock;
694 	}
695 
696 	mutex_lock(&rdev->mtx);
697 
698 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
699 		result = cfg80211_dev_rename(
700 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
701 
702 	mutex_unlock(&cfg80211_mutex);
703 
704 	if (result)
705 		goto bad_res;
706 
707 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
708 		struct ieee80211_txq_params txq_params;
709 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
710 
711 		if (!rdev->ops->set_txq_params) {
712 			result = -EOPNOTSUPP;
713 			goto bad_res;
714 		}
715 
716 		nla_for_each_nested(nl_txq_params,
717 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
718 				    rem_txq_params) {
719 			nla_parse(tb, NL80211_TXQ_ATTR_MAX,
720 				  nla_data(nl_txq_params),
721 				  nla_len(nl_txq_params),
722 				  txq_params_policy);
723 			result = parse_txq_params(tb, &txq_params);
724 			if (result)
725 				goto bad_res;
726 
727 			result = rdev->ops->set_txq_params(&rdev->wiphy,
728 							   &txq_params);
729 			if (result)
730 				goto bad_res;
731 		}
732 	}
733 
734 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
735 		enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
736 		u32 freq;
737 
738 		result = -EINVAL;
739 
740 		if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
741 			channel_type = nla_get_u32(info->attrs[
742 					   NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
743 			if (channel_type != NL80211_CHAN_NO_HT &&
744 			    channel_type != NL80211_CHAN_HT20 &&
745 			    channel_type != NL80211_CHAN_HT40PLUS &&
746 			    channel_type != NL80211_CHAN_HT40MINUS)
747 				goto bad_res;
748 		}
749 
750 		freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
751 
752 		mutex_lock(&rdev->devlist_mtx);
753 		result = rdev_set_freq(rdev, NULL, freq, channel_type);
754 		mutex_unlock(&rdev->devlist_mtx);
755 		if (result)
756 			goto bad_res;
757 	}
758 
759 	changed = 0;
760 
761 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
762 		retry_short = nla_get_u8(
763 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
764 		if (retry_short == 0) {
765 			result = -EINVAL;
766 			goto bad_res;
767 		}
768 		changed |= WIPHY_PARAM_RETRY_SHORT;
769 	}
770 
771 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
772 		retry_long = nla_get_u8(
773 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
774 		if (retry_long == 0) {
775 			result = -EINVAL;
776 			goto bad_res;
777 		}
778 		changed |= WIPHY_PARAM_RETRY_LONG;
779 	}
780 
781 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
782 		frag_threshold = nla_get_u32(
783 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
784 		if (frag_threshold < 256) {
785 			result = -EINVAL;
786 			goto bad_res;
787 		}
788 		if (frag_threshold != (u32) -1) {
789 			/*
790 			 * Fragments (apart from the last one) are required to
791 			 * have even length. Make the fragmentation code
792 			 * simpler by stripping LSB should someone try to use
793 			 * odd threshold value.
794 			 */
795 			frag_threshold &= ~0x1;
796 		}
797 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
798 	}
799 
800 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
801 		rts_threshold = nla_get_u32(
802 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
803 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
804 	}
805 
806 	if (changed) {
807 		u8 old_retry_short, old_retry_long;
808 		u32 old_frag_threshold, old_rts_threshold;
809 
810 		if (!rdev->ops->set_wiphy_params) {
811 			result = -EOPNOTSUPP;
812 			goto bad_res;
813 		}
814 
815 		old_retry_short = rdev->wiphy.retry_short;
816 		old_retry_long = rdev->wiphy.retry_long;
817 		old_frag_threshold = rdev->wiphy.frag_threshold;
818 		old_rts_threshold = rdev->wiphy.rts_threshold;
819 
820 		if (changed & WIPHY_PARAM_RETRY_SHORT)
821 			rdev->wiphy.retry_short = retry_short;
822 		if (changed & WIPHY_PARAM_RETRY_LONG)
823 			rdev->wiphy.retry_long = retry_long;
824 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
825 			rdev->wiphy.frag_threshold = frag_threshold;
826 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
827 			rdev->wiphy.rts_threshold = rts_threshold;
828 
829 		result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
830 		if (result) {
831 			rdev->wiphy.retry_short = old_retry_short;
832 			rdev->wiphy.retry_long = old_retry_long;
833 			rdev->wiphy.frag_threshold = old_frag_threshold;
834 			rdev->wiphy.rts_threshold = old_rts_threshold;
835 		}
836 	}
837 
838  bad_res:
839 	mutex_unlock(&rdev->mtx);
840  unlock:
841 	rtnl_unlock();
842 	return result;
843 }
844 
845 
846 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
847 			      struct cfg80211_registered_device *rdev,
848 			      struct net_device *dev)
849 {
850 	void *hdr;
851 
852 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
853 	if (!hdr)
854 		return -1;
855 
856 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
857 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
858 	NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
859 	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
860 
861 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
862 		    rdev->devlist_generation ^
863 			(cfg80211_rdev_list_generation << 2));
864 
865 	return genlmsg_end(msg, hdr);
866 
867  nla_put_failure:
868 	genlmsg_cancel(msg, hdr);
869 	return -EMSGSIZE;
870 }
871 
872 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
873 {
874 	int wp_idx = 0;
875 	int if_idx = 0;
876 	int wp_start = cb->args[0];
877 	int if_start = cb->args[1];
878 	struct cfg80211_registered_device *rdev;
879 	struct wireless_dev *wdev;
880 
881 	mutex_lock(&cfg80211_mutex);
882 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
883 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
884 			continue;
885 		if (wp_idx < wp_start) {
886 			wp_idx++;
887 			continue;
888 		}
889 		if_idx = 0;
890 
891 		mutex_lock(&rdev->devlist_mtx);
892 		list_for_each_entry(wdev, &rdev->netdev_list, list) {
893 			if (if_idx < if_start) {
894 				if_idx++;
895 				continue;
896 			}
897 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
898 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
899 					       rdev, wdev->netdev) < 0) {
900 				mutex_unlock(&rdev->devlist_mtx);
901 				goto out;
902 			}
903 			if_idx++;
904 		}
905 		mutex_unlock(&rdev->devlist_mtx);
906 
907 		wp_idx++;
908 	}
909  out:
910 	mutex_unlock(&cfg80211_mutex);
911 
912 	cb->args[0] = wp_idx;
913 	cb->args[1] = if_idx;
914 
915 	return skb->len;
916 }
917 
918 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
919 {
920 	struct sk_buff *msg;
921 	struct cfg80211_registered_device *dev;
922 	struct net_device *netdev;
923 	int err;
924 
925 	err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev);
926 	if (err)
927 		return err;
928 
929 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
930 	if (!msg)
931 		goto out_err;
932 
933 	if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
934 			       dev, netdev) < 0)
935 		goto out_free;
936 
937 	dev_put(netdev);
938 	cfg80211_unlock_rdev(dev);
939 
940 	return genlmsg_reply(msg, info);
941 
942  out_free:
943 	nlmsg_free(msg);
944  out_err:
945 	dev_put(netdev);
946 	cfg80211_unlock_rdev(dev);
947 	return -ENOBUFS;
948 }
949 
950 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
951 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
952 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
953 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
954 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
955 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
956 };
957 
958 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
959 {
960 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
961 	int flag;
962 
963 	*mntrflags = 0;
964 
965 	if (!nla)
966 		return -EINVAL;
967 
968 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
969 			     nla, mntr_flags_policy))
970 		return -EINVAL;
971 
972 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
973 		if (flags[flag])
974 			*mntrflags |= (1<<flag);
975 
976 	return 0;
977 }
978 
979 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
980 			       struct net_device *netdev, u8 use_4addr,
981 			       enum nl80211_iftype iftype)
982 {
983 	if (!use_4addr) {
984 		if (netdev && netdev->br_port)
985 			return -EBUSY;
986 		return 0;
987 	}
988 
989 	switch (iftype) {
990 	case NL80211_IFTYPE_AP_VLAN:
991 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
992 			return 0;
993 		break;
994 	case NL80211_IFTYPE_STATION:
995 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
996 			return 0;
997 		break;
998 	default:
999 		break;
1000 	}
1001 
1002 	return -EOPNOTSUPP;
1003 }
1004 
1005 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1006 {
1007 	struct cfg80211_registered_device *rdev;
1008 	struct vif_params params;
1009 	int err;
1010 	enum nl80211_iftype otype, ntype;
1011 	struct net_device *dev;
1012 	u32 _flags, *flags = NULL;
1013 	bool change = false;
1014 
1015 	memset(&params, 0, sizeof(params));
1016 
1017 	rtnl_lock();
1018 
1019 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1020 	if (err)
1021 		goto unlock_rtnl;
1022 
1023 	otype = ntype = dev->ieee80211_ptr->iftype;
1024 
1025 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
1026 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1027 		if (otype != ntype)
1028 			change = true;
1029 		if (ntype > NL80211_IFTYPE_MAX) {
1030 			err = -EINVAL;
1031 			goto unlock;
1032 		}
1033 	}
1034 
1035 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
1036 		if (ntype != NL80211_IFTYPE_MESH_POINT) {
1037 			err = -EINVAL;
1038 			goto unlock;
1039 		}
1040 		params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
1041 		params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1042 		change = true;
1043 	}
1044 
1045 	if (info->attrs[NL80211_ATTR_4ADDR]) {
1046 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1047 		change = true;
1048 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1049 		if (err)
1050 			goto unlock;
1051 	} else {
1052 		params.use_4addr = -1;
1053 	}
1054 
1055 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1056 		if (ntype != NL80211_IFTYPE_MONITOR) {
1057 			err = -EINVAL;
1058 			goto unlock;
1059 		}
1060 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1061 					  &_flags);
1062 		if (err)
1063 			goto unlock;
1064 
1065 		flags = &_flags;
1066 		change = true;
1067 	}
1068 
1069 	if (change)
1070 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1071 	else
1072 		err = 0;
1073 
1074 	if (!err && params.use_4addr != -1)
1075 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
1076 
1077  unlock:
1078 	dev_put(dev);
1079 	cfg80211_unlock_rdev(rdev);
1080  unlock_rtnl:
1081 	rtnl_unlock();
1082 	return err;
1083 }
1084 
1085 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1086 {
1087 	struct cfg80211_registered_device *rdev;
1088 	struct vif_params params;
1089 	int err;
1090 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1091 	u32 flags;
1092 
1093 	memset(&params, 0, sizeof(params));
1094 
1095 	if (!info->attrs[NL80211_ATTR_IFNAME])
1096 		return -EINVAL;
1097 
1098 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
1099 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1100 		if (type > NL80211_IFTYPE_MAX)
1101 			return -EINVAL;
1102 	}
1103 
1104 	rtnl_lock();
1105 
1106 	rdev = cfg80211_get_dev_from_info(info);
1107 	if (IS_ERR(rdev)) {
1108 		err = PTR_ERR(rdev);
1109 		goto unlock_rtnl;
1110 	}
1111 
1112 	if (!rdev->ops->add_virtual_intf ||
1113 	    !(rdev->wiphy.interface_modes & (1 << type))) {
1114 		err = -EOPNOTSUPP;
1115 		goto unlock;
1116 	}
1117 
1118 	if (type == NL80211_IFTYPE_MESH_POINT &&
1119 	    info->attrs[NL80211_ATTR_MESH_ID]) {
1120 		params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
1121 		params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1122 	}
1123 
1124 	if (info->attrs[NL80211_ATTR_4ADDR]) {
1125 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1126 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1127 		if (err)
1128 			goto unlock;
1129 	}
1130 
1131 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1132 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1133 				  &flags);
1134 	err = rdev->ops->add_virtual_intf(&rdev->wiphy,
1135 		nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1136 		type, err ? NULL : &flags, &params);
1137 
1138  unlock:
1139 	cfg80211_unlock_rdev(rdev);
1140  unlock_rtnl:
1141 	rtnl_unlock();
1142 	return err;
1143 }
1144 
1145 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1146 {
1147 	struct cfg80211_registered_device *rdev;
1148 	int err;
1149 	struct net_device *dev;
1150 
1151 	rtnl_lock();
1152 
1153 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1154 	if (err)
1155 		goto unlock_rtnl;
1156 
1157 	if (!rdev->ops->del_virtual_intf) {
1158 		err = -EOPNOTSUPP;
1159 		goto out;
1160 	}
1161 
1162 	err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1163 
1164  out:
1165 	cfg80211_unlock_rdev(rdev);
1166 	dev_put(dev);
1167  unlock_rtnl:
1168 	rtnl_unlock();
1169 	return err;
1170 }
1171 
1172 struct get_key_cookie {
1173 	struct sk_buff *msg;
1174 	int error;
1175 	int idx;
1176 };
1177 
1178 static void get_key_callback(void *c, struct key_params *params)
1179 {
1180 	struct nlattr *key;
1181 	struct get_key_cookie *cookie = c;
1182 
1183 	if (params->key)
1184 		NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1185 			params->key_len, params->key);
1186 
1187 	if (params->seq)
1188 		NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1189 			params->seq_len, params->seq);
1190 
1191 	if (params->cipher)
1192 		NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1193 			    params->cipher);
1194 
1195 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1196 	if (!key)
1197 		goto nla_put_failure;
1198 
1199 	if (params->key)
1200 		NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1201 			params->key_len, params->key);
1202 
1203 	if (params->seq)
1204 		NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1205 			params->seq_len, params->seq);
1206 
1207 	if (params->cipher)
1208 		NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1209 			    params->cipher);
1210 
1211 	NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1212 
1213 	nla_nest_end(cookie->msg, key);
1214 
1215 	return;
1216  nla_put_failure:
1217 	cookie->error = 1;
1218 }
1219 
1220 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1221 {
1222 	struct cfg80211_registered_device *rdev;
1223 	int err;
1224 	struct net_device *dev;
1225 	u8 key_idx = 0;
1226 	u8 *mac_addr = NULL;
1227 	struct get_key_cookie cookie = {
1228 		.error = 0,
1229 	};
1230 	void *hdr;
1231 	struct sk_buff *msg;
1232 
1233 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1234 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1235 
1236 	if (key_idx > 5)
1237 		return -EINVAL;
1238 
1239 	if (info->attrs[NL80211_ATTR_MAC])
1240 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1241 
1242 	rtnl_lock();
1243 
1244 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1245 	if (err)
1246 		goto unlock_rtnl;
1247 
1248 	if (!rdev->ops->get_key) {
1249 		err = -EOPNOTSUPP;
1250 		goto out;
1251 	}
1252 
1253 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1254 	if (!msg) {
1255 		err = -ENOMEM;
1256 		goto out;
1257 	}
1258 
1259 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1260 			     NL80211_CMD_NEW_KEY);
1261 
1262 	if (IS_ERR(hdr)) {
1263 		err = PTR_ERR(hdr);
1264 		goto free_msg;
1265 	}
1266 
1267 	cookie.msg = msg;
1268 	cookie.idx = key_idx;
1269 
1270 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1271 	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1272 	if (mac_addr)
1273 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1274 
1275 	err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr,
1276 				&cookie, get_key_callback);
1277 
1278 	if (err)
1279 		goto free_msg;
1280 
1281 	if (cookie.error)
1282 		goto nla_put_failure;
1283 
1284 	genlmsg_end(msg, hdr);
1285 	err = genlmsg_reply(msg, info);
1286 	goto out;
1287 
1288  nla_put_failure:
1289 	err = -ENOBUFS;
1290  free_msg:
1291 	nlmsg_free(msg);
1292  out:
1293 	cfg80211_unlock_rdev(rdev);
1294 	dev_put(dev);
1295  unlock_rtnl:
1296 	rtnl_unlock();
1297 
1298 	return err;
1299 }
1300 
1301 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1302 {
1303 	struct cfg80211_registered_device *rdev;
1304 	struct key_parse key;
1305 	int err;
1306 	struct net_device *dev;
1307 	int (*func)(struct wiphy *wiphy, struct net_device *netdev,
1308 		    u8 key_index);
1309 
1310 	err = nl80211_parse_key(info, &key);
1311 	if (err)
1312 		return err;
1313 
1314 	if (key.idx < 0)
1315 		return -EINVAL;
1316 
1317 	/* only support setting default key */
1318 	if (!key.def && !key.defmgmt)
1319 		return -EINVAL;
1320 
1321 	rtnl_lock();
1322 
1323 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1324 	if (err)
1325 		goto unlock_rtnl;
1326 
1327 	if (key.def)
1328 		func = rdev->ops->set_default_key;
1329 	else
1330 		func = rdev->ops->set_default_mgmt_key;
1331 
1332 	if (!func) {
1333 		err = -EOPNOTSUPP;
1334 		goto out;
1335 	}
1336 
1337 	wdev_lock(dev->ieee80211_ptr);
1338 	err = nl80211_key_allowed(dev->ieee80211_ptr);
1339 	if (!err)
1340 		err = func(&rdev->wiphy, dev, key.idx);
1341 
1342 #ifdef CONFIG_CFG80211_WEXT
1343 	if (!err) {
1344 		if (func == rdev->ops->set_default_key)
1345 			dev->ieee80211_ptr->wext.default_key = key.idx;
1346 		else
1347 			dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1348 	}
1349 #endif
1350 	wdev_unlock(dev->ieee80211_ptr);
1351 
1352  out:
1353 	cfg80211_unlock_rdev(rdev);
1354 	dev_put(dev);
1355 
1356  unlock_rtnl:
1357 	rtnl_unlock();
1358 
1359 	return err;
1360 }
1361 
1362 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1363 {
1364 	struct cfg80211_registered_device *rdev;
1365 	int err;
1366 	struct net_device *dev;
1367 	struct key_parse key;
1368 	u8 *mac_addr = NULL;
1369 
1370 	err = nl80211_parse_key(info, &key);
1371 	if (err)
1372 		return err;
1373 
1374 	if (!key.p.key)
1375 		return -EINVAL;
1376 
1377 	if (info->attrs[NL80211_ATTR_MAC])
1378 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1379 
1380 	rtnl_lock();
1381 
1382 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1383 	if (err)
1384 		goto unlock_rtnl;
1385 
1386 	if (!rdev->ops->add_key) {
1387 		err = -EOPNOTSUPP;
1388 		goto out;
1389 	}
1390 
1391 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) {
1392 		err = -EINVAL;
1393 		goto out;
1394 	}
1395 
1396 	wdev_lock(dev->ieee80211_ptr);
1397 	err = nl80211_key_allowed(dev->ieee80211_ptr);
1398 	if (!err)
1399 		err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
1400 					 mac_addr, &key.p);
1401 	wdev_unlock(dev->ieee80211_ptr);
1402 
1403  out:
1404 	cfg80211_unlock_rdev(rdev);
1405 	dev_put(dev);
1406  unlock_rtnl:
1407 	rtnl_unlock();
1408 
1409 	return err;
1410 }
1411 
1412 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1413 {
1414 	struct cfg80211_registered_device *rdev;
1415 	int err;
1416 	struct net_device *dev;
1417 	u8 *mac_addr = NULL;
1418 	struct key_parse key;
1419 
1420 	err = nl80211_parse_key(info, &key);
1421 	if (err)
1422 		return err;
1423 
1424 	if (info->attrs[NL80211_ATTR_MAC])
1425 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1426 
1427 	rtnl_lock();
1428 
1429 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1430 	if (err)
1431 		goto unlock_rtnl;
1432 
1433 	if (!rdev->ops->del_key) {
1434 		err = -EOPNOTSUPP;
1435 		goto out;
1436 	}
1437 
1438 	wdev_lock(dev->ieee80211_ptr);
1439 	err = nl80211_key_allowed(dev->ieee80211_ptr);
1440 	if (!err)
1441 		err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr);
1442 
1443 #ifdef CONFIG_CFG80211_WEXT
1444 	if (!err) {
1445 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
1446 			dev->ieee80211_ptr->wext.default_key = -1;
1447 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
1448 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
1449 	}
1450 #endif
1451 	wdev_unlock(dev->ieee80211_ptr);
1452 
1453  out:
1454 	cfg80211_unlock_rdev(rdev);
1455 	dev_put(dev);
1456 
1457  unlock_rtnl:
1458 	rtnl_unlock();
1459 
1460 	return err;
1461 }
1462 
1463 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1464 {
1465         int (*call)(struct wiphy *wiphy, struct net_device *dev,
1466 		    struct beacon_parameters *info);
1467 	struct cfg80211_registered_device *rdev;
1468 	int err;
1469 	struct net_device *dev;
1470 	struct beacon_parameters params;
1471 	int haveinfo = 0;
1472 
1473 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]))
1474 		return -EINVAL;
1475 
1476 	rtnl_lock();
1477 
1478 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1479 	if (err)
1480 		goto unlock_rtnl;
1481 
1482 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1483 		err = -EOPNOTSUPP;
1484 		goto out;
1485 	}
1486 
1487 	switch (info->genlhdr->cmd) {
1488 	case NL80211_CMD_NEW_BEACON:
1489 		/* these are required for NEW_BEACON */
1490 		if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
1491 		    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
1492 		    !info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1493 			err = -EINVAL;
1494 			goto out;
1495 		}
1496 
1497 		call = rdev->ops->add_beacon;
1498 		break;
1499 	case NL80211_CMD_SET_BEACON:
1500 		call = rdev->ops->set_beacon;
1501 		break;
1502 	default:
1503 		WARN_ON(1);
1504 		err = -EOPNOTSUPP;
1505 		goto out;
1506 	}
1507 
1508 	if (!call) {
1509 		err = -EOPNOTSUPP;
1510 		goto out;
1511 	}
1512 
1513 	memset(&params, 0, sizeof(params));
1514 
1515 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
1516 		params.interval =
1517 		    nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
1518 		haveinfo = 1;
1519 	}
1520 
1521 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
1522 		params.dtim_period =
1523 		    nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
1524 		haveinfo = 1;
1525 	}
1526 
1527 	if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1528 		params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1529 		params.head_len =
1530 		    nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1531 		haveinfo = 1;
1532 	}
1533 
1534 	if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
1535 		params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1536 		params.tail_len =
1537 		    nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1538 		haveinfo = 1;
1539 	}
1540 
1541 	if (!haveinfo) {
1542 		err = -EINVAL;
1543 		goto out;
1544 	}
1545 
1546 	err = call(&rdev->wiphy, dev, &params);
1547 
1548  out:
1549 	cfg80211_unlock_rdev(rdev);
1550 	dev_put(dev);
1551  unlock_rtnl:
1552 	rtnl_unlock();
1553 
1554 	return err;
1555 }
1556 
1557 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
1558 {
1559 	struct cfg80211_registered_device *rdev;
1560 	int err;
1561 	struct net_device *dev;
1562 
1563 	rtnl_lock();
1564 
1565 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1566 	if (err)
1567 		goto unlock_rtnl;
1568 
1569 	if (!rdev->ops->del_beacon) {
1570 		err = -EOPNOTSUPP;
1571 		goto out;
1572 	}
1573 
1574 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1575 		err = -EOPNOTSUPP;
1576 		goto out;
1577 	}
1578 	err = rdev->ops->del_beacon(&rdev->wiphy, dev);
1579 
1580  out:
1581 	cfg80211_unlock_rdev(rdev);
1582 	dev_put(dev);
1583  unlock_rtnl:
1584 	rtnl_unlock();
1585 
1586 	return err;
1587 }
1588 
1589 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
1590 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
1591 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
1592 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
1593 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
1594 };
1595 
1596 static int parse_station_flags(struct genl_info *info,
1597 			       struct station_parameters *params)
1598 {
1599 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
1600 	struct nlattr *nla;
1601 	int flag;
1602 
1603 	/*
1604 	 * Try parsing the new attribute first so userspace
1605 	 * can specify both for older kernels.
1606 	 */
1607 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
1608 	if (nla) {
1609 		struct nl80211_sta_flag_update *sta_flags;
1610 
1611 		sta_flags = nla_data(nla);
1612 		params->sta_flags_mask = sta_flags->mask;
1613 		params->sta_flags_set = sta_flags->set;
1614 		if ((params->sta_flags_mask |
1615 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
1616 			return -EINVAL;
1617 		return 0;
1618 	}
1619 
1620 	/* if present, parse the old attribute */
1621 
1622 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
1623 	if (!nla)
1624 		return 0;
1625 
1626 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
1627 			     nla, sta_flags_policy))
1628 		return -EINVAL;
1629 
1630 	params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1;
1631 	params->sta_flags_mask &= ~1;
1632 
1633 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
1634 		if (flags[flag])
1635 			params->sta_flags_set |= (1<<flag);
1636 
1637 	return 0;
1638 }
1639 
1640 static u16 nl80211_calculate_bitrate(struct rate_info *rate)
1641 {
1642 	int modulation, streams, bitrate;
1643 
1644 	if (!(rate->flags & RATE_INFO_FLAGS_MCS))
1645 		return rate->legacy;
1646 
1647 	/* the formula below does only work for MCS values smaller than 32 */
1648 	if (rate->mcs >= 32)
1649 		return 0;
1650 
1651 	modulation = rate->mcs & 7;
1652 	streams = (rate->mcs >> 3) + 1;
1653 
1654 	bitrate = (rate->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) ?
1655 			13500000 : 6500000;
1656 
1657 	if (modulation < 4)
1658 		bitrate *= (modulation + 1);
1659 	else if (modulation == 4)
1660 		bitrate *= (modulation + 2);
1661 	else
1662 		bitrate *= (modulation + 3);
1663 
1664 	bitrate *= streams;
1665 
1666 	if (rate->flags & RATE_INFO_FLAGS_SHORT_GI)
1667 		bitrate = (bitrate / 9) * 10;
1668 
1669 	/* do NOT round down here */
1670 	return (bitrate + 50000) / 100000;
1671 }
1672 
1673 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
1674 				int flags, struct net_device *dev,
1675 				u8 *mac_addr, struct station_info *sinfo)
1676 {
1677 	void *hdr;
1678 	struct nlattr *sinfoattr, *txrate;
1679 	u16 bitrate;
1680 
1681 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
1682 	if (!hdr)
1683 		return -1;
1684 
1685 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1686 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1687 
1688 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
1689 
1690 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
1691 	if (!sinfoattr)
1692 		goto nla_put_failure;
1693 	if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
1694 		NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
1695 			    sinfo->inactive_time);
1696 	if (sinfo->filled & STATION_INFO_RX_BYTES)
1697 		NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
1698 			    sinfo->rx_bytes);
1699 	if (sinfo->filled & STATION_INFO_TX_BYTES)
1700 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
1701 			    sinfo->tx_bytes);
1702 	if (sinfo->filled & STATION_INFO_LLID)
1703 		NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
1704 			    sinfo->llid);
1705 	if (sinfo->filled & STATION_INFO_PLID)
1706 		NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
1707 			    sinfo->plid);
1708 	if (sinfo->filled & STATION_INFO_PLINK_STATE)
1709 		NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
1710 			    sinfo->plink_state);
1711 	if (sinfo->filled & STATION_INFO_SIGNAL)
1712 		NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
1713 			   sinfo->signal);
1714 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
1715 		txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE);
1716 		if (!txrate)
1717 			goto nla_put_failure;
1718 
1719 		/* nl80211_calculate_bitrate will return 0 for mcs >= 32 */
1720 		bitrate = nl80211_calculate_bitrate(&sinfo->txrate);
1721 		if (bitrate > 0)
1722 			NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
1723 
1724 		if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS)
1725 			NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS,
1726 				    sinfo->txrate.mcs);
1727 		if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
1728 			NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
1729 		if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI)
1730 			NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
1731 
1732 		nla_nest_end(msg, txrate);
1733 	}
1734 	if (sinfo->filled & STATION_INFO_RX_PACKETS)
1735 		NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
1736 			    sinfo->rx_packets);
1737 	if (sinfo->filled & STATION_INFO_TX_PACKETS)
1738 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
1739 			    sinfo->tx_packets);
1740 	nla_nest_end(msg, sinfoattr);
1741 
1742 	return genlmsg_end(msg, hdr);
1743 
1744  nla_put_failure:
1745 	genlmsg_cancel(msg, hdr);
1746 	return -EMSGSIZE;
1747 }
1748 
1749 static int nl80211_dump_station(struct sk_buff *skb,
1750 				struct netlink_callback *cb)
1751 {
1752 	struct station_info sinfo;
1753 	struct cfg80211_registered_device *dev;
1754 	struct net_device *netdev;
1755 	u8 mac_addr[ETH_ALEN];
1756 	int ifidx = cb->args[0];
1757 	int sta_idx = cb->args[1];
1758 	int err;
1759 
1760 	if (!ifidx)
1761 		ifidx = nl80211_get_ifidx(cb);
1762 	if (ifidx < 0)
1763 		return ifidx;
1764 
1765 	rtnl_lock();
1766 
1767 	netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1768 	if (!netdev) {
1769 		err = -ENODEV;
1770 		goto out_rtnl;
1771 	}
1772 
1773 	dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
1774 	if (IS_ERR(dev)) {
1775 		err = PTR_ERR(dev);
1776 		goto out_rtnl;
1777 	}
1778 
1779 	if (!dev->ops->dump_station) {
1780 		err = -EOPNOTSUPP;
1781 		goto out_err;
1782 	}
1783 
1784 	while (1) {
1785 		err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
1786 					     mac_addr, &sinfo);
1787 		if (err == -ENOENT)
1788 			break;
1789 		if (err)
1790 			goto out_err;
1791 
1792 		if (nl80211_send_station(skb,
1793 				NETLINK_CB(cb->skb).pid,
1794 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
1795 				netdev, mac_addr,
1796 				&sinfo) < 0)
1797 			goto out;
1798 
1799 		sta_idx++;
1800 	}
1801 
1802 
1803  out:
1804 	cb->args[1] = sta_idx;
1805 	err = skb->len;
1806  out_err:
1807 	cfg80211_unlock_rdev(dev);
1808  out_rtnl:
1809 	rtnl_unlock();
1810 
1811 	return err;
1812 }
1813 
1814 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
1815 {
1816 	struct cfg80211_registered_device *rdev;
1817 	int err;
1818 	struct net_device *dev;
1819 	struct station_info sinfo;
1820 	struct sk_buff *msg;
1821 	u8 *mac_addr = NULL;
1822 
1823 	memset(&sinfo, 0, sizeof(sinfo));
1824 
1825 	if (!info->attrs[NL80211_ATTR_MAC])
1826 		return -EINVAL;
1827 
1828 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1829 
1830 	rtnl_lock();
1831 
1832 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1833 	if (err)
1834 		goto out_rtnl;
1835 
1836 	if (!rdev->ops->get_station) {
1837 		err = -EOPNOTSUPP;
1838 		goto out;
1839 	}
1840 
1841 	err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
1842 	if (err)
1843 		goto out;
1844 
1845 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1846 	if (!msg)
1847 		goto out;
1848 
1849 	if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
1850 				 dev, mac_addr, &sinfo) < 0)
1851 		goto out_free;
1852 
1853 	err = genlmsg_reply(msg, info);
1854 	goto out;
1855 
1856  out_free:
1857 	nlmsg_free(msg);
1858  out:
1859 	cfg80211_unlock_rdev(rdev);
1860 	dev_put(dev);
1861  out_rtnl:
1862 	rtnl_unlock();
1863 
1864 	return err;
1865 }
1866 
1867 /*
1868  * Get vlan interface making sure it is running and on the right wiphy.
1869  */
1870 static int get_vlan(struct genl_info *info,
1871 		    struct cfg80211_registered_device *rdev,
1872 		    struct net_device **vlan)
1873 {
1874 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
1875 	*vlan = NULL;
1876 
1877 	if (vlanattr) {
1878 		*vlan = dev_get_by_index(genl_info_net(info),
1879 					 nla_get_u32(vlanattr));
1880 		if (!*vlan)
1881 			return -ENODEV;
1882 		if (!(*vlan)->ieee80211_ptr)
1883 			return -EINVAL;
1884 		if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
1885 			return -EINVAL;
1886 		if (!netif_running(*vlan))
1887 			return -ENETDOWN;
1888 	}
1889 	return 0;
1890 }
1891 
1892 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
1893 {
1894 	struct cfg80211_registered_device *rdev;
1895 	int err;
1896 	struct net_device *dev;
1897 	struct station_parameters params;
1898 	u8 *mac_addr = NULL;
1899 
1900 	memset(&params, 0, sizeof(params));
1901 
1902 	params.listen_interval = -1;
1903 
1904 	if (info->attrs[NL80211_ATTR_STA_AID])
1905 		return -EINVAL;
1906 
1907 	if (!info->attrs[NL80211_ATTR_MAC])
1908 		return -EINVAL;
1909 
1910 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1911 
1912 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
1913 		params.supported_rates =
1914 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1915 		params.supported_rates_len =
1916 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1917 	}
1918 
1919 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
1920 		params.listen_interval =
1921 		    nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
1922 
1923 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
1924 		params.ht_capa =
1925 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
1926 
1927 	if (parse_station_flags(info, &params))
1928 		return -EINVAL;
1929 
1930 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
1931 		params.plink_action =
1932 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
1933 
1934 	rtnl_lock();
1935 
1936 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1937 	if (err)
1938 		goto out_rtnl;
1939 
1940 	err = get_vlan(info, rdev, &params.vlan);
1941 	if (err)
1942 		goto out;
1943 
1944 	/* validate settings */
1945 	err = 0;
1946 
1947 	switch (dev->ieee80211_ptr->iftype) {
1948 	case NL80211_IFTYPE_AP:
1949 	case NL80211_IFTYPE_AP_VLAN:
1950 		/* disallow mesh-specific things */
1951 		if (params.plink_action)
1952 			err = -EINVAL;
1953 		break;
1954 	case NL80211_IFTYPE_STATION:
1955 		/* disallow everything but AUTHORIZED flag */
1956 		if (params.plink_action)
1957 			err = -EINVAL;
1958 		if (params.vlan)
1959 			err = -EINVAL;
1960 		if (params.supported_rates)
1961 			err = -EINVAL;
1962 		if (params.ht_capa)
1963 			err = -EINVAL;
1964 		if (params.listen_interval >= 0)
1965 			err = -EINVAL;
1966 		if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
1967 			err = -EINVAL;
1968 		break;
1969 	case NL80211_IFTYPE_MESH_POINT:
1970 		/* disallow things mesh doesn't support */
1971 		if (params.vlan)
1972 			err = -EINVAL;
1973 		if (params.ht_capa)
1974 			err = -EINVAL;
1975 		if (params.listen_interval >= 0)
1976 			err = -EINVAL;
1977 		if (params.supported_rates)
1978 			err = -EINVAL;
1979 		if (params.sta_flags_mask)
1980 			err = -EINVAL;
1981 		break;
1982 	default:
1983 		err = -EINVAL;
1984 	}
1985 
1986 	if (err)
1987 		goto out;
1988 
1989 	if (!rdev->ops->change_station) {
1990 		err = -EOPNOTSUPP;
1991 		goto out;
1992 	}
1993 
1994 	err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
1995 
1996  out:
1997 	if (params.vlan)
1998 		dev_put(params.vlan);
1999 	cfg80211_unlock_rdev(rdev);
2000 	dev_put(dev);
2001  out_rtnl:
2002 	rtnl_unlock();
2003 
2004 	return err;
2005 }
2006 
2007 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2008 {
2009 	struct cfg80211_registered_device *rdev;
2010 	int err;
2011 	struct net_device *dev;
2012 	struct station_parameters params;
2013 	u8 *mac_addr = NULL;
2014 
2015 	memset(&params, 0, sizeof(params));
2016 
2017 	if (!info->attrs[NL80211_ATTR_MAC])
2018 		return -EINVAL;
2019 
2020 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2021 		return -EINVAL;
2022 
2023 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2024 		return -EINVAL;
2025 
2026 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2027 	params.supported_rates =
2028 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2029 	params.supported_rates_len =
2030 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2031 	params.listen_interval =
2032 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2033 
2034 	if (info->attrs[NL80211_ATTR_STA_AID]) {
2035 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2036 		if (!params.aid || params.aid > IEEE80211_MAX_AID)
2037 			return -EINVAL;
2038 	}
2039 
2040 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2041 		params.ht_capa =
2042 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2043 
2044 	if (parse_station_flags(info, &params))
2045 		return -EINVAL;
2046 
2047 	rtnl_lock();
2048 
2049 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2050 	if (err)
2051 		goto out_rtnl;
2052 
2053 	err = get_vlan(info, rdev, &params.vlan);
2054 	if (err)
2055 		goto out;
2056 
2057 	/* validate settings */
2058 	err = 0;
2059 
2060 	switch (dev->ieee80211_ptr->iftype) {
2061 	case NL80211_IFTYPE_AP:
2062 	case NL80211_IFTYPE_AP_VLAN:
2063 		/* all ok but must have AID */
2064 		if (!params.aid)
2065 			err = -EINVAL;
2066 		break;
2067 	case NL80211_IFTYPE_MESH_POINT:
2068 		/* disallow things mesh doesn't support */
2069 		if (params.vlan)
2070 			err = -EINVAL;
2071 		if (params.aid)
2072 			err = -EINVAL;
2073 		if (params.ht_capa)
2074 			err = -EINVAL;
2075 		if (params.listen_interval >= 0)
2076 			err = -EINVAL;
2077 		if (params.supported_rates)
2078 			err = -EINVAL;
2079 		if (params.sta_flags_mask)
2080 			err = -EINVAL;
2081 		break;
2082 	default:
2083 		err = -EINVAL;
2084 	}
2085 
2086 	if (err)
2087 		goto out;
2088 
2089 	if (!rdev->ops->add_station) {
2090 		err = -EOPNOTSUPP;
2091 		goto out;
2092 	}
2093 
2094 	if (!netif_running(dev)) {
2095 		err = -ENETDOWN;
2096 		goto out;
2097 	}
2098 
2099 	err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2100 
2101  out:
2102 	if (params.vlan)
2103 		dev_put(params.vlan);
2104 	cfg80211_unlock_rdev(rdev);
2105 	dev_put(dev);
2106  out_rtnl:
2107 	rtnl_unlock();
2108 
2109 	return err;
2110 }
2111 
2112 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2113 {
2114 	struct cfg80211_registered_device *rdev;
2115 	int err;
2116 	struct net_device *dev;
2117 	u8 *mac_addr = NULL;
2118 
2119 	if (info->attrs[NL80211_ATTR_MAC])
2120 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2121 
2122 	rtnl_lock();
2123 
2124 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2125 	if (err)
2126 		goto out_rtnl;
2127 
2128 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2129 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2130 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2131 		err = -EINVAL;
2132 		goto out;
2133 	}
2134 
2135 	if (!rdev->ops->del_station) {
2136 		err = -EOPNOTSUPP;
2137 		goto out;
2138 	}
2139 
2140 	err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2141 
2142  out:
2143 	cfg80211_unlock_rdev(rdev);
2144 	dev_put(dev);
2145  out_rtnl:
2146 	rtnl_unlock();
2147 
2148 	return err;
2149 }
2150 
2151 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2152 				int flags, struct net_device *dev,
2153 				u8 *dst, u8 *next_hop,
2154 				struct mpath_info *pinfo)
2155 {
2156 	void *hdr;
2157 	struct nlattr *pinfoattr;
2158 
2159 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2160 	if (!hdr)
2161 		return -1;
2162 
2163 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2164 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2165 	NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2166 
2167 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2168 
2169 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2170 	if (!pinfoattr)
2171 		goto nla_put_failure;
2172 	if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2173 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2174 			    pinfo->frame_qlen);
2175 	if (pinfo->filled & MPATH_INFO_SN)
2176 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2177 			    pinfo->sn);
2178 	if (pinfo->filled & MPATH_INFO_METRIC)
2179 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2180 			    pinfo->metric);
2181 	if (pinfo->filled & MPATH_INFO_EXPTIME)
2182 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2183 			    pinfo->exptime);
2184 	if (pinfo->filled & MPATH_INFO_FLAGS)
2185 		NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2186 			    pinfo->flags);
2187 	if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2188 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2189 			    pinfo->discovery_timeout);
2190 	if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2191 		NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2192 			    pinfo->discovery_retries);
2193 
2194 	nla_nest_end(msg, pinfoattr);
2195 
2196 	return genlmsg_end(msg, hdr);
2197 
2198  nla_put_failure:
2199 	genlmsg_cancel(msg, hdr);
2200 	return -EMSGSIZE;
2201 }
2202 
2203 static int nl80211_dump_mpath(struct sk_buff *skb,
2204 			      struct netlink_callback *cb)
2205 {
2206 	struct mpath_info pinfo;
2207 	struct cfg80211_registered_device *dev;
2208 	struct net_device *netdev;
2209 	u8 dst[ETH_ALEN];
2210 	u8 next_hop[ETH_ALEN];
2211 	int ifidx = cb->args[0];
2212 	int path_idx = cb->args[1];
2213 	int err;
2214 
2215 	if (!ifidx)
2216 		ifidx = nl80211_get_ifidx(cb);
2217 	if (ifidx < 0)
2218 		return ifidx;
2219 
2220 	rtnl_lock();
2221 
2222 	netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2223 	if (!netdev) {
2224 		err = -ENODEV;
2225 		goto out_rtnl;
2226 	}
2227 
2228 	dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
2229 	if (IS_ERR(dev)) {
2230 		err = PTR_ERR(dev);
2231 		goto out_rtnl;
2232 	}
2233 
2234 	if (!dev->ops->dump_mpath) {
2235 		err = -EOPNOTSUPP;
2236 		goto out_err;
2237 	}
2238 
2239 	if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2240 		err = -EOPNOTSUPP;
2241 		goto out_err;
2242 	}
2243 
2244 	while (1) {
2245 		err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2246 					   dst, next_hop, &pinfo);
2247 		if (err == -ENOENT)
2248 			break;
2249 		if (err)
2250 			goto out_err;
2251 
2252 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2253 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2254 				       netdev, dst, next_hop,
2255 				       &pinfo) < 0)
2256 			goto out;
2257 
2258 		path_idx++;
2259 	}
2260 
2261 
2262  out:
2263 	cb->args[1] = path_idx;
2264 	err = skb->len;
2265  out_err:
2266 	cfg80211_unlock_rdev(dev);
2267  out_rtnl:
2268 	rtnl_unlock();
2269 
2270 	return err;
2271 }
2272 
2273 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2274 {
2275 	struct cfg80211_registered_device *rdev;
2276 	int err;
2277 	struct net_device *dev;
2278 	struct mpath_info pinfo;
2279 	struct sk_buff *msg;
2280 	u8 *dst = NULL;
2281 	u8 next_hop[ETH_ALEN];
2282 
2283 	memset(&pinfo, 0, sizeof(pinfo));
2284 
2285 	if (!info->attrs[NL80211_ATTR_MAC])
2286 		return -EINVAL;
2287 
2288 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2289 
2290 	rtnl_lock();
2291 
2292 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2293 	if (err)
2294 		goto out_rtnl;
2295 
2296 	if (!rdev->ops->get_mpath) {
2297 		err = -EOPNOTSUPP;
2298 		goto out;
2299 	}
2300 
2301 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2302 		err = -EOPNOTSUPP;
2303 		goto out;
2304 	}
2305 
2306 	err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2307 	if (err)
2308 		goto out;
2309 
2310 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2311 	if (!msg)
2312 		goto out;
2313 
2314 	if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2315 				 dev, dst, next_hop, &pinfo) < 0)
2316 		goto out_free;
2317 
2318 	err = genlmsg_reply(msg, info);
2319 	goto out;
2320 
2321  out_free:
2322 	nlmsg_free(msg);
2323  out:
2324 	cfg80211_unlock_rdev(rdev);
2325 	dev_put(dev);
2326  out_rtnl:
2327 	rtnl_unlock();
2328 
2329 	return err;
2330 }
2331 
2332 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
2333 {
2334 	struct cfg80211_registered_device *rdev;
2335 	int err;
2336 	struct net_device *dev;
2337 	u8 *dst = NULL;
2338 	u8 *next_hop = NULL;
2339 
2340 	if (!info->attrs[NL80211_ATTR_MAC])
2341 		return -EINVAL;
2342 
2343 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2344 		return -EINVAL;
2345 
2346 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2347 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2348 
2349 	rtnl_lock();
2350 
2351 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2352 	if (err)
2353 		goto out_rtnl;
2354 
2355 	if (!rdev->ops->change_mpath) {
2356 		err = -EOPNOTSUPP;
2357 		goto out;
2358 	}
2359 
2360 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2361 		err = -EOPNOTSUPP;
2362 		goto out;
2363 	}
2364 
2365 	if (!netif_running(dev)) {
2366 		err = -ENETDOWN;
2367 		goto out;
2368 	}
2369 
2370 	err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
2371 
2372  out:
2373 	cfg80211_unlock_rdev(rdev);
2374 	dev_put(dev);
2375  out_rtnl:
2376 	rtnl_unlock();
2377 
2378 	return err;
2379 }
2380 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
2381 {
2382 	struct cfg80211_registered_device *rdev;
2383 	int err;
2384 	struct net_device *dev;
2385 	u8 *dst = NULL;
2386 	u8 *next_hop = NULL;
2387 
2388 	if (!info->attrs[NL80211_ATTR_MAC])
2389 		return -EINVAL;
2390 
2391 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2392 		return -EINVAL;
2393 
2394 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2395 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2396 
2397 	rtnl_lock();
2398 
2399 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2400 	if (err)
2401 		goto out_rtnl;
2402 
2403 	if (!rdev->ops->add_mpath) {
2404 		err = -EOPNOTSUPP;
2405 		goto out;
2406 	}
2407 
2408 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2409 		err = -EOPNOTSUPP;
2410 		goto out;
2411 	}
2412 
2413 	if (!netif_running(dev)) {
2414 		err = -ENETDOWN;
2415 		goto out;
2416 	}
2417 
2418 	err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
2419 
2420  out:
2421 	cfg80211_unlock_rdev(rdev);
2422 	dev_put(dev);
2423  out_rtnl:
2424 	rtnl_unlock();
2425 
2426 	return err;
2427 }
2428 
2429 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
2430 {
2431 	struct cfg80211_registered_device *rdev;
2432 	int err;
2433 	struct net_device *dev;
2434 	u8 *dst = NULL;
2435 
2436 	if (info->attrs[NL80211_ATTR_MAC])
2437 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2438 
2439 	rtnl_lock();
2440 
2441 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2442 	if (err)
2443 		goto out_rtnl;
2444 
2445 	if (!rdev->ops->del_mpath) {
2446 		err = -EOPNOTSUPP;
2447 		goto out;
2448 	}
2449 
2450 	err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
2451 
2452  out:
2453 	cfg80211_unlock_rdev(rdev);
2454 	dev_put(dev);
2455  out_rtnl:
2456 	rtnl_unlock();
2457 
2458 	return err;
2459 }
2460 
2461 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2462 {
2463 	struct cfg80211_registered_device *rdev;
2464 	int err;
2465 	struct net_device *dev;
2466 	struct bss_parameters params;
2467 
2468 	memset(&params, 0, sizeof(params));
2469 	/* default to not changing parameters */
2470 	params.use_cts_prot = -1;
2471 	params.use_short_preamble = -1;
2472 	params.use_short_slot_time = -1;
2473 
2474 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
2475 		params.use_cts_prot =
2476 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
2477 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
2478 		params.use_short_preamble =
2479 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
2480 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
2481 		params.use_short_slot_time =
2482 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
2483 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
2484 		params.basic_rates =
2485 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2486 		params.basic_rates_len =
2487 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2488 	}
2489 
2490 	rtnl_lock();
2491 
2492 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2493 	if (err)
2494 		goto out_rtnl;
2495 
2496 	if (!rdev->ops->change_bss) {
2497 		err = -EOPNOTSUPP;
2498 		goto out;
2499 	}
2500 
2501 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
2502 		err = -EOPNOTSUPP;
2503 		goto out;
2504 	}
2505 
2506 	err = rdev->ops->change_bss(&rdev->wiphy, dev, &params);
2507 
2508  out:
2509 	cfg80211_unlock_rdev(rdev);
2510 	dev_put(dev);
2511  out_rtnl:
2512 	rtnl_unlock();
2513 
2514 	return err;
2515 }
2516 
2517 static const struct nla_policy
2518 	reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2519 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
2520 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
2521 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
2522 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
2523 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
2524 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
2525 };
2526 
2527 static int parse_reg_rule(struct nlattr *tb[],
2528 	struct ieee80211_reg_rule *reg_rule)
2529 {
2530 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
2531 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
2532 
2533 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2534 		return -EINVAL;
2535 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2536 		return -EINVAL;
2537 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2538 		return -EINVAL;
2539 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2540 		return -EINVAL;
2541 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2542 		return -EINVAL;
2543 
2544 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2545 
2546 	freq_range->start_freq_khz =
2547 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2548 	freq_range->end_freq_khz =
2549 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2550 	freq_range->max_bandwidth_khz =
2551 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2552 
2553 	power_rule->max_eirp =
2554 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2555 
2556 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2557 		power_rule->max_antenna_gain =
2558 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2559 
2560 	return 0;
2561 }
2562 
2563 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2564 {
2565 	int r;
2566 	char *data = NULL;
2567 
2568 	/*
2569 	 * You should only get this when cfg80211 hasn't yet initialized
2570 	 * completely when built-in to the kernel right between the time
2571 	 * window between nl80211_init() and regulatory_init(), if that is
2572 	 * even possible.
2573 	 */
2574 	mutex_lock(&cfg80211_mutex);
2575 	if (unlikely(!cfg80211_regdomain)) {
2576 		mutex_unlock(&cfg80211_mutex);
2577 		return -EINPROGRESS;
2578 	}
2579 	mutex_unlock(&cfg80211_mutex);
2580 
2581 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2582 		return -EINVAL;
2583 
2584 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2585 
2586 #ifdef CONFIG_WIRELESS_OLD_REGULATORY
2587 	/* We ignore world regdom requests with the old regdom setup */
2588 	if (is_world_regdom(data))
2589 		return -EINVAL;
2590 #endif
2591 
2592 	r = regulatory_hint_user(data);
2593 
2594 	return r;
2595 }
2596 
2597 static int nl80211_get_mesh_params(struct sk_buff *skb,
2598 	struct genl_info *info)
2599 {
2600 	struct cfg80211_registered_device *rdev;
2601 	struct mesh_config cur_params;
2602 	int err;
2603 	struct net_device *dev;
2604 	void *hdr;
2605 	struct nlattr *pinfoattr;
2606 	struct sk_buff *msg;
2607 
2608 	rtnl_lock();
2609 
2610 	/* Look up our device */
2611 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2612 	if (err)
2613 		goto out_rtnl;
2614 
2615 	if (!rdev->ops->get_mesh_params) {
2616 		err = -EOPNOTSUPP;
2617 		goto out;
2618 	}
2619 
2620 	/* Get the mesh params */
2621 	err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params);
2622 	if (err)
2623 		goto out;
2624 
2625 	/* Draw up a netlink message to send back */
2626 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2627 	if (!msg) {
2628 		err = -ENOBUFS;
2629 		goto out;
2630 	}
2631 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2632 			     NL80211_CMD_GET_MESH_PARAMS);
2633 	if (!hdr)
2634 		goto nla_put_failure;
2635 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS);
2636 	if (!pinfoattr)
2637 		goto nla_put_failure;
2638 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2639 	NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2640 			cur_params.dot11MeshRetryTimeout);
2641 	NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2642 			cur_params.dot11MeshConfirmTimeout);
2643 	NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2644 			cur_params.dot11MeshHoldingTimeout);
2645 	NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2646 			cur_params.dot11MeshMaxPeerLinks);
2647 	NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2648 			cur_params.dot11MeshMaxRetries);
2649 	NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2650 			cur_params.dot11MeshTTL);
2651 	NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2652 			cur_params.auto_open_plinks);
2653 	NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2654 			cur_params.dot11MeshHWMPmaxPREQretries);
2655 	NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2656 			cur_params.path_refresh_time);
2657 	NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2658 			cur_params.min_discovery_timeout);
2659 	NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2660 			cur_params.dot11MeshHWMPactivePathTimeout);
2661 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2662 			cur_params.dot11MeshHWMPpreqMinInterval);
2663 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2664 			cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2665 	NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
2666 			cur_params.dot11MeshHWMPRootMode);
2667 	nla_nest_end(msg, pinfoattr);
2668 	genlmsg_end(msg, hdr);
2669 	err = genlmsg_reply(msg, info);
2670 	goto out;
2671 
2672  nla_put_failure:
2673 	genlmsg_cancel(msg, hdr);
2674 	err = -EMSGSIZE;
2675  out:
2676 	/* Cleanup */
2677 	cfg80211_unlock_rdev(rdev);
2678 	dev_put(dev);
2679  out_rtnl:
2680 	rtnl_unlock();
2681 
2682 	return err;
2683 }
2684 
2685 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
2686 do {\
2687 	if (table[attr_num]) {\
2688 		cfg.param = nla_fn(table[attr_num]); \
2689 		mask |= (1 << (attr_num - 1)); \
2690 	} \
2691 } while (0);\
2692 
2693 static struct nla_policy
2694 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] __read_mostly = {
2695 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2696 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2697 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2698 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2699 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2700 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2701 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2702 
2703 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2704 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2705 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2706 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2707 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2708 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2709 };
2710 
2711 static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2712 {
2713 	int err;
2714 	u32 mask;
2715 	struct cfg80211_registered_device *rdev;
2716 	struct net_device *dev;
2717 	struct mesh_config cfg;
2718 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
2719 	struct nlattr *parent_attr;
2720 
2721 	parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS];
2722 	if (!parent_attr)
2723 		return -EINVAL;
2724 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
2725 			parent_attr, nl80211_meshconf_params_policy))
2726 		return -EINVAL;
2727 
2728 	rtnl_lock();
2729 
2730 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2731 	if (err)
2732 		goto out_rtnl;
2733 
2734 	if (!rdev->ops->set_mesh_params) {
2735 		err = -EOPNOTSUPP;
2736 		goto out;
2737 	}
2738 
2739 	/* This makes sure that there aren't more than 32 mesh config
2740 	 * parameters (otherwise our bitfield scheme would not work.) */
2741 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
2742 
2743 	/* Fill in the params struct */
2744 	mask = 0;
2745 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
2746 			mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
2747 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
2748 			mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
2749 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
2750 			mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
2751 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
2752 			mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
2753 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
2754 			mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
2755 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
2756 			mask, NL80211_MESHCONF_TTL, nla_get_u8);
2757 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
2758 			mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
2759 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
2760 			mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2761 			nla_get_u8);
2762 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
2763 			mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
2764 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
2765 			mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2766 			nla_get_u16);
2767 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
2768 			mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2769 			nla_get_u32);
2770 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
2771 			mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2772 			nla_get_u16);
2773 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2774 			dot11MeshHWMPnetDiameterTraversalTime,
2775 			mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2776 			nla_get_u16);
2777 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2778 			dot11MeshHWMPRootMode, mask,
2779 			NL80211_MESHCONF_HWMP_ROOTMODE,
2780 			nla_get_u8);
2781 
2782 	/* Apply changes */
2783 	err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask);
2784 
2785  out:
2786 	/* cleanup */
2787 	cfg80211_unlock_rdev(rdev);
2788 	dev_put(dev);
2789  out_rtnl:
2790 	rtnl_unlock();
2791 
2792 	return err;
2793 }
2794 
2795 #undef FILL_IN_MESH_PARAM_IF_SET
2796 
2797 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
2798 {
2799 	struct sk_buff *msg;
2800 	void *hdr = NULL;
2801 	struct nlattr *nl_reg_rules;
2802 	unsigned int i;
2803 	int err = -EINVAL;
2804 
2805 	mutex_lock(&cfg80211_mutex);
2806 
2807 	if (!cfg80211_regdomain)
2808 		goto out;
2809 
2810 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2811 	if (!msg) {
2812 		err = -ENOBUFS;
2813 		goto out;
2814 	}
2815 
2816 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2817 			     NL80211_CMD_GET_REG);
2818 	if (!hdr)
2819 		goto nla_put_failure;
2820 
2821 	NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
2822 		cfg80211_regdomain->alpha2);
2823 
2824 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
2825 	if (!nl_reg_rules)
2826 		goto nla_put_failure;
2827 
2828 	for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
2829 		struct nlattr *nl_reg_rule;
2830 		const struct ieee80211_reg_rule *reg_rule;
2831 		const struct ieee80211_freq_range *freq_range;
2832 		const struct ieee80211_power_rule *power_rule;
2833 
2834 		reg_rule = &cfg80211_regdomain->reg_rules[i];
2835 		freq_range = &reg_rule->freq_range;
2836 		power_rule = &reg_rule->power_rule;
2837 
2838 		nl_reg_rule = nla_nest_start(msg, i);
2839 		if (!nl_reg_rule)
2840 			goto nla_put_failure;
2841 
2842 		NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
2843 			reg_rule->flags);
2844 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
2845 			freq_range->start_freq_khz);
2846 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
2847 			freq_range->end_freq_khz);
2848 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
2849 			freq_range->max_bandwidth_khz);
2850 		NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
2851 			power_rule->max_antenna_gain);
2852 		NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
2853 			power_rule->max_eirp);
2854 
2855 		nla_nest_end(msg, nl_reg_rule);
2856 	}
2857 
2858 	nla_nest_end(msg, nl_reg_rules);
2859 
2860 	genlmsg_end(msg, hdr);
2861 	err = genlmsg_reply(msg, info);
2862 	goto out;
2863 
2864 nla_put_failure:
2865 	genlmsg_cancel(msg, hdr);
2866 	err = -EMSGSIZE;
2867 out:
2868 	mutex_unlock(&cfg80211_mutex);
2869 	return err;
2870 }
2871 
2872 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
2873 {
2874 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
2875 	struct nlattr *nl_reg_rule;
2876 	char *alpha2 = NULL;
2877 	int rem_reg_rules = 0, r = 0;
2878 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
2879 	struct ieee80211_regdomain *rd = NULL;
2880 
2881 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2882 		return -EINVAL;
2883 
2884 	if (!info->attrs[NL80211_ATTR_REG_RULES])
2885 		return -EINVAL;
2886 
2887 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2888 
2889 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
2890 			rem_reg_rules) {
2891 		num_rules++;
2892 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
2893 			return -EINVAL;
2894 	}
2895 
2896 	mutex_lock(&cfg80211_mutex);
2897 
2898 	if (!reg_is_valid_request(alpha2)) {
2899 		r = -EINVAL;
2900 		goto bad_reg;
2901 	}
2902 
2903 	size_of_regd = sizeof(struct ieee80211_regdomain) +
2904 		(num_rules * sizeof(struct ieee80211_reg_rule));
2905 
2906 	rd = kzalloc(size_of_regd, GFP_KERNEL);
2907 	if (!rd) {
2908 		r = -ENOMEM;
2909 		goto bad_reg;
2910 	}
2911 
2912 	rd->n_reg_rules = num_rules;
2913 	rd->alpha2[0] = alpha2[0];
2914 	rd->alpha2[1] = alpha2[1];
2915 
2916 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
2917 			rem_reg_rules) {
2918 		nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
2919 			nla_data(nl_reg_rule), nla_len(nl_reg_rule),
2920 			reg_rule_policy);
2921 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
2922 		if (r)
2923 			goto bad_reg;
2924 
2925 		rule_idx++;
2926 
2927 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
2928 			r = -EINVAL;
2929 			goto bad_reg;
2930 		}
2931 	}
2932 
2933 	BUG_ON(rule_idx != num_rules);
2934 
2935 	r = set_regdom(rd);
2936 
2937 	mutex_unlock(&cfg80211_mutex);
2938 
2939 	return r;
2940 
2941  bad_reg:
2942 	mutex_unlock(&cfg80211_mutex);
2943 	kfree(rd);
2944 	return r;
2945 }
2946 
2947 static int validate_scan_freqs(struct nlattr *freqs)
2948 {
2949 	struct nlattr *attr1, *attr2;
2950 	int n_channels = 0, tmp1, tmp2;
2951 
2952 	nla_for_each_nested(attr1, freqs, tmp1) {
2953 		n_channels++;
2954 		/*
2955 		 * Some hardware has a limited channel list for
2956 		 * scanning, and it is pretty much nonsensical
2957 		 * to scan for a channel twice, so disallow that
2958 		 * and don't require drivers to check that the
2959 		 * channel list they get isn't longer than what
2960 		 * they can scan, as long as they can scan all
2961 		 * the channels they registered at once.
2962 		 */
2963 		nla_for_each_nested(attr2, freqs, tmp2)
2964 			if (attr1 != attr2 &&
2965 			    nla_get_u32(attr1) == nla_get_u32(attr2))
2966 				return 0;
2967 	}
2968 
2969 	return n_channels;
2970 }
2971 
2972 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
2973 {
2974 	struct cfg80211_registered_device *rdev;
2975 	struct net_device *dev;
2976 	struct cfg80211_scan_request *request;
2977 	struct cfg80211_ssid *ssid;
2978 	struct ieee80211_channel *channel;
2979 	struct nlattr *attr;
2980 	struct wiphy *wiphy;
2981 	int err, tmp, n_ssids = 0, n_channels, i;
2982 	enum ieee80211_band band;
2983 	size_t ie_len;
2984 
2985 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
2986 		return -EINVAL;
2987 
2988 	rtnl_lock();
2989 
2990 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2991 	if (err)
2992 		goto out_rtnl;
2993 
2994 	wiphy = &rdev->wiphy;
2995 
2996 	if (!rdev->ops->scan) {
2997 		err = -EOPNOTSUPP;
2998 		goto out;
2999 	}
3000 
3001 	if (!netif_running(dev)) {
3002 		err = -ENETDOWN;
3003 		goto out;
3004 	}
3005 
3006 	if (rdev->scan_req) {
3007 		err = -EBUSY;
3008 		goto out;
3009 	}
3010 
3011 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3012 		n_channels = validate_scan_freqs(
3013 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3014 		if (!n_channels) {
3015 			err = -EINVAL;
3016 			goto out;
3017 		}
3018 	} else {
3019 		n_channels = 0;
3020 
3021 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3022 			if (wiphy->bands[band])
3023 				n_channels += wiphy->bands[band]->n_channels;
3024 	}
3025 
3026 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3027 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3028 			n_ssids++;
3029 
3030 	if (n_ssids > wiphy->max_scan_ssids) {
3031 		err = -EINVAL;
3032 		goto out;
3033 	}
3034 
3035 	if (info->attrs[NL80211_ATTR_IE])
3036 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3037 	else
3038 		ie_len = 0;
3039 
3040 	if (ie_len > wiphy->max_scan_ie_len) {
3041 		err = -EINVAL;
3042 		goto out;
3043 	}
3044 
3045 	request = kzalloc(sizeof(*request)
3046 			+ sizeof(*ssid) * n_ssids
3047 			+ sizeof(channel) * n_channels
3048 			+ ie_len, GFP_KERNEL);
3049 	if (!request) {
3050 		err = -ENOMEM;
3051 		goto out;
3052 	}
3053 
3054 	if (n_ssids)
3055 		request->ssids = (void *)&request->channels[n_channels];
3056 	request->n_ssids = n_ssids;
3057 	if (ie_len) {
3058 		if (request->ssids)
3059 			request->ie = (void *)(request->ssids + n_ssids);
3060 		else
3061 			request->ie = (void *)(request->channels + n_channels);
3062 	}
3063 
3064 	i = 0;
3065 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3066 		/* user specified, bail out if channel not found */
3067 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3068 			struct ieee80211_channel *chan;
3069 
3070 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3071 
3072 			if (!chan) {
3073 				err = -EINVAL;
3074 				goto out_free;
3075 			}
3076 
3077 			/* ignore disabled channels */
3078 			if (chan->flags & IEEE80211_CHAN_DISABLED)
3079 				continue;
3080 
3081 			request->channels[i] = chan;
3082 			i++;
3083 		}
3084 	} else {
3085 		/* all channels */
3086 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3087 			int j;
3088 			if (!wiphy->bands[band])
3089 				continue;
3090 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3091 				struct ieee80211_channel *chan;
3092 
3093 				chan = &wiphy->bands[band]->channels[j];
3094 
3095 				if (chan->flags & IEEE80211_CHAN_DISABLED)
3096 					continue;
3097 
3098 				request->channels[i] = chan;
3099 				i++;
3100 			}
3101 		}
3102 	}
3103 
3104 	if (!i) {
3105 		err = -EINVAL;
3106 		goto out_free;
3107 	}
3108 
3109 	request->n_channels = i;
3110 
3111 	i = 0;
3112 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3113 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3114 			if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
3115 				err = -EINVAL;
3116 				goto out_free;
3117 			}
3118 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3119 			request->ssids[i].ssid_len = nla_len(attr);
3120 			i++;
3121 		}
3122 	}
3123 
3124 	if (info->attrs[NL80211_ATTR_IE]) {
3125 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3126 		memcpy((void *)request->ie,
3127 		       nla_data(info->attrs[NL80211_ATTR_IE]),
3128 		       request->ie_len);
3129 	}
3130 
3131 	request->dev = dev;
3132 	request->wiphy = &rdev->wiphy;
3133 
3134 	rdev->scan_req = request;
3135 	err = rdev->ops->scan(&rdev->wiphy, dev, request);
3136 
3137 	if (!err) {
3138 		nl80211_send_scan_start(rdev, dev);
3139 		dev_hold(dev);
3140 	}
3141 
3142  out_free:
3143 	if (err) {
3144 		rdev->scan_req = NULL;
3145 		kfree(request);
3146 	}
3147  out:
3148 	cfg80211_unlock_rdev(rdev);
3149 	dev_put(dev);
3150  out_rtnl:
3151 	rtnl_unlock();
3152 
3153 	return err;
3154 }
3155 
3156 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags,
3157 			    struct cfg80211_registered_device *rdev,
3158 			    struct wireless_dev *wdev,
3159 			    struct cfg80211_internal_bss *intbss)
3160 {
3161 	struct cfg80211_bss *res = &intbss->pub;
3162 	void *hdr;
3163 	struct nlattr *bss;
3164 	int i;
3165 
3166 	ASSERT_WDEV_LOCK(wdev);
3167 
3168 	hdr = nl80211hdr_put(msg, pid, seq, flags,
3169 			     NL80211_CMD_NEW_SCAN_RESULTS);
3170 	if (!hdr)
3171 		return -1;
3172 
3173 	NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
3174 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
3175 
3176 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
3177 	if (!bss)
3178 		goto nla_put_failure;
3179 	if (!is_zero_ether_addr(res->bssid))
3180 		NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
3181 	if (res->information_elements && res->len_information_elements)
3182 		NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3183 			res->len_information_elements,
3184 			res->information_elements);
3185 	if (res->tsf)
3186 		NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3187 	if (res->beacon_interval)
3188 		NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3189 	NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3190 	NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3191 	NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
3192 		jiffies_to_msecs(jiffies - intbss->ts));
3193 
3194 	switch (rdev->wiphy.signal_type) {
3195 	case CFG80211_SIGNAL_TYPE_MBM:
3196 		NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
3197 		break;
3198 	case CFG80211_SIGNAL_TYPE_UNSPEC:
3199 		NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
3200 		break;
3201 	default:
3202 		break;
3203 	}
3204 
3205 	switch (wdev->iftype) {
3206 	case NL80211_IFTYPE_STATION:
3207 		if (intbss == wdev->current_bss)
3208 			NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3209 				    NL80211_BSS_STATUS_ASSOCIATED);
3210 		else for (i = 0; i < MAX_AUTH_BSSES; i++) {
3211 			if (intbss != wdev->auth_bsses[i])
3212 				continue;
3213 			NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3214 				    NL80211_BSS_STATUS_AUTHENTICATED);
3215 			break;
3216 		}
3217 		break;
3218 	case NL80211_IFTYPE_ADHOC:
3219 		if (intbss == wdev->current_bss)
3220 			NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3221 				    NL80211_BSS_STATUS_IBSS_JOINED);
3222 		break;
3223 	default:
3224 		break;
3225 	}
3226 
3227 	nla_nest_end(msg, bss);
3228 
3229 	return genlmsg_end(msg, hdr);
3230 
3231  nla_put_failure:
3232 	genlmsg_cancel(msg, hdr);
3233 	return -EMSGSIZE;
3234 }
3235 
3236 static int nl80211_dump_scan(struct sk_buff *skb,
3237 			     struct netlink_callback *cb)
3238 {
3239 	struct cfg80211_registered_device *rdev;
3240 	struct net_device *dev;
3241 	struct cfg80211_internal_bss *scan;
3242 	struct wireless_dev *wdev;
3243 	int ifidx = cb->args[0];
3244 	int start = cb->args[1], idx = 0;
3245 	int err;
3246 
3247 	if (!ifidx)
3248 		ifidx = nl80211_get_ifidx(cb);
3249 	if (ifidx < 0)
3250 		return ifidx;
3251 	cb->args[0] = ifidx;
3252 
3253 	dev = dev_get_by_index(sock_net(skb->sk), ifidx);
3254 	if (!dev)
3255 		return -ENODEV;
3256 
3257 	rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3258 	if (IS_ERR(rdev)) {
3259 		err = PTR_ERR(rdev);
3260 		goto out_put_netdev;
3261 	}
3262 
3263 	wdev = dev->ieee80211_ptr;
3264 
3265 	wdev_lock(wdev);
3266 	spin_lock_bh(&rdev->bss_lock);
3267 	cfg80211_bss_expire(rdev);
3268 
3269 	list_for_each_entry(scan, &rdev->bss_list, list) {
3270 		if (++idx <= start)
3271 			continue;
3272 		if (nl80211_send_bss(skb,
3273 				NETLINK_CB(cb->skb).pid,
3274 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3275 				rdev, wdev, scan) < 0) {
3276 			idx--;
3277 			goto out;
3278 		}
3279 	}
3280 
3281  out:
3282 	spin_unlock_bh(&rdev->bss_lock);
3283 	wdev_unlock(wdev);
3284 
3285 	cb->args[1] = idx;
3286 	err = skb->len;
3287 	cfg80211_unlock_rdev(rdev);
3288  out_put_netdev:
3289 	dev_put(dev);
3290 
3291 	return err;
3292 }
3293 
3294 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
3295 				int flags, struct net_device *dev,
3296 				struct survey_info *survey)
3297 {
3298 	void *hdr;
3299 	struct nlattr *infoattr;
3300 
3301 	/* Survey without a channel doesn't make sense */
3302 	if (!survey->channel)
3303 		return -EINVAL;
3304 
3305 	hdr = nl80211hdr_put(msg, pid, seq, flags,
3306 			     NL80211_CMD_NEW_SURVEY_RESULTS);
3307 	if (!hdr)
3308 		return -ENOMEM;
3309 
3310 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3311 
3312 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
3313 	if (!infoattr)
3314 		goto nla_put_failure;
3315 
3316 	NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
3317 		    survey->channel->center_freq);
3318 	if (survey->filled & SURVEY_INFO_NOISE_DBM)
3319 		NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
3320 			    survey->noise);
3321 
3322 	nla_nest_end(msg, infoattr);
3323 
3324 	return genlmsg_end(msg, hdr);
3325 
3326  nla_put_failure:
3327 	genlmsg_cancel(msg, hdr);
3328 	return -EMSGSIZE;
3329 }
3330 
3331 static int nl80211_dump_survey(struct sk_buff *skb,
3332 			struct netlink_callback *cb)
3333 {
3334 	struct survey_info survey;
3335 	struct cfg80211_registered_device *dev;
3336 	struct net_device *netdev;
3337 	int ifidx = cb->args[0];
3338 	int survey_idx = cb->args[1];
3339 	int res;
3340 
3341 	if (!ifidx)
3342 		ifidx = nl80211_get_ifidx(cb);
3343 	if (ifidx < 0)
3344 		return ifidx;
3345 	cb->args[0] = ifidx;
3346 
3347 	rtnl_lock();
3348 
3349 	netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3350 	if (!netdev) {
3351 		res = -ENODEV;
3352 		goto out_rtnl;
3353 	}
3354 
3355 	dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3356 	if (IS_ERR(dev)) {
3357 		res = PTR_ERR(dev);
3358 		goto out_rtnl;
3359 	}
3360 
3361 	if (!dev->ops->dump_survey) {
3362 		res = -EOPNOTSUPP;
3363 		goto out_err;
3364 	}
3365 
3366 	while (1) {
3367 		res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
3368 					    &survey);
3369 		if (res == -ENOENT)
3370 			break;
3371 		if (res)
3372 			goto out_err;
3373 
3374 		if (nl80211_send_survey(skb,
3375 				NETLINK_CB(cb->skb).pid,
3376 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3377 				netdev,
3378 				&survey) < 0)
3379 			goto out;
3380 		survey_idx++;
3381 	}
3382 
3383  out:
3384 	cb->args[1] = survey_idx;
3385 	res = skb->len;
3386  out_err:
3387 	cfg80211_unlock_rdev(dev);
3388  out_rtnl:
3389 	rtnl_unlock();
3390 
3391 	return res;
3392 }
3393 
3394 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3395 {
3396 	return auth_type <= NL80211_AUTHTYPE_MAX;
3397 }
3398 
3399 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
3400 {
3401 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
3402 				  NL80211_WPA_VERSION_2));
3403 }
3404 
3405 static bool nl80211_valid_akm_suite(u32 akm)
3406 {
3407 	return akm == WLAN_AKM_SUITE_8021X ||
3408 		akm == WLAN_AKM_SUITE_PSK;
3409 }
3410 
3411 static bool nl80211_valid_cipher_suite(u32 cipher)
3412 {
3413 	return cipher == WLAN_CIPHER_SUITE_WEP40 ||
3414 		cipher == WLAN_CIPHER_SUITE_WEP104 ||
3415 		cipher == WLAN_CIPHER_SUITE_TKIP ||
3416 		cipher == WLAN_CIPHER_SUITE_CCMP ||
3417 		cipher == WLAN_CIPHER_SUITE_AES_CMAC;
3418 }
3419 
3420 
3421 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
3422 {
3423 	struct cfg80211_registered_device *rdev;
3424 	struct net_device *dev;
3425 	struct ieee80211_channel *chan;
3426 	const u8 *bssid, *ssid, *ie = NULL;
3427 	int err, ssid_len, ie_len = 0;
3428 	enum nl80211_auth_type auth_type;
3429 	struct key_parse key;
3430 
3431 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3432 		return -EINVAL;
3433 
3434 	if (!info->attrs[NL80211_ATTR_MAC])
3435 		return -EINVAL;
3436 
3437 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
3438 		return -EINVAL;
3439 
3440 	if (!info->attrs[NL80211_ATTR_SSID])
3441 		return -EINVAL;
3442 
3443 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
3444 		return -EINVAL;
3445 
3446 	err = nl80211_parse_key(info, &key);
3447 	if (err)
3448 		return err;
3449 
3450 	if (key.idx >= 0) {
3451 		if (!key.p.key || !key.p.key_len)
3452 			return -EINVAL;
3453 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
3454 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
3455 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
3456 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
3457 			return -EINVAL;
3458 		if (key.idx > 4)
3459 			return -EINVAL;
3460 	} else {
3461 		key.p.key_len = 0;
3462 		key.p.key = NULL;
3463 	}
3464 
3465 	rtnl_lock();
3466 
3467 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3468 	if (err)
3469 		goto unlock_rtnl;
3470 
3471 	if (!rdev->ops->auth) {
3472 		err = -EOPNOTSUPP;
3473 		goto out;
3474 	}
3475 
3476 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3477 		err = -EOPNOTSUPP;
3478 		goto out;
3479 	}
3480 
3481 	if (!netif_running(dev)) {
3482 		err = -ENETDOWN;
3483 		goto out;
3484 	}
3485 
3486 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3487 	chan = ieee80211_get_channel(&rdev->wiphy,
3488 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3489 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3490 		err = -EINVAL;
3491 		goto out;
3492 	}
3493 
3494 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3495 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3496 
3497 	if (info->attrs[NL80211_ATTR_IE]) {
3498 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3499 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3500 	}
3501 
3502 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
3503 	if (!nl80211_valid_auth_type(auth_type)) {
3504 		err = -EINVAL;
3505 		goto out;
3506 	}
3507 
3508 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
3509 				 ssid, ssid_len, ie, ie_len,
3510 				 key.p.key, key.p.key_len, key.idx);
3511 
3512 out:
3513 	cfg80211_unlock_rdev(rdev);
3514 	dev_put(dev);
3515 unlock_rtnl:
3516 	rtnl_unlock();
3517 	return err;
3518 }
3519 
3520 static int nl80211_crypto_settings(struct genl_info *info,
3521 				   struct cfg80211_crypto_settings *settings,
3522 				   int cipher_limit)
3523 {
3524 	memset(settings, 0, sizeof(*settings));
3525 
3526 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
3527 
3528 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
3529 		void *data;
3530 		int len, i;
3531 
3532 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3533 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3534 		settings->n_ciphers_pairwise = len / sizeof(u32);
3535 
3536 		if (len % sizeof(u32))
3537 			return -EINVAL;
3538 
3539 		if (settings->n_ciphers_pairwise > cipher_limit)
3540 			return -EINVAL;
3541 
3542 		memcpy(settings->ciphers_pairwise, data, len);
3543 
3544 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
3545 			if (!nl80211_valid_cipher_suite(
3546 					settings->ciphers_pairwise[i]))
3547 				return -EINVAL;
3548 	}
3549 
3550 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
3551 		settings->cipher_group =
3552 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
3553 		if (!nl80211_valid_cipher_suite(settings->cipher_group))
3554 			return -EINVAL;
3555 	}
3556 
3557 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
3558 		settings->wpa_versions =
3559 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
3560 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
3561 			return -EINVAL;
3562 	}
3563 
3564 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
3565 		void *data;
3566 		int len, i;
3567 
3568 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
3569 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
3570 		settings->n_akm_suites = len / sizeof(u32);
3571 
3572 		if (len % sizeof(u32))
3573 			return -EINVAL;
3574 
3575 		memcpy(settings->akm_suites, data, len);
3576 
3577 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
3578 			if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
3579 				return -EINVAL;
3580 	}
3581 
3582 	return 0;
3583 }
3584 
3585 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
3586 {
3587 	struct cfg80211_registered_device *rdev;
3588 	struct net_device *dev;
3589 	struct cfg80211_crypto_settings crypto;
3590 	struct ieee80211_channel *chan, *fixedchan;
3591 	const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
3592 	int err, ssid_len, ie_len = 0;
3593 	bool use_mfp = false;
3594 
3595 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3596 		return -EINVAL;
3597 
3598 	if (!info->attrs[NL80211_ATTR_MAC] ||
3599 	    !info->attrs[NL80211_ATTR_SSID] ||
3600 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
3601 		return -EINVAL;
3602 
3603 	rtnl_lock();
3604 
3605 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3606 	if (err)
3607 		goto unlock_rtnl;
3608 
3609 	if (!rdev->ops->assoc) {
3610 		err = -EOPNOTSUPP;
3611 		goto out;
3612 	}
3613 
3614 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3615 		err = -EOPNOTSUPP;
3616 		goto out;
3617 	}
3618 
3619 	if (!netif_running(dev)) {
3620 		err = -ENETDOWN;
3621 		goto out;
3622 	}
3623 
3624 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3625 
3626 	chan = ieee80211_get_channel(&rdev->wiphy,
3627 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3628 	if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3629 		err = -EINVAL;
3630 		goto out;
3631 	}
3632 
3633 	mutex_lock(&rdev->devlist_mtx);
3634 	fixedchan = rdev_fixed_channel(rdev, NULL);
3635 	if (fixedchan && chan != fixedchan) {
3636 		err = -EBUSY;
3637 		mutex_unlock(&rdev->devlist_mtx);
3638 		goto out;
3639 	}
3640 	mutex_unlock(&rdev->devlist_mtx);
3641 
3642 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3643 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3644 
3645 	if (info->attrs[NL80211_ATTR_IE]) {
3646 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3647 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3648 	}
3649 
3650 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
3651 		enum nl80211_mfp mfp =
3652 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
3653 		if (mfp == NL80211_MFP_REQUIRED)
3654 			use_mfp = true;
3655 		else if (mfp != NL80211_MFP_NO) {
3656 			err = -EINVAL;
3657 			goto out;
3658 		}
3659 	}
3660 
3661 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
3662 		prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
3663 
3664 	err = nl80211_crypto_settings(info, &crypto, 1);
3665 	if (!err)
3666 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
3667 					  ssid, ssid_len, ie, ie_len, use_mfp,
3668 					  &crypto);
3669 
3670 out:
3671 	cfg80211_unlock_rdev(rdev);
3672 	dev_put(dev);
3673 unlock_rtnl:
3674 	rtnl_unlock();
3675 	return err;
3676 }
3677 
3678 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
3679 {
3680 	struct cfg80211_registered_device *rdev;
3681 	struct net_device *dev;
3682 	const u8 *ie = NULL, *bssid;
3683 	int err, ie_len = 0;
3684 	u16 reason_code;
3685 
3686 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3687 		return -EINVAL;
3688 
3689 	if (!info->attrs[NL80211_ATTR_MAC])
3690 		return -EINVAL;
3691 
3692 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
3693 		return -EINVAL;
3694 
3695 	rtnl_lock();
3696 
3697 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3698 	if (err)
3699 		goto unlock_rtnl;
3700 
3701 	if (!rdev->ops->deauth) {
3702 		err = -EOPNOTSUPP;
3703 		goto out;
3704 	}
3705 
3706 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3707 		err = -EOPNOTSUPP;
3708 		goto out;
3709 	}
3710 
3711 	if (!netif_running(dev)) {
3712 		err = -ENETDOWN;
3713 		goto out;
3714 	}
3715 
3716 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3717 
3718 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3719 	if (reason_code == 0) {
3720 		/* Reason Code 0 is reserved */
3721 		err = -EINVAL;
3722 		goto out;
3723 	}
3724 
3725 	if (info->attrs[NL80211_ATTR_IE]) {
3726 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3727 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3728 	}
3729 
3730 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code);
3731 
3732 out:
3733 	cfg80211_unlock_rdev(rdev);
3734 	dev_put(dev);
3735 unlock_rtnl:
3736 	rtnl_unlock();
3737 	return err;
3738 }
3739 
3740 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
3741 {
3742 	struct cfg80211_registered_device *rdev;
3743 	struct net_device *dev;
3744 	const u8 *ie = NULL, *bssid;
3745 	int err, ie_len = 0;
3746 	u16 reason_code;
3747 
3748 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3749 		return -EINVAL;
3750 
3751 	if (!info->attrs[NL80211_ATTR_MAC])
3752 		return -EINVAL;
3753 
3754 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
3755 		return -EINVAL;
3756 
3757 	rtnl_lock();
3758 
3759 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3760 	if (err)
3761 		goto unlock_rtnl;
3762 
3763 	if (!rdev->ops->disassoc) {
3764 		err = -EOPNOTSUPP;
3765 		goto out;
3766 	}
3767 
3768 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3769 		err = -EOPNOTSUPP;
3770 		goto out;
3771 	}
3772 
3773 	if (!netif_running(dev)) {
3774 		err = -ENETDOWN;
3775 		goto out;
3776 	}
3777 
3778 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3779 
3780 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3781 	if (reason_code == 0) {
3782 		/* Reason Code 0 is reserved */
3783 		err = -EINVAL;
3784 		goto out;
3785 	}
3786 
3787 	if (info->attrs[NL80211_ATTR_IE]) {
3788 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3789 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3790 	}
3791 
3792 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code);
3793 
3794 out:
3795 	cfg80211_unlock_rdev(rdev);
3796 	dev_put(dev);
3797 unlock_rtnl:
3798 	rtnl_unlock();
3799 	return err;
3800 }
3801 
3802 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
3803 {
3804 	struct cfg80211_registered_device *rdev;
3805 	struct net_device *dev;
3806 	struct cfg80211_ibss_params ibss;
3807 	struct wiphy *wiphy;
3808 	struct cfg80211_cached_keys *connkeys = NULL;
3809 	int err;
3810 
3811 	memset(&ibss, 0, sizeof(ibss));
3812 
3813 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3814 		return -EINVAL;
3815 
3816 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
3817 	    !info->attrs[NL80211_ATTR_SSID] ||
3818 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
3819 		return -EINVAL;
3820 
3821 	ibss.beacon_interval = 100;
3822 
3823 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
3824 		ibss.beacon_interval =
3825 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3826 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
3827 			return -EINVAL;
3828 	}
3829 
3830 	rtnl_lock();
3831 
3832 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3833 	if (err)
3834 		goto unlock_rtnl;
3835 
3836 	if (!rdev->ops->join_ibss) {
3837 		err = -EOPNOTSUPP;
3838 		goto out;
3839 	}
3840 
3841 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
3842 		err = -EOPNOTSUPP;
3843 		goto out;
3844 	}
3845 
3846 	if (!netif_running(dev)) {
3847 		err = -ENETDOWN;
3848 		goto out;
3849 	}
3850 
3851 	wiphy = &rdev->wiphy;
3852 
3853 	if (info->attrs[NL80211_ATTR_MAC])
3854 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3855 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3856 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3857 
3858 	if (info->attrs[NL80211_ATTR_IE]) {
3859 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3860 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3861 	}
3862 
3863 	ibss.channel = ieee80211_get_channel(wiphy,
3864 		nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3865 	if (!ibss.channel ||
3866 	    ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
3867 	    ibss.channel->flags & IEEE80211_CHAN_DISABLED) {
3868 		err = -EINVAL;
3869 		goto out;
3870 	}
3871 
3872 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
3873 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3874 
3875 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
3876 		connkeys = nl80211_parse_connkeys(rdev,
3877 					info->attrs[NL80211_ATTR_KEYS]);
3878 		if (IS_ERR(connkeys)) {
3879 			err = PTR_ERR(connkeys);
3880 			connkeys = NULL;
3881 			goto out;
3882 		}
3883 	}
3884 
3885 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
3886 
3887 out:
3888 	cfg80211_unlock_rdev(rdev);
3889 	dev_put(dev);
3890 unlock_rtnl:
3891 	if (err)
3892 		kfree(connkeys);
3893 	rtnl_unlock();
3894 	return err;
3895 }
3896 
3897 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
3898 {
3899 	struct cfg80211_registered_device *rdev;
3900 	struct net_device *dev;
3901 	int err;
3902 
3903 	rtnl_lock();
3904 
3905 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3906 	if (err)
3907 		goto unlock_rtnl;
3908 
3909 	if (!rdev->ops->leave_ibss) {
3910 		err = -EOPNOTSUPP;
3911 		goto out;
3912 	}
3913 
3914 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
3915 		err = -EOPNOTSUPP;
3916 		goto out;
3917 	}
3918 
3919 	if (!netif_running(dev)) {
3920 		err = -ENETDOWN;
3921 		goto out;
3922 	}
3923 
3924 	err = cfg80211_leave_ibss(rdev, dev, false);
3925 
3926 out:
3927 	cfg80211_unlock_rdev(rdev);
3928 	dev_put(dev);
3929 unlock_rtnl:
3930 	rtnl_unlock();
3931 	return err;
3932 }
3933 
3934 #ifdef CONFIG_NL80211_TESTMODE
3935 static struct genl_multicast_group nl80211_testmode_mcgrp = {
3936 	.name = "testmode",
3937 };
3938 
3939 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
3940 {
3941 	struct cfg80211_registered_device *rdev;
3942 	int err;
3943 
3944 	if (!info->attrs[NL80211_ATTR_TESTDATA])
3945 		return -EINVAL;
3946 
3947 	rtnl_lock();
3948 
3949 	rdev = cfg80211_get_dev_from_info(info);
3950 	if (IS_ERR(rdev)) {
3951 		err = PTR_ERR(rdev);
3952 		goto unlock_rtnl;
3953 	}
3954 
3955 	err = -EOPNOTSUPP;
3956 	if (rdev->ops->testmode_cmd) {
3957 		rdev->testmode_info = info;
3958 		err = rdev->ops->testmode_cmd(&rdev->wiphy,
3959 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
3960 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
3961 		rdev->testmode_info = NULL;
3962 	}
3963 
3964 	cfg80211_unlock_rdev(rdev);
3965 
3966  unlock_rtnl:
3967 	rtnl_unlock();
3968 	return err;
3969 }
3970 
3971 static struct sk_buff *
3972 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
3973 			      int approxlen, u32 pid, u32 seq, gfp_t gfp)
3974 {
3975 	struct sk_buff *skb;
3976 	void *hdr;
3977 	struct nlattr *data;
3978 
3979 	skb = nlmsg_new(approxlen + 100, gfp);
3980 	if (!skb)
3981 		return NULL;
3982 
3983 	hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
3984 	if (!hdr) {
3985 		kfree_skb(skb);
3986 		return NULL;
3987 	}
3988 
3989 	NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
3990 	data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
3991 
3992 	((void **)skb->cb)[0] = rdev;
3993 	((void **)skb->cb)[1] = hdr;
3994 	((void **)skb->cb)[2] = data;
3995 
3996 	return skb;
3997 
3998  nla_put_failure:
3999 	kfree_skb(skb);
4000 	return NULL;
4001 }
4002 
4003 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
4004 						  int approxlen)
4005 {
4006 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4007 
4008 	if (WARN_ON(!rdev->testmode_info))
4009 		return NULL;
4010 
4011 	return __cfg80211_testmode_alloc_skb(rdev, approxlen,
4012 				rdev->testmode_info->snd_pid,
4013 				rdev->testmode_info->snd_seq,
4014 				GFP_KERNEL);
4015 }
4016 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
4017 
4018 int cfg80211_testmode_reply(struct sk_buff *skb)
4019 {
4020 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
4021 	void *hdr = ((void **)skb->cb)[1];
4022 	struct nlattr *data = ((void **)skb->cb)[2];
4023 
4024 	if (WARN_ON(!rdev->testmode_info)) {
4025 		kfree_skb(skb);
4026 		return -EINVAL;
4027 	}
4028 
4029 	nla_nest_end(skb, data);
4030 	genlmsg_end(skb, hdr);
4031 	return genlmsg_reply(skb, rdev->testmode_info);
4032 }
4033 EXPORT_SYMBOL(cfg80211_testmode_reply);
4034 
4035 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
4036 						  int approxlen, gfp_t gfp)
4037 {
4038 	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4039 
4040 	return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
4041 }
4042 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
4043 
4044 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
4045 {
4046 	void *hdr = ((void **)skb->cb)[1];
4047 	struct nlattr *data = ((void **)skb->cb)[2];
4048 
4049 	nla_nest_end(skb, data);
4050 	genlmsg_end(skb, hdr);
4051 	genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
4052 }
4053 EXPORT_SYMBOL(cfg80211_testmode_event);
4054 #endif
4055 
4056 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
4057 {
4058 	struct cfg80211_registered_device *rdev;
4059 	struct net_device *dev;
4060 	struct cfg80211_connect_params connect;
4061 	struct wiphy *wiphy;
4062 	struct cfg80211_cached_keys *connkeys = NULL;
4063 	int err;
4064 
4065 	memset(&connect, 0, sizeof(connect));
4066 
4067 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4068 		return -EINVAL;
4069 
4070 	if (!info->attrs[NL80211_ATTR_SSID] ||
4071 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
4072 		return -EINVAL;
4073 
4074 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4075 		connect.auth_type =
4076 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4077 		if (!nl80211_valid_auth_type(connect.auth_type))
4078 			return -EINVAL;
4079 	} else
4080 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4081 
4082 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
4083 
4084 	err = nl80211_crypto_settings(info, &connect.crypto,
4085 				      NL80211_MAX_NR_CIPHER_SUITES);
4086 	if (err)
4087 		return err;
4088 	rtnl_lock();
4089 
4090 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4091 	if (err)
4092 		goto unlock_rtnl;
4093 
4094 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4095 		err = -EOPNOTSUPP;
4096 		goto out;
4097 	}
4098 
4099 	if (!netif_running(dev)) {
4100 		err = -ENETDOWN;
4101 		goto out;
4102 	}
4103 
4104 	wiphy = &rdev->wiphy;
4105 
4106 	if (info->attrs[NL80211_ATTR_MAC])
4107 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4108 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4109 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4110 
4111 	if (info->attrs[NL80211_ATTR_IE]) {
4112 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4113 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4114 	}
4115 
4116 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4117 		connect.channel =
4118 			ieee80211_get_channel(wiphy,
4119 			    nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4120 		if (!connect.channel ||
4121 		    connect.channel->flags & IEEE80211_CHAN_DISABLED) {
4122 			err = -EINVAL;
4123 			goto out;
4124 		}
4125 	}
4126 
4127 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4128 		connkeys = nl80211_parse_connkeys(rdev,
4129 					info->attrs[NL80211_ATTR_KEYS]);
4130 		if (IS_ERR(connkeys)) {
4131 			err = PTR_ERR(connkeys);
4132 			connkeys = NULL;
4133 			goto out;
4134 		}
4135 	}
4136 
4137 	err = cfg80211_connect(rdev, dev, &connect, connkeys);
4138 
4139 out:
4140 	cfg80211_unlock_rdev(rdev);
4141 	dev_put(dev);
4142 unlock_rtnl:
4143 	if (err)
4144 		kfree(connkeys);
4145 	rtnl_unlock();
4146 	return err;
4147 }
4148 
4149 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
4150 {
4151 	struct cfg80211_registered_device *rdev;
4152 	struct net_device *dev;
4153 	int err;
4154 	u16 reason;
4155 
4156 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
4157 		reason = WLAN_REASON_DEAUTH_LEAVING;
4158 	else
4159 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4160 
4161 	if (reason == 0)
4162 		return -EINVAL;
4163 
4164 	rtnl_lock();
4165 
4166 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4167 	if (err)
4168 		goto unlock_rtnl;
4169 
4170 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4171 		err = -EOPNOTSUPP;
4172 		goto out;
4173 	}
4174 
4175 	if (!netif_running(dev)) {
4176 		err = -ENETDOWN;
4177 		goto out;
4178 	}
4179 
4180 	err = cfg80211_disconnect(rdev, dev, reason, true);
4181 
4182 out:
4183 	cfg80211_unlock_rdev(rdev);
4184 	dev_put(dev);
4185 unlock_rtnl:
4186 	rtnl_unlock();
4187 	return err;
4188 }
4189 
4190 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4191 {
4192 	struct cfg80211_registered_device *rdev;
4193 	struct net *net;
4194 	int err;
4195 	u32 pid;
4196 
4197 	if (!info->attrs[NL80211_ATTR_PID])
4198 		return -EINVAL;
4199 
4200 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
4201 
4202 	rtnl_lock();
4203 
4204 	rdev = cfg80211_get_dev_from_info(info);
4205 	if (IS_ERR(rdev)) {
4206 		err = PTR_ERR(rdev);
4207 		goto out_rtnl;
4208 	}
4209 
4210 	net = get_net_ns_by_pid(pid);
4211 	if (IS_ERR(net)) {
4212 		err = PTR_ERR(net);
4213 		goto out;
4214 	}
4215 
4216 	err = 0;
4217 
4218 	/* check if anything to do */
4219 	if (net_eq(wiphy_net(&rdev->wiphy), net))
4220 		goto out_put_net;
4221 
4222 	err = cfg80211_switch_netns(rdev, net);
4223  out_put_net:
4224 	put_net(net);
4225  out:
4226 	cfg80211_unlock_rdev(rdev);
4227  out_rtnl:
4228 	rtnl_unlock();
4229 	return err;
4230 }
4231 
4232 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
4233 {
4234 	struct cfg80211_registered_device *rdev;
4235 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
4236 			struct cfg80211_pmksa *pmksa) = NULL;
4237 	int err;
4238 	struct net_device *dev;
4239 	struct cfg80211_pmksa pmksa;
4240 
4241 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
4242 
4243 	if (!info->attrs[NL80211_ATTR_MAC])
4244 		return -EINVAL;
4245 
4246 	if (!info->attrs[NL80211_ATTR_PMKID])
4247 		return -EINVAL;
4248 
4249 	rtnl_lock();
4250 
4251 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4252 	if (err)
4253 		goto out_rtnl;
4254 
4255 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
4256 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4257 
4258 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4259 		err = -EOPNOTSUPP;
4260 		goto out;
4261 	}
4262 
4263 	switch (info->genlhdr->cmd) {
4264 	case NL80211_CMD_SET_PMKSA:
4265 		rdev_ops = rdev->ops->set_pmksa;
4266 		break;
4267 	case NL80211_CMD_DEL_PMKSA:
4268 		rdev_ops = rdev->ops->del_pmksa;
4269 		break;
4270 	default:
4271 		WARN_ON(1);
4272 		break;
4273 	}
4274 
4275 	if (!rdev_ops) {
4276 		err = -EOPNOTSUPP;
4277 		goto out;
4278 	}
4279 
4280 	err = rdev_ops(&rdev->wiphy, dev, &pmksa);
4281 
4282  out:
4283 	cfg80211_unlock_rdev(rdev);
4284 	dev_put(dev);
4285  out_rtnl:
4286 	rtnl_unlock();
4287 
4288 	return err;
4289 }
4290 
4291 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4292 {
4293 	struct cfg80211_registered_device *rdev;
4294 	int err;
4295 	struct net_device *dev;
4296 
4297 	rtnl_lock();
4298 
4299 	err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4300 	if (err)
4301 		goto out_rtnl;
4302 
4303 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4304 		err = -EOPNOTSUPP;
4305 		goto out;
4306 	}
4307 
4308 	if (!rdev->ops->flush_pmksa) {
4309 		err = -EOPNOTSUPP;
4310 		goto out;
4311 	}
4312 
4313 	err = rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4314 
4315  out:
4316 	cfg80211_unlock_rdev(rdev);
4317 	dev_put(dev);
4318  out_rtnl:
4319 	rtnl_unlock();
4320 
4321 	return err;
4322 
4323 }
4324 
4325 static struct genl_ops nl80211_ops[] = {
4326 	{
4327 		.cmd = NL80211_CMD_GET_WIPHY,
4328 		.doit = nl80211_get_wiphy,
4329 		.dumpit = nl80211_dump_wiphy,
4330 		.policy = nl80211_policy,
4331 		/* can be retrieved by unprivileged users */
4332 	},
4333 	{
4334 		.cmd = NL80211_CMD_SET_WIPHY,
4335 		.doit = nl80211_set_wiphy,
4336 		.policy = nl80211_policy,
4337 		.flags = GENL_ADMIN_PERM,
4338 	},
4339 	{
4340 		.cmd = NL80211_CMD_GET_INTERFACE,
4341 		.doit = nl80211_get_interface,
4342 		.dumpit = nl80211_dump_interface,
4343 		.policy = nl80211_policy,
4344 		/* can be retrieved by unprivileged users */
4345 	},
4346 	{
4347 		.cmd = NL80211_CMD_SET_INTERFACE,
4348 		.doit = nl80211_set_interface,
4349 		.policy = nl80211_policy,
4350 		.flags = GENL_ADMIN_PERM,
4351 	},
4352 	{
4353 		.cmd = NL80211_CMD_NEW_INTERFACE,
4354 		.doit = nl80211_new_interface,
4355 		.policy = nl80211_policy,
4356 		.flags = GENL_ADMIN_PERM,
4357 	},
4358 	{
4359 		.cmd = NL80211_CMD_DEL_INTERFACE,
4360 		.doit = nl80211_del_interface,
4361 		.policy = nl80211_policy,
4362 		.flags = GENL_ADMIN_PERM,
4363 	},
4364 	{
4365 		.cmd = NL80211_CMD_GET_KEY,
4366 		.doit = nl80211_get_key,
4367 		.policy = nl80211_policy,
4368 		.flags = GENL_ADMIN_PERM,
4369 	},
4370 	{
4371 		.cmd = NL80211_CMD_SET_KEY,
4372 		.doit = nl80211_set_key,
4373 		.policy = nl80211_policy,
4374 		.flags = GENL_ADMIN_PERM,
4375 	},
4376 	{
4377 		.cmd = NL80211_CMD_NEW_KEY,
4378 		.doit = nl80211_new_key,
4379 		.policy = nl80211_policy,
4380 		.flags = GENL_ADMIN_PERM,
4381 	},
4382 	{
4383 		.cmd = NL80211_CMD_DEL_KEY,
4384 		.doit = nl80211_del_key,
4385 		.policy = nl80211_policy,
4386 		.flags = GENL_ADMIN_PERM,
4387 	},
4388 	{
4389 		.cmd = NL80211_CMD_SET_BEACON,
4390 		.policy = nl80211_policy,
4391 		.flags = GENL_ADMIN_PERM,
4392 		.doit = nl80211_addset_beacon,
4393 	},
4394 	{
4395 		.cmd = NL80211_CMD_NEW_BEACON,
4396 		.policy = nl80211_policy,
4397 		.flags = GENL_ADMIN_PERM,
4398 		.doit = nl80211_addset_beacon,
4399 	},
4400 	{
4401 		.cmd = NL80211_CMD_DEL_BEACON,
4402 		.policy = nl80211_policy,
4403 		.flags = GENL_ADMIN_PERM,
4404 		.doit = nl80211_del_beacon,
4405 	},
4406 	{
4407 		.cmd = NL80211_CMD_GET_STATION,
4408 		.doit = nl80211_get_station,
4409 		.dumpit = nl80211_dump_station,
4410 		.policy = nl80211_policy,
4411 	},
4412 	{
4413 		.cmd = NL80211_CMD_SET_STATION,
4414 		.doit = nl80211_set_station,
4415 		.policy = nl80211_policy,
4416 		.flags = GENL_ADMIN_PERM,
4417 	},
4418 	{
4419 		.cmd = NL80211_CMD_NEW_STATION,
4420 		.doit = nl80211_new_station,
4421 		.policy = nl80211_policy,
4422 		.flags = GENL_ADMIN_PERM,
4423 	},
4424 	{
4425 		.cmd = NL80211_CMD_DEL_STATION,
4426 		.doit = nl80211_del_station,
4427 		.policy = nl80211_policy,
4428 		.flags = GENL_ADMIN_PERM,
4429 	},
4430 	{
4431 		.cmd = NL80211_CMD_GET_MPATH,
4432 		.doit = nl80211_get_mpath,
4433 		.dumpit = nl80211_dump_mpath,
4434 		.policy = nl80211_policy,
4435 		.flags = GENL_ADMIN_PERM,
4436 	},
4437 	{
4438 		.cmd = NL80211_CMD_SET_MPATH,
4439 		.doit = nl80211_set_mpath,
4440 		.policy = nl80211_policy,
4441 		.flags = GENL_ADMIN_PERM,
4442 	},
4443 	{
4444 		.cmd = NL80211_CMD_NEW_MPATH,
4445 		.doit = nl80211_new_mpath,
4446 		.policy = nl80211_policy,
4447 		.flags = GENL_ADMIN_PERM,
4448 	},
4449 	{
4450 		.cmd = NL80211_CMD_DEL_MPATH,
4451 		.doit = nl80211_del_mpath,
4452 		.policy = nl80211_policy,
4453 		.flags = GENL_ADMIN_PERM,
4454 	},
4455 	{
4456 		.cmd = NL80211_CMD_SET_BSS,
4457 		.doit = nl80211_set_bss,
4458 		.policy = nl80211_policy,
4459 		.flags = GENL_ADMIN_PERM,
4460 	},
4461 	{
4462 		.cmd = NL80211_CMD_GET_REG,
4463 		.doit = nl80211_get_reg,
4464 		.policy = nl80211_policy,
4465 		/* can be retrieved by unprivileged users */
4466 	},
4467 	{
4468 		.cmd = NL80211_CMD_SET_REG,
4469 		.doit = nl80211_set_reg,
4470 		.policy = nl80211_policy,
4471 		.flags = GENL_ADMIN_PERM,
4472 	},
4473 	{
4474 		.cmd = NL80211_CMD_REQ_SET_REG,
4475 		.doit = nl80211_req_set_reg,
4476 		.policy = nl80211_policy,
4477 		.flags = GENL_ADMIN_PERM,
4478 	},
4479 	{
4480 		.cmd = NL80211_CMD_GET_MESH_PARAMS,
4481 		.doit = nl80211_get_mesh_params,
4482 		.policy = nl80211_policy,
4483 		/* can be retrieved by unprivileged users */
4484 	},
4485 	{
4486 		.cmd = NL80211_CMD_SET_MESH_PARAMS,
4487 		.doit = nl80211_set_mesh_params,
4488 		.policy = nl80211_policy,
4489 		.flags = GENL_ADMIN_PERM,
4490 	},
4491 	{
4492 		.cmd = NL80211_CMD_TRIGGER_SCAN,
4493 		.doit = nl80211_trigger_scan,
4494 		.policy = nl80211_policy,
4495 		.flags = GENL_ADMIN_PERM,
4496 	},
4497 	{
4498 		.cmd = NL80211_CMD_GET_SCAN,
4499 		.policy = nl80211_policy,
4500 		.dumpit = nl80211_dump_scan,
4501 	},
4502 	{
4503 		.cmd = NL80211_CMD_AUTHENTICATE,
4504 		.doit = nl80211_authenticate,
4505 		.policy = nl80211_policy,
4506 		.flags = GENL_ADMIN_PERM,
4507 	},
4508 	{
4509 		.cmd = NL80211_CMD_ASSOCIATE,
4510 		.doit = nl80211_associate,
4511 		.policy = nl80211_policy,
4512 		.flags = GENL_ADMIN_PERM,
4513 	},
4514 	{
4515 		.cmd = NL80211_CMD_DEAUTHENTICATE,
4516 		.doit = nl80211_deauthenticate,
4517 		.policy = nl80211_policy,
4518 		.flags = GENL_ADMIN_PERM,
4519 	},
4520 	{
4521 		.cmd = NL80211_CMD_DISASSOCIATE,
4522 		.doit = nl80211_disassociate,
4523 		.policy = nl80211_policy,
4524 		.flags = GENL_ADMIN_PERM,
4525 	},
4526 	{
4527 		.cmd = NL80211_CMD_JOIN_IBSS,
4528 		.doit = nl80211_join_ibss,
4529 		.policy = nl80211_policy,
4530 		.flags = GENL_ADMIN_PERM,
4531 	},
4532 	{
4533 		.cmd = NL80211_CMD_LEAVE_IBSS,
4534 		.doit = nl80211_leave_ibss,
4535 		.policy = nl80211_policy,
4536 		.flags = GENL_ADMIN_PERM,
4537 	},
4538 #ifdef CONFIG_NL80211_TESTMODE
4539 	{
4540 		.cmd = NL80211_CMD_TESTMODE,
4541 		.doit = nl80211_testmode_do,
4542 		.policy = nl80211_policy,
4543 		.flags = GENL_ADMIN_PERM,
4544 	},
4545 #endif
4546 	{
4547 		.cmd = NL80211_CMD_CONNECT,
4548 		.doit = nl80211_connect,
4549 		.policy = nl80211_policy,
4550 		.flags = GENL_ADMIN_PERM,
4551 	},
4552 	{
4553 		.cmd = NL80211_CMD_DISCONNECT,
4554 		.doit = nl80211_disconnect,
4555 		.policy = nl80211_policy,
4556 		.flags = GENL_ADMIN_PERM,
4557 	},
4558 	{
4559 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
4560 		.doit = nl80211_wiphy_netns,
4561 		.policy = nl80211_policy,
4562 		.flags = GENL_ADMIN_PERM,
4563 	},
4564 	{
4565 		.cmd = NL80211_CMD_GET_SURVEY,
4566 		.policy = nl80211_policy,
4567 		.dumpit = nl80211_dump_survey,
4568 	},
4569 	{
4570 		.cmd = NL80211_CMD_SET_PMKSA,
4571 		.doit = nl80211_setdel_pmksa,
4572 		.policy = nl80211_policy,
4573 		.flags = GENL_ADMIN_PERM,
4574 	},
4575 	{
4576 		.cmd = NL80211_CMD_DEL_PMKSA,
4577 		.doit = nl80211_setdel_pmksa,
4578 		.policy = nl80211_policy,
4579 		.flags = GENL_ADMIN_PERM,
4580 	},
4581 	{
4582 		.cmd = NL80211_CMD_FLUSH_PMKSA,
4583 		.doit = nl80211_flush_pmksa,
4584 		.policy = nl80211_policy,
4585 		.flags = GENL_ADMIN_PERM,
4586 	},
4587 
4588 };
4589 static struct genl_multicast_group nl80211_mlme_mcgrp = {
4590 	.name = "mlme",
4591 };
4592 
4593 /* multicast groups */
4594 static struct genl_multicast_group nl80211_config_mcgrp = {
4595 	.name = "config",
4596 };
4597 static struct genl_multicast_group nl80211_scan_mcgrp = {
4598 	.name = "scan",
4599 };
4600 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
4601 	.name = "regulatory",
4602 };
4603 
4604 /* notification functions */
4605 
4606 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
4607 {
4608 	struct sk_buff *msg;
4609 
4610 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4611 	if (!msg)
4612 		return;
4613 
4614 	if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
4615 		nlmsg_free(msg);
4616 		return;
4617 	}
4618 
4619 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4620 				nl80211_config_mcgrp.id, GFP_KERNEL);
4621 }
4622 
4623 static int nl80211_add_scan_req(struct sk_buff *msg,
4624 				struct cfg80211_registered_device *rdev)
4625 {
4626 	struct cfg80211_scan_request *req = rdev->scan_req;
4627 	struct nlattr *nest;
4628 	int i;
4629 
4630 	ASSERT_RDEV_LOCK(rdev);
4631 
4632 	if (WARN_ON(!req))
4633 		return 0;
4634 
4635 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
4636 	if (!nest)
4637 		goto nla_put_failure;
4638 	for (i = 0; i < req->n_ssids; i++)
4639 		NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid);
4640 	nla_nest_end(msg, nest);
4641 
4642 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
4643 	if (!nest)
4644 		goto nla_put_failure;
4645 	for (i = 0; i < req->n_channels; i++)
4646 		NLA_PUT_U32(msg, i, req->channels[i]->center_freq);
4647 	nla_nest_end(msg, nest);
4648 
4649 	if (req->ie)
4650 		NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie);
4651 
4652 	return 0;
4653  nla_put_failure:
4654 	return -ENOBUFS;
4655 }
4656 
4657 static int nl80211_send_scan_msg(struct sk_buff *msg,
4658 				 struct cfg80211_registered_device *rdev,
4659 				 struct net_device *netdev,
4660 				 u32 pid, u32 seq, int flags,
4661 				 u32 cmd)
4662 {
4663 	void *hdr;
4664 
4665 	hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
4666 	if (!hdr)
4667 		return -1;
4668 
4669 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4670 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4671 
4672 	/* ignore errors and send incomplete event anyway */
4673 	nl80211_add_scan_req(msg, rdev);
4674 
4675 	return genlmsg_end(msg, hdr);
4676 
4677  nla_put_failure:
4678 	genlmsg_cancel(msg, hdr);
4679 	return -EMSGSIZE;
4680 }
4681 
4682 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
4683 			     struct net_device *netdev)
4684 {
4685 	struct sk_buff *msg;
4686 
4687 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
4688 	if (!msg)
4689 		return;
4690 
4691 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
4692 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
4693 		nlmsg_free(msg);
4694 		return;
4695 	}
4696 
4697 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4698 				nl80211_scan_mcgrp.id, GFP_KERNEL);
4699 }
4700 
4701 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
4702 			    struct net_device *netdev)
4703 {
4704 	struct sk_buff *msg;
4705 
4706 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4707 	if (!msg)
4708 		return;
4709 
4710 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
4711 				  NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
4712 		nlmsg_free(msg);
4713 		return;
4714 	}
4715 
4716 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4717 				nl80211_scan_mcgrp.id, GFP_KERNEL);
4718 }
4719 
4720 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
4721 			       struct net_device *netdev)
4722 {
4723 	struct sk_buff *msg;
4724 
4725 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4726 	if (!msg)
4727 		return;
4728 
4729 	if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
4730 				  NL80211_CMD_SCAN_ABORTED) < 0) {
4731 		nlmsg_free(msg);
4732 		return;
4733 	}
4734 
4735 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4736 				nl80211_scan_mcgrp.id, GFP_KERNEL);
4737 }
4738 
4739 /*
4740  * This can happen on global regulatory changes or device specific settings
4741  * based on custom world regulatory domains.
4742  */
4743 void nl80211_send_reg_change_event(struct regulatory_request *request)
4744 {
4745 	struct sk_buff *msg;
4746 	void *hdr;
4747 
4748 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4749 	if (!msg)
4750 		return;
4751 
4752 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
4753 	if (!hdr) {
4754 		nlmsg_free(msg);
4755 		return;
4756 	}
4757 
4758 	/* Userspace can always count this one always being set */
4759 	NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator);
4760 
4761 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0')
4762 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
4763 			   NL80211_REGDOM_TYPE_WORLD);
4764 	else if (request->alpha2[0] == '9' && request->alpha2[1] == '9')
4765 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
4766 			   NL80211_REGDOM_TYPE_CUSTOM_WORLD);
4767 	else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
4768 		 request->intersect)
4769 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
4770 			   NL80211_REGDOM_TYPE_INTERSECTION);
4771 	else {
4772 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
4773 			   NL80211_REGDOM_TYPE_COUNTRY);
4774 		NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2);
4775 	}
4776 
4777 	if (wiphy_idx_valid(request->wiphy_idx))
4778 		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
4779 
4780 	if (genlmsg_end(msg, hdr) < 0) {
4781 		nlmsg_free(msg);
4782 		return;
4783 	}
4784 
4785 	rcu_read_lock();
4786 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
4787 				GFP_ATOMIC);
4788 	rcu_read_unlock();
4789 
4790 	return;
4791 
4792 nla_put_failure:
4793 	genlmsg_cancel(msg, hdr);
4794 	nlmsg_free(msg);
4795 }
4796 
4797 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
4798 				    struct net_device *netdev,
4799 				    const u8 *buf, size_t len,
4800 				    enum nl80211_commands cmd, gfp_t gfp)
4801 {
4802 	struct sk_buff *msg;
4803 	void *hdr;
4804 
4805 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
4806 	if (!msg)
4807 		return;
4808 
4809 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
4810 	if (!hdr) {
4811 		nlmsg_free(msg);
4812 		return;
4813 	}
4814 
4815 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4816 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4817 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
4818 
4819 	if (genlmsg_end(msg, hdr) < 0) {
4820 		nlmsg_free(msg);
4821 		return;
4822 	}
4823 
4824 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4825 				nl80211_mlme_mcgrp.id, gfp);
4826 	return;
4827 
4828  nla_put_failure:
4829 	genlmsg_cancel(msg, hdr);
4830 	nlmsg_free(msg);
4831 }
4832 
4833 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
4834 			  struct net_device *netdev, const u8 *buf,
4835 			  size_t len, gfp_t gfp)
4836 {
4837 	nl80211_send_mlme_event(rdev, netdev, buf, len,
4838 				NL80211_CMD_AUTHENTICATE, gfp);
4839 }
4840 
4841 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
4842 			   struct net_device *netdev, const u8 *buf,
4843 			   size_t len, gfp_t gfp)
4844 {
4845 	nl80211_send_mlme_event(rdev, netdev, buf, len,
4846 				NL80211_CMD_ASSOCIATE, gfp);
4847 }
4848 
4849 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
4850 			 struct net_device *netdev, const u8 *buf,
4851 			 size_t len, gfp_t gfp)
4852 {
4853 	nl80211_send_mlme_event(rdev, netdev, buf, len,
4854 				NL80211_CMD_DEAUTHENTICATE, gfp);
4855 }
4856 
4857 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
4858 			   struct net_device *netdev, const u8 *buf,
4859 			   size_t len, gfp_t gfp)
4860 {
4861 	nl80211_send_mlme_event(rdev, netdev, buf, len,
4862 				NL80211_CMD_DISASSOCIATE, gfp);
4863 }
4864 
4865 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
4866 				      struct net_device *netdev, int cmd,
4867 				      const u8 *addr, gfp_t gfp)
4868 {
4869 	struct sk_buff *msg;
4870 	void *hdr;
4871 
4872 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
4873 	if (!msg)
4874 		return;
4875 
4876 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
4877 	if (!hdr) {
4878 		nlmsg_free(msg);
4879 		return;
4880 	}
4881 
4882 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4883 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4884 	NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT);
4885 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4886 
4887 	if (genlmsg_end(msg, hdr) < 0) {
4888 		nlmsg_free(msg);
4889 		return;
4890 	}
4891 
4892 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4893 				nl80211_mlme_mcgrp.id, gfp);
4894 	return;
4895 
4896  nla_put_failure:
4897 	genlmsg_cancel(msg, hdr);
4898 	nlmsg_free(msg);
4899 }
4900 
4901 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
4902 			       struct net_device *netdev, const u8 *addr,
4903 			       gfp_t gfp)
4904 {
4905 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
4906 				  addr, gfp);
4907 }
4908 
4909 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
4910 				struct net_device *netdev, const u8 *addr,
4911 				gfp_t gfp)
4912 {
4913 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
4914 				  addr, gfp);
4915 }
4916 
4917 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
4918 				 struct net_device *netdev, const u8 *bssid,
4919 				 const u8 *req_ie, size_t req_ie_len,
4920 				 const u8 *resp_ie, size_t resp_ie_len,
4921 				 u16 status, gfp_t gfp)
4922 {
4923 	struct sk_buff *msg;
4924 	void *hdr;
4925 
4926 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
4927 	if (!msg)
4928 		return;
4929 
4930 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
4931 	if (!hdr) {
4932 		nlmsg_free(msg);
4933 		return;
4934 	}
4935 
4936 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4937 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4938 	if (bssid)
4939 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
4940 	NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status);
4941 	if (req_ie)
4942 		NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
4943 	if (resp_ie)
4944 		NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
4945 
4946 	if (genlmsg_end(msg, hdr) < 0) {
4947 		nlmsg_free(msg);
4948 		return;
4949 	}
4950 
4951 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4952 				nl80211_mlme_mcgrp.id, gfp);
4953 	return;
4954 
4955  nla_put_failure:
4956 	genlmsg_cancel(msg, hdr);
4957 	nlmsg_free(msg);
4958 
4959 }
4960 
4961 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
4962 			 struct net_device *netdev, const u8 *bssid,
4963 			 const u8 *req_ie, size_t req_ie_len,
4964 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
4965 {
4966 	struct sk_buff *msg;
4967 	void *hdr;
4968 
4969 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
4970 	if (!msg)
4971 		return;
4972 
4973 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
4974 	if (!hdr) {
4975 		nlmsg_free(msg);
4976 		return;
4977 	}
4978 
4979 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4980 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4981 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
4982 	if (req_ie)
4983 		NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
4984 	if (resp_ie)
4985 		NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
4986 
4987 	if (genlmsg_end(msg, hdr) < 0) {
4988 		nlmsg_free(msg);
4989 		return;
4990 	}
4991 
4992 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4993 				nl80211_mlme_mcgrp.id, gfp);
4994 	return;
4995 
4996  nla_put_failure:
4997 	genlmsg_cancel(msg, hdr);
4998 	nlmsg_free(msg);
4999 
5000 }
5001 
5002 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
5003 			       struct net_device *netdev, u16 reason,
5004 			       const u8 *ie, size_t ie_len, bool from_ap)
5005 {
5006 	struct sk_buff *msg;
5007 	void *hdr;
5008 
5009 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
5010 	if (!msg)
5011 		return;
5012 
5013 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
5014 	if (!hdr) {
5015 		nlmsg_free(msg);
5016 		return;
5017 	}
5018 
5019 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5020 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5021 	if (from_ap && reason)
5022 		NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason);
5023 	if (from_ap)
5024 		NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP);
5025 	if (ie)
5026 		NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie);
5027 
5028 	if (genlmsg_end(msg, hdr) < 0) {
5029 		nlmsg_free(msg);
5030 		return;
5031 	}
5032 
5033 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5034 				nl80211_mlme_mcgrp.id, GFP_KERNEL);
5035 	return;
5036 
5037  nla_put_failure:
5038 	genlmsg_cancel(msg, hdr);
5039 	nlmsg_free(msg);
5040 
5041 }
5042 
5043 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
5044 			     struct net_device *netdev, const u8 *bssid,
5045 			     gfp_t gfp)
5046 {
5047 	struct sk_buff *msg;
5048 	void *hdr;
5049 
5050 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5051 	if (!msg)
5052 		return;
5053 
5054 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
5055 	if (!hdr) {
5056 		nlmsg_free(msg);
5057 		return;
5058 	}
5059 
5060 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5061 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5062 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5063 
5064 	if (genlmsg_end(msg, hdr) < 0) {
5065 		nlmsg_free(msg);
5066 		return;
5067 	}
5068 
5069 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5070 				nl80211_mlme_mcgrp.id, gfp);
5071 	return;
5072 
5073  nla_put_failure:
5074 	genlmsg_cancel(msg, hdr);
5075 	nlmsg_free(msg);
5076 }
5077 
5078 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
5079 				 struct net_device *netdev, const u8 *addr,
5080 				 enum nl80211_key_type key_type, int key_id,
5081 				 const u8 *tsc, gfp_t gfp)
5082 {
5083 	struct sk_buff *msg;
5084 	void *hdr;
5085 
5086 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5087 	if (!msg)
5088 		return;
5089 
5090 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
5091 	if (!hdr) {
5092 		nlmsg_free(msg);
5093 		return;
5094 	}
5095 
5096 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5097 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5098 	if (addr)
5099 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5100 	NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type);
5101 	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id);
5102 	if (tsc)
5103 		NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc);
5104 
5105 	if (genlmsg_end(msg, hdr) < 0) {
5106 		nlmsg_free(msg);
5107 		return;
5108 	}
5109 
5110 	genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5111 				nl80211_mlme_mcgrp.id, gfp);
5112 	return;
5113 
5114  nla_put_failure:
5115 	genlmsg_cancel(msg, hdr);
5116 	nlmsg_free(msg);
5117 }
5118 
5119 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
5120 				    struct ieee80211_channel *channel_before,
5121 				    struct ieee80211_channel *channel_after)
5122 {
5123 	struct sk_buff *msg;
5124 	void *hdr;
5125 	struct nlattr *nl_freq;
5126 
5127 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
5128 	if (!msg)
5129 		return;
5130 
5131 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
5132 	if (!hdr) {
5133 		nlmsg_free(msg);
5134 		return;
5135 	}
5136 
5137 	/*
5138 	 * Since we are applying the beacon hint to a wiphy we know its
5139 	 * wiphy_idx is valid
5140 	 */
5141 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy));
5142 
5143 	/* Before */
5144 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
5145 	if (!nl_freq)
5146 		goto nla_put_failure;
5147 	if (nl80211_msg_put_channel(msg, channel_before))
5148 		goto nla_put_failure;
5149 	nla_nest_end(msg, nl_freq);
5150 
5151 	/* After */
5152 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
5153 	if (!nl_freq)
5154 		goto nla_put_failure;
5155 	if (nl80211_msg_put_channel(msg, channel_after))
5156 		goto nla_put_failure;
5157 	nla_nest_end(msg, nl_freq);
5158 
5159 	if (genlmsg_end(msg, hdr) < 0) {
5160 		nlmsg_free(msg);
5161 		return;
5162 	}
5163 
5164 	rcu_read_lock();
5165 	genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
5166 				GFP_ATOMIC);
5167 	rcu_read_unlock();
5168 
5169 	return;
5170 
5171 nla_put_failure:
5172 	genlmsg_cancel(msg, hdr);
5173 	nlmsg_free(msg);
5174 }
5175 
5176 /* initialisation/exit functions */
5177 
5178 int nl80211_init(void)
5179 {
5180 	int err;
5181 
5182 	err = genl_register_family_with_ops(&nl80211_fam,
5183 		nl80211_ops, ARRAY_SIZE(nl80211_ops));
5184 	if (err)
5185 		return err;
5186 
5187 	err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
5188 	if (err)
5189 		goto err_out;
5190 
5191 	err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
5192 	if (err)
5193 		goto err_out;
5194 
5195 	err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
5196 	if (err)
5197 		goto err_out;
5198 
5199 	err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
5200 	if (err)
5201 		goto err_out;
5202 
5203 #ifdef CONFIG_NL80211_TESTMODE
5204 	err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
5205 	if (err)
5206 		goto err_out;
5207 #endif
5208 
5209 	return 0;
5210  err_out:
5211 	genl_unregister_family(&nl80211_fam);
5212 	return err;
5213 }
5214 
5215 void nl80211_exit(void)
5216 {
5217 	genl_unregister_family(&nl80211_fam);
5218 }
5219