xref: /openbmc/linux/net/wireless/nl80211.c (revision be709d48) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  * Copyright 2013-2014  Intel Mobile Communications GmbH
6  * Copyright 2015-2017	Intel Deutschland GmbH
7  * Copyright (C) 2018-2019 Intel Corporation
8  */
9 
10 #include <linux/if.h>
11 #include <linux/module.h>
12 #include <linux/err.h>
13 #include <linux/slab.h>
14 #include <linux/list.h>
15 #include <linux/if_ether.h>
16 #include <linux/ieee80211.h>
17 #include <linux/nl80211.h>
18 #include <linux/rtnetlink.h>
19 #include <linux/netlink.h>
20 #include <linux/nospec.h>
21 #include <linux/etherdevice.h>
22 #include <net/net_namespace.h>
23 #include <net/genetlink.h>
24 #include <net/cfg80211.h>
25 #include <net/sock.h>
26 #include <net/inet_connection_sock.h>
27 #include "core.h"
28 #include "nl80211.h"
29 #include "reg.h"
30 #include "rdev-ops.h"
31 
32 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
33 				   struct genl_info *info,
34 				   struct cfg80211_crypto_settings *settings,
35 				   int cipher_limit);
36 
37 /* the netlink family */
38 static struct genl_family nl80211_fam;
39 
40 /* multicast groups */
41 enum nl80211_multicast_groups {
42 	NL80211_MCGRP_CONFIG,
43 	NL80211_MCGRP_SCAN,
44 	NL80211_MCGRP_REGULATORY,
45 	NL80211_MCGRP_MLME,
46 	NL80211_MCGRP_VENDOR,
47 	NL80211_MCGRP_NAN,
48 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
49 };
50 
51 static const struct genl_multicast_group nl80211_mcgrps[] = {
52 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
53 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
54 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
55 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
56 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
57 	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
58 #ifdef CONFIG_NL80211_TESTMODE
59 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
60 #endif
61 };
62 
63 /* returns ERR_PTR values */
64 static struct wireless_dev *
65 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
66 {
67 	struct cfg80211_registered_device *rdev;
68 	struct wireless_dev *result = NULL;
69 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
70 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
71 	u64 wdev_id;
72 	int wiphy_idx = -1;
73 	int ifidx = -1;
74 
75 	ASSERT_RTNL();
76 
77 	if (!have_ifidx && !have_wdev_id)
78 		return ERR_PTR(-EINVAL);
79 
80 	if (have_ifidx)
81 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82 	if (have_wdev_id) {
83 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84 		wiphy_idx = wdev_id >> 32;
85 	}
86 
87 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
88 		struct wireless_dev *wdev;
89 
90 		if (wiphy_net(&rdev->wiphy) != netns)
91 			continue;
92 
93 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
94 			continue;
95 
96 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
97 			if (have_ifidx && wdev->netdev &&
98 			    wdev->netdev->ifindex == ifidx) {
99 				result = wdev;
100 				break;
101 			}
102 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
103 				result = wdev;
104 				break;
105 			}
106 		}
107 
108 		if (result)
109 			break;
110 	}
111 
112 	if (result)
113 		return result;
114 	return ERR_PTR(-ENODEV);
115 }
116 
117 static struct cfg80211_registered_device *
118 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
119 {
120 	struct cfg80211_registered_device *rdev = NULL, *tmp;
121 	struct net_device *netdev;
122 
123 	ASSERT_RTNL();
124 
125 	if (!attrs[NL80211_ATTR_WIPHY] &&
126 	    !attrs[NL80211_ATTR_IFINDEX] &&
127 	    !attrs[NL80211_ATTR_WDEV])
128 		return ERR_PTR(-EINVAL);
129 
130 	if (attrs[NL80211_ATTR_WIPHY])
131 		rdev = cfg80211_rdev_by_wiphy_idx(
132 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
133 
134 	if (attrs[NL80211_ATTR_WDEV]) {
135 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
136 		struct wireless_dev *wdev;
137 		bool found = false;
138 
139 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
140 		if (tmp) {
141 			/* make sure wdev exists */
142 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
143 				if (wdev->identifier != (u32)wdev_id)
144 					continue;
145 				found = true;
146 				break;
147 			}
148 
149 			if (!found)
150 				tmp = NULL;
151 
152 			if (rdev && tmp != rdev)
153 				return ERR_PTR(-EINVAL);
154 			rdev = tmp;
155 		}
156 	}
157 
158 	if (attrs[NL80211_ATTR_IFINDEX]) {
159 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
160 
161 		netdev = __dev_get_by_index(netns, ifindex);
162 		if (netdev) {
163 			if (netdev->ieee80211_ptr)
164 				tmp = wiphy_to_rdev(
165 					netdev->ieee80211_ptr->wiphy);
166 			else
167 				tmp = NULL;
168 
169 			/* not wireless device -- return error */
170 			if (!tmp)
171 				return ERR_PTR(-EINVAL);
172 
173 			/* mismatch -- return error */
174 			if (rdev && tmp != rdev)
175 				return ERR_PTR(-EINVAL);
176 
177 			rdev = tmp;
178 		}
179 	}
180 
181 	if (!rdev)
182 		return ERR_PTR(-ENODEV);
183 
184 	if (netns != wiphy_net(&rdev->wiphy))
185 		return ERR_PTR(-ENODEV);
186 
187 	return rdev;
188 }
189 
190 /*
191  * This function returns a pointer to the driver
192  * that the genl_info item that is passed refers to.
193  *
194  * The result of this can be a PTR_ERR and hence must
195  * be checked with IS_ERR() for errors.
196  */
197 static struct cfg80211_registered_device *
198 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
199 {
200 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
201 }
202 
203 static int validate_ie_attr(const struct nlattr *attr,
204 			    struct netlink_ext_ack *extack)
205 {
206 	const u8 *data = nla_data(attr);
207 	unsigned int len = nla_len(attr);
208 	const struct element *elem;
209 
210 	for_each_element(elem, data, len) {
211 		/* nothing */
212 	}
213 
214 	if (for_each_element_completed(elem, data, len))
215 		return 0;
216 
217 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
218 	return -EINVAL;
219 }
220 
221 /* policy for the attributes */
222 static const struct nla_policy
223 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
224 	[NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
225 	[NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
226 					.len = U8_MAX },
227 	[NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
228 					     .len = U8_MAX },
229 };
230 
231 static const struct nla_policy
232 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
233 	[NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
234 	[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
235 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
236 		NLA_POLICY_MAX(NLA_U8, 15),
237 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
238 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
239 		NLA_POLICY_MAX(NLA_U8, 15),
240 	[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
241 		NLA_POLICY_MAX(NLA_U8, 31),
242 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
243 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
244 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
245 };
246 
247 static const struct nla_policy
248 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
249 	[NL80211_PMSR_TYPE_FTM] =
250 		NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
251 };
252 
253 static const struct nla_policy
254 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
255 	[NL80211_PMSR_REQ_ATTR_DATA] =
256 		NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
257 	[NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
258 };
259 
260 static const struct nla_policy
261 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
262 	[NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
263 	/*
264 	 * we could specify this again to be the top-level policy,
265 	 * but that would open us up to recursion problems ...
266 	 */
267 	[NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
268 	[NL80211_PMSR_PEER_ATTR_REQ] =
269 		NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
270 	[NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
271 };
272 
273 static const struct nla_policy
274 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
275 	[NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
276 	[NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
277 	[NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
278 	[NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
279 	[NL80211_PMSR_ATTR_PEERS] =
280 		NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
281 };
282 
283 const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
284 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
285 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
286 				      .len = 20-1 },
287 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
288 
289 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
290 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
291 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
292 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
293 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
294 
295 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
296 	[NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
297 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
298 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
299 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
300 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
301 
302 	[NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
303 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
304 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
305 
306 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
307 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
308 
309 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
310 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
311 				    .len = WLAN_MAX_KEY_LEN },
312 	[NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 5),
313 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
314 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
315 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
316 	[NL80211_ATTR_KEY_TYPE] =
317 		NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
318 
319 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
320 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
321 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
322 				       .len = IEEE80211_MAX_DATA_LEN },
323 	[NL80211_ATTR_BEACON_TAIL] =
324 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
325 				       IEEE80211_MAX_DATA_LEN),
326 	[NL80211_ATTR_STA_AID] =
327 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
328 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
329 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
330 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
331 					       .len = NL80211_MAX_SUPP_RATES },
332 	[NL80211_ATTR_STA_PLINK_ACTION] =
333 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
334 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
335 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
336 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
337 				   .len = IEEE80211_MAX_MESH_ID_LEN },
338 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
339 
340 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
341 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
342 
343 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
344 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
345 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
346 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
347 					   .len = NL80211_MAX_SUPP_RATES },
348 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
349 
350 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
351 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
352 
353 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
354 
355 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
356 	[NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
357 						   validate_ie_attr,
358 						   IEEE80211_MAX_DATA_LEN),
359 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
360 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
361 
362 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
363 				.len = IEEE80211_MAX_SSID_LEN },
364 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
365 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
366 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
367 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
368 	[NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
369 						  NL80211_MFP_NO,
370 						  NL80211_MFP_OPTIONAL),
371 	[NL80211_ATTR_STA_FLAGS2] = {
372 		.len = sizeof(struct nl80211_sta_flag_update),
373 	},
374 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
375 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
376 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
377 	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
378 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
379 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
380 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
381 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
382 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
383 	[NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
384 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
385 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
386 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
387 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
388 				 .len = IEEE80211_MAX_DATA_LEN },
389 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
390 	[NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
391 						   NL80211_PS_DISABLED,
392 						   NL80211_PS_ENABLED),
393 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
394 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
395 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
396 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
397 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
398 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
399 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
400 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
401 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
402 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
403 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
404 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
405 	[NL80211_ATTR_STA_PLINK_STATE] =
406 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
407 	[NL80211_ATTR_MESH_PEER_AID] =
408 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
409 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
410 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
411 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
412 	[NL80211_ATTR_HIDDEN_SSID] =
413 		NLA_POLICY_RANGE(NLA_U32,
414 				 NL80211_HIDDEN_SSID_NOT_IN_USE,
415 				 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
416 	[NL80211_ATTR_IE_PROBE_RESP] =
417 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
418 				       IEEE80211_MAX_DATA_LEN),
419 	[NL80211_ATTR_IE_ASSOC_RESP] =
420 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
421 				       IEEE80211_MAX_DATA_LEN),
422 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
423 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
424 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
425 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
426 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
427 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
428 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
429 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
430 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
431 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
432 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
433 				      .len = IEEE80211_MAX_DATA_LEN },
434 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
435 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
436 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
437 		.len = NL80211_HT_CAPABILITY_LEN
438 	},
439 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
440 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
441 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
442 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
443 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
444 	[NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
445 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
446 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
447 	[NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
448 	[NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
449 	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
450 		NLA_POLICY_RANGE(NLA_U32,
451 				 NL80211_MESH_POWER_UNKNOWN + 1,
452 				 NL80211_MESH_POWER_MAX),
453 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
454 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
455 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
456 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
457 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
458 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
459 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
460 		.len = NL80211_VHT_CAPABILITY_LEN,
461 	},
462 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
463 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
464 				  .len = IEEE80211_MAX_DATA_LEN },
465 	[NL80211_ATTR_PEER_AID] =
466 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
467 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
468 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
469 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
470 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
471 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
472 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
473 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
474 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
475 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
476 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
477 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
478 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
479 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
480 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
481 	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
482 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
483 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
484 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
485 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
486 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
487 	[NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
488 	[NL80211_ATTR_USER_PRIO] =
489 		NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
490 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
491 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
492 	[NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
493 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
494 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
495 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
496 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
497 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
498 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
499 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] =
500 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
501 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
502 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
503 	},
504 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
505 	[NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
506 	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
507 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
508 	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
509 				    .len = FILS_MAX_KEK_LEN },
510 	[NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
511 	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
512 	[NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
513 	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
514 	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
515 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
516 	},
517 	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
518 	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
519 					     .len = FILS_ERP_MAX_USERNAME_LEN },
520 	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
521 					  .len = FILS_ERP_MAX_REALM_LEN },
522 	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
523 	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
524 					.len = FILS_ERP_MAX_RRK_LEN },
525 	[NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
526 	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
527 	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
528 	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
529 
530 	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
531 	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
532 	[NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
533 	[NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
534 					 .len = NL80211_HE_MAX_CAPABILITY_LEN },
535 
536 	[NL80211_ATTR_FTM_RESPONDER] = {
537 		.type = NLA_NESTED,
538 		.validation_data = nl80211_ftm_responder_policy,
539 	},
540 	[NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
541 	[NL80211_ATTR_PEER_MEASUREMENTS] =
542 		NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
543 	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
544 };
545 
546 /* policy for the key attributes */
547 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
548 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
549 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
550 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
551 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
552 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
553 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
554 	[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
555 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
556 };
557 
558 /* policy for the key default flags */
559 static const struct nla_policy
560 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
561 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
562 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
563 };
564 
565 #ifdef CONFIG_PM
566 /* policy for WoWLAN attributes */
567 static const struct nla_policy
568 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
569 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
570 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
571 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
572 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
573 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
574 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
575 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
576 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
577 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
578 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
579 };
580 
581 static const struct nla_policy
582 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
583 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
584 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
585 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
586 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
587 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
588 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
589 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
590 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
591 	},
592 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
593 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
594 	},
595 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
596 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
597 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
598 };
599 #endif /* CONFIG_PM */
600 
601 /* policy for coalesce rule attributes */
602 static const struct nla_policy
603 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
604 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
605 	[NL80211_ATTR_COALESCE_RULE_CONDITION] =
606 		NLA_POLICY_RANGE(NLA_U32,
607 				 NL80211_COALESCE_CONDITION_MATCH,
608 				 NL80211_COALESCE_CONDITION_NO_MATCH),
609 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
610 };
611 
612 /* policy for GTK rekey offload attributes */
613 static const struct nla_policy
614 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
615 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
616 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
617 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
618 };
619 
620 static const struct nla_policy
621 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
622 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
623 						 .len = IEEE80211_MAX_SSID_LEN },
624 	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
625 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
626 };
627 
628 static const struct nla_policy
629 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
630 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
631 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
632 };
633 
634 static const struct nla_policy
635 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
636 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
637 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
638 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
639 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
640 	},
641 };
642 
643 /* policy for NAN function attributes */
644 static const struct nla_policy
645 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
646 	[NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
647 	[NL80211_NAN_FUNC_SERVICE_ID] = {
648 				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
649 	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
650 	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
651 	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
652 	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
653 	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
654 	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
655 	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
656 	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
657 	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
658 			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
659 	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
660 	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
661 	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
662 	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
663 	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
664 };
665 
666 /* policy for Service Response Filter attributes */
667 static const struct nla_policy
668 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
669 	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
670 	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
671 				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
672 	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
673 	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
674 };
675 
676 /* policy for packet pattern attributes */
677 static const struct nla_policy
678 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
679 	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
680 	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
681 	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
682 };
683 
684 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
685 			      struct cfg80211_registered_device **rdev,
686 			      struct wireless_dev **wdev)
687 {
688 	int err;
689 
690 	if (!cb->args[0]) {
691 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
692 				  genl_family_attrbuf(&nl80211_fam),
693 				  nl80211_fam.maxattr, nl80211_policy, NULL);
694 		if (err)
695 			return err;
696 
697 		*wdev = __cfg80211_wdev_from_attrs(
698 					sock_net(cb->skb->sk),
699 					genl_family_attrbuf(&nl80211_fam));
700 		if (IS_ERR(*wdev))
701 			return PTR_ERR(*wdev);
702 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
703 		/* 0 is the first index - add 1 to parse only once */
704 		cb->args[0] = (*rdev)->wiphy_idx + 1;
705 		cb->args[1] = (*wdev)->identifier;
706 	} else {
707 		/* subtract the 1 again here */
708 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
709 		struct wireless_dev *tmp;
710 
711 		if (!wiphy)
712 			return -ENODEV;
713 		*rdev = wiphy_to_rdev(wiphy);
714 		*wdev = NULL;
715 
716 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
717 			if (tmp->identifier == cb->args[1]) {
718 				*wdev = tmp;
719 				break;
720 			}
721 		}
722 
723 		if (!*wdev)
724 			return -ENODEV;
725 	}
726 
727 	return 0;
728 }
729 
730 /* message building helper */
731 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
732 		     int flags, u8 cmd)
733 {
734 	/* since there is no private header just add the generic one */
735 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
736 }
737 
738 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
739 				     const struct ieee80211_reg_rule *rule)
740 {
741 	int j;
742 	struct nlattr *nl_wmm_rules =
743 		nla_nest_start(msg, NL80211_FREQUENCY_ATTR_WMM);
744 
745 	if (!nl_wmm_rules)
746 		goto nla_put_failure;
747 
748 	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
749 		struct nlattr *nl_wmm_rule = nla_nest_start(msg, j);
750 
751 		if (!nl_wmm_rule)
752 			goto nla_put_failure;
753 
754 		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
755 				rule->wmm_rule.client[j].cw_min) ||
756 		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,
757 				rule->wmm_rule.client[j].cw_max) ||
758 		    nla_put_u8(msg, NL80211_WMMR_AIFSN,
759 			       rule->wmm_rule.client[j].aifsn) ||
760 		    nla_put_u16(msg, NL80211_WMMR_TXOP,
761 			        rule->wmm_rule.client[j].cot))
762 			goto nla_put_failure;
763 
764 		nla_nest_end(msg, nl_wmm_rule);
765 	}
766 	nla_nest_end(msg, nl_wmm_rules);
767 
768 	return 0;
769 
770 nla_put_failure:
771 	return -ENOBUFS;
772 }
773 
774 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
775 				   struct ieee80211_channel *chan,
776 				   bool large)
777 {
778 	/* Some channels must be completely excluded from the
779 	 * list to protect old user-space tools from breaking
780 	 */
781 	if (!large && chan->flags &
782 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
783 		return 0;
784 
785 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
786 			chan->center_freq))
787 		goto nla_put_failure;
788 
789 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
790 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
791 		goto nla_put_failure;
792 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
793 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
794 			goto nla_put_failure;
795 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
796 			goto nla_put_failure;
797 	}
798 	if (chan->flags & IEEE80211_CHAN_RADAR) {
799 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
800 			goto nla_put_failure;
801 		if (large) {
802 			u32 time;
803 
804 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
805 
806 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
807 					chan->dfs_state))
808 				goto nla_put_failure;
809 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
810 					time))
811 				goto nla_put_failure;
812 			if (nla_put_u32(msg,
813 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
814 					chan->dfs_cac_ms))
815 				goto nla_put_failure;
816 		}
817 	}
818 
819 	if (large) {
820 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
821 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
822 			goto nla_put_failure;
823 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
824 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
825 			goto nla_put_failure;
826 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
827 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
828 			goto nla_put_failure;
829 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
830 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
831 			goto nla_put_failure;
832 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
833 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
834 			goto nla_put_failure;
835 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
836 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
837 			goto nla_put_failure;
838 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
839 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
840 			goto nla_put_failure;
841 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
842 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
843 			goto nla_put_failure;
844 	}
845 
846 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
847 			DBM_TO_MBM(chan->max_power)))
848 		goto nla_put_failure;
849 
850 	if (large) {
851 		const struct ieee80211_reg_rule *rule =
852 			freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
853 
854 		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
855 			if (nl80211_msg_put_wmm_rules(msg, rule))
856 				goto nla_put_failure;
857 		}
858 	}
859 
860 	return 0;
861 
862  nla_put_failure:
863 	return -ENOBUFS;
864 }
865 
866 static bool nl80211_put_txq_stats(struct sk_buff *msg,
867 				  struct cfg80211_txq_stats *txqstats,
868 				  int attrtype)
869 {
870 	struct nlattr *txqattr;
871 
872 #define PUT_TXQVAL_U32(attr, memb) do {					  \
873 	if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&	  \
874 	    nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
875 		return false;						  \
876 	} while (0)
877 
878 	txqattr = nla_nest_start(msg, attrtype);
879 	if (!txqattr)
880 		return false;
881 
882 	PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
883 	PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
884 	PUT_TXQVAL_U32(FLOWS, flows);
885 	PUT_TXQVAL_U32(DROPS, drops);
886 	PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
887 	PUT_TXQVAL_U32(OVERLIMIT, overlimit);
888 	PUT_TXQVAL_U32(OVERMEMORY, overmemory);
889 	PUT_TXQVAL_U32(COLLISIONS, collisions);
890 	PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
891 	PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
892 	PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
893 	nla_nest_end(msg, txqattr);
894 
895 #undef PUT_TXQVAL_U32
896 	return true;
897 }
898 
899 /* netlink command implementations */
900 
901 struct key_parse {
902 	struct key_params p;
903 	int idx;
904 	int type;
905 	bool def, defmgmt;
906 	bool def_uni, def_multi;
907 };
908 
909 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
910 				 struct key_parse *k)
911 {
912 	struct nlattr *tb[NL80211_KEY_MAX + 1];
913 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
914 				   nl80211_key_policy, info->extack);
915 	if (err)
916 		return err;
917 
918 	k->def = !!tb[NL80211_KEY_DEFAULT];
919 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
920 
921 	if (k->def) {
922 		k->def_uni = true;
923 		k->def_multi = true;
924 	}
925 	if (k->defmgmt)
926 		k->def_multi = true;
927 
928 	if (tb[NL80211_KEY_IDX])
929 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
930 
931 	if (tb[NL80211_KEY_DATA]) {
932 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
933 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
934 	}
935 
936 	if (tb[NL80211_KEY_SEQ]) {
937 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
938 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
939 	}
940 
941 	if (tb[NL80211_KEY_CIPHER])
942 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
943 
944 	if (tb[NL80211_KEY_TYPE])
945 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
946 
947 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
948 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
949 
950 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
951 				       tb[NL80211_KEY_DEFAULT_TYPES],
952 				       nl80211_key_default_policy,
953 				       info->extack);
954 		if (err)
955 			return err;
956 
957 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
958 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
959 	}
960 
961 	return 0;
962 }
963 
964 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
965 {
966 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
967 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
968 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
969 	}
970 
971 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
972 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
973 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
974 	}
975 
976 	if (info->attrs[NL80211_ATTR_KEY_IDX])
977 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
978 
979 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
980 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
981 
982 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
983 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
984 
985 	if (k->def) {
986 		k->def_uni = true;
987 		k->def_multi = true;
988 	}
989 	if (k->defmgmt)
990 		k->def_multi = true;
991 
992 	if (info->attrs[NL80211_ATTR_KEY_TYPE])
993 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
994 
995 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
996 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
997 		int err = nla_parse_nested(kdt,
998 					   NUM_NL80211_KEY_DEFAULT_TYPES - 1,
999 					   info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1000 					   nl80211_key_default_policy,
1001 					   info->extack);
1002 		if (err)
1003 			return err;
1004 
1005 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1006 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1007 	}
1008 
1009 	return 0;
1010 }
1011 
1012 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1013 {
1014 	int err;
1015 
1016 	memset(k, 0, sizeof(*k));
1017 	k->idx = -1;
1018 	k->type = -1;
1019 
1020 	if (info->attrs[NL80211_ATTR_KEY])
1021 		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1022 	else
1023 		err = nl80211_parse_key_old(info, k);
1024 
1025 	if (err)
1026 		return err;
1027 
1028 	if (k->def && k->defmgmt) {
1029 		GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
1030 		return -EINVAL;
1031 	}
1032 
1033 	if (k->defmgmt) {
1034 		if (k->def_uni || !k->def_multi) {
1035 			GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
1036 			return -EINVAL;
1037 		}
1038 	}
1039 
1040 	if (k->idx != -1) {
1041 		if (k->defmgmt) {
1042 			if (k->idx < 4 || k->idx > 5) {
1043 				GENL_SET_ERR_MSG(info,
1044 						 "defmgmt key idx not 4 or 5");
1045 				return -EINVAL;
1046 			}
1047 		} else if (k->def) {
1048 			if (k->idx < 0 || k->idx > 3) {
1049 				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1050 				return -EINVAL;
1051 			}
1052 		} else {
1053 			if (k->idx < 0 || k->idx > 5) {
1054 				GENL_SET_ERR_MSG(info, "key idx not 0-5");
1055 				return -EINVAL;
1056 			}
1057 		}
1058 	}
1059 
1060 	return 0;
1061 }
1062 
1063 static struct cfg80211_cached_keys *
1064 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1065 		       struct genl_info *info, bool *no_ht)
1066 {
1067 	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1068 	struct key_parse parse;
1069 	struct nlattr *key;
1070 	struct cfg80211_cached_keys *result;
1071 	int rem, err, def = 0;
1072 	bool have_key = false;
1073 
1074 	nla_for_each_nested(key, keys, rem) {
1075 		have_key = true;
1076 		break;
1077 	}
1078 
1079 	if (!have_key)
1080 		return NULL;
1081 
1082 	result = kzalloc(sizeof(*result), GFP_KERNEL);
1083 	if (!result)
1084 		return ERR_PTR(-ENOMEM);
1085 
1086 	result->def = -1;
1087 
1088 	nla_for_each_nested(key, keys, rem) {
1089 		memset(&parse, 0, sizeof(parse));
1090 		parse.idx = -1;
1091 
1092 		err = nl80211_parse_key_new(info, key, &parse);
1093 		if (err)
1094 			goto error;
1095 		err = -EINVAL;
1096 		if (!parse.p.key)
1097 			goto error;
1098 		if (parse.idx < 0 || parse.idx > 3) {
1099 			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1100 			goto error;
1101 		}
1102 		if (parse.def) {
1103 			if (def) {
1104 				GENL_SET_ERR_MSG(info,
1105 						 "only one key can be default");
1106 				goto error;
1107 			}
1108 			def = 1;
1109 			result->def = parse.idx;
1110 			if (!parse.def_uni || !parse.def_multi)
1111 				goto error;
1112 		} else if (parse.defmgmt)
1113 			goto error;
1114 		err = cfg80211_validate_key_settings(rdev, &parse.p,
1115 						     parse.idx, false, NULL);
1116 		if (err)
1117 			goto error;
1118 		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1119 		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1120 			GENL_SET_ERR_MSG(info, "connect key must be WEP");
1121 			err = -EINVAL;
1122 			goto error;
1123 		}
1124 		result->params[parse.idx].cipher = parse.p.cipher;
1125 		result->params[parse.idx].key_len = parse.p.key_len;
1126 		result->params[parse.idx].key = result->data[parse.idx];
1127 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1128 
1129 		/* must be WEP key if we got here */
1130 		if (no_ht)
1131 			*no_ht = true;
1132 	}
1133 
1134 	if (result->def < 0) {
1135 		err = -EINVAL;
1136 		GENL_SET_ERR_MSG(info, "need a default/TX key");
1137 		goto error;
1138 	}
1139 
1140 	return result;
1141  error:
1142 	kfree(result);
1143 	return ERR_PTR(err);
1144 }
1145 
1146 static int nl80211_key_allowed(struct wireless_dev *wdev)
1147 {
1148 	ASSERT_WDEV_LOCK(wdev);
1149 
1150 	switch (wdev->iftype) {
1151 	case NL80211_IFTYPE_AP:
1152 	case NL80211_IFTYPE_AP_VLAN:
1153 	case NL80211_IFTYPE_P2P_GO:
1154 	case NL80211_IFTYPE_MESH_POINT:
1155 		break;
1156 	case NL80211_IFTYPE_ADHOC:
1157 	case NL80211_IFTYPE_STATION:
1158 	case NL80211_IFTYPE_P2P_CLIENT:
1159 		if (!wdev->current_bss)
1160 			return -ENOLINK;
1161 		break;
1162 	case NL80211_IFTYPE_UNSPECIFIED:
1163 	case NL80211_IFTYPE_OCB:
1164 	case NL80211_IFTYPE_MONITOR:
1165 	case NL80211_IFTYPE_NAN:
1166 	case NL80211_IFTYPE_P2P_DEVICE:
1167 	case NL80211_IFTYPE_WDS:
1168 	case NUM_NL80211_IFTYPES:
1169 		return -EINVAL;
1170 	}
1171 
1172 	return 0;
1173 }
1174 
1175 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1176 							struct nlattr *tb)
1177 {
1178 	struct ieee80211_channel *chan;
1179 
1180 	if (tb == NULL)
1181 		return NULL;
1182 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1183 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1184 		return NULL;
1185 	return chan;
1186 }
1187 
1188 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1189 {
1190 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
1191 	int i;
1192 
1193 	if (!nl_modes)
1194 		goto nla_put_failure;
1195 
1196 	i = 0;
1197 	while (ifmodes) {
1198 		if ((ifmodes & 1) && nla_put_flag(msg, i))
1199 			goto nla_put_failure;
1200 		ifmodes >>= 1;
1201 		i++;
1202 	}
1203 
1204 	nla_nest_end(msg, nl_modes);
1205 	return 0;
1206 
1207 nla_put_failure:
1208 	return -ENOBUFS;
1209 }
1210 
1211 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1212 					  struct sk_buff *msg,
1213 					  bool large)
1214 {
1215 	struct nlattr *nl_combis;
1216 	int i, j;
1217 
1218 	nl_combis = nla_nest_start(msg,
1219 				NL80211_ATTR_INTERFACE_COMBINATIONS);
1220 	if (!nl_combis)
1221 		goto nla_put_failure;
1222 
1223 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
1224 		const struct ieee80211_iface_combination *c;
1225 		struct nlattr *nl_combi, *nl_limits;
1226 
1227 		c = &wiphy->iface_combinations[i];
1228 
1229 		nl_combi = nla_nest_start(msg, i + 1);
1230 		if (!nl_combi)
1231 			goto nla_put_failure;
1232 
1233 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1234 		if (!nl_limits)
1235 			goto nla_put_failure;
1236 
1237 		for (j = 0; j < c->n_limits; j++) {
1238 			struct nlattr *nl_limit;
1239 
1240 			nl_limit = nla_nest_start(msg, j + 1);
1241 			if (!nl_limit)
1242 				goto nla_put_failure;
1243 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1244 					c->limits[j].max))
1245 				goto nla_put_failure;
1246 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1247 						c->limits[j].types))
1248 				goto nla_put_failure;
1249 			nla_nest_end(msg, nl_limit);
1250 		}
1251 
1252 		nla_nest_end(msg, nl_limits);
1253 
1254 		if (c->beacon_int_infra_match &&
1255 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1256 			goto nla_put_failure;
1257 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1258 				c->num_different_channels) ||
1259 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1260 				c->max_interfaces))
1261 			goto nla_put_failure;
1262 		if (large &&
1263 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1264 				c->radar_detect_widths) ||
1265 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1266 				c->radar_detect_regions)))
1267 			goto nla_put_failure;
1268 		if (c->beacon_int_min_gcd &&
1269 		    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1270 				c->beacon_int_min_gcd))
1271 			goto nla_put_failure;
1272 
1273 		nla_nest_end(msg, nl_combi);
1274 	}
1275 
1276 	nla_nest_end(msg, nl_combis);
1277 
1278 	return 0;
1279 nla_put_failure:
1280 	return -ENOBUFS;
1281 }
1282 
1283 #ifdef CONFIG_PM
1284 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1285 					struct sk_buff *msg)
1286 {
1287 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1288 	struct nlattr *nl_tcp;
1289 
1290 	if (!tcp)
1291 		return 0;
1292 
1293 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1294 	if (!nl_tcp)
1295 		return -ENOBUFS;
1296 
1297 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1298 			tcp->data_payload_max))
1299 		return -ENOBUFS;
1300 
1301 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1302 			tcp->data_payload_max))
1303 		return -ENOBUFS;
1304 
1305 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1306 		return -ENOBUFS;
1307 
1308 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1309 				sizeof(*tcp->tok), tcp->tok))
1310 		return -ENOBUFS;
1311 
1312 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1313 			tcp->data_interval_max))
1314 		return -ENOBUFS;
1315 
1316 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1317 			tcp->wake_payload_max))
1318 		return -ENOBUFS;
1319 
1320 	nla_nest_end(msg, nl_tcp);
1321 	return 0;
1322 }
1323 
1324 static int nl80211_send_wowlan(struct sk_buff *msg,
1325 			       struct cfg80211_registered_device *rdev,
1326 			       bool large)
1327 {
1328 	struct nlattr *nl_wowlan;
1329 
1330 	if (!rdev->wiphy.wowlan)
1331 		return 0;
1332 
1333 	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1334 	if (!nl_wowlan)
1335 		return -ENOBUFS;
1336 
1337 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1338 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1339 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1340 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1341 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1342 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1343 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1344 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1345 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1346 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1347 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1348 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1349 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1350 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1351 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1352 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1353 		return -ENOBUFS;
1354 
1355 	if (rdev->wiphy.wowlan->n_patterns) {
1356 		struct nl80211_pattern_support pat = {
1357 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1358 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1359 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1360 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1361 		};
1362 
1363 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1364 			    sizeof(pat), &pat))
1365 			return -ENOBUFS;
1366 	}
1367 
1368 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1369 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1370 			rdev->wiphy.wowlan->max_nd_match_sets))
1371 		return -ENOBUFS;
1372 
1373 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1374 		return -ENOBUFS;
1375 
1376 	nla_nest_end(msg, nl_wowlan);
1377 
1378 	return 0;
1379 }
1380 #endif
1381 
1382 static int nl80211_send_coalesce(struct sk_buff *msg,
1383 				 struct cfg80211_registered_device *rdev)
1384 {
1385 	struct nl80211_coalesce_rule_support rule;
1386 
1387 	if (!rdev->wiphy.coalesce)
1388 		return 0;
1389 
1390 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1391 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1392 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1393 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1394 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1395 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1396 
1397 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1398 		return -ENOBUFS;
1399 
1400 	return 0;
1401 }
1402 
1403 static int
1404 nl80211_send_iftype_data(struct sk_buff *msg,
1405 			 const struct ieee80211_sband_iftype_data *iftdata)
1406 {
1407 	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1408 
1409 	if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1410 				iftdata->types_mask))
1411 		return -ENOBUFS;
1412 
1413 	if (he_cap->has_he) {
1414 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1415 			    sizeof(he_cap->he_cap_elem.mac_cap_info),
1416 			    he_cap->he_cap_elem.mac_cap_info) ||
1417 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1418 			    sizeof(he_cap->he_cap_elem.phy_cap_info),
1419 			    he_cap->he_cap_elem.phy_cap_info) ||
1420 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1421 			    sizeof(he_cap->he_mcs_nss_supp),
1422 			    &he_cap->he_mcs_nss_supp) ||
1423 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1424 			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1425 			return -ENOBUFS;
1426 	}
1427 
1428 	return 0;
1429 }
1430 
1431 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1432 				      struct ieee80211_supported_band *sband)
1433 {
1434 	struct nlattr *nl_rates, *nl_rate;
1435 	struct ieee80211_rate *rate;
1436 	int i;
1437 
1438 	/* add HT info */
1439 	if (sband->ht_cap.ht_supported &&
1440 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1441 		     sizeof(sband->ht_cap.mcs),
1442 		     &sband->ht_cap.mcs) ||
1443 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1444 			 sband->ht_cap.cap) ||
1445 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1446 			sband->ht_cap.ampdu_factor) ||
1447 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1448 			sband->ht_cap.ampdu_density)))
1449 		return -ENOBUFS;
1450 
1451 	/* add VHT info */
1452 	if (sband->vht_cap.vht_supported &&
1453 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1454 		     sizeof(sband->vht_cap.vht_mcs),
1455 		     &sband->vht_cap.vht_mcs) ||
1456 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1457 			 sband->vht_cap.cap)))
1458 		return -ENOBUFS;
1459 
1460 	if (sband->n_iftype_data) {
1461 		struct nlattr *nl_iftype_data =
1462 			nla_nest_start(msg, NL80211_BAND_ATTR_IFTYPE_DATA);
1463 		int err;
1464 
1465 		if (!nl_iftype_data)
1466 			return -ENOBUFS;
1467 
1468 		for (i = 0; i < sband->n_iftype_data; i++) {
1469 			struct nlattr *iftdata;
1470 
1471 			iftdata = nla_nest_start(msg, i + 1);
1472 			if (!iftdata)
1473 				return -ENOBUFS;
1474 
1475 			err = nl80211_send_iftype_data(msg,
1476 						       &sband->iftype_data[i]);
1477 			if (err)
1478 				return err;
1479 
1480 			nla_nest_end(msg, iftdata);
1481 		}
1482 
1483 		nla_nest_end(msg, nl_iftype_data);
1484 	}
1485 
1486 	/* add bitrates */
1487 	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1488 	if (!nl_rates)
1489 		return -ENOBUFS;
1490 
1491 	for (i = 0; i < sband->n_bitrates; i++) {
1492 		nl_rate = nla_nest_start(msg, i);
1493 		if (!nl_rate)
1494 			return -ENOBUFS;
1495 
1496 		rate = &sband->bitrates[i];
1497 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1498 				rate->bitrate))
1499 			return -ENOBUFS;
1500 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1501 		    nla_put_flag(msg,
1502 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1503 			return -ENOBUFS;
1504 
1505 		nla_nest_end(msg, nl_rate);
1506 	}
1507 
1508 	nla_nest_end(msg, nl_rates);
1509 
1510 	return 0;
1511 }
1512 
1513 static int
1514 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1515 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1516 {
1517 	u16 stypes;
1518 	struct nlattr *nl_ftypes, *nl_ifs;
1519 	enum nl80211_iftype ift;
1520 	int i;
1521 
1522 	if (!mgmt_stypes)
1523 		return 0;
1524 
1525 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1526 	if (!nl_ifs)
1527 		return -ENOBUFS;
1528 
1529 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1530 		nl_ftypes = nla_nest_start(msg, ift);
1531 		if (!nl_ftypes)
1532 			return -ENOBUFS;
1533 		i = 0;
1534 		stypes = mgmt_stypes[ift].tx;
1535 		while (stypes) {
1536 			if ((stypes & 1) &&
1537 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1538 					(i << 4) | IEEE80211_FTYPE_MGMT))
1539 				return -ENOBUFS;
1540 			stypes >>= 1;
1541 			i++;
1542 		}
1543 		nla_nest_end(msg, nl_ftypes);
1544 	}
1545 
1546 	nla_nest_end(msg, nl_ifs);
1547 
1548 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1549 	if (!nl_ifs)
1550 		return -ENOBUFS;
1551 
1552 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1553 		nl_ftypes = nla_nest_start(msg, ift);
1554 		if (!nl_ftypes)
1555 			return -ENOBUFS;
1556 		i = 0;
1557 		stypes = mgmt_stypes[ift].rx;
1558 		while (stypes) {
1559 			if ((stypes & 1) &&
1560 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1561 					(i << 4) | IEEE80211_FTYPE_MGMT))
1562 				return -ENOBUFS;
1563 			stypes >>= 1;
1564 			i++;
1565 		}
1566 		nla_nest_end(msg, nl_ftypes);
1567 	}
1568 	nla_nest_end(msg, nl_ifs);
1569 
1570 	return 0;
1571 }
1572 
1573 #define CMD(op, n)							\
1574 	 do {								\
1575 		if (rdev->ops->op) {					\
1576 			i++;						\
1577 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
1578 				goto nla_put_failure;			\
1579 		}							\
1580 	} while (0)
1581 
1582 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1583 					struct sk_buff *msg)
1584 {
1585 	int i = 0;
1586 
1587 	/*
1588 	 * do *NOT* add anything into this function, new things need to be
1589 	 * advertised only to new versions of userspace that can deal with
1590 	 * the split (and they can't possibly care about new features...
1591 	 */
1592 	CMD(add_virtual_intf, NEW_INTERFACE);
1593 	CMD(change_virtual_intf, SET_INTERFACE);
1594 	CMD(add_key, NEW_KEY);
1595 	CMD(start_ap, START_AP);
1596 	CMD(add_station, NEW_STATION);
1597 	CMD(add_mpath, NEW_MPATH);
1598 	CMD(update_mesh_config, SET_MESH_CONFIG);
1599 	CMD(change_bss, SET_BSS);
1600 	CMD(auth, AUTHENTICATE);
1601 	CMD(assoc, ASSOCIATE);
1602 	CMD(deauth, DEAUTHENTICATE);
1603 	CMD(disassoc, DISASSOCIATE);
1604 	CMD(join_ibss, JOIN_IBSS);
1605 	CMD(join_mesh, JOIN_MESH);
1606 	CMD(set_pmksa, SET_PMKSA);
1607 	CMD(del_pmksa, DEL_PMKSA);
1608 	CMD(flush_pmksa, FLUSH_PMKSA);
1609 	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1610 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1611 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1612 	CMD(mgmt_tx, FRAME);
1613 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1614 	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1615 		i++;
1616 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1617 			goto nla_put_failure;
1618 	}
1619 	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1620 	    rdev->ops->join_mesh) {
1621 		i++;
1622 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1623 			goto nla_put_failure;
1624 	}
1625 	CMD(set_wds_peer, SET_WDS_PEER);
1626 	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1627 		CMD(tdls_mgmt, TDLS_MGMT);
1628 		CMD(tdls_oper, TDLS_OPER);
1629 	}
1630 	if (rdev->wiphy.max_sched_scan_reqs)
1631 		CMD(sched_scan_start, START_SCHED_SCAN);
1632 	CMD(probe_client, PROBE_CLIENT);
1633 	CMD(set_noack_map, SET_NOACK_MAP);
1634 	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1635 		i++;
1636 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1637 			goto nla_put_failure;
1638 	}
1639 	CMD(start_p2p_device, START_P2P_DEVICE);
1640 	CMD(set_mcast_rate, SET_MCAST_RATE);
1641 #ifdef CONFIG_NL80211_TESTMODE
1642 	CMD(testmode_cmd, TESTMODE);
1643 #endif
1644 
1645 	if (rdev->ops->connect || rdev->ops->auth) {
1646 		i++;
1647 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1648 			goto nla_put_failure;
1649 	}
1650 
1651 	if (rdev->ops->disconnect || rdev->ops->deauth) {
1652 		i++;
1653 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1654 			goto nla_put_failure;
1655 	}
1656 
1657 	return i;
1658  nla_put_failure:
1659 	return -ENOBUFS;
1660 }
1661 
1662 static int
1663 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1664 			   struct sk_buff *msg)
1665 {
1666 	struct nlattr *ftm;
1667 
1668 	if (!cap->ftm.supported)
1669 		return 0;
1670 
1671 	ftm = nla_nest_start(msg, NL80211_PMSR_TYPE_FTM);
1672 	if (!ftm)
1673 		return -ENOBUFS;
1674 
1675 	if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1676 		return -ENOBUFS;
1677 	if (cap->ftm.non_asap &&
1678 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1679 		return -ENOBUFS;
1680 	if (cap->ftm.request_lci &&
1681 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1682 		return -ENOBUFS;
1683 	if (cap->ftm.request_civicloc &&
1684 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1685 		return -ENOBUFS;
1686 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1687 			cap->ftm.preambles))
1688 		return -ENOBUFS;
1689 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1690 			cap->ftm.bandwidths))
1691 		return -ENOBUFS;
1692 	if (cap->ftm.max_bursts_exponent >= 0 &&
1693 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1694 			cap->ftm.max_bursts_exponent))
1695 		return -ENOBUFS;
1696 	if (cap->ftm.max_ftms_per_burst &&
1697 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1698 			cap->ftm.max_ftms_per_burst))
1699 		return -ENOBUFS;
1700 
1701 	nla_nest_end(msg, ftm);
1702 	return 0;
1703 }
1704 
1705 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1706 				  struct sk_buff *msg)
1707 {
1708 	const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1709 	struct nlattr *pmsr, *caps;
1710 
1711 	if (!cap)
1712 		return 0;
1713 
1714 	/*
1715 	 * we don't need to clean up anything here since the caller
1716 	 * will genlmsg_cancel() if we fail
1717 	 */
1718 
1719 	pmsr = nla_nest_start(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1720 	if (!pmsr)
1721 		return -ENOBUFS;
1722 
1723 	if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1724 		return -ENOBUFS;
1725 
1726 	if (cap->report_ap_tsf &&
1727 	    nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1728 		return -ENOBUFS;
1729 
1730 	if (cap->randomize_mac_addr &&
1731 	    nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1732 		return -ENOBUFS;
1733 
1734 	caps = nla_nest_start(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1735 	if (!caps)
1736 		return -ENOBUFS;
1737 
1738 	if (nl80211_send_pmsr_ftm_capa(cap, msg))
1739 		return -ENOBUFS;
1740 
1741 	nla_nest_end(msg, caps);
1742 	nla_nest_end(msg, pmsr);
1743 
1744 	return 0;
1745 }
1746 
1747 struct nl80211_dump_wiphy_state {
1748 	s64 filter_wiphy;
1749 	long start;
1750 	long split_start, band_start, chan_start, capa_start;
1751 	bool split;
1752 };
1753 
1754 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1755 			      enum nl80211_commands cmd,
1756 			      struct sk_buff *msg, u32 portid, u32 seq,
1757 			      int flags, struct nl80211_dump_wiphy_state *state)
1758 {
1759 	void *hdr;
1760 	struct nlattr *nl_bands, *nl_band;
1761 	struct nlattr *nl_freqs, *nl_freq;
1762 	struct nlattr *nl_cmds;
1763 	enum nl80211_band band;
1764 	struct ieee80211_channel *chan;
1765 	int i;
1766 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1767 				rdev->wiphy.mgmt_stypes;
1768 	u32 features;
1769 
1770 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1771 	if (!hdr)
1772 		return -ENOBUFS;
1773 
1774 	if (WARN_ON(!state))
1775 		return -EINVAL;
1776 
1777 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1778 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1779 			   wiphy_name(&rdev->wiphy)) ||
1780 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1781 			cfg80211_rdev_list_generation))
1782 		goto nla_put_failure;
1783 
1784 	if (cmd != NL80211_CMD_NEW_WIPHY)
1785 		goto finish;
1786 
1787 	switch (state->split_start) {
1788 	case 0:
1789 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1790 			       rdev->wiphy.retry_short) ||
1791 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1792 			       rdev->wiphy.retry_long) ||
1793 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1794 				rdev->wiphy.frag_threshold) ||
1795 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1796 				rdev->wiphy.rts_threshold) ||
1797 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1798 			       rdev->wiphy.coverage_class) ||
1799 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1800 			       rdev->wiphy.max_scan_ssids) ||
1801 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1802 			       rdev->wiphy.max_sched_scan_ssids) ||
1803 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1804 				rdev->wiphy.max_scan_ie_len) ||
1805 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1806 				rdev->wiphy.max_sched_scan_ie_len) ||
1807 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1808 			       rdev->wiphy.max_match_sets) ||
1809 		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1810 				rdev->wiphy.max_sched_scan_plans) ||
1811 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1812 				rdev->wiphy.max_sched_scan_plan_interval) ||
1813 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1814 				rdev->wiphy.max_sched_scan_plan_iterations))
1815 			goto nla_put_failure;
1816 
1817 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1818 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1819 			goto nla_put_failure;
1820 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1821 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1822 			goto nla_put_failure;
1823 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1824 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1825 			goto nla_put_failure;
1826 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1827 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1828 			goto nla_put_failure;
1829 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1830 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1831 			goto nla_put_failure;
1832 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1833 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1834 			goto nla_put_failure;
1835 		state->split_start++;
1836 		if (state->split)
1837 			break;
1838 		/* fall through */
1839 	case 1:
1840 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1841 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1842 			    rdev->wiphy.cipher_suites))
1843 			goto nla_put_failure;
1844 
1845 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1846 			       rdev->wiphy.max_num_pmkids))
1847 			goto nla_put_failure;
1848 
1849 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1850 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1851 			goto nla_put_failure;
1852 
1853 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1854 				rdev->wiphy.available_antennas_tx) ||
1855 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1856 				rdev->wiphy.available_antennas_rx))
1857 			goto nla_put_failure;
1858 
1859 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1860 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1861 				rdev->wiphy.probe_resp_offload))
1862 			goto nla_put_failure;
1863 
1864 		if ((rdev->wiphy.available_antennas_tx ||
1865 		     rdev->wiphy.available_antennas_rx) &&
1866 		    rdev->ops->get_antenna) {
1867 			u32 tx_ant = 0, rx_ant = 0;
1868 			int res;
1869 
1870 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1871 			if (!res) {
1872 				if (nla_put_u32(msg,
1873 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1874 						tx_ant) ||
1875 				    nla_put_u32(msg,
1876 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1877 						rx_ant))
1878 					goto nla_put_failure;
1879 			}
1880 		}
1881 
1882 		state->split_start++;
1883 		if (state->split)
1884 			break;
1885 		/* fall through */
1886 	case 2:
1887 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1888 					rdev->wiphy.interface_modes))
1889 				goto nla_put_failure;
1890 		state->split_start++;
1891 		if (state->split)
1892 			break;
1893 		/* fall through */
1894 	case 3:
1895 		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1896 		if (!nl_bands)
1897 			goto nla_put_failure;
1898 
1899 		for (band = state->band_start;
1900 		     band < NUM_NL80211_BANDS; band++) {
1901 			struct ieee80211_supported_band *sband;
1902 
1903 			sband = rdev->wiphy.bands[band];
1904 
1905 			if (!sband)
1906 				continue;
1907 
1908 			nl_band = nla_nest_start(msg, band);
1909 			if (!nl_band)
1910 				goto nla_put_failure;
1911 
1912 			switch (state->chan_start) {
1913 			case 0:
1914 				if (nl80211_send_band_rateinfo(msg, sband))
1915 					goto nla_put_failure;
1916 				state->chan_start++;
1917 				if (state->split)
1918 					break;
1919 				/* fall through */
1920 			default:
1921 				/* add frequencies */
1922 				nl_freqs = nla_nest_start(
1923 					msg, NL80211_BAND_ATTR_FREQS);
1924 				if (!nl_freqs)
1925 					goto nla_put_failure;
1926 
1927 				for (i = state->chan_start - 1;
1928 				     i < sband->n_channels;
1929 				     i++) {
1930 					nl_freq = nla_nest_start(msg, i);
1931 					if (!nl_freq)
1932 						goto nla_put_failure;
1933 
1934 					chan = &sband->channels[i];
1935 
1936 					if (nl80211_msg_put_channel(
1937 							msg, &rdev->wiphy, chan,
1938 							state->split))
1939 						goto nla_put_failure;
1940 
1941 					nla_nest_end(msg, nl_freq);
1942 					if (state->split)
1943 						break;
1944 				}
1945 				if (i < sband->n_channels)
1946 					state->chan_start = i + 2;
1947 				else
1948 					state->chan_start = 0;
1949 				nla_nest_end(msg, nl_freqs);
1950 			}
1951 
1952 			nla_nest_end(msg, nl_band);
1953 
1954 			if (state->split) {
1955 				/* start again here */
1956 				if (state->chan_start)
1957 					band--;
1958 				break;
1959 			}
1960 		}
1961 		nla_nest_end(msg, nl_bands);
1962 
1963 		if (band < NUM_NL80211_BANDS)
1964 			state->band_start = band + 1;
1965 		else
1966 			state->band_start = 0;
1967 
1968 		/* if bands & channels are done, continue outside */
1969 		if (state->band_start == 0 && state->chan_start == 0)
1970 			state->split_start++;
1971 		if (state->split)
1972 			break;
1973 		/* fall through */
1974 	case 4:
1975 		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1976 		if (!nl_cmds)
1977 			goto nla_put_failure;
1978 
1979 		i = nl80211_add_commands_unsplit(rdev, msg);
1980 		if (i < 0)
1981 			goto nla_put_failure;
1982 		if (state->split) {
1983 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1984 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1985 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1986 				CMD(channel_switch, CHANNEL_SWITCH);
1987 			CMD(set_qos_map, SET_QOS_MAP);
1988 			if (rdev->wiphy.features &
1989 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1990 				CMD(add_tx_ts, ADD_TX_TS);
1991 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1992 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1993 		}
1994 #undef CMD
1995 
1996 		nla_nest_end(msg, nl_cmds);
1997 		state->split_start++;
1998 		if (state->split)
1999 			break;
2000 		/* fall through */
2001 	case 5:
2002 		if (rdev->ops->remain_on_channel &&
2003 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2004 		    nla_put_u32(msg,
2005 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2006 				rdev->wiphy.max_remain_on_channel_duration))
2007 			goto nla_put_failure;
2008 
2009 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2010 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2011 			goto nla_put_failure;
2012 
2013 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2014 			goto nla_put_failure;
2015 		state->split_start++;
2016 		if (state->split)
2017 			break;
2018 		/* fall through */
2019 	case 6:
2020 #ifdef CONFIG_PM
2021 		if (nl80211_send_wowlan(msg, rdev, state->split))
2022 			goto nla_put_failure;
2023 		state->split_start++;
2024 		if (state->split)
2025 			break;
2026 #else
2027 		state->split_start++;
2028 #endif
2029 		/* fall through */
2030 	case 7:
2031 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2032 					rdev->wiphy.software_iftypes))
2033 			goto nla_put_failure;
2034 
2035 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2036 						   state->split))
2037 			goto nla_put_failure;
2038 
2039 		state->split_start++;
2040 		if (state->split)
2041 			break;
2042 		/* fall through */
2043 	case 8:
2044 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2045 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2046 				rdev->wiphy.ap_sme_capa))
2047 			goto nla_put_failure;
2048 
2049 		features = rdev->wiphy.features;
2050 		/*
2051 		 * We can only add the per-channel limit information if the
2052 		 * dump is split, otherwise it makes it too big. Therefore
2053 		 * only advertise it in that case.
2054 		 */
2055 		if (state->split)
2056 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2057 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2058 			goto nla_put_failure;
2059 
2060 		if (rdev->wiphy.ht_capa_mod_mask &&
2061 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2062 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
2063 			    rdev->wiphy.ht_capa_mod_mask))
2064 			goto nla_put_failure;
2065 
2066 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2067 		    rdev->wiphy.max_acl_mac_addrs &&
2068 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2069 				rdev->wiphy.max_acl_mac_addrs))
2070 			goto nla_put_failure;
2071 
2072 		/*
2073 		 * Any information below this point is only available to
2074 		 * applications that can deal with it being split. This
2075 		 * helps ensure that newly added capabilities don't break
2076 		 * older tools by overrunning their buffers.
2077 		 *
2078 		 * We still increment split_start so that in the split
2079 		 * case we'll continue with more data in the next round,
2080 		 * but break unconditionally so unsplit data stops here.
2081 		 */
2082 		state->split_start++;
2083 		break;
2084 	case 9:
2085 		if (rdev->wiphy.extended_capabilities &&
2086 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2087 			     rdev->wiphy.extended_capabilities_len,
2088 			     rdev->wiphy.extended_capabilities) ||
2089 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2090 			     rdev->wiphy.extended_capabilities_len,
2091 			     rdev->wiphy.extended_capabilities_mask)))
2092 			goto nla_put_failure;
2093 
2094 		if (rdev->wiphy.vht_capa_mod_mask &&
2095 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2096 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
2097 			    rdev->wiphy.vht_capa_mod_mask))
2098 			goto nla_put_failure;
2099 
2100 		state->split_start++;
2101 		break;
2102 	case 10:
2103 		if (nl80211_send_coalesce(msg, rdev))
2104 			goto nla_put_failure;
2105 
2106 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2107 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2108 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2109 			goto nla_put_failure;
2110 
2111 		if (rdev->wiphy.max_ap_assoc_sta &&
2112 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2113 				rdev->wiphy.max_ap_assoc_sta))
2114 			goto nla_put_failure;
2115 
2116 		state->split_start++;
2117 		break;
2118 	case 11:
2119 		if (rdev->wiphy.n_vendor_commands) {
2120 			const struct nl80211_vendor_cmd_info *info;
2121 			struct nlattr *nested;
2122 
2123 			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
2124 			if (!nested)
2125 				goto nla_put_failure;
2126 
2127 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2128 				info = &rdev->wiphy.vendor_commands[i].info;
2129 				if (nla_put(msg, i + 1, sizeof(*info), info))
2130 					goto nla_put_failure;
2131 			}
2132 			nla_nest_end(msg, nested);
2133 		}
2134 
2135 		if (rdev->wiphy.n_vendor_events) {
2136 			const struct nl80211_vendor_cmd_info *info;
2137 			struct nlattr *nested;
2138 
2139 			nested = nla_nest_start(msg,
2140 						NL80211_ATTR_VENDOR_EVENTS);
2141 			if (!nested)
2142 				goto nla_put_failure;
2143 
2144 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2145 				info = &rdev->wiphy.vendor_events[i];
2146 				if (nla_put(msg, i + 1, sizeof(*info), info))
2147 					goto nla_put_failure;
2148 			}
2149 			nla_nest_end(msg, nested);
2150 		}
2151 		state->split_start++;
2152 		break;
2153 	case 12:
2154 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2155 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2156 			       rdev->wiphy.max_num_csa_counters))
2157 			goto nla_put_failure;
2158 
2159 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2160 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2161 			goto nla_put_failure;
2162 
2163 		if (rdev->wiphy.max_sched_scan_reqs &&
2164 		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2165 				rdev->wiphy.max_sched_scan_reqs))
2166 			goto nla_put_failure;
2167 
2168 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2169 			    sizeof(rdev->wiphy.ext_features),
2170 			    rdev->wiphy.ext_features))
2171 			goto nla_put_failure;
2172 
2173 		if (rdev->wiphy.bss_select_support) {
2174 			struct nlattr *nested;
2175 			u32 bss_select_support = rdev->wiphy.bss_select_support;
2176 
2177 			nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
2178 			if (!nested)
2179 				goto nla_put_failure;
2180 
2181 			i = 0;
2182 			while (bss_select_support) {
2183 				if ((bss_select_support & 1) &&
2184 				    nla_put_flag(msg, i))
2185 					goto nla_put_failure;
2186 				i++;
2187 				bss_select_support >>= 1;
2188 			}
2189 			nla_nest_end(msg, nested);
2190 		}
2191 
2192 		state->split_start++;
2193 		break;
2194 	case 13:
2195 		if (rdev->wiphy.num_iftype_ext_capab &&
2196 		    rdev->wiphy.iftype_ext_capab) {
2197 			struct nlattr *nested_ext_capab, *nested;
2198 
2199 			nested = nla_nest_start(msg,
2200 						NL80211_ATTR_IFTYPE_EXT_CAPA);
2201 			if (!nested)
2202 				goto nla_put_failure;
2203 
2204 			for (i = state->capa_start;
2205 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
2206 				const struct wiphy_iftype_ext_capab *capab;
2207 
2208 				capab = &rdev->wiphy.iftype_ext_capab[i];
2209 
2210 				nested_ext_capab = nla_nest_start(msg, i);
2211 				if (!nested_ext_capab ||
2212 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2213 						capab->iftype) ||
2214 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
2215 					    capab->extended_capabilities_len,
2216 					    capab->extended_capabilities) ||
2217 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2218 					    capab->extended_capabilities_len,
2219 					    capab->extended_capabilities_mask))
2220 					goto nla_put_failure;
2221 
2222 				nla_nest_end(msg, nested_ext_capab);
2223 				if (state->split)
2224 					break;
2225 			}
2226 			nla_nest_end(msg, nested);
2227 			if (i < rdev->wiphy.num_iftype_ext_capab) {
2228 				state->capa_start = i + 1;
2229 				break;
2230 			}
2231 		}
2232 
2233 		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2234 				rdev->wiphy.nan_supported_bands))
2235 			goto nla_put_failure;
2236 
2237 		if (wiphy_ext_feature_isset(&rdev->wiphy,
2238 					    NL80211_EXT_FEATURE_TXQS)) {
2239 			struct cfg80211_txq_stats txqstats = {};
2240 			int res;
2241 
2242 			res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2243 			if (!res &&
2244 			    !nl80211_put_txq_stats(msg, &txqstats,
2245 						   NL80211_ATTR_TXQ_STATS))
2246 				goto nla_put_failure;
2247 
2248 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2249 					rdev->wiphy.txq_limit))
2250 				goto nla_put_failure;
2251 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2252 					rdev->wiphy.txq_memory_limit))
2253 				goto nla_put_failure;
2254 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2255 					rdev->wiphy.txq_quantum))
2256 				goto nla_put_failure;
2257 		}
2258 
2259 		state->split_start++;
2260 		break;
2261 	case 14:
2262 		if (nl80211_send_pmsr_capa(rdev, msg))
2263 			goto nla_put_failure;
2264 
2265 		state->split_start++;
2266 		break;
2267 	case 15:
2268 		if (rdev->wiphy.akm_suites &&
2269 		    nla_put(msg, NL80211_ATTR_AKM_SUITES,
2270 			    sizeof(u32) * rdev->wiphy.n_akm_suites,
2271 			    rdev->wiphy.akm_suites))
2272 			goto nla_put_failure;
2273 
2274 		/* done */
2275 		state->split_start = 0;
2276 		break;
2277 	}
2278  finish:
2279 	genlmsg_end(msg, hdr);
2280 	return 0;
2281 
2282  nla_put_failure:
2283 	genlmsg_cancel(msg, hdr);
2284 	return -EMSGSIZE;
2285 }
2286 
2287 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2288 				    struct netlink_callback *cb,
2289 				    struct nl80211_dump_wiphy_state *state)
2290 {
2291 	struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
2292 	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
2293 			      nl80211_fam.maxattr, nl80211_policy, NULL);
2294 	/* ignore parse errors for backward compatibility */
2295 	if (ret)
2296 		return 0;
2297 
2298 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2299 	if (tb[NL80211_ATTR_WIPHY])
2300 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2301 	if (tb[NL80211_ATTR_WDEV])
2302 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2303 	if (tb[NL80211_ATTR_IFINDEX]) {
2304 		struct net_device *netdev;
2305 		struct cfg80211_registered_device *rdev;
2306 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2307 
2308 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2309 		if (!netdev)
2310 			return -ENODEV;
2311 		if (netdev->ieee80211_ptr) {
2312 			rdev = wiphy_to_rdev(
2313 				netdev->ieee80211_ptr->wiphy);
2314 			state->filter_wiphy = rdev->wiphy_idx;
2315 		}
2316 	}
2317 
2318 	return 0;
2319 }
2320 
2321 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2322 {
2323 	int idx = 0, ret;
2324 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2325 	struct cfg80211_registered_device *rdev;
2326 
2327 	rtnl_lock();
2328 	if (!state) {
2329 		state = kzalloc(sizeof(*state), GFP_KERNEL);
2330 		if (!state) {
2331 			rtnl_unlock();
2332 			return -ENOMEM;
2333 		}
2334 		state->filter_wiphy = -1;
2335 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
2336 		if (ret) {
2337 			kfree(state);
2338 			rtnl_unlock();
2339 			return ret;
2340 		}
2341 		cb->args[0] = (long)state;
2342 	}
2343 
2344 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2345 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2346 			continue;
2347 		if (++idx <= state->start)
2348 			continue;
2349 		if (state->filter_wiphy != -1 &&
2350 		    state->filter_wiphy != rdev->wiphy_idx)
2351 			continue;
2352 		/* attempt to fit multiple wiphy data chunks into the skb */
2353 		do {
2354 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2355 						 skb,
2356 						 NETLINK_CB(cb->skb).portid,
2357 						 cb->nlh->nlmsg_seq,
2358 						 NLM_F_MULTI, state);
2359 			if (ret < 0) {
2360 				/*
2361 				 * If sending the wiphy data didn't fit (ENOBUFS
2362 				 * or EMSGSIZE returned), this SKB is still
2363 				 * empty (so it's not too big because another
2364 				 * wiphy dataset is already in the skb) and
2365 				 * we've not tried to adjust the dump allocation
2366 				 * yet ... then adjust the alloc size to be
2367 				 * bigger, and return 1 but with the empty skb.
2368 				 * This results in an empty message being RX'ed
2369 				 * in userspace, but that is ignored.
2370 				 *
2371 				 * We can then retry with the larger buffer.
2372 				 */
2373 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2374 				    !skb->len && !state->split &&
2375 				    cb->min_dump_alloc < 4096) {
2376 					cb->min_dump_alloc = 4096;
2377 					state->split_start = 0;
2378 					rtnl_unlock();
2379 					return 1;
2380 				}
2381 				idx--;
2382 				break;
2383 			}
2384 		} while (state->split_start > 0);
2385 		break;
2386 	}
2387 	rtnl_unlock();
2388 
2389 	state->start = idx;
2390 
2391 	return skb->len;
2392 }
2393 
2394 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2395 {
2396 	kfree((void *)cb->args[0]);
2397 	return 0;
2398 }
2399 
2400 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2401 {
2402 	struct sk_buff *msg;
2403 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2404 	struct nl80211_dump_wiphy_state state = {};
2405 
2406 	msg = nlmsg_new(4096, GFP_KERNEL);
2407 	if (!msg)
2408 		return -ENOMEM;
2409 
2410 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2411 			       info->snd_portid, info->snd_seq, 0,
2412 			       &state) < 0) {
2413 		nlmsg_free(msg);
2414 		return -ENOBUFS;
2415 	}
2416 
2417 	return genlmsg_reply(msg, info);
2418 }
2419 
2420 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2421 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
2422 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
2423 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
2424 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
2425 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
2426 };
2427 
2428 static int parse_txq_params(struct nlattr *tb[],
2429 			    struct ieee80211_txq_params *txq_params)
2430 {
2431 	u8 ac;
2432 
2433 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2434 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2435 	    !tb[NL80211_TXQ_ATTR_AIFS])
2436 		return -EINVAL;
2437 
2438 	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2439 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2440 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2441 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2442 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2443 
2444 	if (ac >= NL80211_NUM_ACS)
2445 		return -EINVAL;
2446 	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2447 	return 0;
2448 }
2449 
2450 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2451 {
2452 	/*
2453 	 * You can only set the channel explicitly for WDS interfaces,
2454 	 * all others have their channel managed via their respective
2455 	 * "establish a connection" command (connect, join, ...)
2456 	 *
2457 	 * For AP/GO and mesh mode, the channel can be set with the
2458 	 * channel userspace API, but is only stored and passed to the
2459 	 * low-level driver when the AP starts or the mesh is joined.
2460 	 * This is for backward compatibility, userspace can also give
2461 	 * the channel in the start-ap or join-mesh commands instead.
2462 	 *
2463 	 * Monitors are special as they are normally slaved to
2464 	 * whatever else is going on, so they have their own special
2465 	 * operation to set the monitor channel if possible.
2466 	 */
2467 	return !wdev ||
2468 		wdev->iftype == NL80211_IFTYPE_AP ||
2469 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2470 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
2471 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
2472 }
2473 
2474 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2475 			  struct genl_info *info,
2476 			  struct cfg80211_chan_def *chandef)
2477 {
2478 	struct netlink_ext_ack *extack = info->extack;
2479 	struct nlattr **attrs = info->attrs;
2480 	u32 control_freq;
2481 
2482 	if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2483 		return -EINVAL;
2484 
2485 	control_freq = nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]);
2486 
2487 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2488 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2489 	chandef->center_freq1 = control_freq;
2490 	chandef->center_freq2 = 0;
2491 
2492 	/* Primary channel not allowed */
2493 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2494 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2495 				    "Channel is disabled");
2496 		return -EINVAL;
2497 	}
2498 
2499 	if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2500 		enum nl80211_channel_type chantype;
2501 
2502 		chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2503 
2504 		switch (chantype) {
2505 		case NL80211_CHAN_NO_HT:
2506 		case NL80211_CHAN_HT20:
2507 		case NL80211_CHAN_HT40PLUS:
2508 		case NL80211_CHAN_HT40MINUS:
2509 			cfg80211_chandef_create(chandef, chandef->chan,
2510 						chantype);
2511 			/* user input for center_freq is incorrect */
2512 			if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2513 			    chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2514 				NL_SET_ERR_MSG_ATTR(extack,
2515 						    attrs[NL80211_ATTR_CENTER_FREQ1],
2516 						    "bad center frequency 1");
2517 				return -EINVAL;
2518 			}
2519 			/* center_freq2 must be zero */
2520 			if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2521 			    nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2522 				NL_SET_ERR_MSG_ATTR(extack,
2523 						    attrs[NL80211_ATTR_CENTER_FREQ2],
2524 						    "center frequency 2 can't be used");
2525 				return -EINVAL;
2526 			}
2527 			break;
2528 		default:
2529 			NL_SET_ERR_MSG_ATTR(extack,
2530 					    attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2531 					    "invalid channel type");
2532 			return -EINVAL;
2533 		}
2534 	} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2535 		chandef->width =
2536 			nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2537 		if (attrs[NL80211_ATTR_CENTER_FREQ1])
2538 			chandef->center_freq1 =
2539 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2540 		if (attrs[NL80211_ATTR_CENTER_FREQ2])
2541 			chandef->center_freq2 =
2542 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2543 	}
2544 
2545 	if (!cfg80211_chandef_valid(chandef)) {
2546 		NL_SET_ERR_MSG(extack, "invalid channel definition");
2547 		return -EINVAL;
2548 	}
2549 
2550 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2551 				     IEEE80211_CHAN_DISABLED)) {
2552 		NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2553 		return -EINVAL;
2554 	}
2555 
2556 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2557 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
2558 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2559 		NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2560 		return -EINVAL;
2561 	}
2562 
2563 	return 0;
2564 }
2565 
2566 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2567 				 struct net_device *dev,
2568 				 struct genl_info *info)
2569 {
2570 	struct cfg80211_chan_def chandef;
2571 	int result;
2572 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2573 	struct wireless_dev *wdev = NULL;
2574 
2575 	if (dev)
2576 		wdev = dev->ieee80211_ptr;
2577 	if (!nl80211_can_set_dev_channel(wdev))
2578 		return -EOPNOTSUPP;
2579 	if (wdev)
2580 		iftype = wdev->iftype;
2581 
2582 	result = nl80211_parse_chandef(rdev, info, &chandef);
2583 	if (result)
2584 		return result;
2585 
2586 	switch (iftype) {
2587 	case NL80211_IFTYPE_AP:
2588 	case NL80211_IFTYPE_P2P_GO:
2589 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2590 						   iftype)) {
2591 			result = -EINVAL;
2592 			break;
2593 		}
2594 		if (wdev->beacon_interval) {
2595 			if (!dev || !rdev->ops->set_ap_chanwidth ||
2596 			    !(rdev->wiphy.features &
2597 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2598 				result = -EBUSY;
2599 				break;
2600 			}
2601 
2602 			/* Only allow dynamic channel width changes */
2603 			if (chandef.chan != wdev->preset_chandef.chan) {
2604 				result = -EBUSY;
2605 				break;
2606 			}
2607 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2608 			if (result)
2609 				break;
2610 		}
2611 		wdev->preset_chandef = chandef;
2612 		result = 0;
2613 		break;
2614 	case NL80211_IFTYPE_MESH_POINT:
2615 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2616 		break;
2617 	case NL80211_IFTYPE_MONITOR:
2618 		result = cfg80211_set_monitor_channel(rdev, &chandef);
2619 		break;
2620 	default:
2621 		result = -EINVAL;
2622 	}
2623 
2624 	return result;
2625 }
2626 
2627 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2628 {
2629 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2630 	struct net_device *netdev = info->user_ptr[1];
2631 
2632 	return __nl80211_set_channel(rdev, netdev, info);
2633 }
2634 
2635 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2636 {
2637 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2638 	struct net_device *dev = info->user_ptr[1];
2639 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2640 	const u8 *bssid;
2641 
2642 	if (!info->attrs[NL80211_ATTR_MAC])
2643 		return -EINVAL;
2644 
2645 	if (netif_running(dev))
2646 		return -EBUSY;
2647 
2648 	if (!rdev->ops->set_wds_peer)
2649 		return -EOPNOTSUPP;
2650 
2651 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2652 		return -EOPNOTSUPP;
2653 
2654 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2655 	return rdev_set_wds_peer(rdev, dev, bssid);
2656 }
2657 
2658 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2659 {
2660 	struct cfg80211_registered_device *rdev;
2661 	struct net_device *netdev = NULL;
2662 	struct wireless_dev *wdev;
2663 	int result = 0, rem_txq_params = 0;
2664 	struct nlattr *nl_txq_params;
2665 	u32 changed;
2666 	u8 retry_short = 0, retry_long = 0;
2667 	u32 frag_threshold = 0, rts_threshold = 0;
2668 	u8 coverage_class = 0;
2669 	u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2670 
2671 	ASSERT_RTNL();
2672 
2673 	/*
2674 	 * Try to find the wiphy and netdev. Normally this
2675 	 * function shouldn't need the netdev, but this is
2676 	 * done for backward compatibility -- previously
2677 	 * setting the channel was done per wiphy, but now
2678 	 * it is per netdev. Previous userland like hostapd
2679 	 * also passed a netdev to set_wiphy, so that it is
2680 	 * possible to let that go to the right netdev!
2681 	 */
2682 
2683 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2684 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2685 
2686 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2687 		if (netdev && netdev->ieee80211_ptr)
2688 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2689 		else
2690 			netdev = NULL;
2691 	}
2692 
2693 	if (!netdev) {
2694 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2695 						  info->attrs);
2696 		if (IS_ERR(rdev))
2697 			return PTR_ERR(rdev);
2698 		wdev = NULL;
2699 		netdev = NULL;
2700 		result = 0;
2701 	} else
2702 		wdev = netdev->ieee80211_ptr;
2703 
2704 	/*
2705 	 * end workaround code, by now the rdev is available
2706 	 * and locked, and wdev may or may not be NULL.
2707 	 */
2708 
2709 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2710 		result = cfg80211_dev_rename(
2711 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2712 
2713 	if (result)
2714 		return result;
2715 
2716 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2717 		struct ieee80211_txq_params txq_params;
2718 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2719 
2720 		if (!rdev->ops->set_txq_params)
2721 			return -EOPNOTSUPP;
2722 
2723 		if (!netdev)
2724 			return -EINVAL;
2725 
2726 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2727 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2728 			return -EINVAL;
2729 
2730 		if (!netif_running(netdev))
2731 			return -ENETDOWN;
2732 
2733 		nla_for_each_nested(nl_txq_params,
2734 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2735 				    rem_txq_params) {
2736 			result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2737 						  nl_txq_params,
2738 						  txq_params_policy,
2739 						  info->extack);
2740 			if (result)
2741 				return result;
2742 			result = parse_txq_params(tb, &txq_params);
2743 			if (result)
2744 				return result;
2745 
2746 			result = rdev_set_txq_params(rdev, netdev,
2747 						     &txq_params);
2748 			if (result)
2749 				return result;
2750 		}
2751 	}
2752 
2753 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2754 		result = __nl80211_set_channel(
2755 			rdev,
2756 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2757 			info);
2758 		if (result)
2759 			return result;
2760 	}
2761 
2762 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2763 		struct wireless_dev *txp_wdev = wdev;
2764 		enum nl80211_tx_power_setting type;
2765 		int idx, mbm = 0;
2766 
2767 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2768 			txp_wdev = NULL;
2769 
2770 		if (!rdev->ops->set_tx_power)
2771 			return -EOPNOTSUPP;
2772 
2773 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2774 		type = nla_get_u32(info->attrs[idx]);
2775 
2776 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2777 		    (type != NL80211_TX_POWER_AUTOMATIC))
2778 			return -EINVAL;
2779 
2780 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2781 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2782 			mbm = nla_get_u32(info->attrs[idx]);
2783 		}
2784 
2785 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2786 		if (result)
2787 			return result;
2788 	}
2789 
2790 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2791 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2792 		u32 tx_ant, rx_ant;
2793 
2794 		if ((!rdev->wiphy.available_antennas_tx &&
2795 		     !rdev->wiphy.available_antennas_rx) ||
2796 		    !rdev->ops->set_antenna)
2797 			return -EOPNOTSUPP;
2798 
2799 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2800 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2801 
2802 		/* reject antenna configurations which don't match the
2803 		 * available antenna masks, except for the "all" mask */
2804 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2805 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2806 			return -EINVAL;
2807 
2808 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2809 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2810 
2811 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2812 		if (result)
2813 			return result;
2814 	}
2815 
2816 	changed = 0;
2817 
2818 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2819 		retry_short = nla_get_u8(
2820 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2821 
2822 		changed |= WIPHY_PARAM_RETRY_SHORT;
2823 	}
2824 
2825 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2826 		retry_long = nla_get_u8(
2827 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2828 
2829 		changed |= WIPHY_PARAM_RETRY_LONG;
2830 	}
2831 
2832 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2833 		frag_threshold = nla_get_u32(
2834 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2835 		if (frag_threshold < 256)
2836 			return -EINVAL;
2837 
2838 		if (frag_threshold != (u32) -1) {
2839 			/*
2840 			 * Fragments (apart from the last one) are required to
2841 			 * have even length. Make the fragmentation code
2842 			 * simpler by stripping LSB should someone try to use
2843 			 * odd threshold value.
2844 			 */
2845 			frag_threshold &= ~0x1;
2846 		}
2847 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2848 	}
2849 
2850 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2851 		rts_threshold = nla_get_u32(
2852 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2853 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2854 	}
2855 
2856 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2857 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2858 			return -EINVAL;
2859 
2860 		coverage_class = nla_get_u8(
2861 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2862 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2863 	}
2864 
2865 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2866 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2867 			return -EOPNOTSUPP;
2868 
2869 		changed |= WIPHY_PARAM_DYN_ACK;
2870 	}
2871 
2872 	if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
2873 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
2874 					     NL80211_EXT_FEATURE_TXQS))
2875 			return -EOPNOTSUPP;
2876 		txq_limit = nla_get_u32(
2877 			info->attrs[NL80211_ATTR_TXQ_LIMIT]);
2878 		changed |= WIPHY_PARAM_TXQ_LIMIT;
2879 	}
2880 
2881 	if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
2882 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
2883 					     NL80211_EXT_FEATURE_TXQS))
2884 			return -EOPNOTSUPP;
2885 		txq_memory_limit = nla_get_u32(
2886 			info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
2887 		changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
2888 	}
2889 
2890 	if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
2891 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
2892 					     NL80211_EXT_FEATURE_TXQS))
2893 			return -EOPNOTSUPP;
2894 		txq_quantum = nla_get_u32(
2895 			info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
2896 		changed |= WIPHY_PARAM_TXQ_QUANTUM;
2897 	}
2898 
2899 	if (changed) {
2900 		u8 old_retry_short, old_retry_long;
2901 		u32 old_frag_threshold, old_rts_threshold;
2902 		u8 old_coverage_class;
2903 		u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
2904 
2905 		if (!rdev->ops->set_wiphy_params)
2906 			return -EOPNOTSUPP;
2907 
2908 		old_retry_short = rdev->wiphy.retry_short;
2909 		old_retry_long = rdev->wiphy.retry_long;
2910 		old_frag_threshold = rdev->wiphy.frag_threshold;
2911 		old_rts_threshold = rdev->wiphy.rts_threshold;
2912 		old_coverage_class = rdev->wiphy.coverage_class;
2913 		old_txq_limit = rdev->wiphy.txq_limit;
2914 		old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
2915 		old_txq_quantum = rdev->wiphy.txq_quantum;
2916 
2917 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2918 			rdev->wiphy.retry_short = retry_short;
2919 		if (changed & WIPHY_PARAM_RETRY_LONG)
2920 			rdev->wiphy.retry_long = retry_long;
2921 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2922 			rdev->wiphy.frag_threshold = frag_threshold;
2923 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2924 			rdev->wiphy.rts_threshold = rts_threshold;
2925 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2926 			rdev->wiphy.coverage_class = coverage_class;
2927 		if (changed & WIPHY_PARAM_TXQ_LIMIT)
2928 			rdev->wiphy.txq_limit = txq_limit;
2929 		if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
2930 			rdev->wiphy.txq_memory_limit = txq_memory_limit;
2931 		if (changed & WIPHY_PARAM_TXQ_QUANTUM)
2932 			rdev->wiphy.txq_quantum = txq_quantum;
2933 
2934 		result = rdev_set_wiphy_params(rdev, changed);
2935 		if (result) {
2936 			rdev->wiphy.retry_short = old_retry_short;
2937 			rdev->wiphy.retry_long = old_retry_long;
2938 			rdev->wiphy.frag_threshold = old_frag_threshold;
2939 			rdev->wiphy.rts_threshold = old_rts_threshold;
2940 			rdev->wiphy.coverage_class = old_coverage_class;
2941 			rdev->wiphy.txq_limit = old_txq_limit;
2942 			rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
2943 			rdev->wiphy.txq_quantum = old_txq_quantum;
2944 			return result;
2945 		}
2946 	}
2947 	return 0;
2948 }
2949 
2950 static int nl80211_send_chandef(struct sk_buff *msg,
2951 				const struct cfg80211_chan_def *chandef)
2952 {
2953 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2954 		return -EINVAL;
2955 
2956 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2957 			chandef->chan->center_freq))
2958 		return -ENOBUFS;
2959 	switch (chandef->width) {
2960 	case NL80211_CHAN_WIDTH_20_NOHT:
2961 	case NL80211_CHAN_WIDTH_20:
2962 	case NL80211_CHAN_WIDTH_40:
2963 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2964 				cfg80211_get_chandef_type(chandef)))
2965 			return -ENOBUFS;
2966 		break;
2967 	default:
2968 		break;
2969 	}
2970 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2971 		return -ENOBUFS;
2972 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2973 		return -ENOBUFS;
2974 	if (chandef->center_freq2 &&
2975 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2976 		return -ENOBUFS;
2977 	return 0;
2978 }
2979 
2980 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2981 			      struct cfg80211_registered_device *rdev,
2982 			      struct wireless_dev *wdev,
2983 			      enum nl80211_commands cmd)
2984 {
2985 	struct net_device *dev = wdev->netdev;
2986 	void *hdr;
2987 
2988 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
2989 		cmd != NL80211_CMD_DEL_INTERFACE &&
2990 		cmd != NL80211_CMD_SET_INTERFACE);
2991 
2992 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2993 	if (!hdr)
2994 		return -1;
2995 
2996 	if (dev &&
2997 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2998 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2999 		goto nla_put_failure;
3000 
3001 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3002 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3003 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3004 			      NL80211_ATTR_PAD) ||
3005 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3006 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
3007 			rdev->devlist_generation ^
3008 			(cfg80211_rdev_list_generation << 2)) ||
3009 	    nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3010 		goto nla_put_failure;
3011 
3012 	if (rdev->ops->get_channel) {
3013 		int ret;
3014 		struct cfg80211_chan_def chandef;
3015 
3016 		ret = rdev_get_channel(rdev, wdev, &chandef);
3017 		if (ret == 0) {
3018 			if (nl80211_send_chandef(msg, &chandef))
3019 				goto nla_put_failure;
3020 		}
3021 	}
3022 
3023 	if (rdev->ops->get_tx_power) {
3024 		int dbm, ret;
3025 
3026 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
3027 		if (ret == 0 &&
3028 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3029 				DBM_TO_MBM(dbm)))
3030 			goto nla_put_failure;
3031 	}
3032 
3033 	wdev_lock(wdev);
3034 	switch (wdev->iftype) {
3035 	case NL80211_IFTYPE_AP:
3036 		if (wdev->ssid_len &&
3037 		    nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3038 			goto nla_put_failure_locked;
3039 		break;
3040 	case NL80211_IFTYPE_STATION:
3041 	case NL80211_IFTYPE_P2P_CLIENT:
3042 	case NL80211_IFTYPE_ADHOC: {
3043 		const u8 *ssid_ie;
3044 		if (!wdev->current_bss)
3045 			break;
3046 		rcu_read_lock();
3047 		ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3048 					       WLAN_EID_SSID);
3049 		if (ssid_ie &&
3050 		    nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3051 			goto nla_put_failure_rcu_locked;
3052 		rcu_read_unlock();
3053 		break;
3054 		}
3055 	default:
3056 		/* nothing */
3057 		break;
3058 	}
3059 	wdev_unlock(wdev);
3060 
3061 	if (rdev->ops->get_txq_stats) {
3062 		struct cfg80211_txq_stats txqstats = {};
3063 		int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3064 
3065 		if (ret == 0 &&
3066 		    !nl80211_put_txq_stats(msg, &txqstats,
3067 					   NL80211_ATTR_TXQ_STATS))
3068 			goto nla_put_failure;
3069 	}
3070 
3071 	genlmsg_end(msg, hdr);
3072 	return 0;
3073 
3074  nla_put_failure_rcu_locked:
3075 	rcu_read_unlock();
3076  nla_put_failure_locked:
3077 	wdev_unlock(wdev);
3078  nla_put_failure:
3079 	genlmsg_cancel(msg, hdr);
3080 	return -EMSGSIZE;
3081 }
3082 
3083 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3084 {
3085 	int wp_idx = 0;
3086 	int if_idx = 0;
3087 	int wp_start = cb->args[0];
3088 	int if_start = cb->args[1];
3089 	int filter_wiphy = -1;
3090 	struct cfg80211_registered_device *rdev;
3091 	struct wireless_dev *wdev;
3092 	int ret;
3093 
3094 	rtnl_lock();
3095 	if (!cb->args[2]) {
3096 		struct nl80211_dump_wiphy_state state = {
3097 			.filter_wiphy = -1,
3098 		};
3099 
3100 		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3101 		if (ret)
3102 			goto out_unlock;
3103 
3104 		filter_wiphy = state.filter_wiphy;
3105 
3106 		/*
3107 		 * if filtering, set cb->args[2] to +1 since 0 is the default
3108 		 * value needed to determine that parsing is necessary.
3109 		 */
3110 		if (filter_wiphy >= 0)
3111 			cb->args[2] = filter_wiphy + 1;
3112 		else
3113 			cb->args[2] = -1;
3114 	} else if (cb->args[2] > 0) {
3115 		filter_wiphy = cb->args[2] - 1;
3116 	}
3117 
3118 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3119 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3120 			continue;
3121 		if (wp_idx < wp_start) {
3122 			wp_idx++;
3123 			continue;
3124 		}
3125 
3126 		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3127 			continue;
3128 
3129 		if_idx = 0;
3130 
3131 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3132 			if (if_idx < if_start) {
3133 				if_idx++;
3134 				continue;
3135 			}
3136 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3137 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3138 					       rdev, wdev,
3139 					       NL80211_CMD_NEW_INTERFACE) < 0) {
3140 				goto out;
3141 			}
3142 			if_idx++;
3143 		}
3144 
3145 		wp_idx++;
3146 	}
3147  out:
3148 	cb->args[0] = wp_idx;
3149 	cb->args[1] = if_idx;
3150 
3151 	ret = skb->len;
3152  out_unlock:
3153 	rtnl_unlock();
3154 
3155 	return ret;
3156 }
3157 
3158 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3159 {
3160 	struct sk_buff *msg;
3161 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3162 	struct wireless_dev *wdev = info->user_ptr[1];
3163 
3164 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3165 	if (!msg)
3166 		return -ENOMEM;
3167 
3168 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3169 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3170 		nlmsg_free(msg);
3171 		return -ENOBUFS;
3172 	}
3173 
3174 	return genlmsg_reply(msg, info);
3175 }
3176 
3177 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3178 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3179 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3180 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3181 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3182 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3183 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3184 };
3185 
3186 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3187 {
3188 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3189 	int flag;
3190 
3191 	*mntrflags = 0;
3192 
3193 	if (!nla)
3194 		return -EINVAL;
3195 
3196 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
3197 			     mntr_flags_policy, NULL))
3198 		return -EINVAL;
3199 
3200 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3201 		if (flags[flag])
3202 			*mntrflags |= (1<<flag);
3203 
3204 	*mntrflags |= MONITOR_FLAG_CHANGED;
3205 
3206 	return 0;
3207 }
3208 
3209 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3210 				     enum nl80211_iftype type,
3211 				     struct genl_info *info,
3212 				     struct vif_params *params)
3213 {
3214 	bool change = false;
3215 	int err;
3216 
3217 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3218 		if (type != NL80211_IFTYPE_MONITOR)
3219 			return -EINVAL;
3220 
3221 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3222 					  &params->flags);
3223 		if (err)
3224 			return err;
3225 
3226 		change = true;
3227 	}
3228 
3229 	if (params->flags & MONITOR_FLAG_ACTIVE &&
3230 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3231 		return -EOPNOTSUPP;
3232 
3233 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3234 		const u8 *mumimo_groups;
3235 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3236 
3237 		if (type != NL80211_IFTYPE_MONITOR)
3238 			return -EINVAL;
3239 
3240 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3241 			return -EOPNOTSUPP;
3242 
3243 		mumimo_groups =
3244 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3245 
3246 		/* bits 0 and 63 are reserved and must be zero */
3247 		if ((mumimo_groups[0] & BIT(0)) ||
3248 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3249 			return -EINVAL;
3250 
3251 		params->vht_mumimo_groups = mumimo_groups;
3252 		change = true;
3253 	}
3254 
3255 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3256 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3257 
3258 		if (type != NL80211_IFTYPE_MONITOR)
3259 			return -EINVAL;
3260 
3261 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3262 			return -EOPNOTSUPP;
3263 
3264 		params->vht_mumimo_follow_addr =
3265 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3266 		change = true;
3267 	}
3268 
3269 	return change ? 1 : 0;
3270 }
3271 
3272 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3273 			       struct net_device *netdev, u8 use_4addr,
3274 			       enum nl80211_iftype iftype)
3275 {
3276 	if (!use_4addr) {
3277 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3278 			return -EBUSY;
3279 		return 0;
3280 	}
3281 
3282 	switch (iftype) {
3283 	case NL80211_IFTYPE_AP_VLAN:
3284 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3285 			return 0;
3286 		break;
3287 	case NL80211_IFTYPE_STATION:
3288 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3289 			return 0;
3290 		break;
3291 	default:
3292 		break;
3293 	}
3294 
3295 	return -EOPNOTSUPP;
3296 }
3297 
3298 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3299 {
3300 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3301 	struct vif_params params;
3302 	int err;
3303 	enum nl80211_iftype otype, ntype;
3304 	struct net_device *dev = info->user_ptr[1];
3305 	bool change = false;
3306 
3307 	memset(&params, 0, sizeof(params));
3308 
3309 	otype = ntype = dev->ieee80211_ptr->iftype;
3310 
3311 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
3312 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3313 		if (otype != ntype)
3314 			change = true;
3315 	}
3316 
3317 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
3318 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3319 
3320 		if (ntype != NL80211_IFTYPE_MESH_POINT)
3321 			return -EINVAL;
3322 		if (netif_running(dev))
3323 			return -EBUSY;
3324 
3325 		wdev_lock(wdev);
3326 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3327 			     IEEE80211_MAX_MESH_ID_LEN);
3328 		wdev->mesh_id_up_len =
3329 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3330 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3331 		       wdev->mesh_id_up_len);
3332 		wdev_unlock(wdev);
3333 	}
3334 
3335 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3336 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3337 		change = true;
3338 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3339 		if (err)
3340 			return err;
3341 	} else {
3342 		params.use_4addr = -1;
3343 	}
3344 
3345 	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3346 	if (err < 0)
3347 		return err;
3348 	if (err > 0)
3349 		change = true;
3350 
3351 	if (change)
3352 		err = cfg80211_change_iface(rdev, dev, ntype, &params);
3353 	else
3354 		err = 0;
3355 
3356 	if (!err && params.use_4addr != -1)
3357 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
3358 
3359 	if (change && !err) {
3360 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3361 
3362 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3363 	}
3364 
3365 	return err;
3366 }
3367 
3368 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3369 {
3370 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3371 	struct vif_params params;
3372 	struct wireless_dev *wdev;
3373 	struct sk_buff *msg;
3374 	int err;
3375 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3376 
3377 	/* to avoid failing a new interface creation due to pending removal */
3378 	cfg80211_destroy_ifaces(rdev);
3379 
3380 	memset(&params, 0, sizeof(params));
3381 
3382 	if (!info->attrs[NL80211_ATTR_IFNAME])
3383 		return -EINVAL;
3384 
3385 	if (info->attrs[NL80211_ATTR_IFTYPE])
3386 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3387 
3388 	if (!rdev->ops->add_virtual_intf ||
3389 	    !(rdev->wiphy.interface_modes & (1 << type)))
3390 		return -EOPNOTSUPP;
3391 
3392 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3393 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3394 	    info->attrs[NL80211_ATTR_MAC]) {
3395 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3396 			   ETH_ALEN);
3397 		if (!is_valid_ether_addr(params.macaddr))
3398 			return -EADDRNOTAVAIL;
3399 	}
3400 
3401 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3402 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3403 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3404 		if (err)
3405 			return err;
3406 	}
3407 
3408 	err = nl80211_parse_mon_options(rdev, type, info, &params);
3409 	if (err < 0)
3410 		return err;
3411 
3412 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3413 	if (!msg)
3414 		return -ENOMEM;
3415 
3416 	wdev = rdev_add_virtual_intf(rdev,
3417 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3418 				NET_NAME_USER, type, &params);
3419 	if (WARN_ON(!wdev)) {
3420 		nlmsg_free(msg);
3421 		return -EPROTO;
3422 	} else if (IS_ERR(wdev)) {
3423 		nlmsg_free(msg);
3424 		return PTR_ERR(wdev);
3425 	}
3426 
3427 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3428 		wdev->owner_nlportid = info->snd_portid;
3429 
3430 	switch (type) {
3431 	case NL80211_IFTYPE_MESH_POINT:
3432 		if (!info->attrs[NL80211_ATTR_MESH_ID])
3433 			break;
3434 		wdev_lock(wdev);
3435 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3436 			     IEEE80211_MAX_MESH_ID_LEN);
3437 		wdev->mesh_id_up_len =
3438 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3439 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3440 		       wdev->mesh_id_up_len);
3441 		wdev_unlock(wdev);
3442 		break;
3443 	case NL80211_IFTYPE_NAN:
3444 	case NL80211_IFTYPE_P2P_DEVICE:
3445 		/*
3446 		 * P2P Device and NAN do not have a netdev, so don't go
3447 		 * through the netdev notifier and must be added here
3448 		 */
3449 		cfg80211_init_wdev(rdev, wdev);
3450 		break;
3451 	default:
3452 		break;
3453 	}
3454 
3455 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3456 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3457 		nlmsg_free(msg);
3458 		return -ENOBUFS;
3459 	}
3460 
3461 	return genlmsg_reply(msg, info);
3462 }
3463 
3464 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3465 {
3466 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3467 	struct wireless_dev *wdev = info->user_ptr[1];
3468 
3469 	if (!rdev->ops->del_virtual_intf)
3470 		return -EOPNOTSUPP;
3471 
3472 	/*
3473 	 * If we remove a wireless device without a netdev then clear
3474 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
3475 	 * to check if it needs to do dev_put(). Otherwise it crashes
3476 	 * since the wdev has been freed, unlike with a netdev where
3477 	 * we need the dev_put() for the netdev to really be freed.
3478 	 */
3479 	if (!wdev->netdev)
3480 		info->user_ptr[1] = NULL;
3481 
3482 	return rdev_del_virtual_intf(rdev, wdev);
3483 }
3484 
3485 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3486 {
3487 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3488 	struct net_device *dev = info->user_ptr[1];
3489 	u16 noack_map;
3490 
3491 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3492 		return -EINVAL;
3493 
3494 	if (!rdev->ops->set_noack_map)
3495 		return -EOPNOTSUPP;
3496 
3497 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3498 
3499 	return rdev_set_noack_map(rdev, dev, noack_map);
3500 }
3501 
3502 struct get_key_cookie {
3503 	struct sk_buff *msg;
3504 	int error;
3505 	int idx;
3506 };
3507 
3508 static void get_key_callback(void *c, struct key_params *params)
3509 {
3510 	struct nlattr *key;
3511 	struct get_key_cookie *cookie = c;
3512 
3513 	if ((params->key &&
3514 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3515 		     params->key_len, params->key)) ||
3516 	    (params->seq &&
3517 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3518 		     params->seq_len, params->seq)) ||
3519 	    (params->cipher &&
3520 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3521 			 params->cipher)))
3522 		goto nla_put_failure;
3523 
3524 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
3525 	if (!key)
3526 		goto nla_put_failure;
3527 
3528 	if ((params->key &&
3529 	     nla_put(cookie->msg, NL80211_KEY_DATA,
3530 		     params->key_len, params->key)) ||
3531 	    (params->seq &&
3532 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
3533 		     params->seq_len, params->seq)) ||
3534 	    (params->cipher &&
3535 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3536 			 params->cipher)))
3537 		goto nla_put_failure;
3538 
3539 	if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3540 		goto nla_put_failure;
3541 
3542 	nla_nest_end(cookie->msg, key);
3543 
3544 	return;
3545  nla_put_failure:
3546 	cookie->error = 1;
3547 }
3548 
3549 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3550 {
3551 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3552 	int err;
3553 	struct net_device *dev = info->user_ptr[1];
3554 	u8 key_idx = 0;
3555 	const u8 *mac_addr = NULL;
3556 	bool pairwise;
3557 	struct get_key_cookie cookie = {
3558 		.error = 0,
3559 	};
3560 	void *hdr;
3561 	struct sk_buff *msg;
3562 
3563 	if (info->attrs[NL80211_ATTR_KEY_IDX])
3564 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3565 
3566 	if (info->attrs[NL80211_ATTR_MAC])
3567 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3568 
3569 	pairwise = !!mac_addr;
3570 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3571 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3572 
3573 		if (kt != NL80211_KEYTYPE_GROUP &&
3574 		    kt != NL80211_KEYTYPE_PAIRWISE)
3575 			return -EINVAL;
3576 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3577 	}
3578 
3579 	if (!rdev->ops->get_key)
3580 		return -EOPNOTSUPP;
3581 
3582 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3583 		return -ENOENT;
3584 
3585 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3586 	if (!msg)
3587 		return -ENOMEM;
3588 
3589 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3590 			     NL80211_CMD_NEW_KEY);
3591 	if (!hdr)
3592 		goto nla_put_failure;
3593 
3594 	cookie.msg = msg;
3595 	cookie.idx = key_idx;
3596 
3597 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3598 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3599 		goto nla_put_failure;
3600 	if (mac_addr &&
3601 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3602 		goto nla_put_failure;
3603 
3604 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3605 			   get_key_callback);
3606 
3607 	if (err)
3608 		goto free_msg;
3609 
3610 	if (cookie.error)
3611 		goto nla_put_failure;
3612 
3613 	genlmsg_end(msg, hdr);
3614 	return genlmsg_reply(msg, info);
3615 
3616  nla_put_failure:
3617 	err = -ENOBUFS;
3618  free_msg:
3619 	nlmsg_free(msg);
3620 	return err;
3621 }
3622 
3623 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3624 {
3625 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3626 	struct key_parse key;
3627 	int err;
3628 	struct net_device *dev = info->user_ptr[1];
3629 
3630 	err = nl80211_parse_key(info, &key);
3631 	if (err)
3632 		return err;
3633 
3634 	if (key.idx < 0)
3635 		return -EINVAL;
3636 
3637 	/* only support setting default key */
3638 	if (!key.def && !key.defmgmt)
3639 		return -EINVAL;
3640 
3641 	wdev_lock(dev->ieee80211_ptr);
3642 
3643 	if (key.def) {
3644 		if (!rdev->ops->set_default_key) {
3645 			err = -EOPNOTSUPP;
3646 			goto out;
3647 		}
3648 
3649 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3650 		if (err)
3651 			goto out;
3652 
3653 		err = rdev_set_default_key(rdev, dev, key.idx,
3654 						 key.def_uni, key.def_multi);
3655 
3656 		if (err)
3657 			goto out;
3658 
3659 #ifdef CONFIG_CFG80211_WEXT
3660 		dev->ieee80211_ptr->wext.default_key = key.idx;
3661 #endif
3662 	} else {
3663 		if (key.def_uni || !key.def_multi) {
3664 			err = -EINVAL;
3665 			goto out;
3666 		}
3667 
3668 		if (!rdev->ops->set_default_mgmt_key) {
3669 			err = -EOPNOTSUPP;
3670 			goto out;
3671 		}
3672 
3673 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3674 		if (err)
3675 			goto out;
3676 
3677 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3678 		if (err)
3679 			goto out;
3680 
3681 #ifdef CONFIG_CFG80211_WEXT
3682 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3683 #endif
3684 	}
3685 
3686  out:
3687 	wdev_unlock(dev->ieee80211_ptr);
3688 
3689 	return err;
3690 }
3691 
3692 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3693 {
3694 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3695 	int err;
3696 	struct net_device *dev = info->user_ptr[1];
3697 	struct key_parse key;
3698 	const u8 *mac_addr = NULL;
3699 
3700 	err = nl80211_parse_key(info, &key);
3701 	if (err)
3702 		return err;
3703 
3704 	if (!key.p.key)
3705 		return -EINVAL;
3706 
3707 	if (info->attrs[NL80211_ATTR_MAC])
3708 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3709 
3710 	if (key.type == -1) {
3711 		if (mac_addr)
3712 			key.type = NL80211_KEYTYPE_PAIRWISE;
3713 		else
3714 			key.type = NL80211_KEYTYPE_GROUP;
3715 	}
3716 
3717 	/* for now */
3718 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3719 	    key.type != NL80211_KEYTYPE_GROUP)
3720 		return -EINVAL;
3721 
3722 	if (!rdev->ops->add_key)
3723 		return -EOPNOTSUPP;
3724 
3725 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3726 					   key.type == NL80211_KEYTYPE_PAIRWISE,
3727 					   mac_addr))
3728 		return -EINVAL;
3729 
3730 	wdev_lock(dev->ieee80211_ptr);
3731 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3732 	if (!err)
3733 		err = rdev_add_key(rdev, dev, key.idx,
3734 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3735 				    mac_addr, &key.p);
3736 	wdev_unlock(dev->ieee80211_ptr);
3737 
3738 	return err;
3739 }
3740 
3741 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3742 {
3743 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3744 	int err;
3745 	struct net_device *dev = info->user_ptr[1];
3746 	u8 *mac_addr = NULL;
3747 	struct key_parse key;
3748 
3749 	err = nl80211_parse_key(info, &key);
3750 	if (err)
3751 		return err;
3752 
3753 	if (info->attrs[NL80211_ATTR_MAC])
3754 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3755 
3756 	if (key.type == -1) {
3757 		if (mac_addr)
3758 			key.type = NL80211_KEYTYPE_PAIRWISE;
3759 		else
3760 			key.type = NL80211_KEYTYPE_GROUP;
3761 	}
3762 
3763 	/* for now */
3764 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3765 	    key.type != NL80211_KEYTYPE_GROUP)
3766 		return -EINVAL;
3767 
3768 	if (!rdev->ops->del_key)
3769 		return -EOPNOTSUPP;
3770 
3771 	wdev_lock(dev->ieee80211_ptr);
3772 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3773 
3774 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3775 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3776 		err = -ENOENT;
3777 
3778 	if (!err)
3779 		err = rdev_del_key(rdev, dev, key.idx,
3780 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3781 				   mac_addr);
3782 
3783 #ifdef CONFIG_CFG80211_WEXT
3784 	if (!err) {
3785 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3786 			dev->ieee80211_ptr->wext.default_key = -1;
3787 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3788 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3789 	}
3790 #endif
3791 	wdev_unlock(dev->ieee80211_ptr);
3792 
3793 	return err;
3794 }
3795 
3796 /* This function returns an error or the number of nested attributes */
3797 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3798 {
3799 	struct nlattr *attr;
3800 	int n_entries = 0, tmp;
3801 
3802 	nla_for_each_nested(attr, nl_attr, tmp) {
3803 		if (nla_len(attr) != ETH_ALEN)
3804 			return -EINVAL;
3805 
3806 		n_entries++;
3807 	}
3808 
3809 	return n_entries;
3810 }
3811 
3812 /*
3813  * This function parses ACL information and allocates memory for ACL data.
3814  * On successful return, the calling function is responsible to free the
3815  * ACL buffer returned by this function.
3816  */
3817 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3818 						struct genl_info *info)
3819 {
3820 	enum nl80211_acl_policy acl_policy;
3821 	struct nlattr *attr;
3822 	struct cfg80211_acl_data *acl;
3823 	int i = 0, n_entries, tmp;
3824 
3825 	if (!wiphy->max_acl_mac_addrs)
3826 		return ERR_PTR(-EOPNOTSUPP);
3827 
3828 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3829 		return ERR_PTR(-EINVAL);
3830 
3831 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3832 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3833 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3834 		return ERR_PTR(-EINVAL);
3835 
3836 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3837 		return ERR_PTR(-EINVAL);
3838 
3839 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3840 	if (n_entries < 0)
3841 		return ERR_PTR(n_entries);
3842 
3843 	if (n_entries > wiphy->max_acl_mac_addrs)
3844 		return ERR_PTR(-ENOTSUPP);
3845 
3846 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3847 		      GFP_KERNEL);
3848 	if (!acl)
3849 		return ERR_PTR(-ENOMEM);
3850 
3851 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3852 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3853 		i++;
3854 	}
3855 
3856 	acl->n_acl_entries = n_entries;
3857 	acl->acl_policy = acl_policy;
3858 
3859 	return acl;
3860 }
3861 
3862 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3863 {
3864 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3865 	struct net_device *dev = info->user_ptr[1];
3866 	struct cfg80211_acl_data *acl;
3867 	int err;
3868 
3869 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3870 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3871 		return -EOPNOTSUPP;
3872 
3873 	if (!dev->ieee80211_ptr->beacon_interval)
3874 		return -EINVAL;
3875 
3876 	acl = parse_acl_data(&rdev->wiphy, info);
3877 	if (IS_ERR(acl))
3878 		return PTR_ERR(acl);
3879 
3880 	err = rdev_set_mac_acl(rdev, dev, acl);
3881 
3882 	kfree(acl);
3883 
3884 	return err;
3885 }
3886 
3887 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3888 			   u8 *rates, u8 rates_len)
3889 {
3890 	u8 i;
3891 	u32 mask = 0;
3892 
3893 	for (i = 0; i < rates_len; i++) {
3894 		int rate = (rates[i] & 0x7f) * 5;
3895 		int ridx;
3896 
3897 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3898 			struct ieee80211_rate *srate =
3899 				&sband->bitrates[ridx];
3900 			if (rate == srate->bitrate) {
3901 				mask |= 1 << ridx;
3902 				break;
3903 			}
3904 		}
3905 		if (ridx == sband->n_bitrates)
3906 			return 0; /* rate not found */
3907 	}
3908 
3909 	return mask;
3910 }
3911 
3912 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
3913 			       u8 *rates, u8 rates_len,
3914 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
3915 {
3916 	u8 i;
3917 
3918 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
3919 
3920 	for (i = 0; i < rates_len; i++) {
3921 		int ridx, rbit;
3922 
3923 		ridx = rates[i] / 8;
3924 		rbit = BIT(rates[i] % 8);
3925 
3926 		/* check validity */
3927 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
3928 			return false;
3929 
3930 		/* check availability */
3931 		ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
3932 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
3933 			mcs[ridx] |= rbit;
3934 		else
3935 			return false;
3936 	}
3937 
3938 	return true;
3939 }
3940 
3941 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
3942 {
3943 	u16 mcs_mask = 0;
3944 
3945 	switch (vht_mcs_map) {
3946 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
3947 		break;
3948 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
3949 		mcs_mask = 0x00FF;
3950 		break;
3951 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
3952 		mcs_mask = 0x01FF;
3953 		break;
3954 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
3955 		mcs_mask = 0x03FF;
3956 		break;
3957 	default:
3958 		break;
3959 	}
3960 
3961 	return mcs_mask;
3962 }
3963 
3964 static void vht_build_mcs_mask(u16 vht_mcs_map,
3965 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
3966 {
3967 	u8 nss;
3968 
3969 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
3970 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
3971 		vht_mcs_map >>= 2;
3972 	}
3973 }
3974 
3975 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
3976 			     struct nl80211_txrate_vht *txrate,
3977 			     u16 mcs[NL80211_VHT_NSS_MAX])
3978 {
3979 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
3980 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
3981 	u8 i;
3982 
3983 	if (!sband->vht_cap.vht_supported)
3984 		return false;
3985 
3986 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
3987 
3988 	/* Build vht_mcs_mask from VHT capabilities */
3989 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
3990 
3991 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
3992 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
3993 			mcs[i] = txrate->mcs[i];
3994 		else
3995 			return false;
3996 	}
3997 
3998 	return true;
3999 }
4000 
4001 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4002 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4003 				    .len = NL80211_MAX_SUPP_RATES },
4004 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
4005 				.len = NL80211_MAX_SUPP_HT_RATES },
4006 	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
4007 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
4008 };
4009 
4010 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4011 					 struct cfg80211_bitrate_mask *mask)
4012 {
4013 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4014 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4015 	int rem, i;
4016 	struct nlattr *tx_rates;
4017 	struct ieee80211_supported_band *sband;
4018 	u16 vht_tx_mcs_map;
4019 
4020 	memset(mask, 0, sizeof(*mask));
4021 	/* Default to all rates enabled */
4022 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
4023 		sband = rdev->wiphy.bands[i];
4024 
4025 		if (!sband)
4026 			continue;
4027 
4028 		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4029 		memcpy(mask->control[i].ht_mcs,
4030 		       sband->ht_cap.mcs.rx_mask,
4031 		       sizeof(mask->control[i].ht_mcs));
4032 
4033 		if (!sband->vht_cap.vht_supported)
4034 			continue;
4035 
4036 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4037 		vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4038 	}
4039 
4040 	/* if no rates are given set it back to the defaults */
4041 	if (!info->attrs[NL80211_ATTR_TX_RATES])
4042 		goto out;
4043 
4044 	/* The nested attribute uses enum nl80211_band as the index. This maps
4045 	 * directly to the enum nl80211_band values used in cfg80211.
4046 	 */
4047 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4048 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
4049 		enum nl80211_band band = nla_type(tx_rates);
4050 		int err;
4051 
4052 		if (band < 0 || band >= NUM_NL80211_BANDS)
4053 			return -EINVAL;
4054 		sband = rdev->wiphy.bands[band];
4055 		if (sband == NULL)
4056 			return -EINVAL;
4057 		err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates,
4058 				       nl80211_txattr_policy, info->extack);
4059 		if (err)
4060 			return err;
4061 		if (tb[NL80211_TXRATE_LEGACY]) {
4062 			mask->control[band].legacy = rateset_to_mask(
4063 				sband,
4064 				nla_data(tb[NL80211_TXRATE_LEGACY]),
4065 				nla_len(tb[NL80211_TXRATE_LEGACY]));
4066 			if ((mask->control[band].legacy == 0) &&
4067 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
4068 				return -EINVAL;
4069 		}
4070 		if (tb[NL80211_TXRATE_HT]) {
4071 			if (!ht_rateset_to_mask(
4072 					sband,
4073 					nla_data(tb[NL80211_TXRATE_HT]),
4074 					nla_len(tb[NL80211_TXRATE_HT]),
4075 					mask->control[band].ht_mcs))
4076 				return -EINVAL;
4077 		}
4078 		if (tb[NL80211_TXRATE_VHT]) {
4079 			if (!vht_set_mcs_mask(
4080 					sband,
4081 					nla_data(tb[NL80211_TXRATE_VHT]),
4082 					mask->control[band].vht_mcs))
4083 				return -EINVAL;
4084 		}
4085 		if (tb[NL80211_TXRATE_GI]) {
4086 			mask->control[band].gi =
4087 				nla_get_u8(tb[NL80211_TXRATE_GI]);
4088 			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4089 				return -EINVAL;
4090 		}
4091 
4092 		if (mask->control[band].legacy == 0) {
4093 			/* don't allow empty legacy rates if HT or VHT
4094 			 * are not even supported.
4095 			 */
4096 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4097 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
4098 				return -EINVAL;
4099 
4100 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4101 				if (mask->control[band].ht_mcs[i])
4102 					goto out;
4103 
4104 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4105 				if (mask->control[band].vht_mcs[i])
4106 					goto out;
4107 
4108 			/* legacy and mcs rates may not be both empty */
4109 			return -EINVAL;
4110 		}
4111 	}
4112 
4113 out:
4114 	return 0;
4115 }
4116 
4117 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4118 				   enum nl80211_band band,
4119 				   struct cfg80211_bitrate_mask *beacon_rate)
4120 {
4121 	u32 count_ht, count_vht, i;
4122 	u32 rate = beacon_rate->control[band].legacy;
4123 
4124 	/* Allow only one rate */
4125 	if (hweight32(rate) > 1)
4126 		return -EINVAL;
4127 
4128 	count_ht = 0;
4129 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4130 		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4131 			return -EINVAL;
4132 		} else if (beacon_rate->control[band].ht_mcs[i]) {
4133 			count_ht++;
4134 			if (count_ht > 1)
4135 				return -EINVAL;
4136 		}
4137 		if (count_ht && rate)
4138 			return -EINVAL;
4139 	}
4140 
4141 	count_vht = 0;
4142 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4143 		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4144 			return -EINVAL;
4145 		} else if (beacon_rate->control[band].vht_mcs[i]) {
4146 			count_vht++;
4147 			if (count_vht > 1)
4148 				return -EINVAL;
4149 		}
4150 		if (count_vht && rate)
4151 			return -EINVAL;
4152 	}
4153 
4154 	if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4155 		return -EINVAL;
4156 
4157 	if (rate &&
4158 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4159 				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4160 		return -EINVAL;
4161 	if (count_ht &&
4162 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4163 				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
4164 		return -EINVAL;
4165 	if (count_vht &&
4166 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4167 				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4168 		return -EINVAL;
4169 
4170 	return 0;
4171 }
4172 
4173 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4174 				struct nlattr *attrs[],
4175 				struct cfg80211_beacon_data *bcn)
4176 {
4177 	bool haveinfo = false;
4178 	int err;
4179 
4180 	memset(bcn, 0, sizeof(*bcn));
4181 
4182 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4183 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4184 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4185 		if (!bcn->head_len)
4186 			return -EINVAL;
4187 		haveinfo = true;
4188 	}
4189 
4190 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4191 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4192 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4193 		haveinfo = true;
4194 	}
4195 
4196 	if (!haveinfo)
4197 		return -EINVAL;
4198 
4199 	if (attrs[NL80211_ATTR_IE]) {
4200 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4201 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4202 	}
4203 
4204 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4205 		bcn->proberesp_ies =
4206 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4207 		bcn->proberesp_ies_len =
4208 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4209 	}
4210 
4211 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4212 		bcn->assocresp_ies =
4213 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4214 		bcn->assocresp_ies_len =
4215 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4216 	}
4217 
4218 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
4219 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4220 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4221 	}
4222 
4223 	if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4224 		struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4225 
4226 		err = nla_parse_nested(tb, NL80211_FTM_RESP_ATTR_MAX,
4227 				       attrs[NL80211_ATTR_FTM_RESPONDER],
4228 				       NULL, NULL);
4229 		if (err)
4230 			return err;
4231 
4232 		if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4233 		    wiphy_ext_feature_isset(&rdev->wiphy,
4234 					    NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4235 			bcn->ftm_responder = 1;
4236 		else
4237 			return -EOPNOTSUPP;
4238 
4239 		if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4240 			bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4241 			bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4242 		}
4243 
4244 		if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4245 			bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4246 			bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4247 		}
4248 	} else {
4249 		bcn->ftm_responder = -1;
4250 	}
4251 
4252 	return 0;
4253 }
4254 
4255 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4256 					    const u8 *rates)
4257 {
4258 	int i;
4259 
4260 	if (!rates)
4261 		return;
4262 
4263 	for (i = 0; i < rates[1]; i++) {
4264 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4265 			params->ht_required = true;
4266 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4267 			params->vht_required = true;
4268 	}
4269 }
4270 
4271 /*
4272  * Since the nl80211 API didn't include, from the beginning, attributes about
4273  * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4274  * benefit of drivers that rebuild IEs in the firmware.
4275  */
4276 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4277 {
4278 	const struct cfg80211_beacon_data *bcn = &params->beacon;
4279 	size_t ies_len = bcn->tail_len;
4280 	const u8 *ies = bcn->tail;
4281 	const u8 *rates;
4282 	const u8 *cap;
4283 
4284 	rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4285 	nl80211_check_ap_rate_selectors(params, rates);
4286 
4287 	rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4288 	nl80211_check_ap_rate_selectors(params, rates);
4289 
4290 	cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4291 	if (cap && cap[1] >= sizeof(*params->ht_cap))
4292 		params->ht_cap = (void *)(cap + 2);
4293 	cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4294 	if (cap && cap[1] >= sizeof(*params->vht_cap))
4295 		params->vht_cap = (void *)(cap + 2);
4296 	cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4297 	if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4298 		params->he_cap = (void *)(cap + 3);
4299 }
4300 
4301 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4302 				   struct cfg80211_ap_settings *params)
4303 {
4304 	struct wireless_dev *wdev;
4305 	bool ret = false;
4306 
4307 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4308 		if (wdev->iftype != NL80211_IFTYPE_AP &&
4309 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
4310 			continue;
4311 
4312 		if (!wdev->preset_chandef.chan)
4313 			continue;
4314 
4315 		params->chandef = wdev->preset_chandef;
4316 		ret = true;
4317 		break;
4318 	}
4319 
4320 	return ret;
4321 }
4322 
4323 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4324 				    enum nl80211_auth_type auth_type,
4325 				    enum nl80211_commands cmd)
4326 {
4327 	if (auth_type > NL80211_AUTHTYPE_MAX)
4328 		return false;
4329 
4330 	switch (cmd) {
4331 	case NL80211_CMD_AUTHENTICATE:
4332 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4333 		    auth_type == NL80211_AUTHTYPE_SAE)
4334 			return false;
4335 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
4336 					     NL80211_EXT_FEATURE_FILS_STA) &&
4337 		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4338 		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4339 		     auth_type == NL80211_AUTHTYPE_FILS_PK))
4340 			return false;
4341 		return true;
4342 	case NL80211_CMD_CONNECT:
4343 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4344 		    auth_type == NL80211_AUTHTYPE_SAE)
4345 			return false;
4346 
4347 		/* FILS with SK PFS or PK not supported yet */
4348 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4349 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4350 			return false;
4351 		if (!wiphy_ext_feature_isset(
4352 			    &rdev->wiphy,
4353 			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4354 		    auth_type == NL80211_AUTHTYPE_FILS_SK)
4355 			return false;
4356 		return true;
4357 	case NL80211_CMD_START_AP:
4358 		/* SAE not supported yet */
4359 		if (auth_type == NL80211_AUTHTYPE_SAE)
4360 			return false;
4361 		/* FILS not supported yet */
4362 		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4363 		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4364 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4365 			return false;
4366 		return true;
4367 	default:
4368 		return false;
4369 	}
4370 }
4371 
4372 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4373 {
4374 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4375 	struct net_device *dev = info->user_ptr[1];
4376 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4377 	struct cfg80211_ap_settings params;
4378 	int err;
4379 
4380 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4381 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4382 		return -EOPNOTSUPP;
4383 
4384 	if (!rdev->ops->start_ap)
4385 		return -EOPNOTSUPP;
4386 
4387 	if (wdev->beacon_interval)
4388 		return -EALREADY;
4389 
4390 	memset(&params, 0, sizeof(params));
4391 
4392 	/* these are required for START_AP */
4393 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4394 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4395 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
4396 		return -EINVAL;
4397 
4398 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
4399 	if (err)
4400 		return err;
4401 
4402 	params.beacon_interval =
4403 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4404 	params.dtim_period =
4405 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4406 
4407 	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4408 					   params.beacon_interval);
4409 	if (err)
4410 		return err;
4411 
4412 	/*
4413 	 * In theory, some of these attributes should be required here
4414 	 * but since they were not used when the command was originally
4415 	 * added, keep them optional for old user space programs to let
4416 	 * them continue to work with drivers that do not need the
4417 	 * additional information -- drivers must check!
4418 	 */
4419 	if (info->attrs[NL80211_ATTR_SSID]) {
4420 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4421 		params.ssid_len =
4422 			nla_len(info->attrs[NL80211_ATTR_SSID]);
4423 		if (params.ssid_len == 0 ||
4424 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
4425 			return -EINVAL;
4426 	}
4427 
4428 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4429 		params.hidden_ssid = nla_get_u32(
4430 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4431 
4432 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4433 
4434 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4435 		params.auth_type = nla_get_u32(
4436 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
4437 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
4438 					     NL80211_CMD_START_AP))
4439 			return -EINVAL;
4440 	} else
4441 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4442 
4443 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
4444 				      NL80211_MAX_NR_CIPHER_SUITES);
4445 	if (err)
4446 		return err;
4447 
4448 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4449 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4450 			return -EOPNOTSUPP;
4451 		params.inactivity_timeout = nla_get_u16(
4452 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4453 	}
4454 
4455 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4456 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4457 			return -EINVAL;
4458 		params.p2p_ctwindow =
4459 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4460 		if (params.p2p_ctwindow != 0 &&
4461 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4462 			return -EINVAL;
4463 	}
4464 
4465 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4466 		u8 tmp;
4467 
4468 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4469 			return -EINVAL;
4470 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4471 		params.p2p_opp_ps = tmp;
4472 		if (params.p2p_opp_ps != 0 &&
4473 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4474 			return -EINVAL;
4475 	}
4476 
4477 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4478 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
4479 		if (err)
4480 			return err;
4481 	} else if (wdev->preset_chandef.chan) {
4482 		params.chandef = wdev->preset_chandef;
4483 	} else if (!nl80211_get_ap_channel(rdev, &params))
4484 		return -EINVAL;
4485 
4486 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4487 					   wdev->iftype))
4488 		return -EINVAL;
4489 
4490 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
4491 		err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4492 		if (err)
4493 			return err;
4494 
4495 		err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4496 					      &params.beacon_rate);
4497 		if (err)
4498 			return err;
4499 	}
4500 
4501 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4502 		params.smps_mode =
4503 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4504 		switch (params.smps_mode) {
4505 		case NL80211_SMPS_OFF:
4506 			break;
4507 		case NL80211_SMPS_STATIC:
4508 			if (!(rdev->wiphy.features &
4509 			      NL80211_FEATURE_STATIC_SMPS))
4510 				return -EINVAL;
4511 			break;
4512 		case NL80211_SMPS_DYNAMIC:
4513 			if (!(rdev->wiphy.features &
4514 			      NL80211_FEATURE_DYNAMIC_SMPS))
4515 				return -EINVAL;
4516 			break;
4517 		default:
4518 			return -EINVAL;
4519 		}
4520 	} else {
4521 		params.smps_mode = NL80211_SMPS_OFF;
4522 	}
4523 
4524 	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4525 	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4526 		return -EOPNOTSUPP;
4527 
4528 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4529 		params.acl = parse_acl_data(&rdev->wiphy, info);
4530 		if (IS_ERR(params.acl))
4531 			return PTR_ERR(params.acl);
4532 	}
4533 
4534 	nl80211_calculate_ap_params(&params);
4535 
4536 	if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
4537 		params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
4538 
4539 	wdev_lock(wdev);
4540 	err = rdev_start_ap(rdev, dev, &params);
4541 	if (!err) {
4542 		wdev->preset_chandef = params.chandef;
4543 		wdev->beacon_interval = params.beacon_interval;
4544 		wdev->chandef = params.chandef;
4545 		wdev->ssid_len = params.ssid_len;
4546 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4547 
4548 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4549 			wdev->conn_owner_nlportid = info->snd_portid;
4550 	}
4551 	wdev_unlock(wdev);
4552 
4553 	kfree(params.acl);
4554 
4555 	return err;
4556 }
4557 
4558 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4559 {
4560 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4561 	struct net_device *dev = info->user_ptr[1];
4562 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4563 	struct cfg80211_beacon_data params;
4564 	int err;
4565 
4566 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4567 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4568 		return -EOPNOTSUPP;
4569 
4570 	if (!rdev->ops->change_beacon)
4571 		return -EOPNOTSUPP;
4572 
4573 	if (!wdev->beacon_interval)
4574 		return -EINVAL;
4575 
4576 	err = nl80211_parse_beacon(rdev, info->attrs, &params);
4577 	if (err)
4578 		return err;
4579 
4580 	wdev_lock(wdev);
4581 	err = rdev_change_beacon(rdev, dev, &params);
4582 	wdev_unlock(wdev);
4583 
4584 	return err;
4585 }
4586 
4587 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4588 {
4589 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4590 	struct net_device *dev = info->user_ptr[1];
4591 
4592 	return cfg80211_stop_ap(rdev, dev, false);
4593 }
4594 
4595 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4596 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4597 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4598 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4599 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4600 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4601 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4602 };
4603 
4604 static int parse_station_flags(struct genl_info *info,
4605 			       enum nl80211_iftype iftype,
4606 			       struct station_parameters *params)
4607 {
4608 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4609 	struct nlattr *nla;
4610 	int flag;
4611 
4612 	/*
4613 	 * Try parsing the new attribute first so userspace
4614 	 * can specify both for older kernels.
4615 	 */
4616 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4617 	if (nla) {
4618 		struct nl80211_sta_flag_update *sta_flags;
4619 
4620 		sta_flags = nla_data(nla);
4621 		params->sta_flags_mask = sta_flags->mask;
4622 		params->sta_flags_set = sta_flags->set;
4623 		params->sta_flags_set &= params->sta_flags_mask;
4624 		if ((params->sta_flags_mask |
4625 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4626 			return -EINVAL;
4627 		return 0;
4628 	}
4629 
4630 	/* if present, parse the old attribute */
4631 
4632 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4633 	if (!nla)
4634 		return 0;
4635 
4636 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, nla,
4637 			     sta_flags_policy, info->extack))
4638 		return -EINVAL;
4639 
4640 	/*
4641 	 * Only allow certain flags for interface types so that
4642 	 * other attributes are silently ignored. Remember that
4643 	 * this is backward compatibility code with old userspace
4644 	 * and shouldn't be hit in other cases anyway.
4645 	 */
4646 	switch (iftype) {
4647 	case NL80211_IFTYPE_AP:
4648 	case NL80211_IFTYPE_AP_VLAN:
4649 	case NL80211_IFTYPE_P2P_GO:
4650 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4651 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4652 					 BIT(NL80211_STA_FLAG_WME) |
4653 					 BIT(NL80211_STA_FLAG_MFP);
4654 		break;
4655 	case NL80211_IFTYPE_P2P_CLIENT:
4656 	case NL80211_IFTYPE_STATION:
4657 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4658 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
4659 		break;
4660 	case NL80211_IFTYPE_MESH_POINT:
4661 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4662 					 BIT(NL80211_STA_FLAG_MFP) |
4663 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
4664 		break;
4665 	default:
4666 		return -EINVAL;
4667 	}
4668 
4669 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4670 		if (flags[flag]) {
4671 			params->sta_flags_set |= (1<<flag);
4672 
4673 			/* no longer support new API additions in old API */
4674 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4675 				return -EINVAL;
4676 		}
4677 	}
4678 
4679 	return 0;
4680 }
4681 
4682 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
4683 {
4684 	struct nlattr *rate;
4685 	u32 bitrate;
4686 	u16 bitrate_compat;
4687 	enum nl80211_rate_info rate_flg;
4688 
4689 	rate = nla_nest_start(msg, attr);
4690 	if (!rate)
4691 		return false;
4692 
4693 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4694 	bitrate = cfg80211_calculate_bitrate(info);
4695 	/* report 16-bit bitrate only if we can */
4696 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4697 	if (bitrate > 0 &&
4698 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4699 		return false;
4700 	if (bitrate_compat > 0 &&
4701 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4702 		return false;
4703 
4704 	switch (info->bw) {
4705 	case RATE_INFO_BW_5:
4706 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4707 		break;
4708 	case RATE_INFO_BW_10:
4709 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4710 		break;
4711 	default:
4712 		WARN_ON(1);
4713 		/* fall through */
4714 	case RATE_INFO_BW_20:
4715 		rate_flg = 0;
4716 		break;
4717 	case RATE_INFO_BW_40:
4718 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4719 		break;
4720 	case RATE_INFO_BW_80:
4721 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4722 		break;
4723 	case RATE_INFO_BW_160:
4724 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4725 		break;
4726 	case RATE_INFO_BW_HE_RU:
4727 		rate_flg = 0;
4728 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
4729 	}
4730 
4731 	if (rate_flg && nla_put_flag(msg, rate_flg))
4732 		return false;
4733 
4734 	if (info->flags & RATE_INFO_FLAGS_MCS) {
4735 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4736 			return false;
4737 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4738 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4739 			return false;
4740 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4741 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4742 			return false;
4743 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4744 			return false;
4745 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4746 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4747 			return false;
4748 	} else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
4749 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
4750 			return false;
4751 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
4752 			return false;
4753 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
4754 			return false;
4755 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
4756 			return false;
4757 		if (info->bw == RATE_INFO_BW_HE_RU &&
4758 		    nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
4759 			       info->he_ru_alloc))
4760 			return false;
4761 	}
4762 
4763 	nla_nest_end(msg, rate);
4764 	return true;
4765 }
4766 
4767 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4768 			       int id)
4769 {
4770 	void *attr;
4771 	int i = 0;
4772 
4773 	if (!mask)
4774 		return true;
4775 
4776 	attr = nla_nest_start(msg, id);
4777 	if (!attr)
4778 		return false;
4779 
4780 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4781 		if (!(mask & BIT(i)))
4782 			continue;
4783 
4784 		if (nla_put_u8(msg, i, signal[i]))
4785 			return false;
4786 	}
4787 
4788 	nla_nest_end(msg, attr);
4789 
4790 	return true;
4791 }
4792 
4793 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4794 				u32 seq, int flags,
4795 				struct cfg80211_registered_device *rdev,
4796 				struct net_device *dev,
4797 				const u8 *mac_addr, struct station_info *sinfo)
4798 {
4799 	void *hdr;
4800 	struct nlattr *sinfoattr, *bss_param;
4801 
4802 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4803 	if (!hdr)
4804 		return -1;
4805 
4806 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4807 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4808 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4809 		goto nla_put_failure;
4810 
4811 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
4812 	if (!sinfoattr)
4813 		goto nla_put_failure;
4814 
4815 #define PUT_SINFO(attr, memb, type) do {				\
4816 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
4817 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
4818 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
4819 			     sinfo->memb))				\
4820 		goto nla_put_failure;					\
4821 	} while (0)
4822 #define PUT_SINFO_U64(attr, memb) do {					\
4823 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
4824 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
4825 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
4826 		goto nla_put_failure;					\
4827 	} while (0)
4828 
4829 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4830 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4831 
4832 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
4833 			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
4834 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4835 			(u32)sinfo->rx_bytes))
4836 		goto nla_put_failure;
4837 
4838 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
4839 			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
4840 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4841 			(u32)sinfo->tx_bytes))
4842 		goto nla_put_failure;
4843 
4844 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4845 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4846 	PUT_SINFO(LLID, llid, u16);
4847 	PUT_SINFO(PLID, plid, u16);
4848 	PUT_SINFO(PLINK_STATE, plink_state, u8);
4849 	PUT_SINFO_U64(RX_DURATION, rx_duration);
4850 	PUT_SINFO_U64(TX_DURATION, tx_duration);
4851 
4852 	if (wiphy_ext_feature_isset(&rdev->wiphy,
4853 				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
4854 		PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
4855 
4856 	switch (rdev->wiphy.signal_type) {
4857 	case CFG80211_SIGNAL_TYPE_MBM:
4858 		PUT_SINFO(SIGNAL, signal, u8);
4859 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4860 		break;
4861 	default:
4862 		break;
4863 	}
4864 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4865 		if (!nl80211_put_signal(msg, sinfo->chains,
4866 					sinfo->chain_signal,
4867 					NL80211_STA_INFO_CHAIN_SIGNAL))
4868 			goto nla_put_failure;
4869 	}
4870 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4871 		if (!nl80211_put_signal(msg, sinfo->chains,
4872 					sinfo->chain_signal_avg,
4873 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4874 			goto nla_put_failure;
4875 	}
4876 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
4877 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4878 					  NL80211_STA_INFO_TX_BITRATE))
4879 			goto nla_put_failure;
4880 	}
4881 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
4882 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4883 					  NL80211_STA_INFO_RX_BITRATE))
4884 			goto nla_put_failure;
4885 	}
4886 
4887 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
4888 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
4889 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
4890 	PUT_SINFO(TX_FAILED, tx_failed, u32);
4891 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
4892 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4893 	PUT_SINFO(LOCAL_PM, local_pm, u32);
4894 	PUT_SINFO(PEER_PM, peer_pm, u32);
4895 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
4896 	PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
4897 
4898 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
4899 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
4900 		if (!bss_param)
4901 			goto nla_put_failure;
4902 
4903 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
4904 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
4905 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
4906 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
4907 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
4908 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
4909 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
4910 			       sinfo->bss_param.dtim_period) ||
4911 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
4912 				sinfo->bss_param.beacon_interval))
4913 			goto nla_put_failure;
4914 
4915 		nla_nest_end(msg, bss_param);
4916 	}
4917 	if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
4918 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
4919 		    sizeof(struct nl80211_sta_flag_update),
4920 		    &sinfo->sta_flags))
4921 		goto nla_put_failure;
4922 
4923 	PUT_SINFO_U64(T_OFFSET, t_offset);
4924 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
4925 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
4926 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
4927 	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
4928 	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
4929 	if (wiphy_ext_feature_isset(&rdev->wiphy,
4930 				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
4931 		PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
4932 		PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
4933 	}
4934 
4935 #undef PUT_SINFO
4936 #undef PUT_SINFO_U64
4937 
4938 	if (sinfo->pertid) {
4939 		struct nlattr *tidsattr;
4940 		int tid;
4941 
4942 		tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
4943 		if (!tidsattr)
4944 			goto nla_put_failure;
4945 
4946 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
4947 			struct cfg80211_tid_stats *tidstats;
4948 			struct nlattr *tidattr;
4949 
4950 			tidstats = &sinfo->pertid[tid];
4951 
4952 			if (!tidstats->filled)
4953 				continue;
4954 
4955 			tidattr = nla_nest_start(msg, tid + 1);
4956 			if (!tidattr)
4957 				goto nla_put_failure;
4958 
4959 #define PUT_TIDVAL_U64(attr, memb) do {					\
4960 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
4961 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
4962 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
4963 		goto nla_put_failure;					\
4964 	} while (0)
4965 
4966 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
4967 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
4968 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
4969 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
4970 
4971 #undef PUT_TIDVAL_U64
4972 			if ((tidstats->filled &
4973 			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
4974 			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
4975 						   NL80211_TID_STATS_TXQ_STATS))
4976 				goto nla_put_failure;
4977 
4978 			nla_nest_end(msg, tidattr);
4979 		}
4980 
4981 		nla_nest_end(msg, tidsattr);
4982 	}
4983 
4984 	nla_nest_end(msg, sinfoattr);
4985 
4986 	if (sinfo->assoc_req_ies_len &&
4987 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
4988 		    sinfo->assoc_req_ies))
4989 		goto nla_put_failure;
4990 
4991 	cfg80211_sinfo_release_content(sinfo);
4992 	genlmsg_end(msg, hdr);
4993 	return 0;
4994 
4995  nla_put_failure:
4996 	cfg80211_sinfo_release_content(sinfo);
4997 	genlmsg_cancel(msg, hdr);
4998 	return -EMSGSIZE;
4999 }
5000 
5001 static int nl80211_dump_station(struct sk_buff *skb,
5002 				struct netlink_callback *cb)
5003 {
5004 	struct station_info sinfo;
5005 	struct cfg80211_registered_device *rdev;
5006 	struct wireless_dev *wdev;
5007 	u8 mac_addr[ETH_ALEN];
5008 	int sta_idx = cb->args[2];
5009 	int err;
5010 
5011 	rtnl_lock();
5012 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5013 	if (err)
5014 		goto out_err;
5015 
5016 	if (!wdev->netdev) {
5017 		err = -EINVAL;
5018 		goto out_err;
5019 	}
5020 
5021 	if (!rdev->ops->dump_station) {
5022 		err = -EOPNOTSUPP;
5023 		goto out_err;
5024 	}
5025 
5026 	while (1) {
5027 		memset(&sinfo, 0, sizeof(sinfo));
5028 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5029 					mac_addr, &sinfo);
5030 		if (err == -ENOENT)
5031 			break;
5032 		if (err)
5033 			goto out_err;
5034 
5035 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5036 				NETLINK_CB(cb->skb).portid,
5037 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5038 				rdev, wdev->netdev, mac_addr,
5039 				&sinfo) < 0)
5040 			goto out;
5041 
5042 		sta_idx++;
5043 	}
5044 
5045  out:
5046 	cb->args[2] = sta_idx;
5047 	err = skb->len;
5048  out_err:
5049 	rtnl_unlock();
5050 
5051 	return err;
5052 }
5053 
5054 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5055 {
5056 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5057 	struct net_device *dev = info->user_ptr[1];
5058 	struct station_info sinfo;
5059 	struct sk_buff *msg;
5060 	u8 *mac_addr = NULL;
5061 	int err;
5062 
5063 	memset(&sinfo, 0, sizeof(sinfo));
5064 
5065 	if (!info->attrs[NL80211_ATTR_MAC])
5066 		return -EINVAL;
5067 
5068 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5069 
5070 	if (!rdev->ops->get_station)
5071 		return -EOPNOTSUPP;
5072 
5073 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5074 	if (err)
5075 		return err;
5076 
5077 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5078 	if (!msg) {
5079 		cfg80211_sinfo_release_content(&sinfo);
5080 		return -ENOMEM;
5081 	}
5082 
5083 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5084 				 info->snd_portid, info->snd_seq, 0,
5085 				 rdev, dev, mac_addr, &sinfo) < 0) {
5086 		nlmsg_free(msg);
5087 		return -ENOBUFS;
5088 	}
5089 
5090 	return genlmsg_reply(msg, info);
5091 }
5092 
5093 int cfg80211_check_station_change(struct wiphy *wiphy,
5094 				  struct station_parameters *params,
5095 				  enum cfg80211_station_type statype)
5096 {
5097 	if (params->listen_interval != -1 &&
5098 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5099 		return -EINVAL;
5100 
5101 	if (params->support_p2p_ps != -1 &&
5102 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5103 		return -EINVAL;
5104 
5105 	if (params->aid &&
5106 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5107 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5108 		return -EINVAL;
5109 
5110 	/* When you run into this, adjust the code below for the new flag */
5111 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5112 
5113 	switch (statype) {
5114 	case CFG80211_STA_MESH_PEER_KERNEL:
5115 	case CFG80211_STA_MESH_PEER_USER:
5116 		/*
5117 		 * No ignoring the TDLS flag here -- the userspace mesh
5118 		 * code doesn't have the bug of including TDLS in the
5119 		 * mask everywhere.
5120 		 */
5121 		if (params->sta_flags_mask &
5122 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5123 				  BIT(NL80211_STA_FLAG_MFP) |
5124 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
5125 			return -EINVAL;
5126 		break;
5127 	case CFG80211_STA_TDLS_PEER_SETUP:
5128 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5129 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5130 			return -EINVAL;
5131 		/* ignore since it can't change */
5132 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5133 		break;
5134 	default:
5135 		/* disallow mesh-specific things */
5136 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5137 			return -EINVAL;
5138 		if (params->local_pm)
5139 			return -EINVAL;
5140 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5141 			return -EINVAL;
5142 	}
5143 
5144 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5145 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5146 		/* TDLS can't be set, ... */
5147 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5148 			return -EINVAL;
5149 		/*
5150 		 * ... but don't bother the driver with it. This works around
5151 		 * a hostapd/wpa_supplicant issue -- it always includes the
5152 		 * TLDS_PEER flag in the mask even for AP mode.
5153 		 */
5154 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5155 	}
5156 
5157 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5158 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5159 		/* reject other things that can't change */
5160 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5161 			return -EINVAL;
5162 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5163 			return -EINVAL;
5164 		if (params->supported_rates)
5165 			return -EINVAL;
5166 		if (params->ext_capab || params->ht_capa || params->vht_capa ||
5167 		    params->he_capa)
5168 			return -EINVAL;
5169 	}
5170 
5171 	if (statype != CFG80211_STA_AP_CLIENT &&
5172 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5173 		if (params->vlan)
5174 			return -EINVAL;
5175 	}
5176 
5177 	switch (statype) {
5178 	case CFG80211_STA_AP_MLME_CLIENT:
5179 		/* Use this only for authorizing/unauthorizing a station */
5180 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5181 			return -EOPNOTSUPP;
5182 		break;
5183 	case CFG80211_STA_AP_CLIENT:
5184 	case CFG80211_STA_AP_CLIENT_UNASSOC:
5185 		/* accept only the listed bits */
5186 		if (params->sta_flags_mask &
5187 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5188 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5189 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
5190 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5191 				  BIT(NL80211_STA_FLAG_WME) |
5192 				  BIT(NL80211_STA_FLAG_MFP)))
5193 			return -EINVAL;
5194 
5195 		/* but authenticated/associated only if driver handles it */
5196 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5197 		    params->sta_flags_mask &
5198 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5199 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5200 			return -EINVAL;
5201 		break;
5202 	case CFG80211_STA_IBSS:
5203 	case CFG80211_STA_AP_STA:
5204 		/* reject any changes other than AUTHORIZED */
5205 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5206 			return -EINVAL;
5207 		break;
5208 	case CFG80211_STA_TDLS_PEER_SETUP:
5209 		/* reject any changes other than AUTHORIZED or WME */
5210 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5211 					       BIT(NL80211_STA_FLAG_WME)))
5212 			return -EINVAL;
5213 		/* force (at least) rates when authorizing */
5214 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5215 		    !params->supported_rates)
5216 			return -EINVAL;
5217 		break;
5218 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5219 		/* reject any changes */
5220 		return -EINVAL;
5221 	case CFG80211_STA_MESH_PEER_KERNEL:
5222 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5223 			return -EINVAL;
5224 		break;
5225 	case CFG80211_STA_MESH_PEER_USER:
5226 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5227 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5228 			return -EINVAL;
5229 		break;
5230 	}
5231 
5232 	/*
5233 	 * Older kernel versions ignored this attribute entirely, so don't
5234 	 * reject attempts to update it but mark it as unused instead so the
5235 	 * driver won't look at the data.
5236 	 */
5237 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5238 	    statype != CFG80211_STA_TDLS_PEER_SETUP)
5239 		params->opmode_notif_used = false;
5240 
5241 	return 0;
5242 }
5243 EXPORT_SYMBOL(cfg80211_check_station_change);
5244 
5245 /*
5246  * Get vlan interface making sure it is running and on the right wiphy.
5247  */
5248 static struct net_device *get_vlan(struct genl_info *info,
5249 				   struct cfg80211_registered_device *rdev)
5250 {
5251 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5252 	struct net_device *v;
5253 	int ret;
5254 
5255 	if (!vlanattr)
5256 		return NULL;
5257 
5258 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5259 	if (!v)
5260 		return ERR_PTR(-ENODEV);
5261 
5262 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5263 		ret = -EINVAL;
5264 		goto error;
5265 	}
5266 
5267 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5268 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5269 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5270 		ret = -EINVAL;
5271 		goto error;
5272 	}
5273 
5274 	if (!netif_running(v)) {
5275 		ret = -ENETDOWN;
5276 		goto error;
5277 	}
5278 
5279 	return v;
5280  error:
5281 	dev_put(v);
5282 	return ERR_PTR(ret);
5283 }
5284 
5285 static const struct nla_policy
5286 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5287 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5288 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5289 };
5290 
5291 static int nl80211_parse_sta_wme(struct genl_info *info,
5292 				 struct station_parameters *params)
5293 {
5294 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5295 	struct nlattr *nla;
5296 	int err;
5297 
5298 	/* parse WME attributes if present */
5299 	if (!info->attrs[NL80211_ATTR_STA_WME])
5300 		return 0;
5301 
5302 	nla = info->attrs[NL80211_ATTR_STA_WME];
5303 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
5304 			       nl80211_sta_wme_policy, info->extack);
5305 	if (err)
5306 		return err;
5307 
5308 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5309 		params->uapsd_queues = nla_get_u8(
5310 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
5311 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5312 		return -EINVAL;
5313 
5314 	if (tb[NL80211_STA_WME_MAX_SP])
5315 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5316 
5317 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5318 		return -EINVAL;
5319 
5320 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5321 
5322 	return 0;
5323 }
5324 
5325 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5326 				      struct station_parameters *params)
5327 {
5328 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5329 		params->supported_channels =
5330 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5331 		params->supported_channels_len =
5332 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5333 		/*
5334 		 * Need to include at least one (first channel, number of
5335 		 * channels) tuple for each subband, and must have proper
5336 		 * tuples for the rest of the data as well.
5337 		 */
5338 		if (params->supported_channels_len < 2)
5339 			return -EINVAL;
5340 		if (params->supported_channels_len % 2)
5341 			return -EINVAL;
5342 	}
5343 
5344 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5345 		params->supported_oper_classes =
5346 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5347 		params->supported_oper_classes_len =
5348 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5349 		/*
5350 		 * The value of the Length field of the Supported Operating
5351 		 * Classes element is between 2 and 253.
5352 		 */
5353 		if (params->supported_oper_classes_len < 2 ||
5354 		    params->supported_oper_classes_len > 253)
5355 			return -EINVAL;
5356 	}
5357 	return 0;
5358 }
5359 
5360 static int nl80211_set_station_tdls(struct genl_info *info,
5361 				    struct station_parameters *params)
5362 {
5363 	int err;
5364 	/* Dummy STA entry gets updated once the peer capabilities are known */
5365 	if (info->attrs[NL80211_ATTR_PEER_AID])
5366 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5367 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5368 		params->ht_capa =
5369 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5370 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5371 		params->vht_capa =
5372 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5373 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5374 		params->he_capa =
5375 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5376 		params->he_capa_len =
5377 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5378 
5379 		if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5380 			return -EINVAL;
5381 	}
5382 
5383 	err = nl80211_parse_sta_channel_info(info, params);
5384 	if (err)
5385 		return err;
5386 
5387 	return nl80211_parse_sta_wme(info, params);
5388 }
5389 
5390 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5391 {
5392 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5393 	struct net_device *dev = info->user_ptr[1];
5394 	struct station_parameters params;
5395 	u8 *mac_addr;
5396 	int err;
5397 
5398 	memset(&params, 0, sizeof(params));
5399 
5400 	if (!rdev->ops->change_station)
5401 		return -EOPNOTSUPP;
5402 
5403 	/*
5404 	 * AID and listen_interval properties can be set only for unassociated
5405 	 * station. Include these parameters here and will check them in
5406 	 * cfg80211_check_station_change().
5407 	 */
5408 	if (info->attrs[NL80211_ATTR_STA_AID])
5409 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5410 
5411 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5412 		params.listen_interval =
5413 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5414 	else
5415 		params.listen_interval = -1;
5416 
5417 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5418 		params.support_p2p_ps =
5419 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5420 	else
5421 		params.support_p2p_ps = -1;
5422 
5423 	if (!info->attrs[NL80211_ATTR_MAC])
5424 		return -EINVAL;
5425 
5426 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5427 
5428 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5429 		params.supported_rates =
5430 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5431 		params.supported_rates_len =
5432 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5433 	}
5434 
5435 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5436 		params.capability =
5437 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5438 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5439 	}
5440 
5441 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5442 		params.ext_capab =
5443 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5444 		params.ext_capab_len =
5445 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5446 	}
5447 
5448 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5449 		return -EINVAL;
5450 
5451 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5452 		params.plink_action =
5453 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5454 
5455 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5456 		params.plink_state =
5457 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5458 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5459 			params.peer_aid = nla_get_u16(
5460 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5461 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5462 	}
5463 
5464 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
5465 		params.local_pm = nla_get_u32(
5466 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5467 
5468 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5469 		params.opmode_notif_used = true;
5470 		params.opmode_notif =
5471 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5472 	}
5473 
5474 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5475 		params.airtime_weight =
5476 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5477 
5478 	if (params.airtime_weight &&
5479 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5480 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5481 		return -EOPNOTSUPP;
5482 
5483 	/* Include parameters for TDLS peer (will check later) */
5484 	err = nl80211_set_station_tdls(info, &params);
5485 	if (err)
5486 		return err;
5487 
5488 	params.vlan = get_vlan(info, rdev);
5489 	if (IS_ERR(params.vlan))
5490 		return PTR_ERR(params.vlan);
5491 
5492 	switch (dev->ieee80211_ptr->iftype) {
5493 	case NL80211_IFTYPE_AP:
5494 	case NL80211_IFTYPE_AP_VLAN:
5495 	case NL80211_IFTYPE_P2P_GO:
5496 	case NL80211_IFTYPE_P2P_CLIENT:
5497 	case NL80211_IFTYPE_STATION:
5498 	case NL80211_IFTYPE_ADHOC:
5499 	case NL80211_IFTYPE_MESH_POINT:
5500 		break;
5501 	default:
5502 		err = -EOPNOTSUPP;
5503 		goto out_put_vlan;
5504 	}
5505 
5506 	/* driver will call cfg80211_check_station_change() */
5507 	err = rdev_change_station(rdev, dev, mac_addr, &params);
5508 
5509  out_put_vlan:
5510 	if (params.vlan)
5511 		dev_put(params.vlan);
5512 
5513 	return err;
5514 }
5515 
5516 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5517 {
5518 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5519 	int err;
5520 	struct net_device *dev = info->user_ptr[1];
5521 	struct station_parameters params;
5522 	u8 *mac_addr = NULL;
5523 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5524 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
5525 
5526 	memset(&params, 0, sizeof(params));
5527 
5528 	if (!rdev->ops->add_station)
5529 		return -EOPNOTSUPP;
5530 
5531 	if (!info->attrs[NL80211_ATTR_MAC])
5532 		return -EINVAL;
5533 
5534 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5535 		return -EINVAL;
5536 
5537 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5538 		return -EINVAL;
5539 
5540 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
5541 	    !info->attrs[NL80211_ATTR_PEER_AID])
5542 		return -EINVAL;
5543 
5544 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5545 	params.supported_rates =
5546 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5547 	params.supported_rates_len =
5548 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5549 	params.listen_interval =
5550 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5551 
5552 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5553 		params.support_p2p_ps =
5554 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5555 	} else {
5556 		/*
5557 		 * if not specified, assume it's supported for P2P GO interface,
5558 		 * and is NOT supported for AP interface
5559 		 */
5560 		params.support_p2p_ps =
5561 			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5562 	}
5563 
5564 	if (info->attrs[NL80211_ATTR_PEER_AID])
5565 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5566 	else
5567 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5568 
5569 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5570 		params.capability =
5571 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5572 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5573 	}
5574 
5575 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5576 		params.ext_capab =
5577 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5578 		params.ext_capab_len =
5579 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5580 	}
5581 
5582 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5583 		params.ht_capa =
5584 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5585 
5586 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5587 		params.vht_capa =
5588 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5589 
5590 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5591 		params.he_capa =
5592 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5593 		params.he_capa_len =
5594 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5595 
5596 		/* max len is validated in nla policy */
5597 		if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5598 			return -EINVAL;
5599 	}
5600 
5601 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5602 		params.opmode_notif_used = true;
5603 		params.opmode_notif =
5604 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5605 	}
5606 
5607 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5608 		params.plink_action =
5609 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5610 
5611 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5612 		params.airtime_weight =
5613 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5614 
5615 	if (params.airtime_weight &&
5616 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5617 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5618 		return -EOPNOTSUPP;
5619 
5620 	err = nl80211_parse_sta_channel_info(info, &params);
5621 	if (err)
5622 		return err;
5623 
5624 	err = nl80211_parse_sta_wme(info, &params);
5625 	if (err)
5626 		return err;
5627 
5628 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5629 		return -EINVAL;
5630 
5631 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5632 	 * as userspace might just pass through the capabilities from the IEs
5633 	 * directly, rather than enforcing this restriction and returning an
5634 	 * error in this case.
5635 	 */
5636 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5637 		params.ht_capa = NULL;
5638 		params.vht_capa = NULL;
5639 
5640 		/* HE requires WME */
5641 		if (params.he_capa_len)
5642 			return -EINVAL;
5643 	}
5644 
5645 	/* When you run into this, adjust the code below for the new flag */
5646 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5647 
5648 	switch (dev->ieee80211_ptr->iftype) {
5649 	case NL80211_IFTYPE_AP:
5650 	case NL80211_IFTYPE_AP_VLAN:
5651 	case NL80211_IFTYPE_P2P_GO:
5652 		/* ignore WME attributes if iface/sta is not capable */
5653 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5654 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5655 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5656 
5657 		/* TDLS peers cannot be added */
5658 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5659 		    info->attrs[NL80211_ATTR_PEER_AID])
5660 			return -EINVAL;
5661 		/* but don't bother the driver with it */
5662 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5663 
5664 		/* allow authenticated/associated only if driver handles it */
5665 		if (!(rdev->wiphy.features &
5666 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5667 		    params.sta_flags_mask & auth_assoc)
5668 			return -EINVAL;
5669 
5670 		/* Older userspace, or userspace wanting to be compatible with
5671 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5672 		 * and assoc flags in the mask, but assumes the station will be
5673 		 * added as associated anyway since this was the required driver
5674 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5675 		 * introduced.
5676 		 * In order to not bother drivers with this quirk in the API
5677 		 * set the flags in both the mask and set for new stations in
5678 		 * this case.
5679 		 */
5680 		if (!(params.sta_flags_mask & auth_assoc)) {
5681 			params.sta_flags_mask |= auth_assoc;
5682 			params.sta_flags_set |= auth_assoc;
5683 		}
5684 
5685 		/* must be last in here for error handling */
5686 		params.vlan = get_vlan(info, rdev);
5687 		if (IS_ERR(params.vlan))
5688 			return PTR_ERR(params.vlan);
5689 		break;
5690 	case NL80211_IFTYPE_MESH_POINT:
5691 		/* ignore uAPSD data */
5692 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5693 
5694 		/* associated is disallowed */
5695 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5696 			return -EINVAL;
5697 		/* TDLS peers cannot be added */
5698 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5699 		    info->attrs[NL80211_ATTR_PEER_AID])
5700 			return -EINVAL;
5701 		break;
5702 	case NL80211_IFTYPE_STATION:
5703 	case NL80211_IFTYPE_P2P_CLIENT:
5704 		/* ignore uAPSD data */
5705 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5706 
5707 		/* these are disallowed */
5708 		if (params.sta_flags_mask &
5709 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
5710 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5711 			return -EINVAL;
5712 		/* Only TDLS peers can be added */
5713 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5714 			return -EINVAL;
5715 		/* Can only add if TDLS ... */
5716 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5717 			return -EOPNOTSUPP;
5718 		/* ... with external setup is supported */
5719 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5720 			return -EOPNOTSUPP;
5721 		/*
5722 		 * Older wpa_supplicant versions always mark the TDLS peer
5723 		 * as authorized, but it shouldn't yet be.
5724 		 */
5725 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5726 		break;
5727 	default:
5728 		return -EOPNOTSUPP;
5729 	}
5730 
5731 	/* be aware of params.vlan when changing code here */
5732 
5733 	err = rdev_add_station(rdev, dev, mac_addr, &params);
5734 
5735 	if (params.vlan)
5736 		dev_put(params.vlan);
5737 	return err;
5738 }
5739 
5740 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5741 {
5742 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5743 	struct net_device *dev = info->user_ptr[1];
5744 	struct station_del_parameters params;
5745 
5746 	memset(&params, 0, sizeof(params));
5747 
5748 	if (info->attrs[NL80211_ATTR_MAC])
5749 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5750 
5751 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5752 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5753 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5754 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5755 		return -EINVAL;
5756 
5757 	if (!rdev->ops->del_station)
5758 		return -EOPNOTSUPP;
5759 
5760 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5761 		params.subtype =
5762 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5763 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5764 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5765 			return -EINVAL;
5766 	} else {
5767 		/* Default to Deauthentication frame */
5768 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5769 	}
5770 
5771 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5772 		params.reason_code =
5773 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5774 		if (params.reason_code == 0)
5775 			return -EINVAL; /* 0 is reserved */
5776 	} else {
5777 		/* Default to reason code 2 */
5778 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5779 	}
5780 
5781 	return rdev_del_station(rdev, dev, &params);
5782 }
5783 
5784 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5785 				int flags, struct net_device *dev,
5786 				u8 *dst, u8 *next_hop,
5787 				struct mpath_info *pinfo)
5788 {
5789 	void *hdr;
5790 	struct nlattr *pinfoattr;
5791 
5792 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5793 	if (!hdr)
5794 		return -1;
5795 
5796 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5797 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5798 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5799 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5800 		goto nla_put_failure;
5801 
5802 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
5803 	if (!pinfoattr)
5804 		goto nla_put_failure;
5805 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5806 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5807 			pinfo->frame_qlen))
5808 		goto nla_put_failure;
5809 	if (((pinfo->filled & MPATH_INFO_SN) &&
5810 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5811 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
5812 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5813 			 pinfo->metric)) ||
5814 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5815 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5816 			 pinfo->exptime)) ||
5817 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
5818 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5819 			pinfo->flags)) ||
5820 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5821 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5822 			 pinfo->discovery_timeout)) ||
5823 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5824 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5825 			pinfo->discovery_retries)) ||
5826 	    ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
5827 	     nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
5828 			pinfo->hop_count)) ||
5829 	    ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
5830 	     nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
5831 			 pinfo->path_change_count)))
5832 		goto nla_put_failure;
5833 
5834 	nla_nest_end(msg, pinfoattr);
5835 
5836 	genlmsg_end(msg, hdr);
5837 	return 0;
5838 
5839  nla_put_failure:
5840 	genlmsg_cancel(msg, hdr);
5841 	return -EMSGSIZE;
5842 }
5843 
5844 static int nl80211_dump_mpath(struct sk_buff *skb,
5845 			      struct netlink_callback *cb)
5846 {
5847 	struct mpath_info pinfo;
5848 	struct cfg80211_registered_device *rdev;
5849 	struct wireless_dev *wdev;
5850 	u8 dst[ETH_ALEN];
5851 	u8 next_hop[ETH_ALEN];
5852 	int path_idx = cb->args[2];
5853 	int err;
5854 
5855 	rtnl_lock();
5856 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5857 	if (err)
5858 		goto out_err;
5859 
5860 	if (!rdev->ops->dump_mpath) {
5861 		err = -EOPNOTSUPP;
5862 		goto out_err;
5863 	}
5864 
5865 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
5866 		err = -EOPNOTSUPP;
5867 		goto out_err;
5868 	}
5869 
5870 	while (1) {
5871 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
5872 				      next_hop, &pinfo);
5873 		if (err == -ENOENT)
5874 			break;
5875 		if (err)
5876 			goto out_err;
5877 
5878 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
5879 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
5880 				       wdev->netdev, dst, next_hop,
5881 				       &pinfo) < 0)
5882 			goto out;
5883 
5884 		path_idx++;
5885 	}
5886 
5887  out:
5888 	cb->args[2] = path_idx;
5889 	err = skb->len;
5890  out_err:
5891 	rtnl_unlock();
5892 	return err;
5893 }
5894 
5895 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
5896 {
5897 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5898 	int err;
5899 	struct net_device *dev = info->user_ptr[1];
5900 	struct mpath_info pinfo;
5901 	struct sk_buff *msg;
5902 	u8 *dst = NULL;
5903 	u8 next_hop[ETH_ALEN];
5904 
5905 	memset(&pinfo, 0, sizeof(pinfo));
5906 
5907 	if (!info->attrs[NL80211_ATTR_MAC])
5908 		return -EINVAL;
5909 
5910 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5911 
5912 	if (!rdev->ops->get_mpath)
5913 		return -EOPNOTSUPP;
5914 
5915 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5916 		return -EOPNOTSUPP;
5917 
5918 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
5919 	if (err)
5920 		return err;
5921 
5922 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5923 	if (!msg)
5924 		return -ENOMEM;
5925 
5926 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
5927 				 dev, dst, next_hop, &pinfo) < 0) {
5928 		nlmsg_free(msg);
5929 		return -ENOBUFS;
5930 	}
5931 
5932 	return genlmsg_reply(msg, info);
5933 }
5934 
5935 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
5936 {
5937 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5938 	struct net_device *dev = info->user_ptr[1];
5939 	u8 *dst = NULL;
5940 	u8 *next_hop = NULL;
5941 
5942 	if (!info->attrs[NL80211_ATTR_MAC])
5943 		return -EINVAL;
5944 
5945 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5946 		return -EINVAL;
5947 
5948 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5949 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5950 
5951 	if (!rdev->ops->change_mpath)
5952 		return -EOPNOTSUPP;
5953 
5954 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5955 		return -EOPNOTSUPP;
5956 
5957 	return rdev_change_mpath(rdev, dev, dst, next_hop);
5958 }
5959 
5960 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
5961 {
5962 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5963 	struct net_device *dev = info->user_ptr[1];
5964 	u8 *dst = NULL;
5965 	u8 *next_hop = NULL;
5966 
5967 	if (!info->attrs[NL80211_ATTR_MAC])
5968 		return -EINVAL;
5969 
5970 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
5971 		return -EINVAL;
5972 
5973 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5974 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
5975 
5976 	if (!rdev->ops->add_mpath)
5977 		return -EOPNOTSUPP;
5978 
5979 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
5980 		return -EOPNOTSUPP;
5981 
5982 	return rdev_add_mpath(rdev, dev, dst, next_hop);
5983 }
5984 
5985 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
5986 {
5987 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5988 	struct net_device *dev = info->user_ptr[1];
5989 	u8 *dst = NULL;
5990 
5991 	if (info->attrs[NL80211_ATTR_MAC])
5992 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
5993 
5994 	if (!rdev->ops->del_mpath)
5995 		return -EOPNOTSUPP;
5996 
5997 	return rdev_del_mpath(rdev, dev, dst);
5998 }
5999 
6000 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6001 {
6002 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6003 	int err;
6004 	struct net_device *dev = info->user_ptr[1];
6005 	struct mpath_info pinfo;
6006 	struct sk_buff *msg;
6007 	u8 *dst = NULL;
6008 	u8 mpp[ETH_ALEN];
6009 
6010 	memset(&pinfo, 0, sizeof(pinfo));
6011 
6012 	if (!info->attrs[NL80211_ATTR_MAC])
6013 		return -EINVAL;
6014 
6015 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6016 
6017 	if (!rdev->ops->get_mpp)
6018 		return -EOPNOTSUPP;
6019 
6020 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6021 		return -EOPNOTSUPP;
6022 
6023 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6024 	if (err)
6025 		return err;
6026 
6027 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6028 	if (!msg)
6029 		return -ENOMEM;
6030 
6031 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6032 			       dev, dst, mpp, &pinfo) < 0) {
6033 		nlmsg_free(msg);
6034 		return -ENOBUFS;
6035 	}
6036 
6037 	return genlmsg_reply(msg, info);
6038 }
6039 
6040 static int nl80211_dump_mpp(struct sk_buff *skb,
6041 			    struct netlink_callback *cb)
6042 {
6043 	struct mpath_info pinfo;
6044 	struct cfg80211_registered_device *rdev;
6045 	struct wireless_dev *wdev;
6046 	u8 dst[ETH_ALEN];
6047 	u8 mpp[ETH_ALEN];
6048 	int path_idx = cb->args[2];
6049 	int err;
6050 
6051 	rtnl_lock();
6052 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6053 	if (err)
6054 		goto out_err;
6055 
6056 	if (!rdev->ops->dump_mpp) {
6057 		err = -EOPNOTSUPP;
6058 		goto out_err;
6059 	}
6060 
6061 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6062 		err = -EOPNOTSUPP;
6063 		goto out_err;
6064 	}
6065 
6066 	while (1) {
6067 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6068 				    mpp, &pinfo);
6069 		if (err == -ENOENT)
6070 			break;
6071 		if (err)
6072 			goto out_err;
6073 
6074 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6075 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6076 				       wdev->netdev, dst, mpp,
6077 				       &pinfo) < 0)
6078 			goto out;
6079 
6080 		path_idx++;
6081 	}
6082 
6083  out:
6084 	cb->args[2] = path_idx;
6085 	err = skb->len;
6086  out_err:
6087 	rtnl_unlock();
6088 	return err;
6089 }
6090 
6091 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6092 {
6093 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6094 	struct net_device *dev = info->user_ptr[1];
6095 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6096 	struct bss_parameters params;
6097 	int err;
6098 
6099 	memset(&params, 0, sizeof(params));
6100 	/* default to not changing parameters */
6101 	params.use_cts_prot = -1;
6102 	params.use_short_preamble = -1;
6103 	params.use_short_slot_time = -1;
6104 	params.ap_isolate = -1;
6105 	params.ht_opmode = -1;
6106 	params.p2p_ctwindow = -1;
6107 	params.p2p_opp_ps = -1;
6108 
6109 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6110 		params.use_cts_prot =
6111 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6112 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6113 		params.use_short_preamble =
6114 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6115 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6116 		params.use_short_slot_time =
6117 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6118 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6119 		params.basic_rates =
6120 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6121 		params.basic_rates_len =
6122 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6123 	}
6124 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6125 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6126 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6127 		params.ht_opmode =
6128 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6129 
6130 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6131 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6132 			return -EINVAL;
6133 		params.p2p_ctwindow =
6134 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6135 		if (params.p2p_ctwindow != 0 &&
6136 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6137 			return -EINVAL;
6138 	}
6139 
6140 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6141 		u8 tmp;
6142 
6143 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6144 			return -EINVAL;
6145 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6146 		params.p2p_opp_ps = tmp;
6147 		if (params.p2p_opp_ps &&
6148 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6149 			return -EINVAL;
6150 	}
6151 
6152 	if (!rdev->ops->change_bss)
6153 		return -EOPNOTSUPP;
6154 
6155 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6156 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6157 		return -EOPNOTSUPP;
6158 
6159 	wdev_lock(wdev);
6160 	err = rdev_change_bss(rdev, dev, &params);
6161 	wdev_unlock(wdev);
6162 
6163 	return err;
6164 }
6165 
6166 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6167 {
6168 	char *data = NULL;
6169 	bool is_indoor;
6170 	enum nl80211_user_reg_hint_type user_reg_hint_type;
6171 	u32 owner_nlportid;
6172 
6173 	/*
6174 	 * You should only get this when cfg80211 hasn't yet initialized
6175 	 * completely when built-in to the kernel right between the time
6176 	 * window between nl80211_init() and regulatory_init(), if that is
6177 	 * even possible.
6178 	 */
6179 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6180 		return -EINPROGRESS;
6181 
6182 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6183 		user_reg_hint_type =
6184 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6185 	else
6186 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6187 
6188 	switch (user_reg_hint_type) {
6189 	case NL80211_USER_REG_HINT_USER:
6190 	case NL80211_USER_REG_HINT_CELL_BASE:
6191 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6192 			return -EINVAL;
6193 
6194 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6195 		return regulatory_hint_user(data, user_reg_hint_type);
6196 	case NL80211_USER_REG_HINT_INDOOR:
6197 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6198 			owner_nlportid = info->snd_portid;
6199 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6200 		} else {
6201 			owner_nlportid = 0;
6202 			is_indoor = true;
6203 		}
6204 
6205 		return regulatory_hint_indoor(is_indoor, owner_nlportid);
6206 	default:
6207 		return -EINVAL;
6208 	}
6209 }
6210 
6211 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6212 {
6213 	return reg_reload_regdb();
6214 }
6215 
6216 static int nl80211_get_mesh_config(struct sk_buff *skb,
6217 				   struct genl_info *info)
6218 {
6219 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6220 	struct net_device *dev = info->user_ptr[1];
6221 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6222 	struct mesh_config cur_params;
6223 	int err = 0;
6224 	void *hdr;
6225 	struct nlattr *pinfoattr;
6226 	struct sk_buff *msg;
6227 
6228 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6229 		return -EOPNOTSUPP;
6230 
6231 	if (!rdev->ops->get_mesh_config)
6232 		return -EOPNOTSUPP;
6233 
6234 	wdev_lock(wdev);
6235 	/* If not connected, get default parameters */
6236 	if (!wdev->mesh_id_len)
6237 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6238 	else
6239 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
6240 	wdev_unlock(wdev);
6241 
6242 	if (err)
6243 		return err;
6244 
6245 	/* Draw up a netlink message to send back */
6246 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6247 	if (!msg)
6248 		return -ENOMEM;
6249 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6250 			     NL80211_CMD_GET_MESH_CONFIG);
6251 	if (!hdr)
6252 		goto out;
6253 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
6254 	if (!pinfoattr)
6255 		goto nla_put_failure;
6256 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6257 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6258 			cur_params.dot11MeshRetryTimeout) ||
6259 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6260 			cur_params.dot11MeshConfirmTimeout) ||
6261 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6262 			cur_params.dot11MeshHoldingTimeout) ||
6263 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6264 			cur_params.dot11MeshMaxPeerLinks) ||
6265 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6266 		       cur_params.dot11MeshMaxRetries) ||
6267 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
6268 		       cur_params.dot11MeshTTL) ||
6269 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6270 		       cur_params.element_ttl) ||
6271 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6272 		       cur_params.auto_open_plinks) ||
6273 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6274 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6275 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6276 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
6277 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6278 			cur_params.path_refresh_time) ||
6279 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6280 			cur_params.min_discovery_timeout) ||
6281 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6282 			cur_params.dot11MeshHWMPactivePathTimeout) ||
6283 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6284 			cur_params.dot11MeshHWMPpreqMinInterval) ||
6285 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6286 			cur_params.dot11MeshHWMPperrMinInterval) ||
6287 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6288 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6289 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6290 		       cur_params.dot11MeshHWMPRootMode) ||
6291 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6292 			cur_params.dot11MeshHWMPRannInterval) ||
6293 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6294 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
6295 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6296 		       cur_params.dot11MeshForwarding) ||
6297 	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6298 			cur_params.rssi_threshold) ||
6299 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6300 			cur_params.ht_opmode) ||
6301 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6302 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6303 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6304 			cur_params.dot11MeshHWMProotInterval) ||
6305 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6306 			cur_params.dot11MeshHWMPconfirmationInterval) ||
6307 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6308 			cur_params.power_mode) ||
6309 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6310 			cur_params.dot11MeshAwakeWindowDuration) ||
6311 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6312 			cur_params.plink_timeout) ||
6313 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6314 		       cur_params.dot11MeshConnectedToMeshGate))
6315 		goto nla_put_failure;
6316 	nla_nest_end(msg, pinfoattr);
6317 	genlmsg_end(msg, hdr);
6318 	return genlmsg_reply(msg, info);
6319 
6320  nla_put_failure:
6321  out:
6322 	nlmsg_free(msg);
6323 	return -ENOBUFS;
6324 }
6325 
6326 static const struct nla_policy
6327 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6328 	[NL80211_MESHCONF_RETRY_TIMEOUT] =
6329 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6330 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6331 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6332 	[NL80211_MESHCONF_HOLDING_TIMEOUT] =
6333 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6334 	[NL80211_MESHCONF_MAX_PEER_LINKS] =
6335 		NLA_POLICY_RANGE(NLA_U16, 0, 255),
6336 	[NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6337 	[NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6338 	[NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6339 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6340 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6341 		NLA_POLICY_RANGE(NLA_U32, 1, 255),
6342 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6343 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6344 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6345 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6346 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6347 		NLA_POLICY_MIN(NLA_U16, 1),
6348 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6349 		NLA_POLICY_MIN(NLA_U16, 1),
6350 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6351 		NLA_POLICY_MIN(NLA_U16, 1),
6352 	[NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6353 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6354 		NLA_POLICY_MIN(NLA_U16, 1),
6355 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6356 	[NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6357 	[NL80211_MESHCONF_RSSI_THRESHOLD] =
6358 		NLA_POLICY_RANGE(NLA_S32, -255, 0),
6359 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6360 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6361 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6362 		NLA_POLICY_MIN(NLA_U16, 1),
6363 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6364 		NLA_POLICY_MIN(NLA_U16, 1),
6365 	[NL80211_MESHCONF_POWER_MODE] =
6366 		NLA_POLICY_RANGE(NLA_U32,
6367 				 NL80211_MESH_POWER_ACTIVE,
6368 				 NL80211_MESH_POWER_MAX),
6369 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6370 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6371 	[NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6372 };
6373 
6374 static const struct nla_policy
6375 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6376 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6377 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6378 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6379 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6380 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6381 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6382 	[NL80211_MESH_SETUP_IE] =
6383 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6384 				       IEEE80211_MAX_DATA_LEN),
6385 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6386 };
6387 
6388 static int nl80211_parse_mesh_config(struct genl_info *info,
6389 				     struct mesh_config *cfg,
6390 				     u32 *mask_out)
6391 {
6392 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6393 	u32 mask = 0;
6394 	u16 ht_opmode;
6395 
6396 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)	\
6397 do {									\
6398 	if (tb[attr]) {							\
6399 		cfg->param = fn(tb[attr]);				\
6400 		mask |= BIT((attr) - 1);				\
6401 	}								\
6402 } while (0)
6403 
6404 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6405 		return -EINVAL;
6406 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
6407 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
6408 			     nl80211_meshconf_params_policy, info->extack))
6409 		return -EINVAL;
6410 
6411 	/* This makes sure that there aren't more than 32 mesh config
6412 	 * parameters (otherwise our bitfield scheme would not work.) */
6413 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6414 
6415 	/* Fill in the params struct */
6416 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6417 				  NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6418 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6419 				  NL80211_MESHCONF_CONFIRM_TIMEOUT,
6420 				  nla_get_u16);
6421 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
6422 				  NL80211_MESHCONF_HOLDING_TIMEOUT,
6423 				  nla_get_u16);
6424 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
6425 				  NL80211_MESHCONF_MAX_PEER_LINKS,
6426 				  nla_get_u16);
6427 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
6428 				  NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
6429 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
6430 				  NL80211_MESHCONF_TTL, nla_get_u8);
6431 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
6432 				  NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
6433 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
6434 				  NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6435 				  nla_get_u8);
6436 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6437 				  mask,
6438 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6439 				  nla_get_u32);
6440 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
6441 				  NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6442 				  nla_get_u8);
6443 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
6444 				  NL80211_MESHCONF_PATH_REFRESH_TIME,
6445 				  nla_get_u32);
6446 	if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
6447 	    (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
6448 		return -EINVAL;
6449 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
6450 				  NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6451 				  nla_get_u16);
6452 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6453 				  mask,
6454 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6455 				  nla_get_u32);
6456 	if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
6457 	    (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
6458 	     cfg->dot11MeshHWMPactivePathTimeout > 65535))
6459 		return -EINVAL;
6460 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
6461 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6462 				  nla_get_u16);
6463 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
6464 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6465 				  nla_get_u16);
6466 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6467 				  dot11MeshHWMPnetDiameterTraversalTime, mask,
6468 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6469 				  nla_get_u16);
6470 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
6471 				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
6472 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
6473 				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6474 				  nla_get_u16);
6475 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
6476 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6477 				  nla_get_u8);
6478 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
6479 				  NL80211_MESHCONF_FORWARDING, nla_get_u8);
6480 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
6481 				  NL80211_MESHCONF_RSSI_THRESHOLD,
6482 				  nla_get_s32);
6483 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
6484 				  NL80211_MESHCONF_CONNECTED_TO_GATE,
6485 				  nla_get_u8);
6486 	/*
6487 	 * Check HT operation mode based on
6488 	 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
6489 	 */
6490 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6491 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6492 
6493 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6494 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6495 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6496 			return -EINVAL;
6497 
6498 		/* NON_HT_STA bit is reserved, but some programs set it */
6499 		ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6500 
6501 		cfg->ht_opmode = ht_opmode;
6502 		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6503 	}
6504 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6505 				  dot11MeshHWMPactivePathToRootTimeout, mask,
6506 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6507 				  nla_get_u32);
6508 	if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
6509 	    (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
6510 	     cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
6511 		return -EINVAL;
6512 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
6513 				  NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6514 				  nla_get_u16);
6515 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
6516 				  mask,
6517 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6518 				  nla_get_u16);
6519 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
6520 				  NL80211_MESHCONF_POWER_MODE, nla_get_u32);
6521 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
6522 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
6523 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
6524 				  NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
6525 	if (mask_out)
6526 		*mask_out = mask;
6527 
6528 	return 0;
6529 
6530 #undef FILL_IN_MESH_PARAM_IF_SET
6531 }
6532 
6533 static int nl80211_parse_mesh_setup(struct genl_info *info,
6534 				     struct mesh_setup *setup)
6535 {
6536 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6537 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6538 
6539 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6540 		return -EINVAL;
6541 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
6542 			     info->attrs[NL80211_ATTR_MESH_SETUP],
6543 			     nl80211_mesh_setup_params_policy, info->extack))
6544 		return -EINVAL;
6545 
6546 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6547 		setup->sync_method =
6548 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6549 		 IEEE80211_SYNC_METHOD_VENDOR :
6550 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6551 
6552 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6553 		setup->path_sel_proto =
6554 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6555 		 IEEE80211_PATH_PROTOCOL_VENDOR :
6556 		 IEEE80211_PATH_PROTOCOL_HWMP;
6557 
6558 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6559 		setup->path_metric =
6560 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6561 		 IEEE80211_PATH_METRIC_VENDOR :
6562 		 IEEE80211_PATH_METRIC_AIRTIME;
6563 
6564 	if (tb[NL80211_MESH_SETUP_IE]) {
6565 		struct nlattr *ieattr =
6566 			tb[NL80211_MESH_SETUP_IE];
6567 		setup->ie = nla_data(ieattr);
6568 		setup->ie_len = nla_len(ieattr);
6569 	}
6570 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6571 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6572 		return -EINVAL;
6573 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6574 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6575 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6576 	if (setup->is_secure)
6577 		setup->user_mpm = true;
6578 
6579 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6580 		if (!setup->user_mpm)
6581 			return -EINVAL;
6582 		setup->auth_id =
6583 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6584 	}
6585 
6586 	return 0;
6587 }
6588 
6589 static int nl80211_update_mesh_config(struct sk_buff *skb,
6590 				      struct genl_info *info)
6591 {
6592 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6593 	struct net_device *dev = info->user_ptr[1];
6594 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6595 	struct mesh_config cfg;
6596 	u32 mask;
6597 	int err;
6598 
6599 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6600 		return -EOPNOTSUPP;
6601 
6602 	if (!rdev->ops->update_mesh_config)
6603 		return -EOPNOTSUPP;
6604 
6605 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
6606 	if (err)
6607 		return err;
6608 
6609 	wdev_lock(wdev);
6610 	if (!wdev->mesh_id_len)
6611 		err = -ENOLINK;
6612 
6613 	if (!err)
6614 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6615 
6616 	wdev_unlock(wdev);
6617 
6618 	return err;
6619 }
6620 
6621 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6622 			      struct sk_buff *msg)
6623 {
6624 	struct nlattr *nl_reg_rules;
6625 	unsigned int i;
6626 
6627 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6628 	    (regdom->dfs_region &&
6629 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6630 		goto nla_put_failure;
6631 
6632 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
6633 	if (!nl_reg_rules)
6634 		goto nla_put_failure;
6635 
6636 	for (i = 0; i < regdom->n_reg_rules; i++) {
6637 		struct nlattr *nl_reg_rule;
6638 		const struct ieee80211_reg_rule *reg_rule;
6639 		const struct ieee80211_freq_range *freq_range;
6640 		const struct ieee80211_power_rule *power_rule;
6641 		unsigned int max_bandwidth_khz;
6642 
6643 		reg_rule = &regdom->reg_rules[i];
6644 		freq_range = &reg_rule->freq_range;
6645 		power_rule = &reg_rule->power_rule;
6646 
6647 		nl_reg_rule = nla_nest_start(msg, i);
6648 		if (!nl_reg_rule)
6649 			goto nla_put_failure;
6650 
6651 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
6652 		if (!max_bandwidth_khz)
6653 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6654 								  reg_rule);
6655 
6656 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6657 				reg_rule->flags) ||
6658 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6659 				freq_range->start_freq_khz) ||
6660 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6661 				freq_range->end_freq_khz) ||
6662 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6663 				max_bandwidth_khz) ||
6664 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6665 				power_rule->max_antenna_gain) ||
6666 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6667 				power_rule->max_eirp) ||
6668 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6669 				reg_rule->dfs_cac_ms))
6670 			goto nla_put_failure;
6671 
6672 		nla_nest_end(msg, nl_reg_rule);
6673 	}
6674 
6675 	nla_nest_end(msg, nl_reg_rules);
6676 	return 0;
6677 
6678 nla_put_failure:
6679 	return -EMSGSIZE;
6680 }
6681 
6682 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6683 {
6684 	const struct ieee80211_regdomain *regdom = NULL;
6685 	struct cfg80211_registered_device *rdev;
6686 	struct wiphy *wiphy = NULL;
6687 	struct sk_buff *msg;
6688 	void *hdr;
6689 
6690 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6691 	if (!msg)
6692 		return -ENOBUFS;
6693 
6694 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6695 			     NL80211_CMD_GET_REG);
6696 	if (!hdr)
6697 		goto put_failure;
6698 
6699 	if (info->attrs[NL80211_ATTR_WIPHY]) {
6700 		bool self_managed;
6701 
6702 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6703 		if (IS_ERR(rdev)) {
6704 			nlmsg_free(msg);
6705 			return PTR_ERR(rdev);
6706 		}
6707 
6708 		wiphy = &rdev->wiphy;
6709 		self_managed = wiphy->regulatory_flags &
6710 			       REGULATORY_WIPHY_SELF_MANAGED;
6711 		regdom = get_wiphy_regdom(wiphy);
6712 
6713 		/* a self-managed-reg device must have a private regdom */
6714 		if (WARN_ON(!regdom && self_managed)) {
6715 			nlmsg_free(msg);
6716 			return -EINVAL;
6717 		}
6718 
6719 		if (regdom &&
6720 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6721 			goto nla_put_failure;
6722 	}
6723 
6724 	if (!wiphy && reg_last_request_cell_base() &&
6725 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6726 			NL80211_USER_REG_HINT_CELL_BASE))
6727 		goto nla_put_failure;
6728 
6729 	rcu_read_lock();
6730 
6731 	if (!regdom)
6732 		regdom = rcu_dereference(cfg80211_regdomain);
6733 
6734 	if (nl80211_put_regdom(regdom, msg))
6735 		goto nla_put_failure_rcu;
6736 
6737 	rcu_read_unlock();
6738 
6739 	genlmsg_end(msg, hdr);
6740 	return genlmsg_reply(msg, info);
6741 
6742 nla_put_failure_rcu:
6743 	rcu_read_unlock();
6744 nla_put_failure:
6745 put_failure:
6746 	nlmsg_free(msg);
6747 	return -EMSGSIZE;
6748 }
6749 
6750 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6751 			       u32 seq, int flags, struct wiphy *wiphy,
6752 			       const struct ieee80211_regdomain *regdom)
6753 {
6754 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6755 				   NL80211_CMD_GET_REG);
6756 
6757 	if (!hdr)
6758 		return -1;
6759 
6760 	genl_dump_check_consistent(cb, hdr);
6761 
6762 	if (nl80211_put_regdom(regdom, msg))
6763 		goto nla_put_failure;
6764 
6765 	if (!wiphy && reg_last_request_cell_base() &&
6766 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6767 			NL80211_USER_REG_HINT_CELL_BASE))
6768 		goto nla_put_failure;
6769 
6770 	if (wiphy &&
6771 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6772 		goto nla_put_failure;
6773 
6774 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6775 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6776 		goto nla_put_failure;
6777 
6778 	genlmsg_end(msg, hdr);
6779 	return 0;
6780 
6781 nla_put_failure:
6782 	genlmsg_cancel(msg, hdr);
6783 	return -EMSGSIZE;
6784 }
6785 
6786 static int nl80211_get_reg_dump(struct sk_buff *skb,
6787 				struct netlink_callback *cb)
6788 {
6789 	const struct ieee80211_regdomain *regdom = NULL;
6790 	struct cfg80211_registered_device *rdev;
6791 	int err, reg_idx, start = cb->args[2];
6792 
6793 	rtnl_lock();
6794 
6795 	if (cfg80211_regdomain && start == 0) {
6796 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6797 					  NLM_F_MULTI, NULL,
6798 					  rtnl_dereference(cfg80211_regdomain));
6799 		if (err < 0)
6800 			goto out_err;
6801 	}
6802 
6803 	/* the global regdom is idx 0 */
6804 	reg_idx = 1;
6805 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6806 		regdom = get_wiphy_regdom(&rdev->wiphy);
6807 		if (!regdom)
6808 			continue;
6809 
6810 		if (++reg_idx <= start)
6811 			continue;
6812 
6813 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6814 					  NLM_F_MULTI, &rdev->wiphy, regdom);
6815 		if (err < 0) {
6816 			reg_idx--;
6817 			break;
6818 		}
6819 	}
6820 
6821 	cb->args[2] = reg_idx;
6822 	err = skb->len;
6823 out_err:
6824 	rtnl_unlock();
6825 	return err;
6826 }
6827 
6828 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
6829 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6830 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
6831 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
6832 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
6833 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
6834 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
6835 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
6836 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
6837 };
6838 
6839 static int parse_reg_rule(struct nlattr *tb[],
6840 	struct ieee80211_reg_rule *reg_rule)
6841 {
6842 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
6843 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
6844 
6845 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6846 		return -EINVAL;
6847 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6848 		return -EINVAL;
6849 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
6850 		return -EINVAL;
6851 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
6852 		return -EINVAL;
6853 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
6854 		return -EINVAL;
6855 
6856 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
6857 
6858 	freq_range->start_freq_khz =
6859 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
6860 	freq_range->end_freq_khz =
6861 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
6862 	freq_range->max_bandwidth_khz =
6863 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
6864 
6865 	power_rule->max_eirp =
6866 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
6867 
6868 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
6869 		power_rule->max_antenna_gain =
6870 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
6871 
6872 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
6873 		reg_rule->dfs_cac_ms =
6874 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
6875 
6876 	return 0;
6877 }
6878 
6879 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
6880 {
6881 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
6882 	struct nlattr *nl_reg_rule;
6883 	char *alpha2;
6884 	int rem_reg_rules, r;
6885 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
6886 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
6887 	struct ieee80211_regdomain *rd;
6888 
6889 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6890 		return -EINVAL;
6891 
6892 	if (!info->attrs[NL80211_ATTR_REG_RULES])
6893 		return -EINVAL;
6894 
6895 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6896 
6897 	if (info->attrs[NL80211_ATTR_DFS_REGION])
6898 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
6899 
6900 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6901 			    rem_reg_rules) {
6902 		num_rules++;
6903 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
6904 			return -EINVAL;
6905 	}
6906 
6907 	if (!reg_is_valid_request(alpha2))
6908 		return -EINVAL;
6909 
6910 	size_of_regd = sizeof(struct ieee80211_regdomain) +
6911 		       num_rules * sizeof(struct ieee80211_reg_rule);
6912 
6913 	rd = kzalloc(size_of_regd, GFP_KERNEL);
6914 	if (!rd)
6915 		return -ENOMEM;
6916 
6917 	rd->n_reg_rules = num_rules;
6918 	rd->alpha2[0] = alpha2[0];
6919 	rd->alpha2[1] = alpha2[1];
6920 
6921 	/*
6922 	 * Disable DFS master mode if the DFS region was
6923 	 * not supported or known on this kernel.
6924 	 */
6925 	if (reg_supported_dfs_region(dfs_region))
6926 		rd->dfs_region = dfs_region;
6927 
6928 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6929 			    rem_reg_rules) {
6930 		r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX,
6931 				     nl_reg_rule, reg_rule_policy,
6932 				     info->extack);
6933 		if (r)
6934 			goto bad_reg;
6935 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
6936 		if (r)
6937 			goto bad_reg;
6938 
6939 		rule_idx++;
6940 
6941 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
6942 			r = -EINVAL;
6943 			goto bad_reg;
6944 		}
6945 	}
6946 
6947 	/* set_regdom takes ownership of rd */
6948 	return set_regdom(rd, REGD_SOURCE_CRDA);
6949  bad_reg:
6950 	kfree(rd);
6951 	return r;
6952 }
6953 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
6954 
6955 static int validate_scan_freqs(struct nlattr *freqs)
6956 {
6957 	struct nlattr *attr1, *attr2;
6958 	int n_channels = 0, tmp1, tmp2;
6959 
6960 	nla_for_each_nested(attr1, freqs, tmp1)
6961 		if (nla_len(attr1) != sizeof(u32))
6962 			return 0;
6963 
6964 	nla_for_each_nested(attr1, freqs, tmp1) {
6965 		n_channels++;
6966 		/*
6967 		 * Some hardware has a limited channel list for
6968 		 * scanning, and it is pretty much nonsensical
6969 		 * to scan for a channel twice, so disallow that
6970 		 * and don't require drivers to check that the
6971 		 * channel list they get isn't longer than what
6972 		 * they can scan, as long as they can scan all
6973 		 * the channels they registered at once.
6974 		 */
6975 		nla_for_each_nested(attr2, freqs, tmp2)
6976 			if (attr1 != attr2 &&
6977 			    nla_get_u32(attr1) == nla_get_u32(attr2))
6978 				return 0;
6979 	}
6980 
6981 	return n_channels;
6982 }
6983 
6984 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
6985 {
6986 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
6987 }
6988 
6989 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
6990 			    struct cfg80211_bss_selection *bss_select)
6991 {
6992 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
6993 	struct nlattr *nest;
6994 	int err;
6995 	bool found = false;
6996 	int i;
6997 
6998 	/* only process one nested attribute */
6999 	nest = nla_data(nla);
7000 	if (!nla_ok(nest, nla_len(nest)))
7001 		return -EINVAL;
7002 
7003 	err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest,
7004 			       nl80211_bss_select_policy, NULL);
7005 	if (err)
7006 		return err;
7007 
7008 	/* only one attribute may be given */
7009 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7010 		if (attr[i]) {
7011 			if (found)
7012 				return -EINVAL;
7013 			found = true;
7014 		}
7015 	}
7016 
7017 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7018 
7019 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7020 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7021 
7022 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7023 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7024 		bss_select->param.band_pref =
7025 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7026 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
7027 			return -EINVAL;
7028 	}
7029 
7030 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7031 		struct nl80211_bss_select_rssi_adjust *adj_param;
7032 
7033 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7034 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7035 		bss_select->param.adjust.band = adj_param->band;
7036 		bss_select->param.adjust.delta = adj_param->delta;
7037 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7038 			return -EINVAL;
7039 	}
7040 
7041 	/* user-space did not provide behaviour attribute */
7042 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7043 		return -EINVAL;
7044 
7045 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7046 		return -EINVAL;
7047 
7048 	return 0;
7049 }
7050 
7051 int nl80211_parse_random_mac(struct nlattr **attrs,
7052 			     u8 *mac_addr, u8 *mac_addr_mask)
7053 {
7054 	int i;
7055 
7056 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7057 		eth_zero_addr(mac_addr);
7058 		eth_zero_addr(mac_addr_mask);
7059 		mac_addr[0] = 0x2;
7060 		mac_addr_mask[0] = 0x3;
7061 
7062 		return 0;
7063 	}
7064 
7065 	/* need both or none */
7066 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7067 		return -EINVAL;
7068 
7069 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7070 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7071 
7072 	/* don't allow or configure an mcast address */
7073 	if (!is_multicast_ether_addr(mac_addr_mask) ||
7074 	    is_multicast_ether_addr(mac_addr))
7075 		return -EINVAL;
7076 
7077 	/*
7078 	 * allow users to pass a MAC address that has bits set outside
7079 	 * of the mask, but don't bother drivers with having to deal
7080 	 * with such bits
7081 	 */
7082 	for (i = 0; i < ETH_ALEN; i++)
7083 		mac_addr[i] &= mac_addr_mask[i];
7084 
7085 	return 0;
7086 }
7087 
7088 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7089 {
7090 	ASSERT_WDEV_LOCK(wdev);
7091 
7092 	if (!cfg80211_beaconing_iface_active(wdev))
7093 		return true;
7094 
7095 	if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7096 		return true;
7097 
7098 	return regulatory_pre_cac_allowed(wdev->wiphy);
7099 }
7100 
7101 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7102 				    enum nl80211_ext_feature_index feat)
7103 {
7104 	if (!(flags & flag))
7105 		return true;
7106 	if (wiphy_ext_feature_isset(wiphy, feat))
7107 		return true;
7108 	return false;
7109 }
7110 
7111 static int
7112 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7113 			 void *request, struct nlattr **attrs,
7114 			 bool is_sched_scan)
7115 {
7116 	u8 *mac_addr, *mac_addr_mask;
7117 	u32 *flags;
7118 	enum nl80211_feature_flags randomness_flag;
7119 
7120 	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7121 		return 0;
7122 
7123 	if (is_sched_scan) {
7124 		struct cfg80211_sched_scan_request *req = request;
7125 
7126 		randomness_flag = wdev ?
7127 				  NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7128 				  NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7129 		flags = &req->flags;
7130 		mac_addr = req->mac_addr;
7131 		mac_addr_mask = req->mac_addr_mask;
7132 	} else {
7133 		struct cfg80211_scan_request *req = request;
7134 
7135 		randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7136 		flags = &req->flags;
7137 		mac_addr = req->mac_addr;
7138 		mac_addr_mask = req->mac_addr_mask;
7139 	}
7140 
7141 	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7142 
7143 	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7144 	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7145 	    !nl80211_check_scan_feat(wiphy, *flags,
7146 				     NL80211_SCAN_FLAG_LOW_SPAN,
7147 				     NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7148 	    !nl80211_check_scan_feat(wiphy, *flags,
7149 				     NL80211_SCAN_FLAG_LOW_POWER,
7150 				     NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7151 	    !nl80211_check_scan_feat(wiphy, *flags,
7152 				     NL80211_SCAN_FLAG_HIGH_ACCURACY,
7153 				     NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7154 	    !nl80211_check_scan_feat(wiphy, *flags,
7155 				     NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7156 				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7157 	    !nl80211_check_scan_feat(wiphy, *flags,
7158 				     NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7159 				     NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7160 	    !nl80211_check_scan_feat(wiphy, *flags,
7161 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7162 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7163 	    !nl80211_check_scan_feat(wiphy, *flags,
7164 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7165 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7166 	    !nl80211_check_scan_feat(wiphy, *flags,
7167 				     NL80211_SCAN_FLAG_RANDOM_SN,
7168 				     NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7169 	    !nl80211_check_scan_feat(wiphy, *flags,
7170 				     NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7171 				     NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7172 		return -EOPNOTSUPP;
7173 
7174 	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7175 		int err;
7176 
7177 		if (!(wiphy->features & randomness_flag) ||
7178 		    (wdev && wdev->current_bss))
7179 			return -EOPNOTSUPP;
7180 
7181 		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7182 		if (err)
7183 			return err;
7184 	}
7185 
7186 	return 0;
7187 }
7188 
7189 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7190 {
7191 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7192 	struct wireless_dev *wdev = info->user_ptr[1];
7193 	struct cfg80211_scan_request *request;
7194 	struct nlattr *attr;
7195 	struct wiphy *wiphy;
7196 	int err, tmp, n_ssids = 0, n_channels, i;
7197 	size_t ie_len;
7198 
7199 	wiphy = &rdev->wiphy;
7200 
7201 	if (wdev->iftype == NL80211_IFTYPE_NAN)
7202 		return -EOPNOTSUPP;
7203 
7204 	if (!rdev->ops->scan)
7205 		return -EOPNOTSUPP;
7206 
7207 	if (rdev->scan_req || rdev->scan_msg) {
7208 		err = -EBUSY;
7209 		goto unlock;
7210 	}
7211 
7212 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7213 		n_channels = validate_scan_freqs(
7214 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7215 		if (!n_channels) {
7216 			err = -EINVAL;
7217 			goto unlock;
7218 		}
7219 	} else {
7220 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7221 	}
7222 
7223 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7224 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7225 			n_ssids++;
7226 
7227 	if (n_ssids > wiphy->max_scan_ssids) {
7228 		err = -EINVAL;
7229 		goto unlock;
7230 	}
7231 
7232 	if (info->attrs[NL80211_ATTR_IE])
7233 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7234 	else
7235 		ie_len = 0;
7236 
7237 	if (ie_len > wiphy->max_scan_ie_len) {
7238 		err = -EINVAL;
7239 		goto unlock;
7240 	}
7241 
7242 	request = kzalloc(sizeof(*request)
7243 			+ sizeof(*request->ssids) * n_ssids
7244 			+ sizeof(*request->channels) * n_channels
7245 			+ ie_len, GFP_KERNEL);
7246 	if (!request) {
7247 		err = -ENOMEM;
7248 		goto unlock;
7249 	}
7250 
7251 	if (n_ssids)
7252 		request->ssids = (void *)&request->channels[n_channels];
7253 	request->n_ssids = n_ssids;
7254 	if (ie_len) {
7255 		if (n_ssids)
7256 			request->ie = (void *)(request->ssids + n_ssids);
7257 		else
7258 			request->ie = (void *)(request->channels + n_channels);
7259 	}
7260 
7261 	i = 0;
7262 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7263 		/* user specified, bail out if channel not found */
7264 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7265 			struct ieee80211_channel *chan;
7266 
7267 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7268 
7269 			if (!chan) {
7270 				err = -EINVAL;
7271 				goto out_free;
7272 			}
7273 
7274 			/* ignore disabled channels */
7275 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7276 				continue;
7277 
7278 			request->channels[i] = chan;
7279 			i++;
7280 		}
7281 	} else {
7282 		enum nl80211_band band;
7283 
7284 		/* all channels */
7285 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7286 			int j;
7287 
7288 			if (!wiphy->bands[band])
7289 				continue;
7290 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7291 				struct ieee80211_channel *chan;
7292 
7293 				chan = &wiphy->bands[band]->channels[j];
7294 
7295 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7296 					continue;
7297 
7298 				request->channels[i] = chan;
7299 				i++;
7300 			}
7301 		}
7302 	}
7303 
7304 	if (!i) {
7305 		err = -EINVAL;
7306 		goto out_free;
7307 	}
7308 
7309 	request->n_channels = i;
7310 
7311 	wdev_lock(wdev);
7312 	if (!cfg80211_off_channel_oper_allowed(wdev)) {
7313 		struct ieee80211_channel *chan;
7314 
7315 		if (request->n_channels != 1) {
7316 			wdev_unlock(wdev);
7317 			err = -EBUSY;
7318 			goto out_free;
7319 		}
7320 
7321 		chan = request->channels[0];
7322 		if (chan->center_freq != wdev->chandef.chan->center_freq) {
7323 			wdev_unlock(wdev);
7324 			err = -EBUSY;
7325 			goto out_free;
7326 		}
7327 	}
7328 	wdev_unlock(wdev);
7329 
7330 	i = 0;
7331 	if (n_ssids) {
7332 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7333 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7334 				err = -EINVAL;
7335 				goto out_free;
7336 			}
7337 			request->ssids[i].ssid_len = nla_len(attr);
7338 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7339 			i++;
7340 		}
7341 	}
7342 
7343 	if (info->attrs[NL80211_ATTR_IE]) {
7344 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7345 		memcpy((void *)request->ie,
7346 		       nla_data(info->attrs[NL80211_ATTR_IE]),
7347 		       request->ie_len);
7348 	}
7349 
7350 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7351 		if (wiphy->bands[i])
7352 			request->rates[i] =
7353 				(1 << wiphy->bands[i]->n_bitrates) - 1;
7354 
7355 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7356 		nla_for_each_nested(attr,
7357 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7358 				    tmp) {
7359 			enum nl80211_band band = nla_type(attr);
7360 
7361 			if (band < 0 || band >= NUM_NL80211_BANDS) {
7362 				err = -EINVAL;
7363 				goto out_free;
7364 			}
7365 
7366 			if (!wiphy->bands[band])
7367 				continue;
7368 
7369 			err = ieee80211_get_ratemask(wiphy->bands[band],
7370 						     nla_data(attr),
7371 						     nla_len(attr),
7372 						     &request->rates[band]);
7373 			if (err)
7374 				goto out_free;
7375 		}
7376 	}
7377 
7378 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7379 		if (!wiphy_ext_feature_isset(wiphy,
7380 					NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7381 			err = -EOPNOTSUPP;
7382 			goto out_free;
7383 		}
7384 
7385 		request->duration =
7386 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7387 		request->duration_mandatory =
7388 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7389 	}
7390 
7391 	err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7392 				       false);
7393 	if (err)
7394 		goto out_free;
7395 
7396 	request->no_cck =
7397 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7398 
7399 	/* Initial implementation used NL80211_ATTR_MAC to set the specific
7400 	 * BSSID to scan for. This was problematic because that same attribute
7401 	 * was already used for another purpose (local random MAC address). The
7402 	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7403 	 * compatibility with older userspace components, also use the
7404 	 * NL80211_ATTR_MAC value here if it can be determined to be used for
7405 	 * the specific BSSID use case instead of the random MAC address
7406 	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7407 	 */
7408 	if (info->attrs[NL80211_ATTR_BSSID])
7409 		memcpy(request->bssid,
7410 		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7411 	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7412 		 info->attrs[NL80211_ATTR_MAC])
7413 		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7414 		       ETH_ALEN);
7415 	else
7416 		eth_broadcast_addr(request->bssid);
7417 
7418 	request->wdev = wdev;
7419 	request->wiphy = &rdev->wiphy;
7420 	request->scan_start = jiffies;
7421 
7422 	rdev->scan_req = request;
7423 	err = rdev_scan(rdev, request);
7424 
7425 	if (!err) {
7426 		nl80211_send_scan_start(rdev, wdev);
7427 		if (wdev->netdev)
7428 			dev_hold(wdev->netdev);
7429 	} else {
7430  out_free:
7431 		rdev->scan_req = NULL;
7432 		kfree(request);
7433 	}
7434 
7435  unlock:
7436 	return err;
7437 }
7438 
7439 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7440 {
7441 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7442 	struct wireless_dev *wdev = info->user_ptr[1];
7443 
7444 	if (!rdev->ops->abort_scan)
7445 		return -EOPNOTSUPP;
7446 
7447 	if (rdev->scan_msg)
7448 		return 0;
7449 
7450 	if (!rdev->scan_req)
7451 		return -ENOENT;
7452 
7453 	rdev_abort_scan(rdev, wdev);
7454 	return 0;
7455 }
7456 
7457 static int
7458 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7459 			       struct cfg80211_sched_scan_request *request,
7460 			       struct nlattr **attrs)
7461 {
7462 	int tmp, err, i = 0;
7463 	struct nlattr *attr;
7464 
7465 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7466 		u32 interval;
7467 
7468 		/*
7469 		 * If scan plans are not specified,
7470 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7471 		 * case one scan plan will be set with the specified scan
7472 		 * interval and infinite number of iterations.
7473 		 */
7474 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7475 		if (!interval)
7476 			return -EINVAL;
7477 
7478 		request->scan_plans[0].interval =
7479 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
7480 		if (!request->scan_plans[0].interval)
7481 			return -EINVAL;
7482 
7483 		if (request->scan_plans[0].interval >
7484 		    wiphy->max_sched_scan_plan_interval)
7485 			request->scan_plans[0].interval =
7486 				wiphy->max_sched_scan_plan_interval;
7487 
7488 		return 0;
7489 	}
7490 
7491 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7492 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7493 
7494 		if (WARN_ON(i >= n_plans))
7495 			return -EINVAL;
7496 
7497 		err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX,
7498 				       attr, nl80211_plan_policy, NULL);
7499 		if (err)
7500 			return err;
7501 
7502 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7503 			return -EINVAL;
7504 
7505 		request->scan_plans[i].interval =
7506 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7507 		if (!request->scan_plans[i].interval ||
7508 		    request->scan_plans[i].interval >
7509 		    wiphy->max_sched_scan_plan_interval)
7510 			return -EINVAL;
7511 
7512 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7513 			request->scan_plans[i].iterations =
7514 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7515 			if (!request->scan_plans[i].iterations ||
7516 			    (request->scan_plans[i].iterations >
7517 			     wiphy->max_sched_scan_plan_iterations))
7518 				return -EINVAL;
7519 		} else if (i < n_plans - 1) {
7520 			/*
7521 			 * All scan plans but the last one must specify
7522 			 * a finite number of iterations
7523 			 */
7524 			return -EINVAL;
7525 		}
7526 
7527 		i++;
7528 	}
7529 
7530 	/*
7531 	 * The last scan plan must not specify the number of
7532 	 * iterations, it is supposed to run infinitely
7533 	 */
7534 	if (request->scan_plans[n_plans - 1].iterations)
7535 		return  -EINVAL;
7536 
7537 	return 0;
7538 }
7539 
7540 static struct cfg80211_sched_scan_request *
7541 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7542 			 struct nlattr **attrs, int max_match_sets)
7543 {
7544 	struct cfg80211_sched_scan_request *request;
7545 	struct nlattr *attr;
7546 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7547 	enum nl80211_band band;
7548 	size_t ie_len;
7549 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7550 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7551 
7552 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7553 		n_channels = validate_scan_freqs(
7554 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7555 		if (!n_channels)
7556 			return ERR_PTR(-EINVAL);
7557 	} else {
7558 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7559 	}
7560 
7561 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
7562 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7563 				    tmp)
7564 			n_ssids++;
7565 
7566 	if (n_ssids > wiphy->max_sched_scan_ssids)
7567 		return ERR_PTR(-EINVAL);
7568 
7569 	/*
7570 	 * First, count the number of 'real' matchsets. Due to an issue with
7571 	 * the old implementation, matchsets containing only the RSSI attribute
7572 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7573 	 * RSSI for all matchsets, rather than their own matchset for reporting
7574 	 * all APs with a strong RSSI. This is needed to be compatible with
7575 	 * older userspace that treated a matchset with only the RSSI as the
7576 	 * global RSSI for all other matchsets - if there are other matchsets.
7577 	 */
7578 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7579 		nla_for_each_nested(attr,
7580 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7581 				    tmp) {
7582 			struct nlattr *rssi;
7583 
7584 			err = nla_parse_nested(tb,
7585 					       NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7586 					       attr, nl80211_match_policy,
7587 					       NULL);
7588 			if (err)
7589 				return ERR_PTR(err);
7590 
7591 			/* SSID and BSSID are mutually exclusive */
7592 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7593 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7594 				return ERR_PTR(-EINVAL);
7595 
7596 			/* add other standalone attributes here */
7597 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7598 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7599 				n_match_sets++;
7600 				continue;
7601 			}
7602 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7603 			if (rssi)
7604 				default_match_rssi = nla_get_s32(rssi);
7605 		}
7606 	}
7607 
7608 	/* However, if there's no other matchset, add the RSSI one */
7609 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7610 		n_match_sets = 1;
7611 
7612 	if (n_match_sets > max_match_sets)
7613 		return ERR_PTR(-EINVAL);
7614 
7615 	if (attrs[NL80211_ATTR_IE])
7616 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7617 	else
7618 		ie_len = 0;
7619 
7620 	if (ie_len > wiphy->max_sched_scan_ie_len)
7621 		return ERR_PTR(-EINVAL);
7622 
7623 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7624 		/*
7625 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7626 		 * each scan plan already specifies its own interval
7627 		 */
7628 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7629 			return ERR_PTR(-EINVAL);
7630 
7631 		nla_for_each_nested(attr,
7632 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7633 			n_plans++;
7634 	} else {
7635 		/*
7636 		 * The scan interval attribute is kept for backward
7637 		 * compatibility. If no scan plans are specified and sched scan
7638 		 * interval is specified, one scan plan will be set with this
7639 		 * scan interval and infinite number of iterations.
7640 		 */
7641 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7642 			return ERR_PTR(-EINVAL);
7643 
7644 		n_plans = 1;
7645 	}
7646 
7647 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7648 		return ERR_PTR(-EINVAL);
7649 
7650 	if (!wiphy_ext_feature_isset(
7651 		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7652 	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7653 	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7654 		return ERR_PTR(-EINVAL);
7655 
7656 	request = kzalloc(sizeof(*request)
7657 			+ sizeof(*request->ssids) * n_ssids
7658 			+ sizeof(*request->match_sets) * n_match_sets
7659 			+ sizeof(*request->scan_plans) * n_plans
7660 			+ sizeof(*request->channels) * n_channels
7661 			+ ie_len, GFP_KERNEL);
7662 	if (!request)
7663 		return ERR_PTR(-ENOMEM);
7664 
7665 	if (n_ssids)
7666 		request->ssids = (void *)&request->channels[n_channels];
7667 	request->n_ssids = n_ssids;
7668 	if (ie_len) {
7669 		if (n_ssids)
7670 			request->ie = (void *)(request->ssids + n_ssids);
7671 		else
7672 			request->ie = (void *)(request->channels + n_channels);
7673 	}
7674 
7675 	if (n_match_sets) {
7676 		if (request->ie)
7677 			request->match_sets = (void *)(request->ie + ie_len);
7678 		else if (n_ssids)
7679 			request->match_sets =
7680 				(void *)(request->ssids + n_ssids);
7681 		else
7682 			request->match_sets =
7683 				(void *)(request->channels + n_channels);
7684 	}
7685 	request->n_match_sets = n_match_sets;
7686 
7687 	if (n_match_sets)
7688 		request->scan_plans = (void *)(request->match_sets +
7689 					       n_match_sets);
7690 	else if (request->ie)
7691 		request->scan_plans = (void *)(request->ie + ie_len);
7692 	else if (n_ssids)
7693 		request->scan_plans = (void *)(request->ssids + n_ssids);
7694 	else
7695 		request->scan_plans = (void *)(request->channels + n_channels);
7696 
7697 	request->n_scan_plans = n_plans;
7698 
7699 	i = 0;
7700 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7701 		/* user specified, bail out if channel not found */
7702 		nla_for_each_nested(attr,
7703 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7704 				    tmp) {
7705 			struct ieee80211_channel *chan;
7706 
7707 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7708 
7709 			if (!chan) {
7710 				err = -EINVAL;
7711 				goto out_free;
7712 			}
7713 
7714 			/* ignore disabled channels */
7715 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7716 				continue;
7717 
7718 			request->channels[i] = chan;
7719 			i++;
7720 		}
7721 	} else {
7722 		/* all channels */
7723 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7724 			int j;
7725 
7726 			if (!wiphy->bands[band])
7727 				continue;
7728 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7729 				struct ieee80211_channel *chan;
7730 
7731 				chan = &wiphy->bands[band]->channels[j];
7732 
7733 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7734 					continue;
7735 
7736 				request->channels[i] = chan;
7737 				i++;
7738 			}
7739 		}
7740 	}
7741 
7742 	if (!i) {
7743 		err = -EINVAL;
7744 		goto out_free;
7745 	}
7746 
7747 	request->n_channels = i;
7748 
7749 	i = 0;
7750 	if (n_ssids) {
7751 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7752 				    tmp) {
7753 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7754 				err = -EINVAL;
7755 				goto out_free;
7756 			}
7757 			request->ssids[i].ssid_len = nla_len(attr);
7758 			memcpy(request->ssids[i].ssid, nla_data(attr),
7759 			       nla_len(attr));
7760 			i++;
7761 		}
7762 	}
7763 
7764 	i = 0;
7765 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7766 		nla_for_each_nested(attr,
7767 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7768 				    tmp) {
7769 			struct nlattr *ssid, *bssid, *rssi;
7770 
7771 			err = nla_parse_nested(tb,
7772 					       NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7773 					       attr, nl80211_match_policy,
7774 					       NULL);
7775 			if (err)
7776 				goto out_free;
7777 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7778 			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7779 			if (ssid || bssid) {
7780 				if (WARN_ON(i >= n_match_sets)) {
7781 					/* this indicates a programming error,
7782 					 * the loop above should have verified
7783 					 * things properly
7784 					 */
7785 					err = -EINVAL;
7786 					goto out_free;
7787 				}
7788 
7789 				if (ssid) {
7790 					if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7791 						err = -EINVAL;
7792 						goto out_free;
7793 					}
7794 					memcpy(request->match_sets[i].ssid.ssid,
7795 					       nla_data(ssid), nla_len(ssid));
7796 					request->match_sets[i].ssid.ssid_len =
7797 						nla_len(ssid);
7798 				}
7799 				if (bssid) {
7800 					if (nla_len(bssid) != ETH_ALEN) {
7801 						err = -EINVAL;
7802 						goto out_free;
7803 					}
7804 					memcpy(request->match_sets[i].bssid,
7805 					       nla_data(bssid), ETH_ALEN);
7806 				}
7807 
7808 				/* special attribute - old implementation w/a */
7809 				request->match_sets[i].rssi_thold =
7810 					default_match_rssi;
7811 				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7812 				if (rssi)
7813 					request->match_sets[i].rssi_thold =
7814 						nla_get_s32(rssi);
7815 			}
7816 			i++;
7817 		}
7818 
7819 		/* there was no other matchset, so the RSSI one is alone */
7820 		if (i == 0 && n_match_sets)
7821 			request->match_sets[0].rssi_thold = default_match_rssi;
7822 
7823 		request->min_rssi_thold = INT_MAX;
7824 		for (i = 0; i < n_match_sets; i++)
7825 			request->min_rssi_thold =
7826 				min(request->match_sets[i].rssi_thold,
7827 				    request->min_rssi_thold);
7828 	} else {
7829 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
7830 	}
7831 
7832 	if (ie_len) {
7833 		request->ie_len = ie_len;
7834 		memcpy((void *)request->ie,
7835 		       nla_data(attrs[NL80211_ATTR_IE]),
7836 		       request->ie_len);
7837 	}
7838 
7839 	err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
7840 	if (err)
7841 		goto out_free;
7842 
7843 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
7844 		request->delay =
7845 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
7846 
7847 	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
7848 		request->relative_rssi = nla_get_s8(
7849 			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
7850 		request->relative_rssi_set = true;
7851 	}
7852 
7853 	if (request->relative_rssi_set &&
7854 	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
7855 		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
7856 
7857 		rssi_adjust = nla_data(
7858 			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
7859 		request->rssi_adjust.band = rssi_adjust->band;
7860 		request->rssi_adjust.delta = rssi_adjust->delta;
7861 		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
7862 			err = -EINVAL;
7863 			goto out_free;
7864 		}
7865 	}
7866 
7867 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
7868 	if (err)
7869 		goto out_free;
7870 
7871 	request->scan_start = jiffies;
7872 
7873 	return request;
7874 
7875 out_free:
7876 	kfree(request);
7877 	return ERR_PTR(err);
7878 }
7879 
7880 static int nl80211_start_sched_scan(struct sk_buff *skb,
7881 				    struct genl_info *info)
7882 {
7883 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7884 	struct net_device *dev = info->user_ptr[1];
7885 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7886 	struct cfg80211_sched_scan_request *sched_scan_req;
7887 	bool want_multi;
7888 	int err;
7889 
7890 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
7891 		return -EOPNOTSUPP;
7892 
7893 	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
7894 	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
7895 	if (err)
7896 		return err;
7897 
7898 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
7899 						  info->attrs,
7900 						  rdev->wiphy.max_match_sets);
7901 
7902 	err = PTR_ERR_OR_ZERO(sched_scan_req);
7903 	if (err)
7904 		goto out_err;
7905 
7906 	/* leave request id zero for legacy request
7907 	 * or if driver does not support multi-scheduled scan
7908 	 */
7909 	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
7910 		while (!sched_scan_req->reqid)
7911 			sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
7912 	}
7913 
7914 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
7915 	if (err)
7916 		goto out_free;
7917 
7918 	sched_scan_req->dev = dev;
7919 	sched_scan_req->wiphy = &rdev->wiphy;
7920 
7921 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
7922 		sched_scan_req->owner_nlportid = info->snd_portid;
7923 
7924 	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
7925 
7926 	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
7927 	return 0;
7928 
7929 out_free:
7930 	kfree(sched_scan_req);
7931 out_err:
7932 	return err;
7933 }
7934 
7935 static int nl80211_stop_sched_scan(struct sk_buff *skb,
7936 				   struct genl_info *info)
7937 {
7938 	struct cfg80211_sched_scan_request *req;
7939 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7940 	u64 cookie;
7941 
7942 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
7943 		return -EOPNOTSUPP;
7944 
7945 	if (info->attrs[NL80211_ATTR_COOKIE]) {
7946 		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7947 		return __cfg80211_stop_sched_scan(rdev, cookie, false);
7948 	}
7949 
7950 	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
7951 				     struct cfg80211_sched_scan_request,
7952 				     list);
7953 	if (!req || req->reqid ||
7954 	    (req->owner_nlportid &&
7955 	     req->owner_nlportid != info->snd_portid))
7956 		return -ENOENT;
7957 
7958 	return cfg80211_stop_sched_scan_req(rdev, req, false);
7959 }
7960 
7961 static int nl80211_start_radar_detection(struct sk_buff *skb,
7962 					 struct genl_info *info)
7963 {
7964 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7965 	struct net_device *dev = info->user_ptr[1];
7966 	struct wireless_dev *wdev = dev->ieee80211_ptr;
7967 	struct wiphy *wiphy = wdev->wiphy;
7968 	struct cfg80211_chan_def chandef;
7969 	enum nl80211_dfs_regions dfs_region;
7970 	unsigned int cac_time_ms;
7971 	int err;
7972 
7973 	dfs_region = reg_get_dfs_region(wiphy);
7974 	if (dfs_region == NL80211_DFS_UNSET)
7975 		return -EINVAL;
7976 
7977 	err = nl80211_parse_chandef(rdev, info, &chandef);
7978 	if (err)
7979 		return err;
7980 
7981 	if (netif_carrier_ok(dev))
7982 		return -EBUSY;
7983 
7984 	if (wdev->cac_started)
7985 		return -EBUSY;
7986 
7987 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
7988 	if (err < 0)
7989 		return err;
7990 
7991 	if (err == 0)
7992 		return -EINVAL;
7993 
7994 	if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
7995 		return -EINVAL;
7996 
7997 	/* CAC start is offloaded to HW and can't be started manually */
7998 	if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
7999 		return -EOPNOTSUPP;
8000 
8001 	if (!rdev->ops->start_radar_detection)
8002 		return -EOPNOTSUPP;
8003 
8004 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8005 	if (WARN_ON(!cac_time_ms))
8006 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8007 
8008 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8009 	if (!err) {
8010 		wdev->chandef = chandef;
8011 		wdev->cac_started = true;
8012 		wdev->cac_start_time = jiffies;
8013 		wdev->cac_time_ms = cac_time_ms;
8014 	}
8015 	return err;
8016 }
8017 
8018 static int nl80211_notify_radar_detection(struct sk_buff *skb,
8019 					  struct genl_info *info)
8020 {
8021 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8022 	struct net_device *dev = info->user_ptr[1];
8023 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8024 	struct wiphy *wiphy = wdev->wiphy;
8025 	struct cfg80211_chan_def chandef;
8026 	enum nl80211_dfs_regions dfs_region;
8027 	int err;
8028 
8029 	dfs_region = reg_get_dfs_region(wiphy);
8030 	if (dfs_region == NL80211_DFS_UNSET) {
8031 		GENL_SET_ERR_MSG(info,
8032 				 "DFS Region is not set. Unexpected Radar indication");
8033 		return -EINVAL;
8034 	}
8035 
8036 	err = nl80211_parse_chandef(rdev, info, &chandef);
8037 	if (err) {
8038 		GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8039 		return err;
8040 	}
8041 
8042 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8043 	if (err < 0) {
8044 		GENL_SET_ERR_MSG(info, "chandef is invalid");
8045 		return err;
8046 	}
8047 
8048 	if (err == 0) {
8049 		GENL_SET_ERR_MSG(info,
8050 				 "Unexpected Radar indication for chandef/iftype");
8051 		return -EINVAL;
8052 	}
8053 
8054 	/* Do not process this notification if radar is already detected
8055 	 * by kernel on this channel, and return success.
8056 	 */
8057 	if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8058 		return 0;
8059 
8060 	cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8061 
8062 	cfg80211_sched_dfs_chan_update(rdev);
8063 
8064 	memcpy(&rdev->radar_chandef, &chandef, sizeof(chandef));
8065 
8066 	/* Propagate this notification to other radios as well */
8067 	queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8068 
8069 	return 0;
8070 }
8071 
8072 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8073 {
8074 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8075 	struct net_device *dev = info->user_ptr[1];
8076 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8077 	struct cfg80211_csa_settings params;
8078 	/* csa_attrs is defined static to avoid waste of stack size - this
8079 	 * function is called under RTNL lock, so this should not be a problem.
8080 	 */
8081 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8082 	int err;
8083 	bool need_new_beacon = false;
8084 	bool need_handle_dfs_flag = true;
8085 	int len, i;
8086 	u32 cs_count;
8087 
8088 	if (!rdev->ops->channel_switch ||
8089 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8090 		return -EOPNOTSUPP;
8091 
8092 	switch (dev->ieee80211_ptr->iftype) {
8093 	case NL80211_IFTYPE_AP:
8094 	case NL80211_IFTYPE_P2P_GO:
8095 		need_new_beacon = true;
8096 		/* For all modes except AP the handle_dfs flag needs to be
8097 		 * supplied to tell the kernel that userspace will handle radar
8098 		 * events when they happen. Otherwise a switch to a channel
8099 		 * requiring DFS will be rejected.
8100 		 */
8101 		need_handle_dfs_flag = false;
8102 
8103 		/* useless if AP is not running */
8104 		if (!wdev->beacon_interval)
8105 			return -ENOTCONN;
8106 		break;
8107 	case NL80211_IFTYPE_ADHOC:
8108 		if (!wdev->ssid_len)
8109 			return -ENOTCONN;
8110 		break;
8111 	case NL80211_IFTYPE_MESH_POINT:
8112 		if (!wdev->mesh_id_len)
8113 			return -ENOTCONN;
8114 		break;
8115 	default:
8116 		return -EOPNOTSUPP;
8117 	}
8118 
8119 	memset(&params, 0, sizeof(params));
8120 	params.beacon_csa.ftm_responder = -1;
8121 
8122 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8123 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8124 		return -EINVAL;
8125 
8126 	/* only important for AP, IBSS and mesh create IEs internally */
8127 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8128 		return -EINVAL;
8129 
8130 	/* Even though the attribute is u32, the specification says
8131 	 * u8, so let's make sure we don't overflow.
8132 	 */
8133 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8134 	if (cs_count > 255)
8135 		return -EINVAL;
8136 
8137 	params.count = cs_count;
8138 
8139 	if (!need_new_beacon)
8140 		goto skip_beacons;
8141 
8142 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
8143 	if (err)
8144 		return err;
8145 
8146 	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
8147 			       info->attrs[NL80211_ATTR_CSA_IES],
8148 			       nl80211_policy, info->extack);
8149 	if (err)
8150 		return err;
8151 
8152 	err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
8153 	if (err)
8154 		return err;
8155 
8156 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8157 		return -EINVAL;
8158 
8159 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8160 	if (!len || (len % sizeof(u16)))
8161 		return -EINVAL;
8162 
8163 	params.n_counter_offsets_beacon = len / sizeof(u16);
8164 	if (rdev->wiphy.max_num_csa_counters &&
8165 	    (params.n_counter_offsets_beacon >
8166 	     rdev->wiphy.max_num_csa_counters))
8167 		return -EINVAL;
8168 
8169 	params.counter_offsets_beacon =
8170 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8171 
8172 	/* sanity checks - counters should fit and be the same */
8173 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8174 		u16 offset = params.counter_offsets_beacon[i];
8175 
8176 		if (offset >= params.beacon_csa.tail_len)
8177 			return -EINVAL;
8178 
8179 		if (params.beacon_csa.tail[offset] != params.count)
8180 			return -EINVAL;
8181 	}
8182 
8183 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8184 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8185 		if (!len || (len % sizeof(u16)))
8186 			return -EINVAL;
8187 
8188 		params.n_counter_offsets_presp = len / sizeof(u16);
8189 		if (rdev->wiphy.max_num_csa_counters &&
8190 		    (params.n_counter_offsets_presp >
8191 		     rdev->wiphy.max_num_csa_counters))
8192 			return -EINVAL;
8193 
8194 		params.counter_offsets_presp =
8195 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8196 
8197 		/* sanity checks - counters should fit and be the same */
8198 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
8199 			u16 offset = params.counter_offsets_presp[i];
8200 
8201 			if (offset >= params.beacon_csa.probe_resp_len)
8202 				return -EINVAL;
8203 
8204 			if (params.beacon_csa.probe_resp[offset] !=
8205 			    params.count)
8206 				return -EINVAL;
8207 		}
8208 	}
8209 
8210 skip_beacons:
8211 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
8212 	if (err)
8213 		return err;
8214 
8215 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
8216 					   wdev->iftype))
8217 		return -EINVAL;
8218 
8219 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
8220 					    &params.chandef,
8221 					    wdev->iftype);
8222 	if (err < 0)
8223 		return err;
8224 
8225 	if (err > 0) {
8226 		params.radar_required = true;
8227 		if (need_handle_dfs_flag &&
8228 		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8229 			return -EINVAL;
8230 		}
8231 	}
8232 
8233 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8234 		params.block_tx = true;
8235 
8236 	wdev_lock(wdev);
8237 	err = rdev_channel_switch(rdev, dev, &params);
8238 	wdev_unlock(wdev);
8239 
8240 	return err;
8241 }
8242 
8243 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8244 			    u32 seq, int flags,
8245 			    struct cfg80211_registered_device *rdev,
8246 			    struct wireless_dev *wdev,
8247 			    struct cfg80211_internal_bss *intbss)
8248 {
8249 	struct cfg80211_bss *res = &intbss->pub;
8250 	const struct cfg80211_bss_ies *ies;
8251 	void *hdr;
8252 	struct nlattr *bss;
8253 
8254 	ASSERT_WDEV_LOCK(wdev);
8255 
8256 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8257 			     NL80211_CMD_NEW_SCAN_RESULTS);
8258 	if (!hdr)
8259 		return -1;
8260 
8261 	genl_dump_check_consistent(cb, hdr);
8262 
8263 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8264 		goto nla_put_failure;
8265 	if (wdev->netdev &&
8266 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8267 		goto nla_put_failure;
8268 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8269 			      NL80211_ATTR_PAD))
8270 		goto nla_put_failure;
8271 
8272 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
8273 	if (!bss)
8274 		goto nla_put_failure;
8275 	if ((!is_zero_ether_addr(res->bssid) &&
8276 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8277 		goto nla_put_failure;
8278 
8279 	rcu_read_lock();
8280 	/* indicate whether we have probe response data or not */
8281 	if (rcu_access_pointer(res->proberesp_ies) &&
8282 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8283 		goto fail_unlock_rcu;
8284 
8285 	/* this pointer prefers to be pointed to probe response data
8286 	 * but is always valid
8287 	 */
8288 	ies = rcu_dereference(res->ies);
8289 	if (ies) {
8290 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8291 				      NL80211_BSS_PAD))
8292 			goto fail_unlock_rcu;
8293 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8294 					ies->len, ies->data))
8295 			goto fail_unlock_rcu;
8296 	}
8297 
8298 	/* and this pointer is always (unless driver didn't know) beacon data */
8299 	ies = rcu_dereference(res->beacon_ies);
8300 	if (ies && ies->from_beacon) {
8301 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8302 				      NL80211_BSS_PAD))
8303 			goto fail_unlock_rcu;
8304 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8305 					ies->len, ies->data))
8306 			goto fail_unlock_rcu;
8307 	}
8308 	rcu_read_unlock();
8309 
8310 	if (res->beacon_interval &&
8311 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8312 		goto nla_put_failure;
8313 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8314 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8315 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8316 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8317 			jiffies_to_msecs(jiffies - intbss->ts)))
8318 		goto nla_put_failure;
8319 
8320 	if (intbss->parent_tsf &&
8321 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8322 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
8323 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8324 		     intbss->parent_bssid)))
8325 		goto nla_put_failure;
8326 
8327 	if (intbss->ts_boottime &&
8328 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8329 			      intbss->ts_boottime, NL80211_BSS_PAD))
8330 		goto nla_put_failure;
8331 
8332 	if (!nl80211_put_signal(msg, intbss->pub.chains,
8333 				intbss->pub.chain_signal,
8334 				NL80211_BSS_CHAIN_SIGNAL))
8335 		goto nla_put_failure;
8336 
8337 	switch (rdev->wiphy.signal_type) {
8338 	case CFG80211_SIGNAL_TYPE_MBM:
8339 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8340 			goto nla_put_failure;
8341 		break;
8342 	case CFG80211_SIGNAL_TYPE_UNSPEC:
8343 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8344 			goto nla_put_failure;
8345 		break;
8346 	default:
8347 		break;
8348 	}
8349 
8350 	switch (wdev->iftype) {
8351 	case NL80211_IFTYPE_P2P_CLIENT:
8352 	case NL80211_IFTYPE_STATION:
8353 		if (intbss == wdev->current_bss &&
8354 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8355 				NL80211_BSS_STATUS_ASSOCIATED))
8356 			goto nla_put_failure;
8357 		break;
8358 	case NL80211_IFTYPE_ADHOC:
8359 		if (intbss == wdev->current_bss &&
8360 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8361 				NL80211_BSS_STATUS_IBSS_JOINED))
8362 			goto nla_put_failure;
8363 		break;
8364 	default:
8365 		break;
8366 	}
8367 
8368 	nla_nest_end(msg, bss);
8369 
8370 	genlmsg_end(msg, hdr);
8371 	return 0;
8372 
8373  fail_unlock_rcu:
8374 	rcu_read_unlock();
8375  nla_put_failure:
8376 	genlmsg_cancel(msg, hdr);
8377 	return -EMSGSIZE;
8378 }
8379 
8380 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8381 {
8382 	struct cfg80211_registered_device *rdev;
8383 	struct cfg80211_internal_bss *scan;
8384 	struct wireless_dev *wdev;
8385 	int start = cb->args[2], idx = 0;
8386 	int err;
8387 
8388 	rtnl_lock();
8389 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8390 	if (err) {
8391 		rtnl_unlock();
8392 		return err;
8393 	}
8394 
8395 	wdev_lock(wdev);
8396 	spin_lock_bh(&rdev->bss_lock);
8397 
8398 	/*
8399 	 * dump_scan will be called multiple times to break up the scan results
8400 	 * into multiple messages.  It is unlikely that any more bss-es will be
8401 	 * expired after the first call, so only call only call this on the
8402 	 * first dump_scan invocation.
8403 	 */
8404 	if (start == 0)
8405 		cfg80211_bss_expire(rdev);
8406 
8407 	cb->seq = rdev->bss_generation;
8408 
8409 	list_for_each_entry(scan, &rdev->bss_list, list) {
8410 		if (++idx <= start)
8411 			continue;
8412 		if (nl80211_send_bss(skb, cb,
8413 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8414 				rdev, wdev, scan) < 0) {
8415 			idx--;
8416 			break;
8417 		}
8418 	}
8419 
8420 	spin_unlock_bh(&rdev->bss_lock);
8421 	wdev_unlock(wdev);
8422 
8423 	cb->args[2] = idx;
8424 	rtnl_unlock();
8425 
8426 	return skb->len;
8427 }
8428 
8429 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
8430 			       int flags, struct net_device *dev,
8431 			       bool allow_radio_stats,
8432 			       struct survey_info *survey)
8433 {
8434 	void *hdr;
8435 	struct nlattr *infoattr;
8436 
8437 	/* skip radio stats if userspace didn't request them */
8438 	if (!survey->channel && !allow_radio_stats)
8439 		return 0;
8440 
8441 	hdr = nl80211hdr_put(msg, portid, seq, flags,
8442 			     NL80211_CMD_NEW_SURVEY_RESULTS);
8443 	if (!hdr)
8444 		return -ENOMEM;
8445 
8446 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
8447 		goto nla_put_failure;
8448 
8449 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
8450 	if (!infoattr)
8451 		goto nla_put_failure;
8452 
8453 	if (survey->channel &&
8454 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
8455 			survey->channel->center_freq))
8456 		goto nla_put_failure;
8457 
8458 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
8459 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
8460 		goto nla_put_failure;
8461 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
8462 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
8463 		goto nla_put_failure;
8464 	if ((survey->filled & SURVEY_INFO_TIME) &&
8465 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
8466 			survey->time, NL80211_SURVEY_INFO_PAD))
8467 		goto nla_put_failure;
8468 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
8469 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
8470 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
8471 		goto nla_put_failure;
8472 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
8473 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
8474 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
8475 		goto nla_put_failure;
8476 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
8477 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
8478 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
8479 		goto nla_put_failure;
8480 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
8481 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
8482 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
8483 		goto nla_put_failure;
8484 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
8485 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8486 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
8487 		goto nla_put_failure;
8488 
8489 	nla_nest_end(msg, infoattr);
8490 
8491 	genlmsg_end(msg, hdr);
8492 	return 0;
8493 
8494  nla_put_failure:
8495 	genlmsg_cancel(msg, hdr);
8496 	return -EMSGSIZE;
8497 }
8498 
8499 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
8500 {
8501 	struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8502 	struct survey_info survey;
8503 	struct cfg80211_registered_device *rdev;
8504 	struct wireless_dev *wdev;
8505 	int survey_idx = cb->args[2];
8506 	int res;
8507 	bool radio_stats;
8508 
8509 	rtnl_lock();
8510 	res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8511 	if (res)
8512 		goto out_err;
8513 
8514 	/* prepare_wdev_dump parsed the attributes */
8515 	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
8516 
8517 	if (!wdev->netdev) {
8518 		res = -EINVAL;
8519 		goto out_err;
8520 	}
8521 
8522 	if (!rdev->ops->dump_survey) {
8523 		res = -EOPNOTSUPP;
8524 		goto out_err;
8525 	}
8526 
8527 	while (1) {
8528 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8529 		if (res == -ENOENT)
8530 			break;
8531 		if (res)
8532 			goto out_err;
8533 
8534 		/* don't send disabled channels, but do send non-channel data */
8535 		if (survey.channel &&
8536 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8537 			survey_idx++;
8538 			continue;
8539 		}
8540 
8541 		if (nl80211_send_survey(skb,
8542 				NETLINK_CB(cb->skb).portid,
8543 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8544 				wdev->netdev, radio_stats, &survey) < 0)
8545 			goto out;
8546 		survey_idx++;
8547 	}
8548 
8549  out:
8550 	cb->args[2] = survey_idx;
8551 	res = skb->len;
8552  out_err:
8553 	rtnl_unlock();
8554 	return res;
8555 }
8556 
8557 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8558 {
8559 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8560 				  NL80211_WPA_VERSION_2));
8561 }
8562 
8563 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8564 {
8565 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8566 	struct net_device *dev = info->user_ptr[1];
8567 	struct ieee80211_channel *chan;
8568 	const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8569 	int err, ssid_len, ie_len = 0, auth_data_len = 0;
8570 	enum nl80211_auth_type auth_type;
8571 	struct key_parse key;
8572 	bool local_state_change;
8573 
8574 	if (!info->attrs[NL80211_ATTR_MAC])
8575 		return -EINVAL;
8576 
8577 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8578 		return -EINVAL;
8579 
8580 	if (!info->attrs[NL80211_ATTR_SSID])
8581 		return -EINVAL;
8582 
8583 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8584 		return -EINVAL;
8585 
8586 	err = nl80211_parse_key(info, &key);
8587 	if (err)
8588 		return err;
8589 
8590 	if (key.idx >= 0) {
8591 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8592 			return -EINVAL;
8593 		if (!key.p.key || !key.p.key_len)
8594 			return -EINVAL;
8595 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8596 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8597 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8598 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
8599 			return -EINVAL;
8600 		if (key.idx > 3)
8601 			return -EINVAL;
8602 	} else {
8603 		key.p.key_len = 0;
8604 		key.p.key = NULL;
8605 	}
8606 
8607 	if (key.idx >= 0) {
8608 		int i;
8609 		bool ok = false;
8610 
8611 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8612 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8613 				ok = true;
8614 				break;
8615 			}
8616 		}
8617 		if (!ok)
8618 			return -EINVAL;
8619 	}
8620 
8621 	if (!rdev->ops->auth)
8622 		return -EOPNOTSUPP;
8623 
8624 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8625 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8626 		return -EOPNOTSUPP;
8627 
8628 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8629 	chan = nl80211_get_valid_chan(&rdev->wiphy,
8630 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8631 	if (!chan)
8632 		return -EINVAL;
8633 
8634 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8635 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8636 
8637 	if (info->attrs[NL80211_ATTR_IE]) {
8638 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8639 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8640 	}
8641 
8642 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8643 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8644 		return -EINVAL;
8645 
8646 	if ((auth_type == NL80211_AUTHTYPE_SAE ||
8647 	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
8648 	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8649 	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8650 	    !info->attrs[NL80211_ATTR_AUTH_DATA])
8651 		return -EINVAL;
8652 
8653 	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8654 		if (auth_type != NL80211_AUTHTYPE_SAE &&
8655 		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
8656 		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8657 		    auth_type != NL80211_AUTHTYPE_FILS_PK)
8658 			return -EINVAL;
8659 		auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8660 		auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8661 		/* need to include at least Auth Transaction and Status Code */
8662 		if (auth_data_len < 4)
8663 			return -EINVAL;
8664 	}
8665 
8666 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8667 
8668 	/*
8669 	 * Since we no longer track auth state, ignore
8670 	 * requests to only change local state.
8671 	 */
8672 	if (local_state_change)
8673 		return 0;
8674 
8675 	wdev_lock(dev->ieee80211_ptr);
8676 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8677 				 ssid, ssid_len, ie, ie_len,
8678 				 key.p.key, key.p.key_len, key.idx,
8679 				 auth_data, auth_data_len);
8680 	wdev_unlock(dev->ieee80211_ptr);
8681 	return err;
8682 }
8683 
8684 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
8685 				     struct genl_info *info)
8686 {
8687 	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8688 		GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
8689 		return -EINVAL;
8690 	}
8691 
8692 	if (!rdev->ops->tx_control_port ||
8693 	    !wiphy_ext_feature_isset(&rdev->wiphy,
8694 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
8695 		return -EOPNOTSUPP;
8696 
8697 	return 0;
8698 }
8699 
8700 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8701 				   struct genl_info *info,
8702 				   struct cfg80211_crypto_settings *settings,
8703 				   int cipher_limit)
8704 {
8705 	memset(settings, 0, sizeof(*settings));
8706 
8707 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8708 
8709 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8710 		u16 proto;
8711 
8712 		proto = nla_get_u16(
8713 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8714 		settings->control_port_ethertype = cpu_to_be16(proto);
8715 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8716 		    proto != ETH_P_PAE)
8717 			return -EINVAL;
8718 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8719 			settings->control_port_no_encrypt = true;
8720 	} else
8721 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8722 
8723 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
8724 		int r = validate_pae_over_nl80211(rdev, info);
8725 
8726 		if (r < 0)
8727 			return r;
8728 
8729 		settings->control_port_over_nl80211 = true;
8730 	}
8731 
8732 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8733 		void *data;
8734 		int len, i;
8735 
8736 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8737 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8738 		settings->n_ciphers_pairwise = len / sizeof(u32);
8739 
8740 		if (len % sizeof(u32))
8741 			return -EINVAL;
8742 
8743 		if (settings->n_ciphers_pairwise > cipher_limit)
8744 			return -EINVAL;
8745 
8746 		memcpy(settings->ciphers_pairwise, data, len);
8747 
8748 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
8749 			if (!cfg80211_supported_cipher_suite(
8750 					&rdev->wiphy,
8751 					settings->ciphers_pairwise[i]))
8752 				return -EINVAL;
8753 	}
8754 
8755 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8756 		settings->cipher_group =
8757 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8758 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8759 						     settings->cipher_group))
8760 			return -EINVAL;
8761 	}
8762 
8763 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8764 		settings->wpa_versions =
8765 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8766 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8767 			return -EINVAL;
8768 	}
8769 
8770 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8771 		void *data;
8772 		int len;
8773 
8774 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8775 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8776 		settings->n_akm_suites = len / sizeof(u32);
8777 
8778 		if (len % sizeof(u32))
8779 			return -EINVAL;
8780 
8781 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8782 			return -EINVAL;
8783 
8784 		memcpy(settings->akm_suites, data, len);
8785 	}
8786 
8787 	if (info->attrs[NL80211_ATTR_PMK]) {
8788 		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8789 			return -EINVAL;
8790 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
8791 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8792 			return -EINVAL;
8793 		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8794 	}
8795 
8796 	return 0;
8797 }
8798 
8799 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
8800 {
8801 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8802 	struct net_device *dev = info->user_ptr[1];
8803 	struct ieee80211_channel *chan;
8804 	struct cfg80211_assoc_request req = {};
8805 	const u8 *bssid, *ssid;
8806 	int err, ssid_len = 0;
8807 
8808 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
8809 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
8810 		return -EPERM;
8811 
8812 	if (!info->attrs[NL80211_ATTR_MAC] ||
8813 	    !info->attrs[NL80211_ATTR_SSID] ||
8814 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
8815 		return -EINVAL;
8816 
8817 	if (!rdev->ops->assoc)
8818 		return -EOPNOTSUPP;
8819 
8820 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8821 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8822 		return -EOPNOTSUPP;
8823 
8824 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8825 
8826 	chan = nl80211_get_valid_chan(&rdev->wiphy,
8827 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8828 	if (!chan)
8829 		return -EINVAL;
8830 
8831 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8832 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8833 
8834 	if (info->attrs[NL80211_ATTR_IE]) {
8835 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8836 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8837 	}
8838 
8839 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
8840 		enum nl80211_mfp mfp =
8841 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
8842 		if (mfp == NL80211_MFP_REQUIRED)
8843 			req.use_mfp = true;
8844 		else if (mfp != NL80211_MFP_NO)
8845 			return -EINVAL;
8846 	}
8847 
8848 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
8849 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
8850 
8851 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
8852 		req.flags |= ASSOC_REQ_DISABLE_HT;
8853 
8854 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8855 		memcpy(&req.ht_capa_mask,
8856 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
8857 		       sizeof(req.ht_capa_mask));
8858 
8859 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
8860 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
8861 			return -EINVAL;
8862 		memcpy(&req.ht_capa,
8863 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
8864 		       sizeof(req.ht_capa));
8865 	}
8866 
8867 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
8868 		req.flags |= ASSOC_REQ_DISABLE_VHT;
8869 
8870 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8871 		memcpy(&req.vht_capa_mask,
8872 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
8873 		       sizeof(req.vht_capa_mask));
8874 
8875 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
8876 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
8877 			return -EINVAL;
8878 		memcpy(&req.vht_capa,
8879 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
8880 		       sizeof(req.vht_capa));
8881 	}
8882 
8883 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
8884 		if (!((rdev->wiphy.features &
8885 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
8886 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
8887 		    !wiphy_ext_feature_isset(&rdev->wiphy,
8888 					     NL80211_EXT_FEATURE_RRM))
8889 			return -EINVAL;
8890 		req.flags |= ASSOC_REQ_USE_RRM;
8891 	}
8892 
8893 	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
8894 		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
8895 		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
8896 		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
8897 			return -EINVAL;
8898 		req.fils_nonces =
8899 			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
8900 	}
8901 
8902 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
8903 	if (!err) {
8904 		wdev_lock(dev->ieee80211_ptr);
8905 
8906 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
8907 					  ssid, ssid_len, &req);
8908 
8909 		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8910 			dev->ieee80211_ptr->conn_owner_nlportid =
8911 				info->snd_portid;
8912 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
8913 			       bssid, ETH_ALEN);
8914 		}
8915 
8916 		wdev_unlock(dev->ieee80211_ptr);
8917 	}
8918 
8919 	return err;
8920 }
8921 
8922 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
8923 {
8924 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8925 	struct net_device *dev = info->user_ptr[1];
8926 	const u8 *ie = NULL, *bssid;
8927 	int ie_len = 0, err;
8928 	u16 reason_code;
8929 	bool local_state_change;
8930 
8931 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
8932 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
8933 		return -EPERM;
8934 
8935 	if (!info->attrs[NL80211_ATTR_MAC])
8936 		return -EINVAL;
8937 
8938 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
8939 		return -EINVAL;
8940 
8941 	if (!rdev->ops->deauth)
8942 		return -EOPNOTSUPP;
8943 
8944 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8945 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8946 		return -EOPNOTSUPP;
8947 
8948 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8949 
8950 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8951 	if (reason_code == 0) {
8952 		/* Reason Code 0 is reserved */
8953 		return -EINVAL;
8954 	}
8955 
8956 	if (info->attrs[NL80211_ATTR_IE]) {
8957 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8958 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8959 	}
8960 
8961 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8962 
8963 	wdev_lock(dev->ieee80211_ptr);
8964 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
8965 				   local_state_change);
8966 	wdev_unlock(dev->ieee80211_ptr);
8967 	return err;
8968 }
8969 
8970 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
8971 {
8972 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8973 	struct net_device *dev = info->user_ptr[1];
8974 	const u8 *ie = NULL, *bssid;
8975 	int ie_len = 0, err;
8976 	u16 reason_code;
8977 	bool local_state_change;
8978 
8979 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
8980 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
8981 		return -EPERM;
8982 
8983 	if (!info->attrs[NL80211_ATTR_MAC])
8984 		return -EINVAL;
8985 
8986 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
8987 		return -EINVAL;
8988 
8989 	if (!rdev->ops->disassoc)
8990 		return -EOPNOTSUPP;
8991 
8992 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8993 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8994 		return -EOPNOTSUPP;
8995 
8996 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8997 
8998 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
8999 	if (reason_code == 0) {
9000 		/* Reason Code 0 is reserved */
9001 		return -EINVAL;
9002 	}
9003 
9004 	if (info->attrs[NL80211_ATTR_IE]) {
9005 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9006 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9007 	}
9008 
9009 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9010 
9011 	wdev_lock(dev->ieee80211_ptr);
9012 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9013 				     local_state_change);
9014 	wdev_unlock(dev->ieee80211_ptr);
9015 	return err;
9016 }
9017 
9018 static bool
9019 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9020 			 int mcast_rate[NUM_NL80211_BANDS],
9021 			 int rateval)
9022 {
9023 	struct wiphy *wiphy = &rdev->wiphy;
9024 	bool found = false;
9025 	int band, i;
9026 
9027 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
9028 		struct ieee80211_supported_band *sband;
9029 
9030 		sband = wiphy->bands[band];
9031 		if (!sband)
9032 			continue;
9033 
9034 		for (i = 0; i < sband->n_bitrates; i++) {
9035 			if (sband->bitrates[i].bitrate == rateval) {
9036 				mcast_rate[band] = i + 1;
9037 				found = true;
9038 				break;
9039 			}
9040 		}
9041 	}
9042 
9043 	return found;
9044 }
9045 
9046 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9047 {
9048 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9049 	struct net_device *dev = info->user_ptr[1];
9050 	struct cfg80211_ibss_params ibss;
9051 	struct wiphy *wiphy;
9052 	struct cfg80211_cached_keys *connkeys = NULL;
9053 	int err;
9054 
9055 	memset(&ibss, 0, sizeof(ibss));
9056 
9057 	if (!info->attrs[NL80211_ATTR_SSID] ||
9058 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9059 		return -EINVAL;
9060 
9061 	ibss.beacon_interval = 100;
9062 
9063 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9064 		ibss.beacon_interval =
9065 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9066 
9067 	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9068 					   ibss.beacon_interval);
9069 	if (err)
9070 		return err;
9071 
9072 	if (!rdev->ops->join_ibss)
9073 		return -EOPNOTSUPP;
9074 
9075 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9076 		return -EOPNOTSUPP;
9077 
9078 	wiphy = &rdev->wiphy;
9079 
9080 	if (info->attrs[NL80211_ATTR_MAC]) {
9081 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9082 
9083 		if (!is_valid_ether_addr(ibss.bssid))
9084 			return -EINVAL;
9085 	}
9086 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9087 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9088 
9089 	if (info->attrs[NL80211_ATTR_IE]) {
9090 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9091 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9092 	}
9093 
9094 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9095 	if (err)
9096 		return err;
9097 
9098 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9099 				     NL80211_IFTYPE_ADHOC))
9100 		return -EINVAL;
9101 
9102 	switch (ibss.chandef.width) {
9103 	case NL80211_CHAN_WIDTH_5:
9104 	case NL80211_CHAN_WIDTH_10:
9105 	case NL80211_CHAN_WIDTH_20_NOHT:
9106 		break;
9107 	case NL80211_CHAN_WIDTH_20:
9108 	case NL80211_CHAN_WIDTH_40:
9109 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9110 			return -EINVAL;
9111 		break;
9112 	case NL80211_CHAN_WIDTH_80:
9113 	case NL80211_CHAN_WIDTH_80P80:
9114 	case NL80211_CHAN_WIDTH_160:
9115 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9116 			return -EINVAL;
9117 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9118 					     NL80211_EXT_FEATURE_VHT_IBSS))
9119 			return -EINVAL;
9120 		break;
9121 	default:
9122 		return -EINVAL;
9123 	}
9124 
9125 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9126 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9127 
9128 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9129 		u8 *rates =
9130 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9131 		int n_rates =
9132 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9133 		struct ieee80211_supported_band *sband =
9134 			wiphy->bands[ibss.chandef.chan->band];
9135 
9136 		err = ieee80211_get_ratemask(sband, rates, n_rates,
9137 					     &ibss.basic_rates);
9138 		if (err)
9139 			return err;
9140 	}
9141 
9142 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9143 		memcpy(&ibss.ht_capa_mask,
9144 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9145 		       sizeof(ibss.ht_capa_mask));
9146 
9147 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9148 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9149 			return -EINVAL;
9150 		memcpy(&ibss.ht_capa,
9151 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9152 		       sizeof(ibss.ht_capa));
9153 	}
9154 
9155 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9156 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9157 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9158 		return -EINVAL;
9159 
9160 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9161 		bool no_ht = false;
9162 
9163 		connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9164 		if (IS_ERR(connkeys))
9165 			return PTR_ERR(connkeys);
9166 
9167 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9168 		    no_ht) {
9169 			kzfree(connkeys);
9170 			return -EINVAL;
9171 		}
9172 	}
9173 
9174 	ibss.control_port =
9175 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9176 
9177 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9178 		int r = validate_pae_over_nl80211(rdev, info);
9179 
9180 		if (r < 0) {
9181 			kzfree(connkeys);
9182 			return r;
9183 		}
9184 
9185 		ibss.control_port_over_nl80211 = true;
9186 	}
9187 
9188 	ibss.userspace_handles_dfs =
9189 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9190 
9191 	wdev_lock(dev->ieee80211_ptr);
9192 	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9193 	if (err)
9194 		kzfree(connkeys);
9195 	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9196 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9197 	wdev_unlock(dev->ieee80211_ptr);
9198 
9199 	return err;
9200 }
9201 
9202 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9203 {
9204 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9205 	struct net_device *dev = info->user_ptr[1];
9206 
9207 	if (!rdev->ops->leave_ibss)
9208 		return -EOPNOTSUPP;
9209 
9210 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9211 		return -EOPNOTSUPP;
9212 
9213 	return cfg80211_leave_ibss(rdev, dev, false);
9214 }
9215 
9216 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9217 {
9218 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9219 	struct net_device *dev = info->user_ptr[1];
9220 	int mcast_rate[NUM_NL80211_BANDS];
9221 	u32 nla_rate;
9222 	int err;
9223 
9224 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9225 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9226 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9227 		return -EOPNOTSUPP;
9228 
9229 	if (!rdev->ops->set_mcast_rate)
9230 		return -EOPNOTSUPP;
9231 
9232 	memset(mcast_rate, 0, sizeof(mcast_rate));
9233 
9234 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9235 		return -EINVAL;
9236 
9237 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9238 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9239 		return -EINVAL;
9240 
9241 	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9242 
9243 	return err;
9244 }
9245 
9246 static struct sk_buff *
9247 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9248 			    struct wireless_dev *wdev, int approxlen,
9249 			    u32 portid, u32 seq, enum nl80211_commands cmd,
9250 			    enum nl80211_attrs attr,
9251 			    const struct nl80211_vendor_cmd_info *info,
9252 			    gfp_t gfp)
9253 {
9254 	struct sk_buff *skb;
9255 	void *hdr;
9256 	struct nlattr *data;
9257 
9258 	skb = nlmsg_new(approxlen + 100, gfp);
9259 	if (!skb)
9260 		return NULL;
9261 
9262 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9263 	if (!hdr) {
9264 		kfree_skb(skb);
9265 		return NULL;
9266 	}
9267 
9268 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9269 		goto nla_put_failure;
9270 
9271 	if (info) {
9272 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9273 				info->vendor_id))
9274 			goto nla_put_failure;
9275 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9276 				info->subcmd))
9277 			goto nla_put_failure;
9278 	}
9279 
9280 	if (wdev) {
9281 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9282 				      wdev_id(wdev), NL80211_ATTR_PAD))
9283 			goto nla_put_failure;
9284 		if (wdev->netdev &&
9285 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9286 				wdev->netdev->ifindex))
9287 			goto nla_put_failure;
9288 	}
9289 
9290 	data = nla_nest_start(skb, attr);
9291 	if (!data)
9292 		goto nla_put_failure;
9293 
9294 	((void **)skb->cb)[0] = rdev;
9295 	((void **)skb->cb)[1] = hdr;
9296 	((void **)skb->cb)[2] = data;
9297 
9298 	return skb;
9299 
9300  nla_put_failure:
9301 	kfree_skb(skb);
9302 	return NULL;
9303 }
9304 
9305 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9306 					   struct wireless_dev *wdev,
9307 					   enum nl80211_commands cmd,
9308 					   enum nl80211_attrs attr,
9309 					   unsigned int portid,
9310 					   int vendor_event_idx,
9311 					   int approxlen, gfp_t gfp)
9312 {
9313 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9314 	const struct nl80211_vendor_cmd_info *info;
9315 
9316 	switch (cmd) {
9317 	case NL80211_CMD_TESTMODE:
9318 		if (WARN_ON(vendor_event_idx != -1))
9319 			return NULL;
9320 		info = NULL;
9321 		break;
9322 	case NL80211_CMD_VENDOR:
9323 		if (WARN_ON(vendor_event_idx < 0 ||
9324 			    vendor_event_idx >= wiphy->n_vendor_events))
9325 			return NULL;
9326 		info = &wiphy->vendor_events[vendor_event_idx];
9327 		break;
9328 	default:
9329 		WARN_ON(1);
9330 		return NULL;
9331 	}
9332 
9333 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9334 					   cmd, attr, info, gfp);
9335 }
9336 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9337 
9338 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9339 {
9340 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9341 	void *hdr = ((void **)skb->cb)[1];
9342 	struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9343 	struct nlattr *data = ((void **)skb->cb)[2];
9344 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9345 
9346 	/* clear CB data for netlink core to own from now on */
9347 	memset(skb->cb, 0, sizeof(skb->cb));
9348 
9349 	nla_nest_end(skb, data);
9350 	genlmsg_end(skb, hdr);
9351 
9352 	if (nlhdr->nlmsg_pid) {
9353 		genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
9354 				nlhdr->nlmsg_pid);
9355 	} else {
9356 		if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9357 			mcgrp = NL80211_MCGRP_VENDOR;
9358 
9359 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
9360 					skb, 0, mcgrp, gfp);
9361 	}
9362 }
9363 EXPORT_SYMBOL(__cfg80211_send_event_skb);
9364 
9365 #ifdef CONFIG_NL80211_TESTMODE
9366 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9367 {
9368 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9369 	struct wireless_dev *wdev =
9370 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9371 	int err;
9372 
9373 	if (!rdev->ops->testmode_cmd)
9374 		return -EOPNOTSUPP;
9375 
9376 	if (IS_ERR(wdev)) {
9377 		err = PTR_ERR(wdev);
9378 		if (err != -EINVAL)
9379 			return err;
9380 		wdev = NULL;
9381 	} else if (wdev->wiphy != &rdev->wiphy) {
9382 		return -EINVAL;
9383 	}
9384 
9385 	if (!info->attrs[NL80211_ATTR_TESTDATA])
9386 		return -EINVAL;
9387 
9388 	rdev->cur_cmd_info = info;
9389 	err = rdev_testmode_cmd(rdev, wdev,
9390 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9391 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
9392 	rdev->cur_cmd_info = NULL;
9393 
9394 	return err;
9395 }
9396 
9397 static int nl80211_testmode_dump(struct sk_buff *skb,
9398 				 struct netlink_callback *cb)
9399 {
9400 	struct cfg80211_registered_device *rdev;
9401 	int err;
9402 	long phy_idx;
9403 	void *data = NULL;
9404 	int data_len = 0;
9405 
9406 	rtnl_lock();
9407 
9408 	if (cb->args[0]) {
9409 		/*
9410 		 * 0 is a valid index, but not valid for args[0],
9411 		 * so we need to offset by 1.
9412 		 */
9413 		phy_idx = cb->args[0] - 1;
9414 
9415 		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
9416 		if (!rdev) {
9417 			err = -ENOENT;
9418 			goto out_err;
9419 		}
9420 	} else {
9421 		struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
9422 
9423 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
9424 				  attrbuf, nl80211_fam.maxattr,
9425 				  nl80211_policy, NULL);
9426 		if (err)
9427 			goto out_err;
9428 
9429 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
9430 		if (IS_ERR(rdev)) {
9431 			err = PTR_ERR(rdev);
9432 			goto out_err;
9433 		}
9434 		phy_idx = rdev->wiphy_idx;
9435 
9436 		if (attrbuf[NL80211_ATTR_TESTDATA])
9437 			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
9438 	}
9439 
9440 	if (cb->args[1]) {
9441 		data = nla_data((void *)cb->args[1]);
9442 		data_len = nla_len((void *)cb->args[1]);
9443 	}
9444 
9445 	if (!rdev->ops->testmode_dump) {
9446 		err = -EOPNOTSUPP;
9447 		goto out_err;
9448 	}
9449 
9450 	while (1) {
9451 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
9452 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
9453 					   NL80211_CMD_TESTMODE);
9454 		struct nlattr *tmdata;
9455 
9456 		if (!hdr)
9457 			break;
9458 
9459 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
9460 			genlmsg_cancel(skb, hdr);
9461 			break;
9462 		}
9463 
9464 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
9465 		if (!tmdata) {
9466 			genlmsg_cancel(skb, hdr);
9467 			break;
9468 		}
9469 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
9470 		nla_nest_end(skb, tmdata);
9471 
9472 		if (err == -ENOBUFS || err == -ENOENT) {
9473 			genlmsg_cancel(skb, hdr);
9474 			break;
9475 		} else if (err) {
9476 			genlmsg_cancel(skb, hdr);
9477 			goto out_err;
9478 		}
9479 
9480 		genlmsg_end(skb, hdr);
9481 	}
9482 
9483 	err = skb->len;
9484 	/* see above */
9485 	cb->args[0] = phy_idx + 1;
9486  out_err:
9487 	rtnl_unlock();
9488 	return err;
9489 }
9490 #endif
9491 
9492 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
9493 {
9494 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9495 	struct net_device *dev = info->user_ptr[1];
9496 	struct cfg80211_connect_params connect;
9497 	struct wiphy *wiphy;
9498 	struct cfg80211_cached_keys *connkeys = NULL;
9499 	int err;
9500 
9501 	memset(&connect, 0, sizeof(connect));
9502 
9503 	if (!info->attrs[NL80211_ATTR_SSID] ||
9504 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9505 		return -EINVAL;
9506 
9507 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9508 		connect.auth_type =
9509 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9510 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
9511 					     NL80211_CMD_CONNECT))
9512 			return -EINVAL;
9513 	} else
9514 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
9515 
9516 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
9517 
9518 	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
9519 	    !wiphy_ext_feature_isset(&rdev->wiphy,
9520 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
9521 		return -EINVAL;
9522 	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
9523 
9524 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
9525 				      NL80211_MAX_NR_CIPHER_SUITES);
9526 	if (err)
9527 		return err;
9528 
9529 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9530 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9531 		return -EOPNOTSUPP;
9532 
9533 	wiphy = &rdev->wiphy;
9534 
9535 	connect.bg_scan_period = -1;
9536 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
9537 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
9538 		connect.bg_scan_period =
9539 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
9540 	}
9541 
9542 	if (info->attrs[NL80211_ATTR_MAC])
9543 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9544 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
9545 		connect.bssid_hint =
9546 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
9547 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9548 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9549 
9550 	if (info->attrs[NL80211_ATTR_IE]) {
9551 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9552 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9553 	}
9554 
9555 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9556 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9557 		if (connect.mfp == NL80211_MFP_OPTIONAL &&
9558 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9559 					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
9560 			return -EOPNOTSUPP;
9561 	} else {
9562 		connect.mfp = NL80211_MFP_NO;
9563 	}
9564 
9565 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9566 		connect.prev_bssid =
9567 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9568 
9569 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9570 		connect.channel = nl80211_get_valid_chan(
9571 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9572 		if (!connect.channel)
9573 			return -EINVAL;
9574 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9575 		connect.channel_hint = nl80211_get_valid_chan(
9576 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9577 		if (!connect.channel_hint)
9578 			return -EINVAL;
9579 	}
9580 
9581 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9582 		connkeys = nl80211_parse_connkeys(rdev, info, NULL);
9583 		if (IS_ERR(connkeys))
9584 			return PTR_ERR(connkeys);
9585 	}
9586 
9587 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9588 		connect.flags |= ASSOC_REQ_DISABLE_HT;
9589 
9590 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9591 		memcpy(&connect.ht_capa_mask,
9592 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9593 		       sizeof(connect.ht_capa_mask));
9594 
9595 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9596 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9597 			kzfree(connkeys);
9598 			return -EINVAL;
9599 		}
9600 		memcpy(&connect.ht_capa,
9601 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9602 		       sizeof(connect.ht_capa));
9603 	}
9604 
9605 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9606 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
9607 
9608 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9609 		memcpy(&connect.vht_capa_mask,
9610 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9611 		       sizeof(connect.vht_capa_mask));
9612 
9613 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9614 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9615 			kzfree(connkeys);
9616 			return -EINVAL;
9617 		}
9618 		memcpy(&connect.vht_capa,
9619 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9620 		       sizeof(connect.vht_capa));
9621 	}
9622 
9623 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9624 		if (!((rdev->wiphy.features &
9625 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9626 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9627 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9628 					     NL80211_EXT_FEATURE_RRM)) {
9629 			kzfree(connkeys);
9630 			return -EINVAL;
9631 		}
9632 		connect.flags |= ASSOC_REQ_USE_RRM;
9633 	}
9634 
9635 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9636 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9637 		kzfree(connkeys);
9638 		return -EOPNOTSUPP;
9639 	}
9640 
9641 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9642 		/* bss selection makes no sense if bssid is set */
9643 		if (connect.bssid) {
9644 			kzfree(connkeys);
9645 			return -EINVAL;
9646 		}
9647 
9648 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9649 				       wiphy, &connect.bss_select);
9650 		if (err) {
9651 			kzfree(connkeys);
9652 			return err;
9653 		}
9654 	}
9655 
9656 	if (wiphy_ext_feature_isset(&rdev->wiphy,
9657 				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9658 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9659 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9660 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9661 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9662 		connect.fils_erp_username =
9663 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9664 		connect.fils_erp_username_len =
9665 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9666 		connect.fils_erp_realm =
9667 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9668 		connect.fils_erp_realm_len =
9669 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9670 		connect.fils_erp_next_seq_num =
9671 			nla_get_u16(
9672 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9673 		connect.fils_erp_rrk =
9674 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9675 		connect.fils_erp_rrk_len =
9676 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9677 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9678 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9679 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9680 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9681 		kzfree(connkeys);
9682 		return -EINVAL;
9683 	}
9684 
9685 	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
9686 		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9687 			kzfree(connkeys);
9688 			GENL_SET_ERR_MSG(info,
9689 					 "external auth requires connection ownership");
9690 			return -EINVAL;
9691 		}
9692 		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
9693 	}
9694 
9695 	wdev_lock(dev->ieee80211_ptr);
9696 
9697 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
9698 			       connect.prev_bssid);
9699 	if (err)
9700 		kzfree(connkeys);
9701 
9702 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9703 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9704 		if (connect.bssid)
9705 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
9706 			       connect.bssid, ETH_ALEN);
9707 		else
9708 			memset(dev->ieee80211_ptr->disconnect_bssid,
9709 			       0, ETH_ALEN);
9710 	}
9711 
9712 	wdev_unlock(dev->ieee80211_ptr);
9713 
9714 	return err;
9715 }
9716 
9717 static int nl80211_update_connect_params(struct sk_buff *skb,
9718 					 struct genl_info *info)
9719 {
9720 	struct cfg80211_connect_params connect = {};
9721 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9722 	struct net_device *dev = info->user_ptr[1];
9723 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9724 	bool fils_sk_offload;
9725 	u32 auth_type;
9726 	u32 changed = 0;
9727 	int ret;
9728 
9729 	if (!rdev->ops->update_connect_params)
9730 		return -EOPNOTSUPP;
9731 
9732 	if (info->attrs[NL80211_ATTR_IE]) {
9733 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9734 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9735 		changed |= UPDATE_ASSOC_IES;
9736 	}
9737 
9738 	fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
9739 						  NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
9740 
9741 	/*
9742 	 * when driver supports fils-sk offload all attributes must be
9743 	 * provided. So the else covers "fils-sk-not-all" and
9744 	 * "no-fils-sk-any".
9745 	 */
9746 	if (fils_sk_offload &&
9747 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9748 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9749 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9750 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9751 		connect.fils_erp_username =
9752 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9753 		connect.fils_erp_username_len =
9754 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9755 		connect.fils_erp_realm =
9756 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9757 		connect.fils_erp_realm_len =
9758 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9759 		connect.fils_erp_next_seq_num =
9760 			nla_get_u16(
9761 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9762 		connect.fils_erp_rrk =
9763 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9764 		connect.fils_erp_rrk_len =
9765 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9766 		changed |= UPDATE_FILS_ERP_INFO;
9767 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9768 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9769 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9770 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9771 		return -EINVAL;
9772 	}
9773 
9774 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9775 		auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9776 		if (!nl80211_valid_auth_type(rdev, auth_type,
9777 					     NL80211_CMD_CONNECT))
9778 			return -EINVAL;
9779 
9780 		if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
9781 		    fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
9782 			return -EINVAL;
9783 
9784 		connect.auth_type = auth_type;
9785 		changed |= UPDATE_AUTH_TYPE;
9786 	}
9787 
9788 	wdev_lock(dev->ieee80211_ptr);
9789 	if (!wdev->current_bss)
9790 		ret = -ENOLINK;
9791 	else
9792 		ret = rdev_update_connect_params(rdev, dev, &connect, changed);
9793 	wdev_unlock(dev->ieee80211_ptr);
9794 
9795 	return ret;
9796 }
9797 
9798 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
9799 {
9800 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9801 	struct net_device *dev = info->user_ptr[1];
9802 	u16 reason;
9803 	int ret;
9804 
9805 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9806 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9807 		return -EPERM;
9808 
9809 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9810 		reason = WLAN_REASON_DEAUTH_LEAVING;
9811 	else
9812 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9813 
9814 	if (reason == 0)
9815 		return -EINVAL;
9816 
9817 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9818 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9819 		return -EOPNOTSUPP;
9820 
9821 	wdev_lock(dev->ieee80211_ptr);
9822 	ret = cfg80211_disconnect(rdev, dev, reason, true);
9823 	wdev_unlock(dev->ieee80211_ptr);
9824 	return ret;
9825 }
9826 
9827 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
9828 {
9829 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9830 	struct net *net;
9831 	int err;
9832 
9833 	if (info->attrs[NL80211_ATTR_PID]) {
9834 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
9835 
9836 		net = get_net_ns_by_pid(pid);
9837 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
9838 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
9839 
9840 		net = get_net_ns_by_fd(fd);
9841 	} else {
9842 		return -EINVAL;
9843 	}
9844 
9845 	if (IS_ERR(net))
9846 		return PTR_ERR(net);
9847 
9848 	err = 0;
9849 
9850 	/* check if anything to do */
9851 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
9852 		err = cfg80211_switch_netns(rdev, net);
9853 
9854 	put_net(net);
9855 	return err;
9856 }
9857 
9858 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
9859 {
9860 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9861 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
9862 			struct cfg80211_pmksa *pmksa) = NULL;
9863 	struct net_device *dev = info->user_ptr[1];
9864 	struct cfg80211_pmksa pmksa;
9865 
9866 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
9867 
9868 	if (!info->attrs[NL80211_ATTR_PMKID])
9869 		return -EINVAL;
9870 
9871 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
9872 
9873 	if (info->attrs[NL80211_ATTR_MAC]) {
9874 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9875 	} else if (info->attrs[NL80211_ATTR_SSID] &&
9876 		   info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
9877 		   (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
9878 		    info->attrs[NL80211_ATTR_PMK])) {
9879 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9880 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9881 		pmksa.cache_id =
9882 			nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
9883 	} else {
9884 		return -EINVAL;
9885 	}
9886 	if (info->attrs[NL80211_ATTR_PMK]) {
9887 		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
9888 		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
9889 	}
9890 
9891 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9892 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
9893 	    !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
9894 	      wiphy_ext_feature_isset(&rdev->wiphy,
9895 				      NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
9896 		return -EOPNOTSUPP;
9897 
9898 	switch (info->genlhdr->cmd) {
9899 	case NL80211_CMD_SET_PMKSA:
9900 		rdev_ops = rdev->ops->set_pmksa;
9901 		break;
9902 	case NL80211_CMD_DEL_PMKSA:
9903 		rdev_ops = rdev->ops->del_pmksa;
9904 		break;
9905 	default:
9906 		WARN_ON(1);
9907 		break;
9908 	}
9909 
9910 	if (!rdev_ops)
9911 		return -EOPNOTSUPP;
9912 
9913 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
9914 }
9915 
9916 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
9917 {
9918 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9919 	struct net_device *dev = info->user_ptr[1];
9920 
9921 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9922 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9923 		return -EOPNOTSUPP;
9924 
9925 	if (!rdev->ops->flush_pmksa)
9926 		return -EOPNOTSUPP;
9927 
9928 	return rdev_flush_pmksa(rdev, dev);
9929 }
9930 
9931 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
9932 {
9933 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9934 	struct net_device *dev = info->user_ptr[1];
9935 	u8 action_code, dialog_token;
9936 	u32 peer_capability = 0;
9937 	u16 status_code;
9938 	u8 *peer;
9939 	bool initiator;
9940 
9941 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9942 	    !rdev->ops->tdls_mgmt)
9943 		return -EOPNOTSUPP;
9944 
9945 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
9946 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
9947 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
9948 	    !info->attrs[NL80211_ATTR_IE] ||
9949 	    !info->attrs[NL80211_ATTR_MAC])
9950 		return -EINVAL;
9951 
9952 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9953 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
9954 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
9955 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
9956 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
9957 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
9958 		peer_capability =
9959 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
9960 
9961 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
9962 			      dialog_token, status_code, peer_capability,
9963 			      initiator,
9964 			      nla_data(info->attrs[NL80211_ATTR_IE]),
9965 			      nla_len(info->attrs[NL80211_ATTR_IE]));
9966 }
9967 
9968 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
9969 {
9970 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9971 	struct net_device *dev = info->user_ptr[1];
9972 	enum nl80211_tdls_operation operation;
9973 	u8 *peer;
9974 
9975 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
9976 	    !rdev->ops->tdls_oper)
9977 		return -EOPNOTSUPP;
9978 
9979 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
9980 	    !info->attrs[NL80211_ATTR_MAC])
9981 		return -EINVAL;
9982 
9983 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
9984 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
9985 
9986 	return rdev_tdls_oper(rdev, dev, peer, operation);
9987 }
9988 
9989 static int nl80211_remain_on_channel(struct sk_buff *skb,
9990 				     struct genl_info *info)
9991 {
9992 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9993 	struct wireless_dev *wdev = info->user_ptr[1];
9994 	struct cfg80211_chan_def chandef;
9995 	const struct cfg80211_chan_def *compat_chandef;
9996 	struct sk_buff *msg;
9997 	void *hdr;
9998 	u64 cookie;
9999 	u32 duration;
10000 	int err;
10001 
10002 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10003 	    !info->attrs[NL80211_ATTR_DURATION])
10004 		return -EINVAL;
10005 
10006 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10007 
10008 	if (!rdev->ops->remain_on_channel ||
10009 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10010 		return -EOPNOTSUPP;
10011 
10012 	/*
10013 	 * We should be on that channel for at least a minimum amount of
10014 	 * time (10ms) but no longer than the driver supports.
10015 	 */
10016 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10017 	    duration > rdev->wiphy.max_remain_on_channel_duration)
10018 		return -EINVAL;
10019 
10020 	err = nl80211_parse_chandef(rdev, info, &chandef);
10021 	if (err)
10022 		return err;
10023 
10024 	wdev_lock(wdev);
10025 	if (!cfg80211_off_channel_oper_allowed(wdev) &&
10026 	    !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10027 		compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10028 							     &chandef);
10029 		if (compat_chandef != &chandef) {
10030 			wdev_unlock(wdev);
10031 			return -EBUSY;
10032 		}
10033 	}
10034 	wdev_unlock(wdev);
10035 
10036 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10037 	if (!msg)
10038 		return -ENOMEM;
10039 
10040 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10041 			     NL80211_CMD_REMAIN_ON_CHANNEL);
10042 	if (!hdr) {
10043 		err = -ENOBUFS;
10044 		goto free_msg;
10045 	}
10046 
10047 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10048 				     duration, &cookie);
10049 
10050 	if (err)
10051 		goto free_msg;
10052 
10053 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10054 			      NL80211_ATTR_PAD))
10055 		goto nla_put_failure;
10056 
10057 	genlmsg_end(msg, hdr);
10058 
10059 	return genlmsg_reply(msg, info);
10060 
10061  nla_put_failure:
10062 	err = -ENOBUFS;
10063  free_msg:
10064 	nlmsg_free(msg);
10065 	return err;
10066 }
10067 
10068 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10069 					    struct genl_info *info)
10070 {
10071 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10072 	struct wireless_dev *wdev = info->user_ptr[1];
10073 	u64 cookie;
10074 
10075 	if (!info->attrs[NL80211_ATTR_COOKIE])
10076 		return -EINVAL;
10077 
10078 	if (!rdev->ops->cancel_remain_on_channel)
10079 		return -EOPNOTSUPP;
10080 
10081 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10082 
10083 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10084 }
10085 
10086 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10087 				       struct genl_info *info)
10088 {
10089 	struct cfg80211_bitrate_mask mask;
10090 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10091 	struct net_device *dev = info->user_ptr[1];
10092 	int err;
10093 
10094 	if (!rdev->ops->set_bitrate_mask)
10095 		return -EOPNOTSUPP;
10096 
10097 	err = nl80211_parse_tx_bitrate_mask(info, &mask);
10098 	if (err)
10099 		return err;
10100 
10101 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10102 }
10103 
10104 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10105 {
10106 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10107 	struct wireless_dev *wdev = info->user_ptr[1];
10108 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10109 
10110 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10111 		return -EINVAL;
10112 
10113 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10114 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10115 
10116 	switch (wdev->iftype) {
10117 	case NL80211_IFTYPE_STATION:
10118 	case NL80211_IFTYPE_ADHOC:
10119 	case NL80211_IFTYPE_P2P_CLIENT:
10120 	case NL80211_IFTYPE_AP:
10121 	case NL80211_IFTYPE_AP_VLAN:
10122 	case NL80211_IFTYPE_MESH_POINT:
10123 	case NL80211_IFTYPE_P2P_GO:
10124 	case NL80211_IFTYPE_P2P_DEVICE:
10125 		break;
10126 	case NL80211_IFTYPE_NAN:
10127 	default:
10128 		return -EOPNOTSUPP;
10129 	}
10130 
10131 	/* not much point in registering if we can't reply */
10132 	if (!rdev->ops->mgmt_tx)
10133 		return -EOPNOTSUPP;
10134 
10135 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10136 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10137 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
10138 }
10139 
10140 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10141 {
10142 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10143 	struct wireless_dev *wdev = info->user_ptr[1];
10144 	struct cfg80211_chan_def chandef;
10145 	int err;
10146 	void *hdr = NULL;
10147 	u64 cookie;
10148 	struct sk_buff *msg = NULL;
10149 	struct cfg80211_mgmt_tx_params params = {
10150 		.dont_wait_for_ack =
10151 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10152 	};
10153 
10154 	if (!info->attrs[NL80211_ATTR_FRAME])
10155 		return -EINVAL;
10156 
10157 	if (!rdev->ops->mgmt_tx)
10158 		return -EOPNOTSUPP;
10159 
10160 	switch (wdev->iftype) {
10161 	case NL80211_IFTYPE_P2P_DEVICE:
10162 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10163 			return -EINVAL;
10164 	case NL80211_IFTYPE_STATION:
10165 	case NL80211_IFTYPE_ADHOC:
10166 	case NL80211_IFTYPE_P2P_CLIENT:
10167 	case NL80211_IFTYPE_AP:
10168 	case NL80211_IFTYPE_AP_VLAN:
10169 	case NL80211_IFTYPE_MESH_POINT:
10170 	case NL80211_IFTYPE_P2P_GO:
10171 		break;
10172 	case NL80211_IFTYPE_NAN:
10173 	default:
10174 		return -EOPNOTSUPP;
10175 	}
10176 
10177 	if (info->attrs[NL80211_ATTR_DURATION]) {
10178 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10179 			return -EINVAL;
10180 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10181 
10182 		/*
10183 		 * We should wait on the channel for at least a minimum amount
10184 		 * of time (10ms) but no longer than the driver supports.
10185 		 */
10186 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10187 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
10188 			return -EINVAL;
10189 	}
10190 
10191 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10192 
10193 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10194 		return -EINVAL;
10195 
10196 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10197 
10198 	/* get the channel if any has been specified, otherwise pass NULL to
10199 	 * the driver. The latter will use the current one
10200 	 */
10201 	chandef.chan = NULL;
10202 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10203 		err = nl80211_parse_chandef(rdev, info, &chandef);
10204 		if (err)
10205 			return err;
10206 	}
10207 
10208 	if (!chandef.chan && params.offchan)
10209 		return -EINVAL;
10210 
10211 	wdev_lock(wdev);
10212 	if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10213 		wdev_unlock(wdev);
10214 		return -EBUSY;
10215 	}
10216 	wdev_unlock(wdev);
10217 
10218 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10219 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10220 
10221 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10222 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10223 		int i;
10224 
10225 		if (len % sizeof(u16))
10226 			return -EINVAL;
10227 
10228 		params.n_csa_offsets = len / sizeof(u16);
10229 		params.csa_offsets =
10230 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10231 
10232 		/* check that all the offsets fit the frame */
10233 		for (i = 0; i < params.n_csa_offsets; i++) {
10234 			if (params.csa_offsets[i] >= params.len)
10235 				return -EINVAL;
10236 		}
10237 	}
10238 
10239 	if (!params.dont_wait_for_ack) {
10240 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10241 		if (!msg)
10242 			return -ENOMEM;
10243 
10244 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10245 				     NL80211_CMD_FRAME);
10246 		if (!hdr) {
10247 			err = -ENOBUFS;
10248 			goto free_msg;
10249 		}
10250 	}
10251 
10252 	params.chan = chandef.chan;
10253 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
10254 	if (err)
10255 		goto free_msg;
10256 
10257 	if (msg) {
10258 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10259 				      NL80211_ATTR_PAD))
10260 			goto nla_put_failure;
10261 
10262 		genlmsg_end(msg, hdr);
10263 		return genlmsg_reply(msg, info);
10264 	}
10265 
10266 	return 0;
10267 
10268  nla_put_failure:
10269 	err = -ENOBUFS;
10270  free_msg:
10271 	nlmsg_free(msg);
10272 	return err;
10273 }
10274 
10275 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10276 {
10277 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10278 	struct wireless_dev *wdev = info->user_ptr[1];
10279 	u64 cookie;
10280 
10281 	if (!info->attrs[NL80211_ATTR_COOKIE])
10282 		return -EINVAL;
10283 
10284 	if (!rdev->ops->mgmt_tx_cancel_wait)
10285 		return -EOPNOTSUPP;
10286 
10287 	switch (wdev->iftype) {
10288 	case NL80211_IFTYPE_STATION:
10289 	case NL80211_IFTYPE_ADHOC:
10290 	case NL80211_IFTYPE_P2P_CLIENT:
10291 	case NL80211_IFTYPE_AP:
10292 	case NL80211_IFTYPE_AP_VLAN:
10293 	case NL80211_IFTYPE_P2P_GO:
10294 	case NL80211_IFTYPE_P2P_DEVICE:
10295 		break;
10296 	case NL80211_IFTYPE_NAN:
10297 	default:
10298 		return -EOPNOTSUPP;
10299 	}
10300 
10301 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10302 
10303 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10304 }
10305 
10306 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10307 {
10308 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10309 	struct wireless_dev *wdev;
10310 	struct net_device *dev = info->user_ptr[1];
10311 	u8 ps_state;
10312 	bool state;
10313 	int err;
10314 
10315 	if (!info->attrs[NL80211_ATTR_PS_STATE])
10316 		return -EINVAL;
10317 
10318 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10319 
10320 	wdev = dev->ieee80211_ptr;
10321 
10322 	if (!rdev->ops->set_power_mgmt)
10323 		return -EOPNOTSUPP;
10324 
10325 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10326 
10327 	if (state == wdev->ps)
10328 		return 0;
10329 
10330 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10331 	if (!err)
10332 		wdev->ps = state;
10333 	return err;
10334 }
10335 
10336 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10337 {
10338 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10339 	enum nl80211_ps_state ps_state;
10340 	struct wireless_dev *wdev;
10341 	struct net_device *dev = info->user_ptr[1];
10342 	struct sk_buff *msg;
10343 	void *hdr;
10344 	int err;
10345 
10346 	wdev = dev->ieee80211_ptr;
10347 
10348 	if (!rdev->ops->set_power_mgmt)
10349 		return -EOPNOTSUPP;
10350 
10351 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10352 	if (!msg)
10353 		return -ENOMEM;
10354 
10355 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10356 			     NL80211_CMD_GET_POWER_SAVE);
10357 	if (!hdr) {
10358 		err = -ENOBUFS;
10359 		goto free_msg;
10360 	}
10361 
10362 	if (wdev->ps)
10363 		ps_state = NL80211_PS_ENABLED;
10364 	else
10365 		ps_state = NL80211_PS_DISABLED;
10366 
10367 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
10368 		goto nla_put_failure;
10369 
10370 	genlmsg_end(msg, hdr);
10371 	return genlmsg_reply(msg, info);
10372 
10373  nla_put_failure:
10374 	err = -ENOBUFS;
10375  free_msg:
10376 	nlmsg_free(msg);
10377 	return err;
10378 }
10379 
10380 static const struct nla_policy
10381 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
10382 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
10383 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
10384 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
10385 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
10386 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
10387 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
10388 	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
10389 };
10390 
10391 static int nl80211_set_cqm_txe(struct genl_info *info,
10392 			       u32 rate, u32 pkts, u32 intvl)
10393 {
10394 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10395 	struct net_device *dev = info->user_ptr[1];
10396 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10397 
10398 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
10399 		return -EINVAL;
10400 
10401 	if (!rdev->ops->set_cqm_txe_config)
10402 		return -EOPNOTSUPP;
10403 
10404 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10405 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10406 		return -EOPNOTSUPP;
10407 
10408 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
10409 }
10410 
10411 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
10412 				    struct net_device *dev)
10413 {
10414 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10415 	s32 last, low, high;
10416 	u32 hyst;
10417 	int i, n, low_index;
10418 	int err;
10419 
10420 	/* RSSI reporting disabled? */
10421 	if (!wdev->cqm_config)
10422 		return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
10423 
10424 	/*
10425 	 * Obtain current RSSI value if possible, if not and no RSSI threshold
10426 	 * event has been received yet, we should receive an event after a
10427 	 * connection is established and enough beacons received to calculate
10428 	 * the average.
10429 	 */
10430 	if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
10431 	    rdev->ops->get_station) {
10432 		struct station_info sinfo = {};
10433 		u8 *mac_addr;
10434 
10435 		mac_addr = wdev->current_bss->pub.bssid;
10436 
10437 		err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
10438 		if (err)
10439 			return err;
10440 
10441 		if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
10442 			wdev->cqm_config->last_rssi_event_value =
10443 				(s8) sinfo.rx_beacon_signal_avg;
10444 	}
10445 
10446 	last = wdev->cqm_config->last_rssi_event_value;
10447 	hyst = wdev->cqm_config->rssi_hyst;
10448 	n = wdev->cqm_config->n_rssi_thresholds;
10449 
10450 	for (i = 0; i < n; i++)
10451 		if (last < wdev->cqm_config->rssi_thresholds[i])
10452 			break;
10453 
10454 	low_index = i - 1;
10455 	if (low_index >= 0) {
10456 		low_index = array_index_nospec(low_index, n);
10457 		low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10458 	} else {
10459 		low = S32_MIN;
10460 	}
10461 	if (i < n) {
10462 		i = array_index_nospec(i, n);
10463 		high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10464 	} else {
10465 		high = S32_MAX;
10466 	}
10467 
10468 	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
10469 }
10470 
10471 static int nl80211_set_cqm_rssi(struct genl_info *info,
10472 				const s32 *thresholds, int n_thresholds,
10473 				u32 hysteresis)
10474 {
10475 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10476 	struct net_device *dev = info->user_ptr[1];
10477 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10478 	int i, err;
10479 	s32 prev = S32_MIN;
10480 
10481 	/* Check all values negative and sorted */
10482 	for (i = 0; i < n_thresholds; i++) {
10483 		if (thresholds[i] > 0 || thresholds[i] <= prev)
10484 			return -EINVAL;
10485 
10486 		prev = thresholds[i];
10487 	}
10488 
10489 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10490 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10491 		return -EOPNOTSUPP;
10492 
10493 	wdev_lock(wdev);
10494 	cfg80211_cqm_config_free(wdev);
10495 	wdev_unlock(wdev);
10496 
10497 	if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
10498 		if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
10499 			return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
10500 
10501 		return rdev_set_cqm_rssi_config(rdev, dev,
10502 						thresholds[0], hysteresis);
10503 	}
10504 
10505 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
10506 				     NL80211_EXT_FEATURE_CQM_RSSI_LIST))
10507 		return -EOPNOTSUPP;
10508 
10509 	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
10510 		n_thresholds = 0;
10511 
10512 	wdev_lock(wdev);
10513 	if (n_thresholds) {
10514 		struct cfg80211_cqm_config *cqm_config;
10515 
10516 		cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
10517 				     n_thresholds * sizeof(s32), GFP_KERNEL);
10518 		if (!cqm_config) {
10519 			err = -ENOMEM;
10520 			goto unlock;
10521 		}
10522 
10523 		cqm_config->rssi_hyst = hysteresis;
10524 		cqm_config->n_rssi_thresholds = n_thresholds;
10525 		memcpy(cqm_config->rssi_thresholds, thresholds,
10526 		       n_thresholds * sizeof(s32));
10527 
10528 		wdev->cqm_config = cqm_config;
10529 	}
10530 
10531 	err = cfg80211_cqm_rssi_update(rdev, dev);
10532 
10533 unlock:
10534 	wdev_unlock(wdev);
10535 
10536 	return err;
10537 }
10538 
10539 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
10540 {
10541 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
10542 	struct nlattr *cqm;
10543 	int err;
10544 
10545 	cqm = info->attrs[NL80211_ATTR_CQM];
10546 	if (!cqm)
10547 		return -EINVAL;
10548 
10549 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
10550 			       nl80211_attr_cqm_policy, info->extack);
10551 	if (err)
10552 		return err;
10553 
10554 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
10555 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
10556 		const s32 *thresholds =
10557 			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10558 		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10559 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
10560 
10561 		if (len % 4)
10562 			return -EINVAL;
10563 
10564 		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
10565 					    hysteresis);
10566 	}
10567 
10568 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
10569 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
10570 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
10571 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
10572 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
10573 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
10574 
10575 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
10576 	}
10577 
10578 	return -EINVAL;
10579 }
10580 
10581 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
10582 {
10583 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10584 	struct net_device *dev = info->user_ptr[1];
10585 	struct ocb_setup setup = {};
10586 	int err;
10587 
10588 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10589 	if (err)
10590 		return err;
10591 
10592 	return cfg80211_join_ocb(rdev, dev, &setup);
10593 }
10594 
10595 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
10596 {
10597 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10598 	struct net_device *dev = info->user_ptr[1];
10599 
10600 	return cfg80211_leave_ocb(rdev, dev);
10601 }
10602 
10603 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
10604 {
10605 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10606 	struct net_device *dev = info->user_ptr[1];
10607 	struct mesh_config cfg;
10608 	struct mesh_setup setup;
10609 	int err;
10610 
10611 	/* start with default */
10612 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
10613 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
10614 
10615 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
10616 		/* and parse parameters if given */
10617 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
10618 		if (err)
10619 			return err;
10620 	}
10621 
10622 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
10623 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
10624 		return -EINVAL;
10625 
10626 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
10627 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
10628 
10629 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10630 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
10631 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10632 			return -EINVAL;
10633 
10634 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
10635 		setup.beacon_interval =
10636 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10637 
10638 		err = cfg80211_validate_beacon_int(rdev,
10639 						   NL80211_IFTYPE_MESH_POINT,
10640 						   setup.beacon_interval);
10641 		if (err)
10642 			return err;
10643 	}
10644 
10645 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
10646 		setup.dtim_period =
10647 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
10648 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
10649 			return -EINVAL;
10650 	}
10651 
10652 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10653 		/* parse additional setup parameters if given */
10654 		err = nl80211_parse_mesh_setup(info, &setup);
10655 		if (err)
10656 			return err;
10657 	}
10658 
10659 	if (setup.user_mpm)
10660 		cfg.auto_open_plinks = false;
10661 
10662 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10663 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10664 		if (err)
10665 			return err;
10666 	} else {
10667 		/* __cfg80211_join_mesh() will sort it out */
10668 		setup.chandef.chan = NULL;
10669 	}
10670 
10671 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10672 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10673 		int n_rates =
10674 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10675 		struct ieee80211_supported_band *sband;
10676 
10677 		if (!setup.chandef.chan)
10678 			return -EINVAL;
10679 
10680 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
10681 
10682 		err = ieee80211_get_ratemask(sband, rates, n_rates,
10683 					     &setup.basic_rates);
10684 		if (err)
10685 			return err;
10686 	}
10687 
10688 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
10689 		err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
10690 		if (err)
10691 			return err;
10692 
10693 		if (!setup.chandef.chan)
10694 			return -EINVAL;
10695 
10696 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10697 					      &setup.beacon_rate);
10698 		if (err)
10699 			return err;
10700 	}
10701 
10702 	setup.userspace_handles_dfs =
10703 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10704 
10705 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10706 		int r = validate_pae_over_nl80211(rdev, info);
10707 
10708 		if (r < 0)
10709 			return r;
10710 
10711 		setup.control_port_over_nl80211 = true;
10712 	}
10713 
10714 	wdev_lock(dev->ieee80211_ptr);
10715 	err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10716 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
10717 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10718 	wdev_unlock(dev->ieee80211_ptr);
10719 
10720 	return err;
10721 }
10722 
10723 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10724 {
10725 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10726 	struct net_device *dev = info->user_ptr[1];
10727 
10728 	return cfg80211_leave_mesh(rdev, dev);
10729 }
10730 
10731 #ifdef CONFIG_PM
10732 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10733 					struct cfg80211_registered_device *rdev)
10734 {
10735 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10736 	struct nlattr *nl_pats, *nl_pat;
10737 	int i, pat_len;
10738 
10739 	if (!wowlan->n_patterns)
10740 		return 0;
10741 
10742 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10743 	if (!nl_pats)
10744 		return -ENOBUFS;
10745 
10746 	for (i = 0; i < wowlan->n_patterns; i++) {
10747 		nl_pat = nla_nest_start(msg, i + 1);
10748 		if (!nl_pat)
10749 			return -ENOBUFS;
10750 		pat_len = wowlan->patterns[i].pattern_len;
10751 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10752 			    wowlan->patterns[i].mask) ||
10753 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10754 			    wowlan->patterns[i].pattern) ||
10755 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10756 				wowlan->patterns[i].pkt_offset))
10757 			return -ENOBUFS;
10758 		nla_nest_end(msg, nl_pat);
10759 	}
10760 	nla_nest_end(msg, nl_pats);
10761 
10762 	return 0;
10763 }
10764 
10765 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10766 				   struct cfg80211_wowlan_tcp *tcp)
10767 {
10768 	struct nlattr *nl_tcp;
10769 
10770 	if (!tcp)
10771 		return 0;
10772 
10773 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10774 	if (!nl_tcp)
10775 		return -ENOBUFS;
10776 
10777 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10778 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10779 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10780 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10781 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10782 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10783 		    tcp->payload_len, tcp->payload) ||
10784 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10785 			tcp->data_interval) ||
10786 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
10787 		    tcp->wake_len, tcp->wake_data) ||
10788 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
10789 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
10790 		return -ENOBUFS;
10791 
10792 	if (tcp->payload_seq.len &&
10793 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
10794 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
10795 		return -ENOBUFS;
10796 
10797 	if (tcp->payload_tok.len &&
10798 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
10799 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
10800 		    &tcp->payload_tok))
10801 		return -ENOBUFS;
10802 
10803 	nla_nest_end(msg, nl_tcp);
10804 
10805 	return 0;
10806 }
10807 
10808 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
10809 				  struct cfg80211_sched_scan_request *req)
10810 {
10811 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
10812 	int i;
10813 
10814 	if (!req)
10815 		return 0;
10816 
10817 	nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
10818 	if (!nd)
10819 		return -ENOBUFS;
10820 
10821 	if (req->n_scan_plans == 1 &&
10822 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
10823 			req->scan_plans[0].interval * 1000))
10824 		return -ENOBUFS;
10825 
10826 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
10827 		return -ENOBUFS;
10828 
10829 	if (req->relative_rssi_set) {
10830 		struct nl80211_bss_select_rssi_adjust rssi_adjust;
10831 
10832 		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
10833 			       req->relative_rssi))
10834 			return -ENOBUFS;
10835 
10836 		rssi_adjust.band = req->rssi_adjust.band;
10837 		rssi_adjust.delta = req->rssi_adjust.delta;
10838 		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
10839 			    sizeof(rssi_adjust), &rssi_adjust))
10840 			return -ENOBUFS;
10841 	}
10842 
10843 	freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10844 	if (!freqs)
10845 		return -ENOBUFS;
10846 
10847 	for (i = 0; i < req->n_channels; i++) {
10848 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10849 			return -ENOBUFS;
10850 	}
10851 
10852 	nla_nest_end(msg, freqs);
10853 
10854 	if (req->n_match_sets) {
10855 		matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
10856 		if (!matches)
10857 			return -ENOBUFS;
10858 
10859 		for (i = 0; i < req->n_match_sets; i++) {
10860 			match = nla_nest_start(msg, i);
10861 			if (!match)
10862 				return -ENOBUFS;
10863 
10864 			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
10865 				    req->match_sets[i].ssid.ssid_len,
10866 				    req->match_sets[i].ssid.ssid))
10867 				return -ENOBUFS;
10868 			nla_nest_end(msg, match);
10869 		}
10870 		nla_nest_end(msg, matches);
10871 	}
10872 
10873 	scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
10874 	if (!scan_plans)
10875 		return -ENOBUFS;
10876 
10877 	for (i = 0; i < req->n_scan_plans; i++) {
10878 		scan_plan = nla_nest_start(msg, i + 1);
10879 		if (!scan_plan)
10880 			return -ENOBUFS;
10881 
10882 		if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
10883 				req->scan_plans[i].interval) ||
10884 		    (req->scan_plans[i].iterations &&
10885 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
10886 				 req->scan_plans[i].iterations)))
10887 			return -ENOBUFS;
10888 		nla_nest_end(msg, scan_plan);
10889 	}
10890 	nla_nest_end(msg, scan_plans);
10891 
10892 	nla_nest_end(msg, nd);
10893 
10894 	return 0;
10895 }
10896 
10897 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
10898 {
10899 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10900 	struct sk_buff *msg;
10901 	void *hdr;
10902 	u32 size = NLMSG_DEFAULT_SIZE;
10903 
10904 	if (!rdev->wiphy.wowlan)
10905 		return -EOPNOTSUPP;
10906 
10907 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
10908 		/* adjust size to have room for all the data */
10909 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
10910 			rdev->wiphy.wowlan_config->tcp->payload_len +
10911 			rdev->wiphy.wowlan_config->tcp->wake_len +
10912 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
10913 	}
10914 
10915 	msg = nlmsg_new(size, GFP_KERNEL);
10916 	if (!msg)
10917 		return -ENOMEM;
10918 
10919 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10920 			     NL80211_CMD_GET_WOWLAN);
10921 	if (!hdr)
10922 		goto nla_put_failure;
10923 
10924 	if (rdev->wiphy.wowlan_config) {
10925 		struct nlattr *nl_wowlan;
10926 
10927 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
10928 		if (!nl_wowlan)
10929 			goto nla_put_failure;
10930 
10931 		if ((rdev->wiphy.wowlan_config->any &&
10932 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10933 		    (rdev->wiphy.wowlan_config->disconnect &&
10934 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10935 		    (rdev->wiphy.wowlan_config->magic_pkt &&
10936 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10937 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
10938 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10939 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
10940 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10941 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
10942 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10943 		    (rdev->wiphy.wowlan_config->rfkill_release &&
10944 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
10945 			goto nla_put_failure;
10946 
10947 		if (nl80211_send_wowlan_patterns(msg, rdev))
10948 			goto nla_put_failure;
10949 
10950 		if (nl80211_send_wowlan_tcp(msg,
10951 					    rdev->wiphy.wowlan_config->tcp))
10952 			goto nla_put_failure;
10953 
10954 		if (nl80211_send_wowlan_nd(
10955 			    msg,
10956 			    rdev->wiphy.wowlan_config->nd_config))
10957 			goto nla_put_failure;
10958 
10959 		nla_nest_end(msg, nl_wowlan);
10960 	}
10961 
10962 	genlmsg_end(msg, hdr);
10963 	return genlmsg_reply(msg, info);
10964 
10965 nla_put_failure:
10966 	nlmsg_free(msg);
10967 	return -ENOBUFS;
10968 }
10969 
10970 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
10971 				    struct nlattr *attr,
10972 				    struct cfg80211_wowlan *trig)
10973 {
10974 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
10975 	struct cfg80211_wowlan_tcp *cfg;
10976 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
10977 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
10978 	u32 size;
10979 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
10980 	int err, port;
10981 
10982 	if (!rdev->wiphy.wowlan->tcp)
10983 		return -EINVAL;
10984 
10985 	err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr,
10986 			       nl80211_wowlan_tcp_policy, NULL);
10987 	if (err)
10988 		return err;
10989 
10990 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
10991 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
10992 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
10993 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
10994 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
10995 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
10996 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
10997 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
10998 		return -EINVAL;
10999 
11000 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11001 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11002 		return -EINVAL;
11003 
11004 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11005 			rdev->wiphy.wowlan->tcp->data_interval_max ||
11006 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11007 		return -EINVAL;
11008 
11009 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11010 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11011 		return -EINVAL;
11012 
11013 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11014 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11015 		return -EINVAL;
11016 
11017 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11018 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11019 
11020 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11021 		tokens_size = tokln - sizeof(*tok);
11022 
11023 		if (!tok->len || tokens_size % tok->len)
11024 			return -EINVAL;
11025 		if (!rdev->wiphy.wowlan->tcp->tok)
11026 			return -EINVAL;
11027 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11028 			return -EINVAL;
11029 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11030 			return -EINVAL;
11031 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11032 			return -EINVAL;
11033 		if (tok->offset + tok->len > data_size)
11034 			return -EINVAL;
11035 	}
11036 
11037 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11038 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11039 		if (!rdev->wiphy.wowlan->tcp->seq)
11040 			return -EINVAL;
11041 		if (seq->len == 0 || seq->len > 4)
11042 			return -EINVAL;
11043 		if (seq->len + seq->offset > data_size)
11044 			return -EINVAL;
11045 	}
11046 
11047 	size = sizeof(*cfg);
11048 	size += data_size;
11049 	size += wake_size + wake_mask_size;
11050 	size += tokens_size;
11051 
11052 	cfg = kzalloc(size, GFP_KERNEL);
11053 	if (!cfg)
11054 		return -ENOMEM;
11055 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11056 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11057 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11058 	       ETH_ALEN);
11059 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11060 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11061 	else
11062 		port = 0;
11063 #ifdef CONFIG_INET
11064 	/* allocate a socket and port for it and use it */
11065 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11066 			    IPPROTO_TCP, &cfg->sock, 1);
11067 	if (err) {
11068 		kfree(cfg);
11069 		return err;
11070 	}
11071 	if (inet_csk_get_port(cfg->sock->sk, port)) {
11072 		sock_release(cfg->sock);
11073 		kfree(cfg);
11074 		return -EADDRINUSE;
11075 	}
11076 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11077 #else
11078 	if (!port) {
11079 		kfree(cfg);
11080 		return -EINVAL;
11081 	}
11082 	cfg->src_port = port;
11083 #endif
11084 
11085 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11086 	cfg->payload_len = data_size;
11087 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11088 	memcpy((void *)cfg->payload,
11089 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11090 	       data_size);
11091 	if (seq)
11092 		cfg->payload_seq = *seq;
11093 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11094 	cfg->wake_len = wake_size;
11095 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11096 	memcpy((void *)cfg->wake_data,
11097 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11098 	       wake_size);
11099 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11100 			 data_size + wake_size;
11101 	memcpy((void *)cfg->wake_mask,
11102 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11103 	       wake_mask_size);
11104 	if (tok) {
11105 		cfg->tokens_size = tokens_size;
11106 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11107 	}
11108 
11109 	trig->tcp = cfg;
11110 
11111 	return 0;
11112 }
11113 
11114 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11115 				   const struct wiphy_wowlan_support *wowlan,
11116 				   struct nlattr *attr,
11117 				   struct cfg80211_wowlan *trig)
11118 {
11119 	struct nlattr **tb;
11120 	int err;
11121 
11122 	tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11123 	if (!tb)
11124 		return -ENOMEM;
11125 
11126 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11127 		err = -EOPNOTSUPP;
11128 		goto out;
11129 	}
11130 
11131 	err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy,
11132 			       NULL);
11133 	if (err)
11134 		goto out;
11135 
11136 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11137 						   wowlan->max_nd_match_sets);
11138 	err = PTR_ERR_OR_ZERO(trig->nd_config);
11139 	if (err)
11140 		trig->nd_config = NULL;
11141 
11142 out:
11143 	kfree(tb);
11144 	return err;
11145 }
11146 
11147 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11148 {
11149 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11150 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11151 	struct cfg80211_wowlan new_triggers = {};
11152 	struct cfg80211_wowlan *ntrig;
11153 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11154 	int err, i;
11155 	bool prev_enabled = rdev->wiphy.wowlan_config;
11156 	bool regular = false;
11157 
11158 	if (!wowlan)
11159 		return -EOPNOTSUPP;
11160 
11161 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11162 		cfg80211_rdev_free_wowlan(rdev);
11163 		rdev->wiphy.wowlan_config = NULL;
11164 		goto set_wakeup;
11165 	}
11166 
11167 	err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG,
11168 			       info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11169 			       nl80211_wowlan_policy, info->extack);
11170 	if (err)
11171 		return err;
11172 
11173 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11174 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11175 			return -EINVAL;
11176 		new_triggers.any = true;
11177 	}
11178 
11179 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11180 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11181 			return -EINVAL;
11182 		new_triggers.disconnect = true;
11183 		regular = true;
11184 	}
11185 
11186 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11187 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11188 			return -EINVAL;
11189 		new_triggers.magic_pkt = true;
11190 		regular = true;
11191 	}
11192 
11193 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11194 		return -EINVAL;
11195 
11196 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11197 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11198 			return -EINVAL;
11199 		new_triggers.gtk_rekey_failure = true;
11200 		regular = true;
11201 	}
11202 
11203 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11204 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11205 			return -EINVAL;
11206 		new_triggers.eap_identity_req = true;
11207 		regular = true;
11208 	}
11209 
11210 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11211 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11212 			return -EINVAL;
11213 		new_triggers.four_way_handshake = true;
11214 		regular = true;
11215 	}
11216 
11217 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11218 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11219 			return -EINVAL;
11220 		new_triggers.rfkill_release = true;
11221 		regular = true;
11222 	}
11223 
11224 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11225 		struct nlattr *pat;
11226 		int n_patterns = 0;
11227 		int rem, pat_len, mask_len, pkt_offset;
11228 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11229 
11230 		regular = true;
11231 
11232 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11233 				    rem)
11234 			n_patterns++;
11235 		if (n_patterns > wowlan->n_patterns)
11236 			return -EINVAL;
11237 
11238 		new_triggers.patterns = kcalloc(n_patterns,
11239 						sizeof(new_triggers.patterns[0]),
11240 						GFP_KERNEL);
11241 		if (!new_triggers.patterns)
11242 			return -ENOMEM;
11243 
11244 		new_triggers.n_patterns = n_patterns;
11245 		i = 0;
11246 
11247 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11248 				    rem) {
11249 			u8 *mask_pat;
11250 
11251 			err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
11252 					       nl80211_packet_pattern_policy,
11253 					       info->extack);
11254 			if (err)
11255 				goto error;
11256 
11257 			err = -EINVAL;
11258 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
11259 			    !pat_tb[NL80211_PKTPAT_PATTERN])
11260 				goto error;
11261 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11262 			mask_len = DIV_ROUND_UP(pat_len, 8);
11263 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11264 				goto error;
11265 			if (pat_len > wowlan->pattern_max_len ||
11266 			    pat_len < wowlan->pattern_min_len)
11267 				goto error;
11268 
11269 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
11270 				pkt_offset = 0;
11271 			else
11272 				pkt_offset = nla_get_u32(
11273 					pat_tb[NL80211_PKTPAT_OFFSET]);
11274 			if (pkt_offset > wowlan->max_pkt_offset)
11275 				goto error;
11276 			new_triggers.patterns[i].pkt_offset = pkt_offset;
11277 
11278 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11279 			if (!mask_pat) {
11280 				err = -ENOMEM;
11281 				goto error;
11282 			}
11283 			new_triggers.patterns[i].mask = mask_pat;
11284 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11285 			       mask_len);
11286 			mask_pat += mask_len;
11287 			new_triggers.patterns[i].pattern = mask_pat;
11288 			new_triggers.patterns[i].pattern_len = pat_len;
11289 			memcpy(mask_pat,
11290 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11291 			       pat_len);
11292 			i++;
11293 		}
11294 	}
11295 
11296 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11297 		regular = true;
11298 		err = nl80211_parse_wowlan_tcp(
11299 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11300 			&new_triggers);
11301 		if (err)
11302 			goto error;
11303 	}
11304 
11305 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11306 		regular = true;
11307 		err = nl80211_parse_wowlan_nd(
11308 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11309 			&new_triggers);
11310 		if (err)
11311 			goto error;
11312 	}
11313 
11314 	/* The 'any' trigger means the device continues operating more or less
11315 	 * as in its normal operation mode and wakes up the host on most of the
11316 	 * normal interrupts (like packet RX, ...)
11317 	 * It therefore makes little sense to combine with the more constrained
11318 	 * wakeup trigger modes.
11319 	 */
11320 	if (new_triggers.any && regular) {
11321 		err = -EINVAL;
11322 		goto error;
11323 	}
11324 
11325 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11326 	if (!ntrig) {
11327 		err = -ENOMEM;
11328 		goto error;
11329 	}
11330 	cfg80211_rdev_free_wowlan(rdev);
11331 	rdev->wiphy.wowlan_config = ntrig;
11332 
11333  set_wakeup:
11334 	if (rdev->ops->set_wakeup &&
11335 	    prev_enabled != !!rdev->wiphy.wowlan_config)
11336 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11337 
11338 	return 0;
11339  error:
11340 	for (i = 0; i < new_triggers.n_patterns; i++)
11341 		kfree(new_triggers.patterns[i].mask);
11342 	kfree(new_triggers.patterns);
11343 	if (new_triggers.tcp && new_triggers.tcp->sock)
11344 		sock_release(new_triggers.tcp->sock);
11345 	kfree(new_triggers.tcp);
11346 	kfree(new_triggers.nd_config);
11347 	return err;
11348 }
11349 #endif
11350 
11351 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11352 				       struct cfg80211_registered_device *rdev)
11353 {
11354 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11355 	int i, j, pat_len;
11356 	struct cfg80211_coalesce_rules *rule;
11357 
11358 	if (!rdev->coalesce->n_rules)
11359 		return 0;
11360 
11361 	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
11362 	if (!nl_rules)
11363 		return -ENOBUFS;
11364 
11365 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
11366 		nl_rule = nla_nest_start(msg, i + 1);
11367 		if (!nl_rule)
11368 			return -ENOBUFS;
11369 
11370 		rule = &rdev->coalesce->rules[i];
11371 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
11372 				rule->delay))
11373 			return -ENOBUFS;
11374 
11375 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
11376 				rule->condition))
11377 			return -ENOBUFS;
11378 
11379 		nl_pats = nla_nest_start(msg,
11380 				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11381 		if (!nl_pats)
11382 			return -ENOBUFS;
11383 
11384 		for (j = 0; j < rule->n_patterns; j++) {
11385 			nl_pat = nla_nest_start(msg, j + 1);
11386 			if (!nl_pat)
11387 				return -ENOBUFS;
11388 			pat_len = rule->patterns[j].pattern_len;
11389 			if (nla_put(msg, NL80211_PKTPAT_MASK,
11390 				    DIV_ROUND_UP(pat_len, 8),
11391 				    rule->patterns[j].mask) ||
11392 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11393 				    rule->patterns[j].pattern) ||
11394 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11395 					rule->patterns[j].pkt_offset))
11396 				return -ENOBUFS;
11397 			nla_nest_end(msg, nl_pat);
11398 		}
11399 		nla_nest_end(msg, nl_pats);
11400 		nla_nest_end(msg, nl_rule);
11401 	}
11402 	nla_nest_end(msg, nl_rules);
11403 
11404 	return 0;
11405 }
11406 
11407 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
11408 {
11409 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11410 	struct sk_buff *msg;
11411 	void *hdr;
11412 
11413 	if (!rdev->wiphy.coalesce)
11414 		return -EOPNOTSUPP;
11415 
11416 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11417 	if (!msg)
11418 		return -ENOMEM;
11419 
11420 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11421 			     NL80211_CMD_GET_COALESCE);
11422 	if (!hdr)
11423 		goto nla_put_failure;
11424 
11425 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
11426 		goto nla_put_failure;
11427 
11428 	genlmsg_end(msg, hdr);
11429 	return genlmsg_reply(msg, info);
11430 
11431 nla_put_failure:
11432 	nlmsg_free(msg);
11433 	return -ENOBUFS;
11434 }
11435 
11436 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
11437 {
11438 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
11439 	int i, j;
11440 	struct cfg80211_coalesce_rules *rule;
11441 
11442 	if (!coalesce)
11443 		return;
11444 
11445 	for (i = 0; i < coalesce->n_rules; i++) {
11446 		rule = &coalesce->rules[i];
11447 		for (j = 0; j < rule->n_patterns; j++)
11448 			kfree(rule->patterns[j].mask);
11449 		kfree(rule->patterns);
11450 	}
11451 	kfree(coalesce->rules);
11452 	kfree(coalesce);
11453 	rdev->coalesce = NULL;
11454 }
11455 
11456 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
11457 				       struct nlattr *rule,
11458 				       struct cfg80211_coalesce_rules *new_rule)
11459 {
11460 	int err, i;
11461 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11462 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
11463 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
11464 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11465 
11466 	err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule,
11467 			       nl80211_coalesce_policy, NULL);
11468 	if (err)
11469 		return err;
11470 
11471 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
11472 		new_rule->delay =
11473 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
11474 	if (new_rule->delay > coalesce->max_delay)
11475 		return -EINVAL;
11476 
11477 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
11478 		new_rule->condition =
11479 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
11480 
11481 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
11482 		return -EINVAL;
11483 
11484 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11485 			    rem)
11486 		n_patterns++;
11487 	if (n_patterns > coalesce->n_patterns)
11488 		return -EINVAL;
11489 
11490 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
11491 				     GFP_KERNEL);
11492 	if (!new_rule->patterns)
11493 		return -ENOMEM;
11494 
11495 	new_rule->n_patterns = n_patterns;
11496 	i = 0;
11497 
11498 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11499 			    rem) {
11500 		u8 *mask_pat;
11501 
11502 		err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
11503 				       nl80211_packet_pattern_policy, NULL);
11504 		if (err)
11505 			return err;
11506 
11507 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
11508 		    !pat_tb[NL80211_PKTPAT_PATTERN])
11509 			return -EINVAL;
11510 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11511 		mask_len = DIV_ROUND_UP(pat_len, 8);
11512 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11513 			return -EINVAL;
11514 		if (pat_len > coalesce->pattern_max_len ||
11515 		    pat_len < coalesce->pattern_min_len)
11516 			return -EINVAL;
11517 
11518 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
11519 			pkt_offset = 0;
11520 		else
11521 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
11522 		if (pkt_offset > coalesce->max_pkt_offset)
11523 			return -EINVAL;
11524 		new_rule->patterns[i].pkt_offset = pkt_offset;
11525 
11526 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11527 		if (!mask_pat)
11528 			return -ENOMEM;
11529 
11530 		new_rule->patterns[i].mask = mask_pat;
11531 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11532 		       mask_len);
11533 
11534 		mask_pat += mask_len;
11535 		new_rule->patterns[i].pattern = mask_pat;
11536 		new_rule->patterns[i].pattern_len = pat_len;
11537 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11538 		       pat_len);
11539 		i++;
11540 	}
11541 
11542 	return 0;
11543 }
11544 
11545 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
11546 {
11547 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11548 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11549 	struct cfg80211_coalesce new_coalesce = {};
11550 	struct cfg80211_coalesce *n_coalesce;
11551 	int err, rem_rule, n_rules = 0, i, j;
11552 	struct nlattr *rule;
11553 	struct cfg80211_coalesce_rules *tmp_rule;
11554 
11555 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
11556 		return -EOPNOTSUPP;
11557 
11558 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
11559 		cfg80211_rdev_free_coalesce(rdev);
11560 		rdev_set_coalesce(rdev, NULL);
11561 		return 0;
11562 	}
11563 
11564 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11565 			    rem_rule)
11566 		n_rules++;
11567 	if (n_rules > coalesce->n_rules)
11568 		return -EINVAL;
11569 
11570 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
11571 				     GFP_KERNEL);
11572 	if (!new_coalesce.rules)
11573 		return -ENOMEM;
11574 
11575 	new_coalesce.n_rules = n_rules;
11576 	i = 0;
11577 
11578 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11579 			    rem_rule) {
11580 		err = nl80211_parse_coalesce_rule(rdev, rule,
11581 						  &new_coalesce.rules[i]);
11582 		if (err)
11583 			goto error;
11584 
11585 		i++;
11586 	}
11587 
11588 	err = rdev_set_coalesce(rdev, &new_coalesce);
11589 	if (err)
11590 		goto error;
11591 
11592 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
11593 	if (!n_coalesce) {
11594 		err = -ENOMEM;
11595 		goto error;
11596 	}
11597 	cfg80211_rdev_free_coalesce(rdev);
11598 	rdev->coalesce = n_coalesce;
11599 
11600 	return 0;
11601 error:
11602 	for (i = 0; i < new_coalesce.n_rules; i++) {
11603 		tmp_rule = &new_coalesce.rules[i];
11604 		for (j = 0; j < tmp_rule->n_patterns; j++)
11605 			kfree(tmp_rule->patterns[j].mask);
11606 		kfree(tmp_rule->patterns);
11607 	}
11608 	kfree(new_coalesce.rules);
11609 
11610 	return err;
11611 }
11612 
11613 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
11614 {
11615 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11616 	struct net_device *dev = info->user_ptr[1];
11617 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11618 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
11619 	struct cfg80211_gtk_rekey_data rekey_data;
11620 	int err;
11621 
11622 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
11623 		return -EINVAL;
11624 
11625 	err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA,
11626 			       info->attrs[NL80211_ATTR_REKEY_DATA],
11627 			       nl80211_rekey_policy, info->extack);
11628 	if (err)
11629 		return err;
11630 
11631 	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
11632 	    !tb[NL80211_REKEY_DATA_KCK])
11633 		return -EINVAL;
11634 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
11635 		return -ERANGE;
11636 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
11637 		return -ERANGE;
11638 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
11639 		return -ERANGE;
11640 
11641 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
11642 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
11643 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
11644 
11645 	wdev_lock(wdev);
11646 	if (!wdev->current_bss) {
11647 		err = -ENOTCONN;
11648 		goto out;
11649 	}
11650 
11651 	if (!rdev->ops->set_rekey_data) {
11652 		err = -EOPNOTSUPP;
11653 		goto out;
11654 	}
11655 
11656 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
11657  out:
11658 	wdev_unlock(wdev);
11659 	return err;
11660 }
11661 
11662 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11663 					     struct genl_info *info)
11664 {
11665 	struct net_device *dev = info->user_ptr[1];
11666 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11667 
11668 	if (wdev->iftype != NL80211_IFTYPE_AP &&
11669 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
11670 		return -EINVAL;
11671 
11672 	if (wdev->ap_unexpected_nlportid)
11673 		return -EBUSY;
11674 
11675 	wdev->ap_unexpected_nlportid = info->snd_portid;
11676 	return 0;
11677 }
11678 
11679 static int nl80211_probe_client(struct sk_buff *skb,
11680 				struct genl_info *info)
11681 {
11682 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11683 	struct net_device *dev = info->user_ptr[1];
11684 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11685 	struct sk_buff *msg;
11686 	void *hdr;
11687 	const u8 *addr;
11688 	u64 cookie;
11689 	int err;
11690 
11691 	if (wdev->iftype != NL80211_IFTYPE_AP &&
11692 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
11693 		return -EOPNOTSUPP;
11694 
11695 	if (!info->attrs[NL80211_ATTR_MAC])
11696 		return -EINVAL;
11697 
11698 	if (!rdev->ops->probe_client)
11699 		return -EOPNOTSUPP;
11700 
11701 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11702 	if (!msg)
11703 		return -ENOMEM;
11704 
11705 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11706 			     NL80211_CMD_PROBE_CLIENT);
11707 	if (!hdr) {
11708 		err = -ENOBUFS;
11709 		goto free_msg;
11710 	}
11711 
11712 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11713 
11714 	err = rdev_probe_client(rdev, dev, addr, &cookie);
11715 	if (err)
11716 		goto free_msg;
11717 
11718 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11719 			      NL80211_ATTR_PAD))
11720 		goto nla_put_failure;
11721 
11722 	genlmsg_end(msg, hdr);
11723 
11724 	return genlmsg_reply(msg, info);
11725 
11726  nla_put_failure:
11727 	err = -ENOBUFS;
11728  free_msg:
11729 	nlmsg_free(msg);
11730 	return err;
11731 }
11732 
11733 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11734 {
11735 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11736 	struct cfg80211_beacon_registration *reg, *nreg;
11737 	int rv;
11738 
11739 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11740 		return -EOPNOTSUPP;
11741 
11742 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11743 	if (!nreg)
11744 		return -ENOMEM;
11745 
11746 	/* First, check if already registered. */
11747 	spin_lock_bh(&rdev->beacon_registrations_lock);
11748 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11749 		if (reg->nlportid == info->snd_portid) {
11750 			rv = -EALREADY;
11751 			goto out_err;
11752 		}
11753 	}
11754 	/* Add it to the list */
11755 	nreg->nlportid = info->snd_portid;
11756 	list_add(&nreg->list, &rdev->beacon_registrations);
11757 
11758 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11759 
11760 	return 0;
11761 out_err:
11762 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11763 	kfree(nreg);
11764 	return rv;
11765 }
11766 
11767 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11768 {
11769 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11770 	struct wireless_dev *wdev = info->user_ptr[1];
11771 	int err;
11772 
11773 	if (!rdev->ops->start_p2p_device)
11774 		return -EOPNOTSUPP;
11775 
11776 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11777 		return -EOPNOTSUPP;
11778 
11779 	if (wdev_running(wdev))
11780 		return 0;
11781 
11782 	if (rfkill_blocked(rdev->rfkill))
11783 		return -ERFKILL;
11784 
11785 	err = rdev_start_p2p_device(rdev, wdev);
11786 	if (err)
11787 		return err;
11788 
11789 	wdev->is_running = true;
11790 	rdev->opencount++;
11791 
11792 	return 0;
11793 }
11794 
11795 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
11796 {
11797 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11798 	struct wireless_dev *wdev = info->user_ptr[1];
11799 
11800 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11801 		return -EOPNOTSUPP;
11802 
11803 	if (!rdev->ops->stop_p2p_device)
11804 		return -EOPNOTSUPP;
11805 
11806 	cfg80211_stop_p2p_device(rdev, wdev);
11807 
11808 	return 0;
11809 }
11810 
11811 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
11812 {
11813 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11814 	struct wireless_dev *wdev = info->user_ptr[1];
11815 	struct cfg80211_nan_conf conf = {};
11816 	int err;
11817 
11818 	if (wdev->iftype != NL80211_IFTYPE_NAN)
11819 		return -EOPNOTSUPP;
11820 
11821 	if (wdev_running(wdev))
11822 		return -EEXIST;
11823 
11824 	if (rfkill_blocked(rdev->rfkill))
11825 		return -ERFKILL;
11826 
11827 	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
11828 		return -EINVAL;
11829 
11830 	conf.master_pref =
11831 		nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11832 
11833 	if (info->attrs[NL80211_ATTR_BANDS]) {
11834 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
11835 
11836 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
11837 			return -EOPNOTSUPP;
11838 
11839 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
11840 			return -EINVAL;
11841 
11842 		conf.bands = bands;
11843 	}
11844 
11845 	err = rdev_start_nan(rdev, wdev, &conf);
11846 	if (err)
11847 		return err;
11848 
11849 	wdev->is_running = true;
11850 	rdev->opencount++;
11851 
11852 	return 0;
11853 }
11854 
11855 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
11856 {
11857 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11858 	struct wireless_dev *wdev = info->user_ptr[1];
11859 
11860 	if (wdev->iftype != NL80211_IFTYPE_NAN)
11861 		return -EOPNOTSUPP;
11862 
11863 	cfg80211_stop_nan(rdev, wdev);
11864 
11865 	return 0;
11866 }
11867 
11868 static int validate_nan_filter(struct nlattr *filter_attr)
11869 {
11870 	struct nlattr *attr;
11871 	int len = 0, n_entries = 0, rem;
11872 
11873 	nla_for_each_nested(attr, filter_attr, rem) {
11874 		len += nla_len(attr);
11875 		n_entries++;
11876 	}
11877 
11878 	if (len >= U8_MAX)
11879 		return -EINVAL;
11880 
11881 	return n_entries;
11882 }
11883 
11884 static int handle_nan_filter(struct nlattr *attr_filter,
11885 			     struct cfg80211_nan_func *func,
11886 			     bool tx)
11887 {
11888 	struct nlattr *attr;
11889 	int n_entries, rem, i;
11890 	struct cfg80211_nan_func_filter *filter;
11891 
11892 	n_entries = validate_nan_filter(attr_filter);
11893 	if (n_entries < 0)
11894 		return n_entries;
11895 
11896 	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
11897 
11898 	filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
11899 	if (!filter)
11900 		return -ENOMEM;
11901 
11902 	i = 0;
11903 	nla_for_each_nested(attr, attr_filter, rem) {
11904 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
11905 		filter[i].len = nla_len(attr);
11906 		i++;
11907 	}
11908 	if (tx) {
11909 		func->num_tx_filters = n_entries;
11910 		func->tx_filters = filter;
11911 	} else {
11912 		func->num_rx_filters = n_entries;
11913 		func->rx_filters = filter;
11914 	}
11915 
11916 	return 0;
11917 }
11918 
11919 static int nl80211_nan_add_func(struct sk_buff *skb,
11920 				struct genl_info *info)
11921 {
11922 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11923 	struct wireless_dev *wdev = info->user_ptr[1];
11924 	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
11925 	struct cfg80211_nan_func *func;
11926 	struct sk_buff *msg = NULL;
11927 	void *hdr = NULL;
11928 	int err = 0;
11929 
11930 	if (wdev->iftype != NL80211_IFTYPE_NAN)
11931 		return -EOPNOTSUPP;
11932 
11933 	if (!wdev_running(wdev))
11934 		return -ENOTCONN;
11935 
11936 	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
11937 		return -EINVAL;
11938 
11939 	err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX,
11940 			       info->attrs[NL80211_ATTR_NAN_FUNC],
11941 			       nl80211_nan_func_policy, info->extack);
11942 	if (err)
11943 		return err;
11944 
11945 	func = kzalloc(sizeof(*func), GFP_KERNEL);
11946 	if (!func)
11947 		return -ENOMEM;
11948 
11949 	func->cookie = cfg80211_assign_cookie(rdev);
11950 
11951 	if (!tb[NL80211_NAN_FUNC_TYPE] ||
11952 	    nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
11953 		err = -EINVAL;
11954 		goto out;
11955 	}
11956 
11957 
11958 	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
11959 
11960 	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
11961 		err = -EINVAL;
11962 		goto out;
11963 	}
11964 
11965 	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
11966 	       sizeof(func->service_id));
11967 
11968 	func->close_range =
11969 		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
11970 
11971 	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
11972 		func->serv_spec_info_len =
11973 			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
11974 		func->serv_spec_info =
11975 			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
11976 				func->serv_spec_info_len,
11977 				GFP_KERNEL);
11978 		if (!func->serv_spec_info) {
11979 			err = -ENOMEM;
11980 			goto out;
11981 		}
11982 	}
11983 
11984 	if (tb[NL80211_NAN_FUNC_TTL])
11985 		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
11986 
11987 	switch (func->type) {
11988 	case NL80211_NAN_FUNC_PUBLISH:
11989 		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
11990 			err = -EINVAL;
11991 			goto out;
11992 		}
11993 
11994 		func->publish_type =
11995 			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
11996 		func->publish_bcast =
11997 			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
11998 
11999 		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12000 			func->publish_bcast) {
12001 			err = -EINVAL;
12002 			goto out;
12003 		}
12004 		break;
12005 	case NL80211_NAN_FUNC_SUBSCRIBE:
12006 		func->subscribe_active =
12007 			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12008 		break;
12009 	case NL80211_NAN_FUNC_FOLLOW_UP:
12010 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12011 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12012 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12013 			err = -EINVAL;
12014 			goto out;
12015 		}
12016 
12017 		func->followup_id =
12018 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12019 		func->followup_reqid =
12020 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12021 		memcpy(func->followup_dest.addr,
12022 		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12023 		       sizeof(func->followup_dest.addr));
12024 		if (func->ttl) {
12025 			err = -EINVAL;
12026 			goto out;
12027 		}
12028 		break;
12029 	default:
12030 		err = -EINVAL;
12031 		goto out;
12032 	}
12033 
12034 	if (tb[NL80211_NAN_FUNC_SRF]) {
12035 		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12036 
12037 		err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX,
12038 				       tb[NL80211_NAN_FUNC_SRF],
12039 				       nl80211_nan_srf_policy, info->extack);
12040 		if (err)
12041 			goto out;
12042 
12043 		func->srf_include =
12044 			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12045 
12046 		if (srf_tb[NL80211_NAN_SRF_BF]) {
12047 			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12048 			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12049 				err = -EINVAL;
12050 				goto out;
12051 			}
12052 
12053 			func->srf_bf_len =
12054 				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12055 			func->srf_bf =
12056 				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12057 					func->srf_bf_len, GFP_KERNEL);
12058 			if (!func->srf_bf) {
12059 				err = -ENOMEM;
12060 				goto out;
12061 			}
12062 
12063 			func->srf_bf_idx =
12064 				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12065 		} else {
12066 			struct nlattr *attr, *mac_attr =
12067 				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12068 			int n_entries, rem, i = 0;
12069 
12070 			if (!mac_attr) {
12071 				err = -EINVAL;
12072 				goto out;
12073 			}
12074 
12075 			n_entries = validate_acl_mac_addrs(mac_attr);
12076 			if (n_entries <= 0) {
12077 				err = -EINVAL;
12078 				goto out;
12079 			}
12080 
12081 			func->srf_num_macs = n_entries;
12082 			func->srf_macs =
12083 				kcalloc(n_entries, sizeof(*func->srf_macs),
12084 					GFP_KERNEL);
12085 			if (!func->srf_macs) {
12086 				err = -ENOMEM;
12087 				goto out;
12088 			}
12089 
12090 			nla_for_each_nested(attr, mac_attr, rem)
12091 				memcpy(func->srf_macs[i++].addr, nla_data(attr),
12092 				       sizeof(*func->srf_macs));
12093 		}
12094 	}
12095 
12096 	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12097 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12098 					func, true);
12099 		if (err)
12100 			goto out;
12101 	}
12102 
12103 	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12104 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12105 					func, false);
12106 		if (err)
12107 			goto out;
12108 	}
12109 
12110 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12111 	if (!msg) {
12112 		err = -ENOMEM;
12113 		goto out;
12114 	}
12115 
12116 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12117 			     NL80211_CMD_ADD_NAN_FUNCTION);
12118 	/* This can't really happen - we just allocated 4KB */
12119 	if (WARN_ON(!hdr)) {
12120 		err = -ENOMEM;
12121 		goto out;
12122 	}
12123 
12124 	err = rdev_add_nan_func(rdev, wdev, func);
12125 out:
12126 	if (err < 0) {
12127 		cfg80211_free_nan_func(func);
12128 		nlmsg_free(msg);
12129 		return err;
12130 	}
12131 
12132 	/* propagate the instance id and cookie to userspace  */
12133 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12134 			      NL80211_ATTR_PAD))
12135 		goto nla_put_failure;
12136 
12137 	func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
12138 	if (!func_attr)
12139 		goto nla_put_failure;
12140 
12141 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12142 		       func->instance_id))
12143 		goto nla_put_failure;
12144 
12145 	nla_nest_end(msg, func_attr);
12146 
12147 	genlmsg_end(msg, hdr);
12148 	return genlmsg_reply(msg, info);
12149 
12150 nla_put_failure:
12151 	nlmsg_free(msg);
12152 	return -ENOBUFS;
12153 }
12154 
12155 static int nl80211_nan_del_func(struct sk_buff *skb,
12156 			       struct genl_info *info)
12157 {
12158 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12159 	struct wireless_dev *wdev = info->user_ptr[1];
12160 	u64 cookie;
12161 
12162 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12163 		return -EOPNOTSUPP;
12164 
12165 	if (!wdev_running(wdev))
12166 		return -ENOTCONN;
12167 
12168 	if (!info->attrs[NL80211_ATTR_COOKIE])
12169 		return -EINVAL;
12170 
12171 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12172 
12173 	rdev_del_nan_func(rdev, wdev, cookie);
12174 
12175 	return 0;
12176 }
12177 
12178 static int nl80211_nan_change_config(struct sk_buff *skb,
12179 				     struct genl_info *info)
12180 {
12181 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12182 	struct wireless_dev *wdev = info->user_ptr[1];
12183 	struct cfg80211_nan_conf conf = {};
12184 	u32 changed = 0;
12185 
12186 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12187 		return -EOPNOTSUPP;
12188 
12189 	if (!wdev_running(wdev))
12190 		return -ENOTCONN;
12191 
12192 	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12193 		conf.master_pref =
12194 			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12195 		if (conf.master_pref <= 1 || conf.master_pref == 255)
12196 			return -EINVAL;
12197 
12198 		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12199 	}
12200 
12201 	if (info->attrs[NL80211_ATTR_BANDS]) {
12202 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12203 
12204 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12205 			return -EOPNOTSUPP;
12206 
12207 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12208 			return -EINVAL;
12209 
12210 		conf.bands = bands;
12211 		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12212 	}
12213 
12214 	if (!changed)
12215 		return -EINVAL;
12216 
12217 	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12218 }
12219 
12220 void cfg80211_nan_match(struct wireless_dev *wdev,
12221 			struct cfg80211_nan_match_params *match, gfp_t gfp)
12222 {
12223 	struct wiphy *wiphy = wdev->wiphy;
12224 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12225 	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12226 	struct sk_buff *msg;
12227 	void *hdr;
12228 
12229 	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12230 		return;
12231 
12232 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12233 	if (!msg)
12234 		return;
12235 
12236 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12237 	if (!hdr) {
12238 		nlmsg_free(msg);
12239 		return;
12240 	}
12241 
12242 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12243 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12244 					 wdev->netdev->ifindex)) ||
12245 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12246 			      NL80211_ATTR_PAD))
12247 		goto nla_put_failure;
12248 
12249 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12250 			      NL80211_ATTR_PAD) ||
12251 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12252 		goto nla_put_failure;
12253 
12254 	match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH);
12255 	if (!match_attr)
12256 		goto nla_put_failure;
12257 
12258 	local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL);
12259 	if (!local_func_attr)
12260 		goto nla_put_failure;
12261 
12262 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12263 		goto nla_put_failure;
12264 
12265 	nla_nest_end(msg, local_func_attr);
12266 
12267 	peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER);
12268 	if (!peer_func_attr)
12269 		goto nla_put_failure;
12270 
12271 	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12272 	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12273 		goto nla_put_failure;
12274 
12275 	if (match->info && match->info_len &&
12276 	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12277 		    match->info))
12278 		goto nla_put_failure;
12279 
12280 	nla_nest_end(msg, peer_func_attr);
12281 	nla_nest_end(msg, match_attr);
12282 	genlmsg_end(msg, hdr);
12283 
12284 	if (!wdev->owner_nlportid)
12285 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12286 					msg, 0, NL80211_MCGRP_NAN, gfp);
12287 	else
12288 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12289 				wdev->owner_nlportid);
12290 
12291 	return;
12292 
12293 nla_put_failure:
12294 	nlmsg_free(msg);
12295 }
12296 EXPORT_SYMBOL(cfg80211_nan_match);
12297 
12298 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12299 				  u8 inst_id,
12300 				  enum nl80211_nan_func_term_reason reason,
12301 				  u64 cookie, gfp_t gfp)
12302 {
12303 	struct wiphy *wiphy = wdev->wiphy;
12304 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12305 	struct sk_buff *msg;
12306 	struct nlattr *func_attr;
12307 	void *hdr;
12308 
12309 	if (WARN_ON(!inst_id))
12310 		return;
12311 
12312 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12313 	if (!msg)
12314 		return;
12315 
12316 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12317 	if (!hdr) {
12318 		nlmsg_free(msg);
12319 		return;
12320 	}
12321 
12322 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12323 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12324 					 wdev->netdev->ifindex)) ||
12325 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12326 			      NL80211_ATTR_PAD))
12327 		goto nla_put_failure;
12328 
12329 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12330 			      NL80211_ATTR_PAD))
12331 		goto nla_put_failure;
12332 
12333 	func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
12334 	if (!func_attr)
12335 		goto nla_put_failure;
12336 
12337 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
12338 	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
12339 		goto nla_put_failure;
12340 
12341 	nla_nest_end(msg, func_attr);
12342 	genlmsg_end(msg, hdr);
12343 
12344 	if (!wdev->owner_nlportid)
12345 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12346 					msg, 0, NL80211_MCGRP_NAN, gfp);
12347 	else
12348 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12349 				wdev->owner_nlportid);
12350 
12351 	return;
12352 
12353 nla_put_failure:
12354 	nlmsg_free(msg);
12355 }
12356 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
12357 
12358 static int nl80211_get_protocol_features(struct sk_buff *skb,
12359 					 struct genl_info *info)
12360 {
12361 	void *hdr;
12362 	struct sk_buff *msg;
12363 
12364 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12365 	if (!msg)
12366 		return -ENOMEM;
12367 
12368 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12369 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
12370 	if (!hdr)
12371 		goto nla_put_failure;
12372 
12373 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
12374 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
12375 		goto nla_put_failure;
12376 
12377 	genlmsg_end(msg, hdr);
12378 	return genlmsg_reply(msg, info);
12379 
12380  nla_put_failure:
12381 	kfree_skb(msg);
12382 	return -ENOBUFS;
12383 }
12384 
12385 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
12386 {
12387 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12388 	struct cfg80211_update_ft_ies_params ft_params;
12389 	struct net_device *dev = info->user_ptr[1];
12390 
12391 	if (!rdev->ops->update_ft_ies)
12392 		return -EOPNOTSUPP;
12393 
12394 	if (!info->attrs[NL80211_ATTR_MDID] ||
12395 	    !info->attrs[NL80211_ATTR_IE])
12396 		return -EINVAL;
12397 
12398 	memset(&ft_params, 0, sizeof(ft_params));
12399 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
12400 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12401 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12402 
12403 	return rdev_update_ft_ies(rdev, dev, &ft_params);
12404 }
12405 
12406 static int nl80211_crit_protocol_start(struct sk_buff *skb,
12407 				       struct genl_info *info)
12408 {
12409 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12410 	struct wireless_dev *wdev = info->user_ptr[1];
12411 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
12412 	u16 duration;
12413 	int ret;
12414 
12415 	if (!rdev->ops->crit_proto_start)
12416 		return -EOPNOTSUPP;
12417 
12418 	if (WARN_ON(!rdev->ops->crit_proto_stop))
12419 		return -EINVAL;
12420 
12421 	if (rdev->crit_proto_nlportid)
12422 		return -EBUSY;
12423 
12424 	/* determine protocol if provided */
12425 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
12426 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
12427 
12428 	if (proto >= NUM_NL80211_CRIT_PROTO)
12429 		return -EINVAL;
12430 
12431 	/* timeout must be provided */
12432 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
12433 		return -EINVAL;
12434 
12435 	duration =
12436 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
12437 
12438 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
12439 		return -ERANGE;
12440 
12441 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
12442 	if (!ret)
12443 		rdev->crit_proto_nlportid = info->snd_portid;
12444 
12445 	return ret;
12446 }
12447 
12448 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
12449 				      struct genl_info *info)
12450 {
12451 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12452 	struct wireless_dev *wdev = info->user_ptr[1];
12453 
12454 	if (!rdev->ops->crit_proto_stop)
12455 		return -EOPNOTSUPP;
12456 
12457 	if (rdev->crit_proto_nlportid) {
12458 		rdev->crit_proto_nlportid = 0;
12459 		rdev_crit_proto_stop(rdev, wdev);
12460 	}
12461 	return 0;
12462 }
12463 
12464 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
12465 {
12466 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12467 	struct wireless_dev *wdev =
12468 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
12469 	int i, err;
12470 	u32 vid, subcmd;
12471 
12472 	if (!rdev->wiphy.vendor_commands)
12473 		return -EOPNOTSUPP;
12474 
12475 	if (IS_ERR(wdev)) {
12476 		err = PTR_ERR(wdev);
12477 		if (err != -EINVAL)
12478 			return err;
12479 		wdev = NULL;
12480 	} else if (wdev->wiphy != &rdev->wiphy) {
12481 		return -EINVAL;
12482 	}
12483 
12484 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
12485 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
12486 		return -EINVAL;
12487 
12488 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
12489 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
12490 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
12491 		const struct wiphy_vendor_command *vcmd;
12492 		void *data = NULL;
12493 		int len = 0;
12494 
12495 		vcmd = &rdev->wiphy.vendor_commands[i];
12496 
12497 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12498 			continue;
12499 
12500 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12501 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12502 			if (!wdev)
12503 				return -EINVAL;
12504 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12505 			    !wdev->netdev)
12506 				return -EINVAL;
12507 
12508 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12509 				if (!wdev_running(wdev))
12510 					return -ENETDOWN;
12511 			}
12512 
12513 			if (!vcmd->doit)
12514 				return -EOPNOTSUPP;
12515 		} else {
12516 			wdev = NULL;
12517 		}
12518 
12519 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
12520 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12521 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12522 		}
12523 
12524 		rdev->cur_cmd_info = info;
12525 		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
12526 							  data, len);
12527 		rdev->cur_cmd_info = NULL;
12528 		return err;
12529 	}
12530 
12531 	return -EOPNOTSUPP;
12532 }
12533 
12534 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
12535 				       struct netlink_callback *cb,
12536 				       struct cfg80211_registered_device **rdev,
12537 				       struct wireless_dev **wdev)
12538 {
12539 	struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
12540 	u32 vid, subcmd;
12541 	unsigned int i;
12542 	int vcmd_idx = -1;
12543 	int err;
12544 	void *data = NULL;
12545 	unsigned int data_len = 0;
12546 
12547 	if (cb->args[0]) {
12548 		/* subtract the 1 again here */
12549 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
12550 		struct wireless_dev *tmp;
12551 
12552 		if (!wiphy)
12553 			return -ENODEV;
12554 		*rdev = wiphy_to_rdev(wiphy);
12555 		*wdev = NULL;
12556 
12557 		if (cb->args[1]) {
12558 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
12559 				if (tmp->identifier == cb->args[1] - 1) {
12560 					*wdev = tmp;
12561 					break;
12562 				}
12563 			}
12564 		}
12565 
12566 		/* keep rtnl locked in successful case */
12567 		return 0;
12568 	}
12569 
12570 	err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, attrbuf,
12571 			  nl80211_fam.maxattr, nl80211_policy, NULL);
12572 	if (err)
12573 		return err;
12574 
12575 	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
12576 	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
12577 		return -EINVAL;
12578 
12579 	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
12580 	if (IS_ERR(*wdev))
12581 		*wdev = NULL;
12582 
12583 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
12584 	if (IS_ERR(*rdev))
12585 		return PTR_ERR(*rdev);
12586 
12587 	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
12588 	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
12589 
12590 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
12591 		const struct wiphy_vendor_command *vcmd;
12592 
12593 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
12594 
12595 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12596 			continue;
12597 
12598 		if (!vcmd->dumpit)
12599 			return -EOPNOTSUPP;
12600 
12601 		vcmd_idx = i;
12602 		break;
12603 	}
12604 
12605 	if (vcmd_idx < 0)
12606 		return -EOPNOTSUPP;
12607 
12608 	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
12609 		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12610 		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12611 	}
12612 
12613 	/* 0 is the first index - add 1 to parse only once */
12614 	cb->args[0] = (*rdev)->wiphy_idx + 1;
12615 	/* add 1 to know if it was NULL */
12616 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
12617 	cb->args[2] = vcmd_idx;
12618 	cb->args[3] = (unsigned long)data;
12619 	cb->args[4] = data_len;
12620 
12621 	/* keep rtnl locked in successful case */
12622 	return 0;
12623 }
12624 
12625 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
12626 				   struct netlink_callback *cb)
12627 {
12628 	struct cfg80211_registered_device *rdev;
12629 	struct wireless_dev *wdev;
12630 	unsigned int vcmd_idx;
12631 	const struct wiphy_vendor_command *vcmd;
12632 	void *data;
12633 	int data_len;
12634 	int err;
12635 	struct nlattr *vendor_data;
12636 
12637 	rtnl_lock();
12638 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
12639 	if (err)
12640 		goto out;
12641 
12642 	vcmd_idx = cb->args[2];
12643 	data = (void *)cb->args[3];
12644 	data_len = cb->args[4];
12645 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
12646 
12647 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12648 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12649 		if (!wdev) {
12650 			err = -EINVAL;
12651 			goto out;
12652 		}
12653 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12654 		    !wdev->netdev) {
12655 			err = -EINVAL;
12656 			goto out;
12657 		}
12658 
12659 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12660 			if (!wdev_running(wdev)) {
12661 				err = -ENETDOWN;
12662 				goto out;
12663 			}
12664 		}
12665 	}
12666 
12667 	while (1) {
12668 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12669 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
12670 					   NL80211_CMD_VENDOR);
12671 		if (!hdr)
12672 			break;
12673 
12674 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12675 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12676 					       wdev_id(wdev),
12677 					       NL80211_ATTR_PAD))) {
12678 			genlmsg_cancel(skb, hdr);
12679 			break;
12680 		}
12681 
12682 		vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
12683 		if (!vendor_data) {
12684 			genlmsg_cancel(skb, hdr);
12685 			break;
12686 		}
12687 
12688 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
12689 				   (unsigned long *)&cb->args[5]);
12690 		nla_nest_end(skb, vendor_data);
12691 
12692 		if (err == -ENOBUFS || err == -ENOENT) {
12693 			genlmsg_cancel(skb, hdr);
12694 			break;
12695 		} else if (err) {
12696 			genlmsg_cancel(skb, hdr);
12697 			goto out;
12698 		}
12699 
12700 		genlmsg_end(skb, hdr);
12701 	}
12702 
12703 	err = skb->len;
12704  out:
12705 	rtnl_unlock();
12706 	return err;
12707 }
12708 
12709 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
12710 					   enum nl80211_commands cmd,
12711 					   enum nl80211_attrs attr,
12712 					   int approxlen)
12713 {
12714 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12715 
12716 	if (WARN_ON(!rdev->cur_cmd_info))
12717 		return NULL;
12718 
12719 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12720 					   rdev->cur_cmd_info->snd_portid,
12721 					   rdev->cur_cmd_info->snd_seq,
12722 					   cmd, attr, NULL, GFP_KERNEL);
12723 }
12724 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12725 
12726 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12727 {
12728 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12729 	void *hdr = ((void **)skb->cb)[1];
12730 	struct nlattr *data = ((void **)skb->cb)[2];
12731 
12732 	/* clear CB data for netlink core to own from now on */
12733 	memset(skb->cb, 0, sizeof(skb->cb));
12734 
12735 	if (WARN_ON(!rdev->cur_cmd_info)) {
12736 		kfree_skb(skb);
12737 		return -EINVAL;
12738 	}
12739 
12740 	nla_nest_end(skb, data);
12741 	genlmsg_end(skb, hdr);
12742 	return genlmsg_reply(skb, rdev->cur_cmd_info);
12743 }
12744 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12745 
12746 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
12747 {
12748 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12749 
12750 	if (WARN_ON(!rdev->cur_cmd_info))
12751 		return 0;
12752 
12753 	return rdev->cur_cmd_info->snd_portid;
12754 }
12755 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
12756 
12757 static int nl80211_set_qos_map(struct sk_buff *skb,
12758 			       struct genl_info *info)
12759 {
12760 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12761 	struct cfg80211_qos_map *qos_map = NULL;
12762 	struct net_device *dev = info->user_ptr[1];
12763 	u8 *pos, len, num_des, des_len, des;
12764 	int ret;
12765 
12766 	if (!rdev->ops->set_qos_map)
12767 		return -EOPNOTSUPP;
12768 
12769 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
12770 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
12771 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
12772 
12773 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
12774 		    len > IEEE80211_QOS_MAP_LEN_MAX)
12775 			return -EINVAL;
12776 
12777 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
12778 		if (!qos_map)
12779 			return -ENOMEM;
12780 
12781 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
12782 		if (num_des) {
12783 			des_len = num_des *
12784 				sizeof(struct cfg80211_dscp_exception);
12785 			memcpy(qos_map->dscp_exception, pos, des_len);
12786 			qos_map->num_des = num_des;
12787 			for (des = 0; des < num_des; des++) {
12788 				if (qos_map->dscp_exception[des].up > 7) {
12789 					kfree(qos_map);
12790 					return -EINVAL;
12791 				}
12792 			}
12793 			pos += des_len;
12794 		}
12795 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
12796 	}
12797 
12798 	wdev_lock(dev->ieee80211_ptr);
12799 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
12800 	if (!ret)
12801 		ret = rdev_set_qos_map(rdev, dev, qos_map);
12802 	wdev_unlock(dev->ieee80211_ptr);
12803 
12804 	kfree(qos_map);
12805 	return ret;
12806 }
12807 
12808 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
12809 {
12810 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12811 	struct net_device *dev = info->user_ptr[1];
12812 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12813 	const u8 *peer;
12814 	u8 tsid, up;
12815 	u16 admitted_time = 0;
12816 	int err;
12817 
12818 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
12819 		return -EOPNOTSUPP;
12820 
12821 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
12822 	    !info->attrs[NL80211_ATTR_USER_PRIO])
12823 		return -EINVAL;
12824 
12825 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12826 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
12827 
12828 	/* WMM uses TIDs 0-7 even for TSPEC */
12829 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
12830 		/* TODO: handle 802.11 TSPEC/admission control
12831 		 * need more attributes for that (e.g. BA session requirement);
12832 		 * change the WMM adminssion test above to allow both then
12833 		 */
12834 		return -EINVAL;
12835 	}
12836 
12837 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12838 
12839 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
12840 		admitted_time =
12841 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
12842 		if (!admitted_time)
12843 			return -EINVAL;
12844 	}
12845 
12846 	wdev_lock(wdev);
12847 	switch (wdev->iftype) {
12848 	case NL80211_IFTYPE_STATION:
12849 	case NL80211_IFTYPE_P2P_CLIENT:
12850 		if (wdev->current_bss)
12851 			break;
12852 		err = -ENOTCONN;
12853 		goto out;
12854 	default:
12855 		err = -EOPNOTSUPP;
12856 		goto out;
12857 	}
12858 
12859 	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
12860 
12861  out:
12862 	wdev_unlock(wdev);
12863 	return err;
12864 }
12865 
12866 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
12867 {
12868 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12869 	struct net_device *dev = info->user_ptr[1];
12870 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12871 	const u8 *peer;
12872 	u8 tsid;
12873 	int err;
12874 
12875 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
12876 		return -EINVAL;
12877 
12878 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12879 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
12880 
12881 	wdev_lock(wdev);
12882 	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
12883 	wdev_unlock(wdev);
12884 
12885 	return err;
12886 }
12887 
12888 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
12889 				       struct genl_info *info)
12890 {
12891 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12892 	struct net_device *dev = info->user_ptr[1];
12893 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12894 	struct cfg80211_chan_def chandef = {};
12895 	const u8 *addr;
12896 	u8 oper_class;
12897 	int err;
12898 
12899 	if (!rdev->ops->tdls_channel_switch ||
12900 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12901 		return -EOPNOTSUPP;
12902 
12903 	switch (dev->ieee80211_ptr->iftype) {
12904 	case NL80211_IFTYPE_STATION:
12905 	case NL80211_IFTYPE_P2P_CLIENT:
12906 		break;
12907 	default:
12908 		return -EOPNOTSUPP;
12909 	}
12910 
12911 	if (!info->attrs[NL80211_ATTR_MAC] ||
12912 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
12913 		return -EINVAL;
12914 
12915 	err = nl80211_parse_chandef(rdev, info, &chandef);
12916 	if (err)
12917 		return err;
12918 
12919 	/*
12920 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
12921 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
12922 	 * specification is not defined for them.
12923 	 */
12924 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
12925 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
12926 	    chandef.width != NL80211_CHAN_WIDTH_20)
12927 		return -EINVAL;
12928 
12929 	/* we will be active on the TDLS link */
12930 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
12931 					   wdev->iftype))
12932 		return -EINVAL;
12933 
12934 	/* don't allow switching to DFS channels */
12935 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
12936 		return -EINVAL;
12937 
12938 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12939 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
12940 
12941 	wdev_lock(wdev);
12942 	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
12943 	wdev_unlock(wdev);
12944 
12945 	return err;
12946 }
12947 
12948 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
12949 					      struct genl_info *info)
12950 {
12951 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12952 	struct net_device *dev = info->user_ptr[1];
12953 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12954 	const u8 *addr;
12955 
12956 	if (!rdev->ops->tdls_channel_switch ||
12957 	    !rdev->ops->tdls_cancel_channel_switch ||
12958 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
12959 		return -EOPNOTSUPP;
12960 
12961 	switch (dev->ieee80211_ptr->iftype) {
12962 	case NL80211_IFTYPE_STATION:
12963 	case NL80211_IFTYPE_P2P_CLIENT:
12964 		break;
12965 	default:
12966 		return -EOPNOTSUPP;
12967 	}
12968 
12969 	if (!info->attrs[NL80211_ATTR_MAC])
12970 		return -EINVAL;
12971 
12972 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
12973 
12974 	wdev_lock(wdev);
12975 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
12976 	wdev_unlock(wdev);
12977 
12978 	return 0;
12979 }
12980 
12981 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
12982 					    struct genl_info *info)
12983 {
12984 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12985 	struct net_device *dev = info->user_ptr[1];
12986 	struct wireless_dev *wdev = dev->ieee80211_ptr;
12987 	const struct nlattr *nla;
12988 	bool enabled;
12989 
12990 	if (!rdev->ops->set_multicast_to_unicast)
12991 		return -EOPNOTSUPP;
12992 
12993 	if (wdev->iftype != NL80211_IFTYPE_AP &&
12994 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
12995 		return -EOPNOTSUPP;
12996 
12997 	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
12998 	enabled = nla_get_flag(nla);
12999 
13000 	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13001 }
13002 
13003 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13004 {
13005 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13006 	struct net_device *dev = info->user_ptr[1];
13007 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13008 	struct cfg80211_pmk_conf pmk_conf = {};
13009 	int ret;
13010 
13011 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13012 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13013 		return -EOPNOTSUPP;
13014 
13015 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13016 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13017 		return -EOPNOTSUPP;
13018 
13019 	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13020 		return -EINVAL;
13021 
13022 	wdev_lock(wdev);
13023 	if (!wdev->current_bss) {
13024 		ret = -ENOTCONN;
13025 		goto out;
13026 	}
13027 
13028 	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13029 	if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13030 		ret = -EINVAL;
13031 		goto out;
13032 	}
13033 
13034 	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13035 	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13036 	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13037 	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13038 		ret = -EINVAL;
13039 		goto out;
13040 	}
13041 
13042 	if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13043 		int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13044 
13045 		if (r0_name_len != WLAN_PMK_NAME_LEN) {
13046 			ret = -EINVAL;
13047 			goto out;
13048 		}
13049 
13050 		pmk_conf.pmk_r0_name =
13051 			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13052 	}
13053 
13054 	ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13055 out:
13056 	wdev_unlock(wdev);
13057 	return ret;
13058 }
13059 
13060 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13061 {
13062 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13063 	struct net_device *dev = info->user_ptr[1];
13064 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13065 	const u8 *aa;
13066 	int ret;
13067 
13068 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13069 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13070 		return -EOPNOTSUPP;
13071 
13072 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13073 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13074 		return -EOPNOTSUPP;
13075 
13076 	if (!info->attrs[NL80211_ATTR_MAC])
13077 		return -EINVAL;
13078 
13079 	wdev_lock(wdev);
13080 	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13081 	ret = rdev_del_pmk(rdev, dev, aa);
13082 	wdev_unlock(wdev);
13083 
13084 	return ret;
13085 }
13086 
13087 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13088 {
13089 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13090 	struct net_device *dev = info->user_ptr[1];
13091 	struct cfg80211_external_auth_params params;
13092 
13093 	if (!rdev->ops->external_auth)
13094 		return -EOPNOTSUPP;
13095 
13096 	if (!info->attrs[NL80211_ATTR_SSID] &&
13097 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13098 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13099 		return -EINVAL;
13100 
13101 	if (!info->attrs[NL80211_ATTR_BSSID])
13102 		return -EINVAL;
13103 
13104 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13105 		return -EINVAL;
13106 
13107 	memset(&params, 0, sizeof(params));
13108 
13109 	if (info->attrs[NL80211_ATTR_SSID]) {
13110 		params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13111 		if (params.ssid.ssid_len == 0 ||
13112 		    params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13113 			return -EINVAL;
13114 		memcpy(params.ssid.ssid,
13115 		       nla_data(info->attrs[NL80211_ATTR_SSID]),
13116 		       params.ssid.ssid_len);
13117 	}
13118 
13119 	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13120 	       ETH_ALEN);
13121 
13122 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13123 
13124 	if (info->attrs[NL80211_ATTR_PMKID])
13125 		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13126 
13127 	return rdev_external_auth(rdev, dev, &params);
13128 }
13129 
13130 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13131 {
13132 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13133 	struct net_device *dev = info->user_ptr[1];
13134 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13135 	const u8 *buf;
13136 	size_t len;
13137 	u8 *dest;
13138 	u16 proto;
13139 	bool noencrypt;
13140 	int err;
13141 
13142 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13143 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13144 		return -EOPNOTSUPP;
13145 
13146 	if (!rdev->ops->tx_control_port)
13147 		return -EOPNOTSUPP;
13148 
13149 	if (!info->attrs[NL80211_ATTR_FRAME] ||
13150 	    !info->attrs[NL80211_ATTR_MAC] ||
13151 	    !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13152 		GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13153 		return -EINVAL;
13154 	}
13155 
13156 	wdev_lock(wdev);
13157 
13158 	switch (wdev->iftype) {
13159 	case NL80211_IFTYPE_AP:
13160 	case NL80211_IFTYPE_P2P_GO:
13161 	case NL80211_IFTYPE_MESH_POINT:
13162 		break;
13163 	case NL80211_IFTYPE_ADHOC:
13164 	case NL80211_IFTYPE_STATION:
13165 	case NL80211_IFTYPE_P2P_CLIENT:
13166 		if (wdev->current_bss)
13167 			break;
13168 		err = -ENOTCONN;
13169 		goto out;
13170 	default:
13171 		err = -EOPNOTSUPP;
13172 		goto out;
13173 	}
13174 
13175 	wdev_unlock(wdev);
13176 
13177 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13178 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13179 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13180 	proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13181 	noencrypt =
13182 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13183 
13184 	return rdev_tx_control_port(rdev, dev, buf, len,
13185 				    dest, cpu_to_be16(proto), noencrypt);
13186 
13187  out:
13188 	wdev_unlock(wdev);
13189 	return err;
13190 }
13191 
13192 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13193 					   struct genl_info *info)
13194 {
13195 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13196 	struct net_device *dev = info->user_ptr[1];
13197 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13198 	struct cfg80211_ftm_responder_stats ftm_stats = {};
13199 	struct sk_buff *msg;
13200 	void *hdr;
13201 	struct nlattr *ftm_stats_attr;
13202 	int err;
13203 
13204 	if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
13205 		return -EOPNOTSUPP;
13206 
13207 	err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
13208 	if (err)
13209 		return err;
13210 
13211 	if (!ftm_stats.filled)
13212 		return -ENODATA;
13213 
13214 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13215 	if (!msg)
13216 		return -ENOMEM;
13217 
13218 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13219 			     NL80211_CMD_GET_FTM_RESPONDER_STATS);
13220 	if (!hdr)
13221 		return -ENOBUFS;
13222 
13223 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
13224 		goto nla_put_failure;
13225 
13226 	ftm_stats_attr = nla_nest_start(msg, NL80211_ATTR_FTM_RESPONDER_STATS);
13227 	if (!ftm_stats_attr)
13228 		goto nla_put_failure;
13229 
13230 #define SET_FTM(field, name, type)					 \
13231 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13232 	    nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,		 \
13233 			     ftm_stats.field))				 \
13234 		goto nla_put_failure; } while (0)
13235 #define SET_FTM_U64(field, name)					 \
13236 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13237 	    nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,		 \
13238 			      ftm_stats.field, NL80211_FTM_STATS_PAD))	 \
13239 		goto nla_put_failure; } while (0)
13240 
13241 	SET_FTM(success_num, SUCCESS_NUM, u32);
13242 	SET_FTM(partial_num, PARTIAL_NUM, u32);
13243 	SET_FTM(failed_num, FAILED_NUM, u32);
13244 	SET_FTM(asap_num, ASAP_NUM, u32);
13245 	SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
13246 	SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
13247 	SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
13248 	SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
13249 	SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
13250 #undef SET_FTM
13251 
13252 	nla_nest_end(msg, ftm_stats_attr);
13253 
13254 	genlmsg_end(msg, hdr);
13255 	return genlmsg_reply(msg, info);
13256 
13257 nla_put_failure:
13258 	nlmsg_free(msg);
13259 	return -ENOBUFS;
13260 }
13261 
13262 #define NL80211_FLAG_NEED_WIPHY		0x01
13263 #define NL80211_FLAG_NEED_NETDEV	0x02
13264 #define NL80211_FLAG_NEED_RTNL		0x04
13265 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
13266 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
13267 					 NL80211_FLAG_CHECK_NETDEV_UP)
13268 #define NL80211_FLAG_NEED_WDEV		0x10
13269 /* If a netdev is associated, it must be UP, P2P must be started */
13270 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
13271 					 NL80211_FLAG_CHECK_NETDEV_UP)
13272 #define NL80211_FLAG_CLEAR_SKB		0x20
13273 
13274 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
13275 			    struct genl_info *info)
13276 {
13277 	struct cfg80211_registered_device *rdev;
13278 	struct wireless_dev *wdev;
13279 	struct net_device *dev;
13280 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
13281 
13282 	if (rtnl)
13283 		rtnl_lock();
13284 
13285 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
13286 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
13287 		if (IS_ERR(rdev)) {
13288 			if (rtnl)
13289 				rtnl_unlock();
13290 			return PTR_ERR(rdev);
13291 		}
13292 		info->user_ptr[0] = rdev;
13293 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
13294 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13295 		ASSERT_RTNL();
13296 
13297 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
13298 						  info->attrs);
13299 		if (IS_ERR(wdev)) {
13300 			if (rtnl)
13301 				rtnl_unlock();
13302 			return PTR_ERR(wdev);
13303 		}
13304 
13305 		dev = wdev->netdev;
13306 		rdev = wiphy_to_rdev(wdev->wiphy);
13307 
13308 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
13309 			if (!dev) {
13310 				if (rtnl)
13311 					rtnl_unlock();
13312 				return -EINVAL;
13313 			}
13314 
13315 			info->user_ptr[1] = dev;
13316 		} else {
13317 			info->user_ptr[1] = wdev;
13318 		}
13319 
13320 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
13321 		    !wdev_running(wdev)) {
13322 			if (rtnl)
13323 				rtnl_unlock();
13324 			return -ENETDOWN;
13325 		}
13326 
13327 		if (dev)
13328 			dev_hold(dev);
13329 
13330 		info->user_ptr[0] = rdev;
13331 	}
13332 
13333 	return 0;
13334 }
13335 
13336 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
13337 			      struct genl_info *info)
13338 {
13339 	if (info->user_ptr[1]) {
13340 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13341 			struct wireless_dev *wdev = info->user_ptr[1];
13342 
13343 			if (wdev->netdev)
13344 				dev_put(wdev->netdev);
13345 		} else {
13346 			dev_put(info->user_ptr[1]);
13347 		}
13348 	}
13349 
13350 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
13351 		rtnl_unlock();
13352 
13353 	/* If needed, clear the netlink message payload from the SKB
13354 	 * as it might contain key data that shouldn't stick around on
13355 	 * the heap after the SKB is freed. The netlink message header
13356 	 * is still needed for further processing, so leave it intact.
13357 	 */
13358 	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
13359 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
13360 
13361 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
13362 	}
13363 }
13364 
13365 static const struct genl_ops nl80211_ops[] = {
13366 	{
13367 		.cmd = NL80211_CMD_GET_WIPHY,
13368 		.doit = nl80211_get_wiphy,
13369 		.dumpit = nl80211_dump_wiphy,
13370 		.done = nl80211_dump_wiphy_done,
13371 		.policy = nl80211_policy,
13372 		/* can be retrieved by unprivileged users */
13373 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13374 				  NL80211_FLAG_NEED_RTNL,
13375 	},
13376 	{
13377 		.cmd = NL80211_CMD_SET_WIPHY,
13378 		.doit = nl80211_set_wiphy,
13379 		.policy = nl80211_policy,
13380 		.flags = GENL_UNS_ADMIN_PERM,
13381 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13382 	},
13383 	{
13384 		.cmd = NL80211_CMD_GET_INTERFACE,
13385 		.doit = nl80211_get_interface,
13386 		.dumpit = nl80211_dump_interface,
13387 		.policy = nl80211_policy,
13388 		/* can be retrieved by unprivileged users */
13389 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13390 				  NL80211_FLAG_NEED_RTNL,
13391 	},
13392 	{
13393 		.cmd = NL80211_CMD_SET_INTERFACE,
13394 		.doit = nl80211_set_interface,
13395 		.policy = nl80211_policy,
13396 		.flags = GENL_UNS_ADMIN_PERM,
13397 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13398 				  NL80211_FLAG_NEED_RTNL,
13399 	},
13400 	{
13401 		.cmd = NL80211_CMD_NEW_INTERFACE,
13402 		.doit = nl80211_new_interface,
13403 		.policy = nl80211_policy,
13404 		.flags = GENL_UNS_ADMIN_PERM,
13405 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13406 				  NL80211_FLAG_NEED_RTNL,
13407 	},
13408 	{
13409 		.cmd = NL80211_CMD_DEL_INTERFACE,
13410 		.doit = nl80211_del_interface,
13411 		.policy = nl80211_policy,
13412 		.flags = GENL_UNS_ADMIN_PERM,
13413 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13414 				  NL80211_FLAG_NEED_RTNL,
13415 	},
13416 	{
13417 		.cmd = NL80211_CMD_GET_KEY,
13418 		.doit = nl80211_get_key,
13419 		.policy = nl80211_policy,
13420 		.flags = GENL_UNS_ADMIN_PERM,
13421 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13422 				  NL80211_FLAG_NEED_RTNL,
13423 	},
13424 	{
13425 		.cmd = NL80211_CMD_SET_KEY,
13426 		.doit = nl80211_set_key,
13427 		.policy = nl80211_policy,
13428 		.flags = GENL_UNS_ADMIN_PERM,
13429 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13430 				  NL80211_FLAG_NEED_RTNL |
13431 				  NL80211_FLAG_CLEAR_SKB,
13432 	},
13433 	{
13434 		.cmd = NL80211_CMD_NEW_KEY,
13435 		.doit = nl80211_new_key,
13436 		.policy = nl80211_policy,
13437 		.flags = GENL_UNS_ADMIN_PERM,
13438 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13439 				  NL80211_FLAG_NEED_RTNL |
13440 				  NL80211_FLAG_CLEAR_SKB,
13441 	},
13442 	{
13443 		.cmd = NL80211_CMD_DEL_KEY,
13444 		.doit = nl80211_del_key,
13445 		.policy = nl80211_policy,
13446 		.flags = GENL_UNS_ADMIN_PERM,
13447 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13448 				  NL80211_FLAG_NEED_RTNL,
13449 	},
13450 	{
13451 		.cmd = NL80211_CMD_SET_BEACON,
13452 		.policy = nl80211_policy,
13453 		.flags = GENL_UNS_ADMIN_PERM,
13454 		.doit = nl80211_set_beacon,
13455 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13456 				  NL80211_FLAG_NEED_RTNL,
13457 	},
13458 	{
13459 		.cmd = NL80211_CMD_START_AP,
13460 		.policy = nl80211_policy,
13461 		.flags = GENL_UNS_ADMIN_PERM,
13462 		.doit = nl80211_start_ap,
13463 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13464 				  NL80211_FLAG_NEED_RTNL,
13465 	},
13466 	{
13467 		.cmd = NL80211_CMD_STOP_AP,
13468 		.policy = nl80211_policy,
13469 		.flags = GENL_UNS_ADMIN_PERM,
13470 		.doit = nl80211_stop_ap,
13471 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13472 				  NL80211_FLAG_NEED_RTNL,
13473 	},
13474 	{
13475 		.cmd = NL80211_CMD_GET_STATION,
13476 		.doit = nl80211_get_station,
13477 		.dumpit = nl80211_dump_station,
13478 		.policy = nl80211_policy,
13479 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13480 				  NL80211_FLAG_NEED_RTNL,
13481 	},
13482 	{
13483 		.cmd = NL80211_CMD_SET_STATION,
13484 		.doit = nl80211_set_station,
13485 		.policy = nl80211_policy,
13486 		.flags = GENL_UNS_ADMIN_PERM,
13487 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13488 				  NL80211_FLAG_NEED_RTNL,
13489 	},
13490 	{
13491 		.cmd = NL80211_CMD_NEW_STATION,
13492 		.doit = nl80211_new_station,
13493 		.policy = nl80211_policy,
13494 		.flags = GENL_UNS_ADMIN_PERM,
13495 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13496 				  NL80211_FLAG_NEED_RTNL,
13497 	},
13498 	{
13499 		.cmd = NL80211_CMD_DEL_STATION,
13500 		.doit = nl80211_del_station,
13501 		.policy = nl80211_policy,
13502 		.flags = GENL_UNS_ADMIN_PERM,
13503 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13504 				  NL80211_FLAG_NEED_RTNL,
13505 	},
13506 	{
13507 		.cmd = NL80211_CMD_GET_MPATH,
13508 		.doit = nl80211_get_mpath,
13509 		.dumpit = nl80211_dump_mpath,
13510 		.policy = nl80211_policy,
13511 		.flags = GENL_UNS_ADMIN_PERM,
13512 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13513 				  NL80211_FLAG_NEED_RTNL,
13514 	},
13515 	{
13516 		.cmd = NL80211_CMD_GET_MPP,
13517 		.doit = nl80211_get_mpp,
13518 		.dumpit = nl80211_dump_mpp,
13519 		.policy = nl80211_policy,
13520 		.flags = GENL_UNS_ADMIN_PERM,
13521 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13522 				  NL80211_FLAG_NEED_RTNL,
13523 	},
13524 	{
13525 		.cmd = NL80211_CMD_SET_MPATH,
13526 		.doit = nl80211_set_mpath,
13527 		.policy = nl80211_policy,
13528 		.flags = GENL_UNS_ADMIN_PERM,
13529 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13530 				  NL80211_FLAG_NEED_RTNL,
13531 	},
13532 	{
13533 		.cmd = NL80211_CMD_NEW_MPATH,
13534 		.doit = nl80211_new_mpath,
13535 		.policy = nl80211_policy,
13536 		.flags = GENL_UNS_ADMIN_PERM,
13537 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13538 				  NL80211_FLAG_NEED_RTNL,
13539 	},
13540 	{
13541 		.cmd = NL80211_CMD_DEL_MPATH,
13542 		.doit = nl80211_del_mpath,
13543 		.policy = nl80211_policy,
13544 		.flags = GENL_UNS_ADMIN_PERM,
13545 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13546 				  NL80211_FLAG_NEED_RTNL,
13547 	},
13548 	{
13549 		.cmd = NL80211_CMD_SET_BSS,
13550 		.doit = nl80211_set_bss,
13551 		.policy = nl80211_policy,
13552 		.flags = GENL_UNS_ADMIN_PERM,
13553 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13554 				  NL80211_FLAG_NEED_RTNL,
13555 	},
13556 	{
13557 		.cmd = NL80211_CMD_GET_REG,
13558 		.doit = nl80211_get_reg_do,
13559 		.dumpit = nl80211_get_reg_dump,
13560 		.policy = nl80211_policy,
13561 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13562 		/* can be retrieved by unprivileged users */
13563 	},
13564 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
13565 	{
13566 		.cmd = NL80211_CMD_SET_REG,
13567 		.doit = nl80211_set_reg,
13568 		.policy = nl80211_policy,
13569 		.flags = GENL_ADMIN_PERM,
13570 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13571 	},
13572 #endif
13573 	{
13574 		.cmd = NL80211_CMD_REQ_SET_REG,
13575 		.doit = nl80211_req_set_reg,
13576 		.policy = nl80211_policy,
13577 		.flags = GENL_ADMIN_PERM,
13578 	},
13579 	{
13580 		.cmd = NL80211_CMD_RELOAD_REGDB,
13581 		.doit = nl80211_reload_regdb,
13582 		.policy = nl80211_policy,
13583 		.flags = GENL_ADMIN_PERM,
13584 	},
13585 	{
13586 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
13587 		.doit = nl80211_get_mesh_config,
13588 		.policy = nl80211_policy,
13589 		/* can be retrieved by unprivileged users */
13590 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13591 				  NL80211_FLAG_NEED_RTNL,
13592 	},
13593 	{
13594 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
13595 		.doit = nl80211_update_mesh_config,
13596 		.policy = nl80211_policy,
13597 		.flags = GENL_UNS_ADMIN_PERM,
13598 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13599 				  NL80211_FLAG_NEED_RTNL,
13600 	},
13601 	{
13602 		.cmd = NL80211_CMD_TRIGGER_SCAN,
13603 		.doit = nl80211_trigger_scan,
13604 		.policy = nl80211_policy,
13605 		.flags = GENL_UNS_ADMIN_PERM,
13606 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13607 				  NL80211_FLAG_NEED_RTNL,
13608 	},
13609 	{
13610 		.cmd = NL80211_CMD_ABORT_SCAN,
13611 		.doit = nl80211_abort_scan,
13612 		.policy = nl80211_policy,
13613 		.flags = GENL_UNS_ADMIN_PERM,
13614 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13615 				  NL80211_FLAG_NEED_RTNL,
13616 	},
13617 	{
13618 		.cmd = NL80211_CMD_GET_SCAN,
13619 		.policy = nl80211_policy,
13620 		.dumpit = nl80211_dump_scan,
13621 	},
13622 	{
13623 		.cmd = NL80211_CMD_START_SCHED_SCAN,
13624 		.doit = nl80211_start_sched_scan,
13625 		.policy = nl80211_policy,
13626 		.flags = GENL_UNS_ADMIN_PERM,
13627 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13628 				  NL80211_FLAG_NEED_RTNL,
13629 	},
13630 	{
13631 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
13632 		.doit = nl80211_stop_sched_scan,
13633 		.policy = nl80211_policy,
13634 		.flags = GENL_UNS_ADMIN_PERM,
13635 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13636 				  NL80211_FLAG_NEED_RTNL,
13637 	},
13638 	{
13639 		.cmd = NL80211_CMD_AUTHENTICATE,
13640 		.doit = nl80211_authenticate,
13641 		.policy = nl80211_policy,
13642 		.flags = GENL_UNS_ADMIN_PERM,
13643 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13644 				  NL80211_FLAG_NEED_RTNL |
13645 				  NL80211_FLAG_CLEAR_SKB,
13646 	},
13647 	{
13648 		.cmd = NL80211_CMD_ASSOCIATE,
13649 		.doit = nl80211_associate,
13650 		.policy = nl80211_policy,
13651 		.flags = GENL_UNS_ADMIN_PERM,
13652 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13653 				  NL80211_FLAG_NEED_RTNL,
13654 	},
13655 	{
13656 		.cmd = NL80211_CMD_DEAUTHENTICATE,
13657 		.doit = nl80211_deauthenticate,
13658 		.policy = nl80211_policy,
13659 		.flags = GENL_UNS_ADMIN_PERM,
13660 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13661 				  NL80211_FLAG_NEED_RTNL,
13662 	},
13663 	{
13664 		.cmd = NL80211_CMD_DISASSOCIATE,
13665 		.doit = nl80211_disassociate,
13666 		.policy = nl80211_policy,
13667 		.flags = GENL_UNS_ADMIN_PERM,
13668 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13669 				  NL80211_FLAG_NEED_RTNL,
13670 	},
13671 	{
13672 		.cmd = NL80211_CMD_JOIN_IBSS,
13673 		.doit = nl80211_join_ibss,
13674 		.policy = nl80211_policy,
13675 		.flags = GENL_UNS_ADMIN_PERM,
13676 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13677 				  NL80211_FLAG_NEED_RTNL,
13678 	},
13679 	{
13680 		.cmd = NL80211_CMD_LEAVE_IBSS,
13681 		.doit = nl80211_leave_ibss,
13682 		.policy = nl80211_policy,
13683 		.flags = GENL_UNS_ADMIN_PERM,
13684 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13685 				  NL80211_FLAG_NEED_RTNL,
13686 	},
13687 #ifdef CONFIG_NL80211_TESTMODE
13688 	{
13689 		.cmd = NL80211_CMD_TESTMODE,
13690 		.doit = nl80211_testmode_do,
13691 		.dumpit = nl80211_testmode_dump,
13692 		.policy = nl80211_policy,
13693 		.flags = GENL_UNS_ADMIN_PERM,
13694 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13695 				  NL80211_FLAG_NEED_RTNL,
13696 	},
13697 #endif
13698 	{
13699 		.cmd = NL80211_CMD_CONNECT,
13700 		.doit = nl80211_connect,
13701 		.policy = nl80211_policy,
13702 		.flags = GENL_UNS_ADMIN_PERM,
13703 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13704 				  NL80211_FLAG_NEED_RTNL,
13705 	},
13706 	{
13707 		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
13708 		.doit = nl80211_update_connect_params,
13709 		.policy = nl80211_policy,
13710 		.flags = GENL_ADMIN_PERM,
13711 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13712 				  NL80211_FLAG_NEED_RTNL,
13713 	},
13714 	{
13715 		.cmd = NL80211_CMD_DISCONNECT,
13716 		.doit = nl80211_disconnect,
13717 		.policy = nl80211_policy,
13718 		.flags = GENL_UNS_ADMIN_PERM,
13719 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13720 				  NL80211_FLAG_NEED_RTNL,
13721 	},
13722 	{
13723 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
13724 		.doit = nl80211_wiphy_netns,
13725 		.policy = nl80211_policy,
13726 		.flags = GENL_UNS_ADMIN_PERM,
13727 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13728 				  NL80211_FLAG_NEED_RTNL,
13729 	},
13730 	{
13731 		.cmd = NL80211_CMD_GET_SURVEY,
13732 		.policy = nl80211_policy,
13733 		.dumpit = nl80211_dump_survey,
13734 	},
13735 	{
13736 		.cmd = NL80211_CMD_SET_PMKSA,
13737 		.doit = nl80211_setdel_pmksa,
13738 		.policy = nl80211_policy,
13739 		.flags = GENL_UNS_ADMIN_PERM,
13740 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13741 				  NL80211_FLAG_NEED_RTNL,
13742 	},
13743 	{
13744 		.cmd = NL80211_CMD_DEL_PMKSA,
13745 		.doit = nl80211_setdel_pmksa,
13746 		.policy = nl80211_policy,
13747 		.flags = GENL_UNS_ADMIN_PERM,
13748 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13749 				  NL80211_FLAG_NEED_RTNL,
13750 	},
13751 	{
13752 		.cmd = NL80211_CMD_FLUSH_PMKSA,
13753 		.doit = nl80211_flush_pmksa,
13754 		.policy = nl80211_policy,
13755 		.flags = GENL_UNS_ADMIN_PERM,
13756 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13757 				  NL80211_FLAG_NEED_RTNL,
13758 	},
13759 	{
13760 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
13761 		.doit = nl80211_remain_on_channel,
13762 		.policy = nl80211_policy,
13763 		.flags = GENL_UNS_ADMIN_PERM,
13764 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13765 				  NL80211_FLAG_NEED_RTNL,
13766 	},
13767 	{
13768 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
13769 		.doit = nl80211_cancel_remain_on_channel,
13770 		.policy = nl80211_policy,
13771 		.flags = GENL_UNS_ADMIN_PERM,
13772 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13773 				  NL80211_FLAG_NEED_RTNL,
13774 	},
13775 	{
13776 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
13777 		.doit = nl80211_set_tx_bitrate_mask,
13778 		.policy = nl80211_policy,
13779 		.flags = GENL_UNS_ADMIN_PERM,
13780 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13781 				  NL80211_FLAG_NEED_RTNL,
13782 	},
13783 	{
13784 		.cmd = NL80211_CMD_REGISTER_FRAME,
13785 		.doit = nl80211_register_mgmt,
13786 		.policy = nl80211_policy,
13787 		.flags = GENL_UNS_ADMIN_PERM,
13788 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13789 				  NL80211_FLAG_NEED_RTNL,
13790 	},
13791 	{
13792 		.cmd = NL80211_CMD_FRAME,
13793 		.doit = nl80211_tx_mgmt,
13794 		.policy = nl80211_policy,
13795 		.flags = GENL_UNS_ADMIN_PERM,
13796 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13797 				  NL80211_FLAG_NEED_RTNL,
13798 	},
13799 	{
13800 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
13801 		.doit = nl80211_tx_mgmt_cancel_wait,
13802 		.policy = nl80211_policy,
13803 		.flags = GENL_UNS_ADMIN_PERM,
13804 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13805 				  NL80211_FLAG_NEED_RTNL,
13806 	},
13807 	{
13808 		.cmd = NL80211_CMD_SET_POWER_SAVE,
13809 		.doit = nl80211_set_power_save,
13810 		.policy = nl80211_policy,
13811 		.flags = GENL_UNS_ADMIN_PERM,
13812 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13813 				  NL80211_FLAG_NEED_RTNL,
13814 	},
13815 	{
13816 		.cmd = NL80211_CMD_GET_POWER_SAVE,
13817 		.doit = nl80211_get_power_save,
13818 		.policy = nl80211_policy,
13819 		/* can be retrieved by unprivileged users */
13820 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13821 				  NL80211_FLAG_NEED_RTNL,
13822 	},
13823 	{
13824 		.cmd = NL80211_CMD_SET_CQM,
13825 		.doit = nl80211_set_cqm,
13826 		.policy = nl80211_policy,
13827 		.flags = GENL_UNS_ADMIN_PERM,
13828 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13829 				  NL80211_FLAG_NEED_RTNL,
13830 	},
13831 	{
13832 		.cmd = NL80211_CMD_SET_CHANNEL,
13833 		.doit = nl80211_set_channel,
13834 		.policy = nl80211_policy,
13835 		.flags = GENL_UNS_ADMIN_PERM,
13836 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13837 				  NL80211_FLAG_NEED_RTNL,
13838 	},
13839 	{
13840 		.cmd = NL80211_CMD_SET_WDS_PEER,
13841 		.doit = nl80211_set_wds_peer,
13842 		.policy = nl80211_policy,
13843 		.flags = GENL_UNS_ADMIN_PERM,
13844 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13845 				  NL80211_FLAG_NEED_RTNL,
13846 	},
13847 	{
13848 		.cmd = NL80211_CMD_JOIN_MESH,
13849 		.doit = nl80211_join_mesh,
13850 		.policy = nl80211_policy,
13851 		.flags = GENL_UNS_ADMIN_PERM,
13852 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13853 				  NL80211_FLAG_NEED_RTNL,
13854 	},
13855 	{
13856 		.cmd = NL80211_CMD_LEAVE_MESH,
13857 		.doit = nl80211_leave_mesh,
13858 		.policy = nl80211_policy,
13859 		.flags = GENL_UNS_ADMIN_PERM,
13860 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13861 				  NL80211_FLAG_NEED_RTNL,
13862 	},
13863 	{
13864 		.cmd = NL80211_CMD_JOIN_OCB,
13865 		.doit = nl80211_join_ocb,
13866 		.policy = nl80211_policy,
13867 		.flags = GENL_UNS_ADMIN_PERM,
13868 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13869 				  NL80211_FLAG_NEED_RTNL,
13870 	},
13871 	{
13872 		.cmd = NL80211_CMD_LEAVE_OCB,
13873 		.doit = nl80211_leave_ocb,
13874 		.policy = nl80211_policy,
13875 		.flags = GENL_UNS_ADMIN_PERM,
13876 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13877 				  NL80211_FLAG_NEED_RTNL,
13878 	},
13879 #ifdef CONFIG_PM
13880 	{
13881 		.cmd = NL80211_CMD_GET_WOWLAN,
13882 		.doit = nl80211_get_wowlan,
13883 		.policy = nl80211_policy,
13884 		/* can be retrieved by unprivileged users */
13885 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13886 				  NL80211_FLAG_NEED_RTNL,
13887 	},
13888 	{
13889 		.cmd = NL80211_CMD_SET_WOWLAN,
13890 		.doit = nl80211_set_wowlan,
13891 		.policy = nl80211_policy,
13892 		.flags = GENL_UNS_ADMIN_PERM,
13893 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13894 				  NL80211_FLAG_NEED_RTNL,
13895 	},
13896 #endif
13897 	{
13898 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
13899 		.doit = nl80211_set_rekey_data,
13900 		.policy = nl80211_policy,
13901 		.flags = GENL_UNS_ADMIN_PERM,
13902 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13903 				  NL80211_FLAG_NEED_RTNL |
13904 				  NL80211_FLAG_CLEAR_SKB,
13905 	},
13906 	{
13907 		.cmd = NL80211_CMD_TDLS_MGMT,
13908 		.doit = nl80211_tdls_mgmt,
13909 		.policy = nl80211_policy,
13910 		.flags = GENL_UNS_ADMIN_PERM,
13911 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13912 				  NL80211_FLAG_NEED_RTNL,
13913 	},
13914 	{
13915 		.cmd = NL80211_CMD_TDLS_OPER,
13916 		.doit = nl80211_tdls_oper,
13917 		.policy = nl80211_policy,
13918 		.flags = GENL_UNS_ADMIN_PERM,
13919 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13920 				  NL80211_FLAG_NEED_RTNL,
13921 	},
13922 	{
13923 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
13924 		.doit = nl80211_register_unexpected_frame,
13925 		.policy = nl80211_policy,
13926 		.flags = GENL_UNS_ADMIN_PERM,
13927 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13928 				  NL80211_FLAG_NEED_RTNL,
13929 	},
13930 	{
13931 		.cmd = NL80211_CMD_PROBE_CLIENT,
13932 		.doit = nl80211_probe_client,
13933 		.policy = nl80211_policy,
13934 		.flags = GENL_UNS_ADMIN_PERM,
13935 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13936 				  NL80211_FLAG_NEED_RTNL,
13937 	},
13938 	{
13939 		.cmd = NL80211_CMD_REGISTER_BEACONS,
13940 		.doit = nl80211_register_beacons,
13941 		.policy = nl80211_policy,
13942 		.flags = GENL_UNS_ADMIN_PERM,
13943 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13944 				  NL80211_FLAG_NEED_RTNL,
13945 	},
13946 	{
13947 		.cmd = NL80211_CMD_SET_NOACK_MAP,
13948 		.doit = nl80211_set_noack_map,
13949 		.policy = nl80211_policy,
13950 		.flags = GENL_UNS_ADMIN_PERM,
13951 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13952 				  NL80211_FLAG_NEED_RTNL,
13953 	},
13954 	{
13955 		.cmd = NL80211_CMD_START_P2P_DEVICE,
13956 		.doit = nl80211_start_p2p_device,
13957 		.policy = nl80211_policy,
13958 		.flags = GENL_UNS_ADMIN_PERM,
13959 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13960 				  NL80211_FLAG_NEED_RTNL,
13961 	},
13962 	{
13963 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
13964 		.doit = nl80211_stop_p2p_device,
13965 		.policy = nl80211_policy,
13966 		.flags = GENL_UNS_ADMIN_PERM,
13967 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13968 				  NL80211_FLAG_NEED_RTNL,
13969 	},
13970 	{
13971 		.cmd = NL80211_CMD_START_NAN,
13972 		.doit = nl80211_start_nan,
13973 		.policy = nl80211_policy,
13974 		.flags = GENL_ADMIN_PERM,
13975 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13976 				  NL80211_FLAG_NEED_RTNL,
13977 	},
13978 	{
13979 		.cmd = NL80211_CMD_STOP_NAN,
13980 		.doit = nl80211_stop_nan,
13981 		.policy = nl80211_policy,
13982 		.flags = GENL_ADMIN_PERM,
13983 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13984 				  NL80211_FLAG_NEED_RTNL,
13985 	},
13986 	{
13987 		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
13988 		.doit = nl80211_nan_add_func,
13989 		.policy = nl80211_policy,
13990 		.flags = GENL_ADMIN_PERM,
13991 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13992 				  NL80211_FLAG_NEED_RTNL,
13993 	},
13994 	{
13995 		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
13996 		.doit = nl80211_nan_del_func,
13997 		.policy = nl80211_policy,
13998 		.flags = GENL_ADMIN_PERM,
13999 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14000 				  NL80211_FLAG_NEED_RTNL,
14001 	},
14002 	{
14003 		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
14004 		.doit = nl80211_nan_change_config,
14005 		.policy = nl80211_policy,
14006 		.flags = GENL_ADMIN_PERM,
14007 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14008 				  NL80211_FLAG_NEED_RTNL,
14009 	},
14010 	{
14011 		.cmd = NL80211_CMD_SET_MCAST_RATE,
14012 		.doit = nl80211_set_mcast_rate,
14013 		.policy = nl80211_policy,
14014 		.flags = GENL_UNS_ADMIN_PERM,
14015 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14016 				  NL80211_FLAG_NEED_RTNL,
14017 	},
14018 	{
14019 		.cmd = NL80211_CMD_SET_MAC_ACL,
14020 		.doit = nl80211_set_mac_acl,
14021 		.policy = nl80211_policy,
14022 		.flags = GENL_UNS_ADMIN_PERM,
14023 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14024 				  NL80211_FLAG_NEED_RTNL,
14025 	},
14026 	{
14027 		.cmd = NL80211_CMD_RADAR_DETECT,
14028 		.doit = nl80211_start_radar_detection,
14029 		.policy = nl80211_policy,
14030 		.flags = GENL_UNS_ADMIN_PERM,
14031 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14032 				  NL80211_FLAG_NEED_RTNL,
14033 	},
14034 	{
14035 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
14036 		.doit = nl80211_get_protocol_features,
14037 		.policy = nl80211_policy,
14038 	},
14039 	{
14040 		.cmd = NL80211_CMD_UPDATE_FT_IES,
14041 		.doit = nl80211_update_ft_ies,
14042 		.policy = nl80211_policy,
14043 		.flags = GENL_UNS_ADMIN_PERM,
14044 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14045 				  NL80211_FLAG_NEED_RTNL,
14046 	},
14047 	{
14048 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
14049 		.doit = nl80211_crit_protocol_start,
14050 		.policy = nl80211_policy,
14051 		.flags = GENL_UNS_ADMIN_PERM,
14052 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14053 				  NL80211_FLAG_NEED_RTNL,
14054 	},
14055 	{
14056 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
14057 		.doit = nl80211_crit_protocol_stop,
14058 		.policy = nl80211_policy,
14059 		.flags = GENL_UNS_ADMIN_PERM,
14060 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14061 				  NL80211_FLAG_NEED_RTNL,
14062 	},
14063 	{
14064 		.cmd = NL80211_CMD_GET_COALESCE,
14065 		.doit = nl80211_get_coalesce,
14066 		.policy = nl80211_policy,
14067 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14068 				  NL80211_FLAG_NEED_RTNL,
14069 	},
14070 	{
14071 		.cmd = NL80211_CMD_SET_COALESCE,
14072 		.doit = nl80211_set_coalesce,
14073 		.policy = nl80211_policy,
14074 		.flags = GENL_UNS_ADMIN_PERM,
14075 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14076 				  NL80211_FLAG_NEED_RTNL,
14077 	},
14078 	{
14079 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
14080 		.doit = nl80211_channel_switch,
14081 		.policy = nl80211_policy,
14082 		.flags = GENL_UNS_ADMIN_PERM,
14083 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14084 				  NL80211_FLAG_NEED_RTNL,
14085 	},
14086 	{
14087 		.cmd = NL80211_CMD_VENDOR,
14088 		.doit = nl80211_vendor_cmd,
14089 		.dumpit = nl80211_vendor_cmd_dump,
14090 		.policy = nl80211_policy,
14091 		.flags = GENL_UNS_ADMIN_PERM,
14092 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14093 				  NL80211_FLAG_NEED_RTNL,
14094 	},
14095 	{
14096 		.cmd = NL80211_CMD_SET_QOS_MAP,
14097 		.doit = nl80211_set_qos_map,
14098 		.policy = nl80211_policy,
14099 		.flags = GENL_UNS_ADMIN_PERM,
14100 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14101 				  NL80211_FLAG_NEED_RTNL,
14102 	},
14103 	{
14104 		.cmd = NL80211_CMD_ADD_TX_TS,
14105 		.doit = nl80211_add_tx_ts,
14106 		.policy = nl80211_policy,
14107 		.flags = GENL_UNS_ADMIN_PERM,
14108 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14109 				  NL80211_FLAG_NEED_RTNL,
14110 	},
14111 	{
14112 		.cmd = NL80211_CMD_DEL_TX_TS,
14113 		.doit = nl80211_del_tx_ts,
14114 		.policy = nl80211_policy,
14115 		.flags = GENL_UNS_ADMIN_PERM,
14116 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14117 				  NL80211_FLAG_NEED_RTNL,
14118 	},
14119 	{
14120 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
14121 		.doit = nl80211_tdls_channel_switch,
14122 		.policy = nl80211_policy,
14123 		.flags = GENL_UNS_ADMIN_PERM,
14124 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14125 				  NL80211_FLAG_NEED_RTNL,
14126 	},
14127 	{
14128 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
14129 		.doit = nl80211_tdls_cancel_channel_switch,
14130 		.policy = nl80211_policy,
14131 		.flags = GENL_UNS_ADMIN_PERM,
14132 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14133 				  NL80211_FLAG_NEED_RTNL,
14134 	},
14135 	{
14136 		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
14137 		.doit = nl80211_set_multicast_to_unicast,
14138 		.policy = nl80211_policy,
14139 		.flags = GENL_UNS_ADMIN_PERM,
14140 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14141 				  NL80211_FLAG_NEED_RTNL,
14142 	},
14143 	{
14144 		.cmd = NL80211_CMD_SET_PMK,
14145 		.doit = nl80211_set_pmk,
14146 		.policy = nl80211_policy,
14147 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14148 				  NL80211_FLAG_NEED_RTNL,
14149 	},
14150 	{
14151 		.cmd = NL80211_CMD_DEL_PMK,
14152 		.doit = nl80211_del_pmk,
14153 		.policy = nl80211_policy,
14154 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14155 				  NL80211_FLAG_NEED_RTNL,
14156 	},
14157 	{
14158 		.cmd = NL80211_CMD_EXTERNAL_AUTH,
14159 		.doit = nl80211_external_auth,
14160 		.policy = nl80211_policy,
14161 		.flags = GENL_ADMIN_PERM,
14162 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14163 				  NL80211_FLAG_NEED_RTNL,
14164 	},
14165 	{
14166 		.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
14167 		.doit = nl80211_tx_control_port,
14168 		.policy = nl80211_policy,
14169 		.flags = GENL_UNS_ADMIN_PERM,
14170 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14171 				  NL80211_FLAG_NEED_RTNL,
14172 	},
14173 	{
14174 		.cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
14175 		.doit = nl80211_get_ftm_responder_stats,
14176 		.policy = nl80211_policy,
14177 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14178 				  NL80211_FLAG_NEED_RTNL,
14179 	},
14180 	{
14181 		.cmd = NL80211_CMD_PEER_MEASUREMENT_START,
14182 		.doit = nl80211_pmsr_start,
14183 		.policy = nl80211_policy,
14184 		.flags = GENL_UNS_ADMIN_PERM,
14185 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14186 				  NL80211_FLAG_NEED_RTNL,
14187 	},
14188 	{
14189 		.cmd = NL80211_CMD_NOTIFY_RADAR,
14190 		.doit = nl80211_notify_radar_detection,
14191 		.policy = nl80211_policy,
14192 		.flags = GENL_UNS_ADMIN_PERM,
14193 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14194 				  NL80211_FLAG_NEED_RTNL,
14195 	},
14196 };
14197 
14198 static struct genl_family nl80211_fam __ro_after_init = {
14199 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
14200 	.hdrsize = 0,			/* no private header */
14201 	.version = 1,			/* no particular meaning now */
14202 	.maxattr = NL80211_ATTR_MAX,
14203 	.netnsok = true,
14204 	.pre_doit = nl80211_pre_doit,
14205 	.post_doit = nl80211_post_doit,
14206 	.module = THIS_MODULE,
14207 	.ops = nl80211_ops,
14208 	.n_ops = ARRAY_SIZE(nl80211_ops),
14209 	.mcgrps = nl80211_mcgrps,
14210 	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
14211 };
14212 
14213 /* notification functions */
14214 
14215 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
14216 			  enum nl80211_commands cmd)
14217 {
14218 	struct sk_buff *msg;
14219 	struct nl80211_dump_wiphy_state state = {};
14220 
14221 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
14222 		cmd != NL80211_CMD_DEL_WIPHY);
14223 
14224 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14225 	if (!msg)
14226 		return;
14227 
14228 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
14229 		nlmsg_free(msg);
14230 		return;
14231 	}
14232 
14233 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14234 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14235 }
14236 
14237 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
14238 				struct wireless_dev *wdev,
14239 				enum nl80211_commands cmd)
14240 {
14241 	struct sk_buff *msg;
14242 
14243 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14244 	if (!msg)
14245 		return;
14246 
14247 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
14248 		nlmsg_free(msg);
14249 		return;
14250 	}
14251 
14252 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14253 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14254 }
14255 
14256 static int nl80211_add_scan_req(struct sk_buff *msg,
14257 				struct cfg80211_registered_device *rdev)
14258 {
14259 	struct cfg80211_scan_request *req = rdev->scan_req;
14260 	struct nlattr *nest;
14261 	int i;
14262 
14263 	if (WARN_ON(!req))
14264 		return 0;
14265 
14266 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
14267 	if (!nest)
14268 		goto nla_put_failure;
14269 	for (i = 0; i < req->n_ssids; i++) {
14270 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
14271 			goto nla_put_failure;
14272 	}
14273 	nla_nest_end(msg, nest);
14274 
14275 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14276 	if (!nest)
14277 		goto nla_put_failure;
14278 	for (i = 0; i < req->n_channels; i++) {
14279 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14280 			goto nla_put_failure;
14281 	}
14282 	nla_nest_end(msg, nest);
14283 
14284 	if (req->ie &&
14285 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
14286 		goto nla_put_failure;
14287 
14288 	if (req->flags &&
14289 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
14290 		goto nla_put_failure;
14291 
14292 	if (req->info.scan_start_tsf &&
14293 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
14294 			       req->info.scan_start_tsf, NL80211_BSS_PAD) ||
14295 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
14296 		     req->info.tsf_bssid)))
14297 		goto nla_put_failure;
14298 
14299 	return 0;
14300  nla_put_failure:
14301 	return -ENOBUFS;
14302 }
14303 
14304 static int nl80211_prep_scan_msg(struct sk_buff *msg,
14305 				 struct cfg80211_registered_device *rdev,
14306 				 struct wireless_dev *wdev,
14307 				 u32 portid, u32 seq, int flags,
14308 				 u32 cmd)
14309 {
14310 	void *hdr;
14311 
14312 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
14313 	if (!hdr)
14314 		return -1;
14315 
14316 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14317 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14318 					 wdev->netdev->ifindex)) ||
14319 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14320 			      NL80211_ATTR_PAD))
14321 		goto nla_put_failure;
14322 
14323 	/* ignore errors and send incomplete event anyway */
14324 	nl80211_add_scan_req(msg, rdev);
14325 
14326 	genlmsg_end(msg, hdr);
14327 	return 0;
14328 
14329  nla_put_failure:
14330 	genlmsg_cancel(msg, hdr);
14331 	return -EMSGSIZE;
14332 }
14333 
14334 static int
14335 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
14336 			    struct cfg80211_sched_scan_request *req, u32 cmd)
14337 {
14338 	void *hdr;
14339 
14340 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14341 	if (!hdr)
14342 		return -1;
14343 
14344 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
14345 			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
14346 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
14347 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
14348 			      NL80211_ATTR_PAD))
14349 		goto nla_put_failure;
14350 
14351 	genlmsg_end(msg, hdr);
14352 	return 0;
14353 
14354  nla_put_failure:
14355 	genlmsg_cancel(msg, hdr);
14356 	return -EMSGSIZE;
14357 }
14358 
14359 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
14360 			     struct wireless_dev *wdev)
14361 {
14362 	struct sk_buff *msg;
14363 
14364 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14365 	if (!msg)
14366 		return;
14367 
14368 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14369 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
14370 		nlmsg_free(msg);
14371 		return;
14372 	}
14373 
14374 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14375 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14376 }
14377 
14378 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
14379 				       struct wireless_dev *wdev, bool aborted)
14380 {
14381 	struct sk_buff *msg;
14382 
14383 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14384 	if (!msg)
14385 		return NULL;
14386 
14387 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14388 				  aborted ? NL80211_CMD_SCAN_ABORTED :
14389 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
14390 		nlmsg_free(msg);
14391 		return NULL;
14392 	}
14393 
14394 	return msg;
14395 }
14396 
14397 /* send message created by nl80211_build_scan_msg() */
14398 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
14399 			   struct sk_buff *msg)
14400 {
14401 	if (!msg)
14402 		return;
14403 
14404 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14405 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14406 }
14407 
14408 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
14409 {
14410 	struct sk_buff *msg;
14411 
14412 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14413 	if (!msg)
14414 		return;
14415 
14416 	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
14417 		nlmsg_free(msg);
14418 		return;
14419 	}
14420 
14421 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
14422 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14423 }
14424 
14425 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
14426 					  struct regulatory_request *request)
14427 {
14428 	/* Userspace can always count this one always being set */
14429 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
14430 		goto nla_put_failure;
14431 
14432 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
14433 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14434 			       NL80211_REGDOM_TYPE_WORLD))
14435 			goto nla_put_failure;
14436 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
14437 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14438 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
14439 			goto nla_put_failure;
14440 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
14441 		   request->intersect) {
14442 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14443 			       NL80211_REGDOM_TYPE_INTERSECTION))
14444 			goto nla_put_failure;
14445 	} else {
14446 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14447 			       NL80211_REGDOM_TYPE_COUNTRY) ||
14448 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
14449 				   request->alpha2))
14450 			goto nla_put_failure;
14451 	}
14452 
14453 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
14454 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
14455 
14456 		if (wiphy &&
14457 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
14458 			goto nla_put_failure;
14459 
14460 		if (wiphy &&
14461 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
14462 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
14463 			goto nla_put_failure;
14464 	}
14465 
14466 	return true;
14467 
14468 nla_put_failure:
14469 	return false;
14470 }
14471 
14472 /*
14473  * This can happen on global regulatory changes or device specific settings
14474  * based on custom regulatory domains.
14475  */
14476 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
14477 				     struct regulatory_request *request)
14478 {
14479 	struct sk_buff *msg;
14480 	void *hdr;
14481 
14482 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14483 	if (!msg)
14484 		return;
14485 
14486 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
14487 	if (!hdr) {
14488 		nlmsg_free(msg);
14489 		return;
14490 	}
14491 
14492 	if (nl80211_reg_change_event_fill(msg, request) == false)
14493 		goto nla_put_failure;
14494 
14495 	genlmsg_end(msg, hdr);
14496 
14497 	rcu_read_lock();
14498 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14499 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14500 	rcu_read_unlock();
14501 
14502 	return;
14503 
14504 nla_put_failure:
14505 	nlmsg_free(msg);
14506 }
14507 
14508 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
14509 				    struct net_device *netdev,
14510 				    const u8 *buf, size_t len,
14511 				    enum nl80211_commands cmd, gfp_t gfp,
14512 				    int uapsd_queues, const u8 *req_ies,
14513 				    size_t req_ies_len)
14514 {
14515 	struct sk_buff *msg;
14516 	void *hdr;
14517 
14518 	msg = nlmsg_new(100 + len + req_ies_len, gfp);
14519 	if (!msg)
14520 		return;
14521 
14522 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14523 	if (!hdr) {
14524 		nlmsg_free(msg);
14525 		return;
14526 	}
14527 
14528 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14529 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14530 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14531 	    (req_ies &&
14532 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
14533 		goto nla_put_failure;
14534 
14535 	if (uapsd_queues >= 0) {
14536 		struct nlattr *nla_wmm =
14537 			nla_nest_start(msg, NL80211_ATTR_STA_WME);
14538 		if (!nla_wmm)
14539 			goto nla_put_failure;
14540 
14541 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
14542 			       uapsd_queues))
14543 			goto nla_put_failure;
14544 
14545 		nla_nest_end(msg, nla_wmm);
14546 	}
14547 
14548 	genlmsg_end(msg, hdr);
14549 
14550 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14551 				NL80211_MCGRP_MLME, gfp);
14552 	return;
14553 
14554  nla_put_failure:
14555 	nlmsg_free(msg);
14556 }
14557 
14558 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
14559 			  struct net_device *netdev, const u8 *buf,
14560 			  size_t len, gfp_t gfp)
14561 {
14562 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14563 				NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
14564 }
14565 
14566 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
14567 			   struct net_device *netdev, const u8 *buf,
14568 			   size_t len, gfp_t gfp, int uapsd_queues,
14569 			   const u8 *req_ies, size_t req_ies_len)
14570 {
14571 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14572 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
14573 				req_ies, req_ies_len);
14574 }
14575 
14576 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
14577 			 struct net_device *netdev, const u8 *buf,
14578 			 size_t len, gfp_t gfp)
14579 {
14580 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14581 				NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
14582 }
14583 
14584 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
14585 			   struct net_device *netdev, const u8 *buf,
14586 			   size_t len, gfp_t gfp)
14587 {
14588 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14589 				NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
14590 }
14591 
14592 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
14593 				  size_t len)
14594 {
14595 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14596 	struct wiphy *wiphy = wdev->wiphy;
14597 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14598 	const struct ieee80211_mgmt *mgmt = (void *)buf;
14599 	u32 cmd;
14600 
14601 	if (WARN_ON(len < 2))
14602 		return;
14603 
14604 	if (ieee80211_is_deauth(mgmt->frame_control))
14605 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
14606 	else
14607 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
14608 
14609 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
14610 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
14611 				NULL, 0);
14612 }
14613 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
14614 
14615 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
14616 				      struct net_device *netdev, int cmd,
14617 				      const u8 *addr, gfp_t gfp)
14618 {
14619 	struct sk_buff *msg;
14620 	void *hdr;
14621 
14622 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14623 	if (!msg)
14624 		return;
14625 
14626 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14627 	if (!hdr) {
14628 		nlmsg_free(msg);
14629 		return;
14630 	}
14631 
14632 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14633 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14634 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
14635 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14636 		goto nla_put_failure;
14637 
14638 	genlmsg_end(msg, hdr);
14639 
14640 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14641 				NL80211_MCGRP_MLME, gfp);
14642 	return;
14643 
14644  nla_put_failure:
14645 	nlmsg_free(msg);
14646 }
14647 
14648 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
14649 			       struct net_device *netdev, const u8 *addr,
14650 			       gfp_t gfp)
14651 {
14652 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
14653 				  addr, gfp);
14654 }
14655 
14656 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
14657 				struct net_device *netdev, const u8 *addr,
14658 				gfp_t gfp)
14659 {
14660 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
14661 				  addr, gfp);
14662 }
14663 
14664 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
14665 				 struct net_device *netdev,
14666 				 struct cfg80211_connect_resp_params *cr,
14667 				 gfp_t gfp)
14668 {
14669 	struct sk_buff *msg;
14670 	void *hdr;
14671 
14672 	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
14673 			cr->fils.kek_len + cr->fils.pmk_len +
14674 			(cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
14675 	if (!msg)
14676 		return;
14677 
14678 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
14679 	if (!hdr) {
14680 		nlmsg_free(msg);
14681 		return;
14682 	}
14683 
14684 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14685 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14686 	    (cr->bssid &&
14687 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
14688 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
14689 			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
14690 			cr->status) ||
14691 	    (cr->status < 0 &&
14692 	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
14693 	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
14694 			  cr->timeout_reason))) ||
14695 	    (cr->req_ie &&
14696 	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
14697 	    (cr->resp_ie &&
14698 	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
14699 		     cr->resp_ie)) ||
14700 	    (cr->fils.update_erp_next_seq_num &&
14701 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
14702 			 cr->fils.erp_next_seq_num)) ||
14703 	    (cr->status == WLAN_STATUS_SUCCESS &&
14704 	     ((cr->fils.kek &&
14705 	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
14706 		       cr->fils.kek)) ||
14707 	      (cr->fils.pmk &&
14708 	       nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
14709 	      (cr->fils.pmkid &&
14710 	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
14711 		goto nla_put_failure;
14712 
14713 	genlmsg_end(msg, hdr);
14714 
14715 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14716 				NL80211_MCGRP_MLME, gfp);
14717 	return;
14718 
14719  nla_put_failure:
14720 	nlmsg_free(msg);
14721 }
14722 
14723 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
14724 			 struct net_device *netdev,
14725 			 struct cfg80211_roam_info *info, gfp_t gfp)
14726 {
14727 	struct sk_buff *msg;
14728 	void *hdr;
14729 	const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
14730 
14731 	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
14732 			info->fils.kek_len + info->fils.pmk_len +
14733 			(info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
14734 	if (!msg)
14735 		return;
14736 
14737 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
14738 	if (!hdr) {
14739 		nlmsg_free(msg);
14740 		return;
14741 	}
14742 
14743 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14744 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14745 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
14746 	    (info->req_ie &&
14747 	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
14748 		     info->req_ie)) ||
14749 	    (info->resp_ie &&
14750 	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
14751 		     info->resp_ie)) ||
14752 	    (info->fils.update_erp_next_seq_num &&
14753 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
14754 			 info->fils.erp_next_seq_num)) ||
14755 	    (info->fils.kek &&
14756 	     nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
14757 		     info->fils.kek)) ||
14758 	    (info->fils.pmk &&
14759 	     nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
14760 	    (info->fils.pmkid &&
14761 	     nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
14762 		goto nla_put_failure;
14763 
14764 	genlmsg_end(msg, hdr);
14765 
14766 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14767 				NL80211_MCGRP_MLME, gfp);
14768 	return;
14769 
14770  nla_put_failure:
14771 	nlmsg_free(msg);
14772 }
14773 
14774 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
14775 				  struct net_device *netdev, const u8 *bssid)
14776 {
14777 	struct sk_buff *msg;
14778 	void *hdr;
14779 
14780 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14781 	if (!msg)
14782 		return;
14783 
14784 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
14785 	if (!hdr) {
14786 		nlmsg_free(msg);
14787 		return;
14788 	}
14789 
14790 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14791 		goto nla_put_failure;
14792 
14793 	genlmsg_end(msg, hdr);
14794 
14795 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14796 				NL80211_MCGRP_MLME, GFP_KERNEL);
14797 	return;
14798 
14799  nla_put_failure:
14800 	nlmsg_free(msg);
14801 }
14802 
14803 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
14804 			       struct net_device *netdev, u16 reason,
14805 			       const u8 *ie, size_t ie_len, bool from_ap)
14806 {
14807 	struct sk_buff *msg;
14808 	void *hdr;
14809 
14810 	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
14811 	if (!msg)
14812 		return;
14813 
14814 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
14815 	if (!hdr) {
14816 		nlmsg_free(msg);
14817 		return;
14818 	}
14819 
14820 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14821 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14822 	    (reason &&
14823 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
14824 	    (from_ap &&
14825 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
14826 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
14827 		goto nla_put_failure;
14828 
14829 	genlmsg_end(msg, hdr);
14830 
14831 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14832 				NL80211_MCGRP_MLME, GFP_KERNEL);
14833 	return;
14834 
14835  nla_put_failure:
14836 	nlmsg_free(msg);
14837 }
14838 
14839 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
14840 			     struct net_device *netdev, const u8 *bssid,
14841 			     gfp_t gfp)
14842 {
14843 	struct sk_buff *msg;
14844 	void *hdr;
14845 
14846 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14847 	if (!msg)
14848 		return;
14849 
14850 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
14851 	if (!hdr) {
14852 		nlmsg_free(msg);
14853 		return;
14854 	}
14855 
14856 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14857 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14858 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14859 		goto nla_put_failure;
14860 
14861 	genlmsg_end(msg, hdr);
14862 
14863 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14864 				NL80211_MCGRP_MLME, gfp);
14865 	return;
14866 
14867  nla_put_failure:
14868 	nlmsg_free(msg);
14869 }
14870 
14871 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
14872 					const u8 *ie, u8 ie_len,
14873 					int sig_dbm, gfp_t gfp)
14874 {
14875 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14876 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
14877 	struct sk_buff *msg;
14878 	void *hdr;
14879 
14880 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
14881 		return;
14882 
14883 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
14884 
14885 	msg = nlmsg_new(100 + ie_len, gfp);
14886 	if (!msg)
14887 		return;
14888 
14889 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
14890 	if (!hdr) {
14891 		nlmsg_free(msg);
14892 		return;
14893 	}
14894 
14895 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14896 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
14897 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
14898 	    (ie_len && ie &&
14899 	     nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
14900 	    (sig_dbm &&
14901 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
14902 		goto nla_put_failure;
14903 
14904 	genlmsg_end(msg, hdr);
14905 
14906 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14907 				NL80211_MCGRP_MLME, gfp);
14908 	return;
14909 
14910  nla_put_failure:
14911 	nlmsg_free(msg);
14912 }
14913 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
14914 
14915 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
14916 				 struct net_device *netdev, const u8 *addr,
14917 				 enum nl80211_key_type key_type, int key_id,
14918 				 const u8 *tsc, gfp_t gfp)
14919 {
14920 	struct sk_buff *msg;
14921 	void *hdr;
14922 
14923 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14924 	if (!msg)
14925 		return;
14926 
14927 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
14928 	if (!hdr) {
14929 		nlmsg_free(msg);
14930 		return;
14931 	}
14932 
14933 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14934 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14935 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
14936 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
14937 	    (key_id != -1 &&
14938 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
14939 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
14940 		goto nla_put_failure;
14941 
14942 	genlmsg_end(msg, hdr);
14943 
14944 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14945 				NL80211_MCGRP_MLME, gfp);
14946 	return;
14947 
14948  nla_put_failure:
14949 	nlmsg_free(msg);
14950 }
14951 
14952 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
14953 				    struct ieee80211_channel *channel_before,
14954 				    struct ieee80211_channel *channel_after)
14955 {
14956 	struct sk_buff *msg;
14957 	void *hdr;
14958 	struct nlattr *nl_freq;
14959 
14960 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
14961 	if (!msg)
14962 		return;
14963 
14964 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
14965 	if (!hdr) {
14966 		nlmsg_free(msg);
14967 		return;
14968 	}
14969 
14970 	/*
14971 	 * Since we are applying the beacon hint to a wiphy we know its
14972 	 * wiphy_idx is valid
14973 	 */
14974 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
14975 		goto nla_put_failure;
14976 
14977 	/* Before */
14978 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
14979 	if (!nl_freq)
14980 		goto nla_put_failure;
14981 
14982 	if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
14983 		goto nla_put_failure;
14984 	nla_nest_end(msg, nl_freq);
14985 
14986 	/* After */
14987 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
14988 	if (!nl_freq)
14989 		goto nla_put_failure;
14990 
14991 	if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
14992 		goto nla_put_failure;
14993 	nla_nest_end(msg, nl_freq);
14994 
14995 	genlmsg_end(msg, hdr);
14996 
14997 	rcu_read_lock();
14998 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14999 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15000 	rcu_read_unlock();
15001 
15002 	return;
15003 
15004 nla_put_failure:
15005 	nlmsg_free(msg);
15006 }
15007 
15008 static void nl80211_send_remain_on_chan_event(
15009 	int cmd, struct cfg80211_registered_device *rdev,
15010 	struct wireless_dev *wdev, u64 cookie,
15011 	struct ieee80211_channel *chan,
15012 	unsigned int duration, gfp_t gfp)
15013 {
15014 	struct sk_buff *msg;
15015 	void *hdr;
15016 
15017 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15018 	if (!msg)
15019 		return;
15020 
15021 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15022 	if (!hdr) {
15023 		nlmsg_free(msg);
15024 		return;
15025 	}
15026 
15027 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15028 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15029 					 wdev->netdev->ifindex)) ||
15030 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15031 			      NL80211_ATTR_PAD) ||
15032 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
15033 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
15034 			NL80211_CHAN_NO_HT) ||
15035 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15036 			      NL80211_ATTR_PAD))
15037 		goto nla_put_failure;
15038 
15039 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
15040 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
15041 		goto nla_put_failure;
15042 
15043 	genlmsg_end(msg, hdr);
15044 
15045 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15046 				NL80211_MCGRP_MLME, gfp);
15047 	return;
15048 
15049  nla_put_failure:
15050 	nlmsg_free(msg);
15051 }
15052 
15053 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
15054 			       struct ieee80211_channel *chan,
15055 			       unsigned int duration, gfp_t gfp)
15056 {
15057 	struct wiphy *wiphy = wdev->wiphy;
15058 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15059 
15060 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
15061 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
15062 					  rdev, wdev, cookie, chan,
15063 					  duration, gfp);
15064 }
15065 EXPORT_SYMBOL(cfg80211_ready_on_channel);
15066 
15067 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
15068 					struct ieee80211_channel *chan,
15069 					gfp_t gfp)
15070 {
15071 	struct wiphy *wiphy = wdev->wiphy;
15072 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15073 
15074 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
15075 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15076 					  rdev, wdev, cookie, chan, 0, gfp);
15077 }
15078 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
15079 
15080 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
15081 		      struct station_info *sinfo, gfp_t gfp)
15082 {
15083 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15084 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15085 	struct sk_buff *msg;
15086 
15087 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
15088 
15089 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15090 	if (!msg)
15091 		return;
15092 
15093 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
15094 				 rdev, dev, mac_addr, sinfo) < 0) {
15095 		nlmsg_free(msg);
15096 		return;
15097 	}
15098 
15099 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15100 				NL80211_MCGRP_MLME, gfp);
15101 }
15102 EXPORT_SYMBOL(cfg80211_new_sta);
15103 
15104 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
15105 			    struct station_info *sinfo, gfp_t gfp)
15106 {
15107 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15108 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15109 	struct sk_buff *msg;
15110 	struct station_info empty_sinfo = {};
15111 
15112 	if (!sinfo)
15113 		sinfo = &empty_sinfo;
15114 
15115 	trace_cfg80211_del_sta(dev, mac_addr);
15116 
15117 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15118 	if (!msg) {
15119 		cfg80211_sinfo_release_content(sinfo);
15120 		return;
15121 	}
15122 
15123 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
15124 				 rdev, dev, mac_addr, sinfo) < 0) {
15125 		nlmsg_free(msg);
15126 		return;
15127 	}
15128 
15129 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15130 				NL80211_MCGRP_MLME, gfp);
15131 }
15132 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
15133 
15134 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
15135 			  enum nl80211_connect_failed_reason reason,
15136 			  gfp_t gfp)
15137 {
15138 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15139 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15140 	struct sk_buff *msg;
15141 	void *hdr;
15142 
15143 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
15144 	if (!msg)
15145 		return;
15146 
15147 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
15148 	if (!hdr) {
15149 		nlmsg_free(msg);
15150 		return;
15151 	}
15152 
15153 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15154 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
15155 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
15156 		goto nla_put_failure;
15157 
15158 	genlmsg_end(msg, hdr);
15159 
15160 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15161 				NL80211_MCGRP_MLME, gfp);
15162 	return;
15163 
15164  nla_put_failure:
15165 	nlmsg_free(msg);
15166 }
15167 EXPORT_SYMBOL(cfg80211_conn_failed);
15168 
15169 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
15170 				       const u8 *addr, gfp_t gfp)
15171 {
15172 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15173 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15174 	struct sk_buff *msg;
15175 	void *hdr;
15176 	u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
15177 
15178 	if (!nlportid)
15179 		return false;
15180 
15181 	msg = nlmsg_new(100, gfp);
15182 	if (!msg)
15183 		return true;
15184 
15185 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15186 	if (!hdr) {
15187 		nlmsg_free(msg);
15188 		return true;
15189 	}
15190 
15191 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15192 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15193 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15194 		goto nla_put_failure;
15195 
15196 	genlmsg_end(msg, hdr);
15197 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15198 	return true;
15199 
15200  nla_put_failure:
15201 	nlmsg_free(msg);
15202 	return true;
15203 }
15204 
15205 bool cfg80211_rx_spurious_frame(struct net_device *dev,
15206 				const u8 *addr, gfp_t gfp)
15207 {
15208 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15209 	bool ret;
15210 
15211 	trace_cfg80211_rx_spurious_frame(dev, addr);
15212 
15213 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15214 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
15215 		trace_cfg80211_return_bool(false);
15216 		return false;
15217 	}
15218 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
15219 					 addr, gfp);
15220 	trace_cfg80211_return_bool(ret);
15221 	return ret;
15222 }
15223 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
15224 
15225 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
15226 					const u8 *addr, gfp_t gfp)
15227 {
15228 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15229 	bool ret;
15230 
15231 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
15232 
15233 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15234 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
15235 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
15236 		trace_cfg80211_return_bool(false);
15237 		return false;
15238 	}
15239 	ret = __nl80211_unexpected_frame(dev,
15240 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
15241 					 addr, gfp);
15242 	trace_cfg80211_return_bool(ret);
15243 	return ret;
15244 }
15245 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
15246 
15247 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
15248 		      struct wireless_dev *wdev, u32 nlportid,
15249 		      int freq, int sig_dbm,
15250 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
15251 {
15252 	struct net_device *netdev = wdev->netdev;
15253 	struct sk_buff *msg;
15254 	void *hdr;
15255 
15256 	msg = nlmsg_new(100 + len, gfp);
15257 	if (!msg)
15258 		return -ENOMEM;
15259 
15260 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15261 	if (!hdr) {
15262 		nlmsg_free(msg);
15263 		return -ENOMEM;
15264 	}
15265 
15266 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15267 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15268 					netdev->ifindex)) ||
15269 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15270 			      NL80211_ATTR_PAD) ||
15271 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
15272 	    (sig_dbm &&
15273 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15274 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15275 	    (flags &&
15276 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
15277 		goto nla_put_failure;
15278 
15279 	genlmsg_end(msg, hdr);
15280 
15281 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15282 
15283  nla_put_failure:
15284 	nlmsg_free(msg);
15285 	return -ENOBUFS;
15286 }
15287 
15288 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
15289 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
15290 {
15291 	struct wiphy *wiphy = wdev->wiphy;
15292 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15293 	struct net_device *netdev = wdev->netdev;
15294 	struct sk_buff *msg;
15295 	void *hdr;
15296 
15297 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
15298 
15299 	msg = nlmsg_new(100 + len, gfp);
15300 	if (!msg)
15301 		return;
15302 
15303 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
15304 	if (!hdr) {
15305 		nlmsg_free(msg);
15306 		return;
15307 	}
15308 
15309 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15310 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15311 				   netdev->ifindex)) ||
15312 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15313 			      NL80211_ATTR_PAD) ||
15314 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15315 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15316 			      NL80211_ATTR_PAD) ||
15317 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
15318 		goto nla_put_failure;
15319 
15320 	genlmsg_end(msg, hdr);
15321 
15322 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15323 				NL80211_MCGRP_MLME, gfp);
15324 	return;
15325 
15326  nla_put_failure:
15327 	nlmsg_free(msg);
15328 }
15329 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
15330 
15331 static int __nl80211_rx_control_port(struct net_device *dev,
15332 				     struct sk_buff *skb,
15333 				     bool unencrypted, gfp_t gfp)
15334 {
15335 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15336 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15337 	struct ethhdr *ehdr = eth_hdr(skb);
15338 	const u8 *addr = ehdr->h_source;
15339 	u16 proto = be16_to_cpu(skb->protocol);
15340 	struct sk_buff *msg;
15341 	void *hdr;
15342 	struct nlattr *frame;
15343 
15344 	u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
15345 
15346 	if (!nlportid)
15347 		return -ENOENT;
15348 
15349 	msg = nlmsg_new(100 + skb->len, gfp);
15350 	if (!msg)
15351 		return -ENOMEM;
15352 
15353 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
15354 	if (!hdr) {
15355 		nlmsg_free(msg);
15356 		return -ENOBUFS;
15357 	}
15358 
15359 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15360 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15361 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15362 			      NL80211_ATTR_PAD) ||
15363 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15364 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
15365 	    (unencrypted && nla_put_flag(msg,
15366 					 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
15367 		goto nla_put_failure;
15368 
15369 	frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
15370 	if (!frame)
15371 		goto nla_put_failure;
15372 
15373 	skb_copy_bits(skb, 0, nla_data(frame), skb->len);
15374 	genlmsg_end(msg, hdr);
15375 
15376 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15377 
15378  nla_put_failure:
15379 	nlmsg_free(msg);
15380 	return -ENOBUFS;
15381 }
15382 
15383 bool cfg80211_rx_control_port(struct net_device *dev,
15384 			      struct sk_buff *skb, bool unencrypted)
15385 {
15386 	int ret;
15387 
15388 	trace_cfg80211_rx_control_port(dev, skb, unencrypted);
15389 	ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
15390 	trace_cfg80211_return_bool(ret == 0);
15391 	return ret == 0;
15392 }
15393 EXPORT_SYMBOL(cfg80211_rx_control_port);
15394 
15395 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
15396 					    const char *mac, gfp_t gfp)
15397 {
15398 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15399 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15400 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15401 	void **cb;
15402 
15403 	if (!msg)
15404 		return NULL;
15405 
15406 	cb = (void **)msg->cb;
15407 
15408 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
15409 	if (!cb[0]) {
15410 		nlmsg_free(msg);
15411 		return NULL;
15412 	}
15413 
15414 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15415 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15416 		goto nla_put_failure;
15417 
15418 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15419 		goto nla_put_failure;
15420 
15421 	cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
15422 	if (!cb[1])
15423 		goto nla_put_failure;
15424 
15425 	cb[2] = rdev;
15426 
15427 	return msg;
15428  nla_put_failure:
15429 	nlmsg_free(msg);
15430 	return NULL;
15431 }
15432 
15433 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
15434 {
15435 	void **cb = (void **)msg->cb;
15436 	struct cfg80211_registered_device *rdev = cb[2];
15437 
15438 	nla_nest_end(msg, cb[1]);
15439 	genlmsg_end(msg, cb[0]);
15440 
15441 	memset(msg->cb, 0, sizeof(msg->cb));
15442 
15443 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15444 				NL80211_MCGRP_MLME, gfp);
15445 }
15446 
15447 void cfg80211_cqm_rssi_notify(struct net_device *dev,
15448 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
15449 			      s32 rssi_level, gfp_t gfp)
15450 {
15451 	struct sk_buff *msg;
15452 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15453 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15454 
15455 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
15456 
15457 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
15458 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
15459 		return;
15460 
15461 	if (wdev->cqm_config) {
15462 		wdev->cqm_config->last_rssi_event_value = rssi_level;
15463 
15464 		cfg80211_cqm_rssi_update(rdev, dev);
15465 
15466 		if (rssi_level == 0)
15467 			rssi_level = wdev->cqm_config->last_rssi_event_value;
15468 	}
15469 
15470 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15471 	if (!msg)
15472 		return;
15473 
15474 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
15475 			rssi_event))
15476 		goto nla_put_failure;
15477 
15478 	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
15479 				      rssi_level))
15480 		goto nla_put_failure;
15481 
15482 	cfg80211_send_cqm(msg, gfp);
15483 
15484 	return;
15485 
15486  nla_put_failure:
15487 	nlmsg_free(msg);
15488 }
15489 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
15490 
15491 void cfg80211_cqm_txe_notify(struct net_device *dev,
15492 			     const u8 *peer, u32 num_packets,
15493 			     u32 rate, u32 intvl, gfp_t gfp)
15494 {
15495 	struct sk_buff *msg;
15496 
15497 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
15498 	if (!msg)
15499 		return;
15500 
15501 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
15502 		goto nla_put_failure;
15503 
15504 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
15505 		goto nla_put_failure;
15506 
15507 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
15508 		goto nla_put_failure;
15509 
15510 	cfg80211_send_cqm(msg, gfp);
15511 	return;
15512 
15513  nla_put_failure:
15514 	nlmsg_free(msg);
15515 }
15516 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
15517 
15518 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
15519 				 const u8 *peer, u32 num_packets, gfp_t gfp)
15520 {
15521 	struct sk_buff *msg;
15522 
15523 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
15524 
15525 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
15526 	if (!msg)
15527 		return;
15528 
15529 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
15530 		goto nla_put_failure;
15531 
15532 	cfg80211_send_cqm(msg, gfp);
15533 	return;
15534 
15535  nla_put_failure:
15536 	nlmsg_free(msg);
15537 }
15538 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
15539 
15540 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
15541 {
15542 	struct sk_buff *msg;
15543 
15544 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15545 	if (!msg)
15546 		return;
15547 
15548 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
15549 		goto nla_put_failure;
15550 
15551 	cfg80211_send_cqm(msg, gfp);
15552 	return;
15553 
15554  nla_put_failure:
15555 	nlmsg_free(msg);
15556 }
15557 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
15558 
15559 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
15560 				     struct net_device *netdev, const u8 *bssid,
15561 				     const u8 *replay_ctr, gfp_t gfp)
15562 {
15563 	struct sk_buff *msg;
15564 	struct nlattr *rekey_attr;
15565 	void *hdr;
15566 
15567 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15568 	if (!msg)
15569 		return;
15570 
15571 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
15572 	if (!hdr) {
15573 		nlmsg_free(msg);
15574 		return;
15575 	}
15576 
15577 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15578 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15579 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15580 		goto nla_put_failure;
15581 
15582 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
15583 	if (!rekey_attr)
15584 		goto nla_put_failure;
15585 
15586 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
15587 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
15588 		goto nla_put_failure;
15589 
15590 	nla_nest_end(msg, rekey_attr);
15591 
15592 	genlmsg_end(msg, hdr);
15593 
15594 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15595 				NL80211_MCGRP_MLME, gfp);
15596 	return;
15597 
15598  nla_put_failure:
15599 	nlmsg_free(msg);
15600 }
15601 
15602 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
15603 			       const u8 *replay_ctr, gfp_t gfp)
15604 {
15605 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15606 	struct wiphy *wiphy = wdev->wiphy;
15607 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15608 
15609 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
15610 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
15611 }
15612 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
15613 
15614 static void
15615 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
15616 			       struct net_device *netdev, int index,
15617 			       const u8 *bssid, bool preauth, gfp_t gfp)
15618 {
15619 	struct sk_buff *msg;
15620 	struct nlattr *attr;
15621 	void *hdr;
15622 
15623 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15624 	if (!msg)
15625 		return;
15626 
15627 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
15628 	if (!hdr) {
15629 		nlmsg_free(msg);
15630 		return;
15631 	}
15632 
15633 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15634 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
15635 		goto nla_put_failure;
15636 
15637 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
15638 	if (!attr)
15639 		goto nla_put_failure;
15640 
15641 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
15642 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
15643 	    (preauth &&
15644 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
15645 		goto nla_put_failure;
15646 
15647 	nla_nest_end(msg, attr);
15648 
15649 	genlmsg_end(msg, hdr);
15650 
15651 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15652 				NL80211_MCGRP_MLME, gfp);
15653 	return;
15654 
15655  nla_put_failure:
15656 	nlmsg_free(msg);
15657 }
15658 
15659 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
15660 				     const u8 *bssid, bool preauth, gfp_t gfp)
15661 {
15662 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15663 	struct wiphy *wiphy = wdev->wiphy;
15664 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15665 
15666 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
15667 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
15668 }
15669 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
15670 
15671 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
15672 				     struct net_device *netdev,
15673 				     struct cfg80211_chan_def *chandef,
15674 				     gfp_t gfp,
15675 				     enum nl80211_commands notif,
15676 				     u8 count)
15677 {
15678 	struct sk_buff *msg;
15679 	void *hdr;
15680 
15681 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15682 	if (!msg)
15683 		return;
15684 
15685 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
15686 	if (!hdr) {
15687 		nlmsg_free(msg);
15688 		return;
15689 	}
15690 
15691 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
15692 		goto nla_put_failure;
15693 
15694 	if (nl80211_send_chandef(msg, chandef))
15695 		goto nla_put_failure;
15696 
15697 	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
15698 	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
15699 			goto nla_put_failure;
15700 
15701 	genlmsg_end(msg, hdr);
15702 
15703 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15704 				NL80211_MCGRP_MLME, gfp);
15705 	return;
15706 
15707  nla_put_failure:
15708 	nlmsg_free(msg);
15709 }
15710 
15711 void cfg80211_ch_switch_notify(struct net_device *dev,
15712 			       struct cfg80211_chan_def *chandef)
15713 {
15714 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15715 	struct wiphy *wiphy = wdev->wiphy;
15716 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15717 
15718 	ASSERT_WDEV_LOCK(wdev);
15719 
15720 	trace_cfg80211_ch_switch_notify(dev, chandef);
15721 
15722 	wdev->chandef = *chandef;
15723 	wdev->preset_chandef = *chandef;
15724 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
15725 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
15726 }
15727 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
15728 
15729 void cfg80211_ch_switch_started_notify(struct net_device *dev,
15730 				       struct cfg80211_chan_def *chandef,
15731 				       u8 count)
15732 {
15733 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15734 	struct wiphy *wiphy = wdev->wiphy;
15735 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15736 
15737 	trace_cfg80211_ch_switch_started_notify(dev, chandef);
15738 
15739 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
15740 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
15741 }
15742 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
15743 
15744 void
15745 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
15746 		     const struct cfg80211_chan_def *chandef,
15747 		     enum nl80211_radar_event event,
15748 		     struct net_device *netdev, gfp_t gfp)
15749 {
15750 	struct sk_buff *msg;
15751 	void *hdr;
15752 
15753 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15754 	if (!msg)
15755 		return;
15756 
15757 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
15758 	if (!hdr) {
15759 		nlmsg_free(msg);
15760 		return;
15761 	}
15762 
15763 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
15764 		goto nla_put_failure;
15765 
15766 	/* NOP and radar events don't need a netdev parameter */
15767 	if (netdev) {
15768 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
15769 
15770 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15771 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15772 				      NL80211_ATTR_PAD))
15773 			goto nla_put_failure;
15774 	}
15775 
15776 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
15777 		goto nla_put_failure;
15778 
15779 	if (nl80211_send_chandef(msg, chandef))
15780 		goto nla_put_failure;
15781 
15782 	genlmsg_end(msg, hdr);
15783 
15784 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15785 				NL80211_MCGRP_MLME, gfp);
15786 	return;
15787 
15788  nla_put_failure:
15789 	nlmsg_free(msg);
15790 }
15791 
15792 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
15793 				       struct sta_opmode_info *sta_opmode,
15794 				       gfp_t gfp)
15795 {
15796 	struct sk_buff *msg;
15797 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15798 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15799 	void *hdr;
15800 
15801 	if (WARN_ON(!mac))
15802 		return;
15803 
15804 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15805 	if (!msg)
15806 		return;
15807 
15808 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
15809 	if (!hdr) {
15810 		nlmsg_free(msg);
15811 		return;
15812 	}
15813 
15814 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
15815 		goto nla_put_failure;
15816 
15817 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15818 		goto nla_put_failure;
15819 
15820 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15821 		goto nla_put_failure;
15822 
15823 	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
15824 	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
15825 		goto nla_put_failure;
15826 
15827 	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
15828 	    nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
15829 		goto nla_put_failure;
15830 
15831 	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
15832 	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
15833 		goto nla_put_failure;
15834 
15835 	genlmsg_end(msg, hdr);
15836 
15837 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15838 				NL80211_MCGRP_MLME, gfp);
15839 
15840 	return;
15841 
15842 nla_put_failure:
15843 	nlmsg_free(msg);
15844 }
15845 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
15846 
15847 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
15848 			   u64 cookie, bool acked, s32 ack_signal,
15849 			   bool is_valid_ack_signal, gfp_t gfp)
15850 {
15851 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15852 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15853 	struct sk_buff *msg;
15854 	void *hdr;
15855 
15856 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
15857 
15858 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15859 
15860 	if (!msg)
15861 		return;
15862 
15863 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
15864 	if (!hdr) {
15865 		nlmsg_free(msg);
15866 		return;
15867 	}
15868 
15869 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15870 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15871 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15872 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15873 			      NL80211_ATTR_PAD) ||
15874 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
15875 	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
15876 						ack_signal)))
15877 		goto nla_put_failure;
15878 
15879 	genlmsg_end(msg, hdr);
15880 
15881 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15882 				NL80211_MCGRP_MLME, gfp);
15883 	return;
15884 
15885  nla_put_failure:
15886 	nlmsg_free(msg);
15887 }
15888 EXPORT_SYMBOL(cfg80211_probe_status);
15889 
15890 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
15891 				 const u8 *frame, size_t len,
15892 				 int freq, int sig_dbm)
15893 {
15894 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15895 	struct sk_buff *msg;
15896 	void *hdr;
15897 	struct cfg80211_beacon_registration *reg;
15898 
15899 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
15900 
15901 	spin_lock_bh(&rdev->beacon_registrations_lock);
15902 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
15903 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
15904 		if (!msg) {
15905 			spin_unlock_bh(&rdev->beacon_registrations_lock);
15906 			return;
15907 		}
15908 
15909 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15910 		if (!hdr)
15911 			goto nla_put_failure;
15912 
15913 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15914 		    (freq &&
15915 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
15916 		    (sig_dbm &&
15917 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15918 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
15919 			goto nla_put_failure;
15920 
15921 		genlmsg_end(msg, hdr);
15922 
15923 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
15924 	}
15925 	spin_unlock_bh(&rdev->beacon_registrations_lock);
15926 	return;
15927 
15928  nla_put_failure:
15929 	spin_unlock_bh(&rdev->beacon_registrations_lock);
15930 	nlmsg_free(msg);
15931 }
15932 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
15933 
15934 #ifdef CONFIG_PM
15935 static int cfg80211_net_detect_results(struct sk_buff *msg,
15936 				       struct cfg80211_wowlan_wakeup *wakeup)
15937 {
15938 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
15939 	struct nlattr *nl_results, *nl_match, *nl_freqs;
15940 	int i, j;
15941 
15942 	nl_results = nla_nest_start(
15943 		msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
15944 	if (!nl_results)
15945 		return -EMSGSIZE;
15946 
15947 	for (i = 0; i < nd->n_matches; i++) {
15948 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
15949 
15950 		nl_match = nla_nest_start(msg, i);
15951 		if (!nl_match)
15952 			break;
15953 
15954 		/* The SSID attribute is optional in nl80211, but for
15955 		 * simplicity reasons it's always present in the
15956 		 * cfg80211 structure.  If a driver can't pass the
15957 		 * SSID, that needs to be changed.  A zero length SSID
15958 		 * is still a valid SSID (wildcard), so it cannot be
15959 		 * used for this purpose.
15960 		 */
15961 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
15962 			    match->ssid.ssid)) {
15963 			nla_nest_cancel(msg, nl_match);
15964 			goto out;
15965 		}
15966 
15967 		if (match->n_channels) {
15968 			nl_freqs = nla_nest_start(
15969 				msg, NL80211_ATTR_SCAN_FREQUENCIES);
15970 			if (!nl_freqs) {
15971 				nla_nest_cancel(msg, nl_match);
15972 				goto out;
15973 			}
15974 
15975 			for (j = 0; j < match->n_channels; j++) {
15976 				if (nla_put_u32(msg, j, match->channels[j])) {
15977 					nla_nest_cancel(msg, nl_freqs);
15978 					nla_nest_cancel(msg, nl_match);
15979 					goto out;
15980 				}
15981 			}
15982 
15983 			nla_nest_end(msg, nl_freqs);
15984 		}
15985 
15986 		nla_nest_end(msg, nl_match);
15987 	}
15988 
15989 out:
15990 	nla_nest_end(msg, nl_results);
15991 	return 0;
15992 }
15993 
15994 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
15995 				   struct cfg80211_wowlan_wakeup *wakeup,
15996 				   gfp_t gfp)
15997 {
15998 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15999 	struct sk_buff *msg;
16000 	void *hdr;
16001 	int size = 200;
16002 
16003 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
16004 
16005 	if (wakeup)
16006 		size += wakeup->packet_present_len;
16007 
16008 	msg = nlmsg_new(size, gfp);
16009 	if (!msg)
16010 		return;
16011 
16012 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
16013 	if (!hdr)
16014 		goto free_msg;
16015 
16016 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16017 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16018 			      NL80211_ATTR_PAD))
16019 		goto free_msg;
16020 
16021 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16022 					wdev->netdev->ifindex))
16023 		goto free_msg;
16024 
16025 	if (wakeup) {
16026 		struct nlattr *reasons;
16027 
16028 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
16029 		if (!reasons)
16030 			goto free_msg;
16031 
16032 		if (wakeup->disconnect &&
16033 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
16034 			goto free_msg;
16035 		if (wakeup->magic_pkt &&
16036 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
16037 			goto free_msg;
16038 		if (wakeup->gtk_rekey_failure &&
16039 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
16040 			goto free_msg;
16041 		if (wakeup->eap_identity_req &&
16042 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
16043 			goto free_msg;
16044 		if (wakeup->four_way_handshake &&
16045 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
16046 			goto free_msg;
16047 		if (wakeup->rfkill_release &&
16048 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
16049 			goto free_msg;
16050 
16051 		if (wakeup->pattern_idx >= 0 &&
16052 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
16053 				wakeup->pattern_idx))
16054 			goto free_msg;
16055 
16056 		if (wakeup->tcp_match &&
16057 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
16058 			goto free_msg;
16059 
16060 		if (wakeup->tcp_connlost &&
16061 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
16062 			goto free_msg;
16063 
16064 		if (wakeup->tcp_nomoretokens &&
16065 		    nla_put_flag(msg,
16066 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
16067 			goto free_msg;
16068 
16069 		if (wakeup->packet) {
16070 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
16071 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
16072 
16073 			if (!wakeup->packet_80211) {
16074 				pkt_attr =
16075 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
16076 				len_attr =
16077 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
16078 			}
16079 
16080 			if (wakeup->packet_len &&
16081 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
16082 				goto free_msg;
16083 
16084 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
16085 				    wakeup->packet))
16086 				goto free_msg;
16087 		}
16088 
16089 		if (wakeup->net_detect &&
16090 		    cfg80211_net_detect_results(msg, wakeup))
16091 				goto free_msg;
16092 
16093 		nla_nest_end(msg, reasons);
16094 	}
16095 
16096 	genlmsg_end(msg, hdr);
16097 
16098 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16099 				NL80211_MCGRP_MLME, gfp);
16100 	return;
16101 
16102  free_msg:
16103 	nlmsg_free(msg);
16104 }
16105 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
16106 #endif
16107 
16108 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
16109 				enum nl80211_tdls_operation oper,
16110 				u16 reason_code, gfp_t gfp)
16111 {
16112 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16113 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16114 	struct sk_buff *msg;
16115 	void *hdr;
16116 
16117 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
16118 					 reason_code);
16119 
16120 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16121 	if (!msg)
16122 		return;
16123 
16124 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
16125 	if (!hdr) {
16126 		nlmsg_free(msg);
16127 		return;
16128 	}
16129 
16130 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16131 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16132 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
16133 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
16134 	    (reason_code > 0 &&
16135 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
16136 		goto nla_put_failure;
16137 
16138 	genlmsg_end(msg, hdr);
16139 
16140 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16141 				NL80211_MCGRP_MLME, gfp);
16142 	return;
16143 
16144  nla_put_failure:
16145 	nlmsg_free(msg);
16146 }
16147 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
16148 
16149 static int nl80211_netlink_notify(struct notifier_block * nb,
16150 				  unsigned long state,
16151 				  void *_notify)
16152 {
16153 	struct netlink_notify *notify = _notify;
16154 	struct cfg80211_registered_device *rdev;
16155 	struct wireless_dev *wdev;
16156 	struct cfg80211_beacon_registration *reg, *tmp;
16157 
16158 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
16159 		return NOTIFY_DONE;
16160 
16161 	rcu_read_lock();
16162 
16163 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
16164 		struct cfg80211_sched_scan_request *sched_scan_req;
16165 
16166 		list_for_each_entry_rcu(sched_scan_req,
16167 					&rdev->sched_scan_req_list,
16168 					list) {
16169 			if (sched_scan_req->owner_nlportid == notify->portid) {
16170 				sched_scan_req->nl_owner_dead = true;
16171 				schedule_work(&rdev->sched_scan_stop_wk);
16172 			}
16173 		}
16174 
16175 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
16176 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
16177 
16178 			if (wdev->owner_nlportid == notify->portid) {
16179 				wdev->nl_owner_dead = true;
16180 				schedule_work(&rdev->destroy_work);
16181 			} else if (wdev->conn_owner_nlportid == notify->portid) {
16182 				schedule_work(&wdev->disconnect_wk);
16183 			}
16184 
16185 			cfg80211_release_pmsr(wdev, notify->portid);
16186 		}
16187 
16188 		spin_lock_bh(&rdev->beacon_registrations_lock);
16189 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
16190 					 list) {
16191 			if (reg->nlportid == notify->portid) {
16192 				list_del(&reg->list);
16193 				kfree(reg);
16194 				break;
16195 			}
16196 		}
16197 		spin_unlock_bh(&rdev->beacon_registrations_lock);
16198 	}
16199 
16200 	rcu_read_unlock();
16201 
16202 	/*
16203 	 * It is possible that the user space process that is controlling the
16204 	 * indoor setting disappeared, so notify the regulatory core.
16205 	 */
16206 	regulatory_netlink_notify(notify->portid);
16207 	return NOTIFY_OK;
16208 }
16209 
16210 static struct notifier_block nl80211_netlink_notifier = {
16211 	.notifier_call = nl80211_netlink_notify,
16212 };
16213 
16214 void cfg80211_ft_event(struct net_device *netdev,
16215 		       struct cfg80211_ft_event_params *ft_event)
16216 {
16217 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16218 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16219 	struct sk_buff *msg;
16220 	void *hdr;
16221 
16222 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
16223 
16224 	if (!ft_event->target_ap)
16225 		return;
16226 
16227 	msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
16228 			GFP_KERNEL);
16229 	if (!msg)
16230 		return;
16231 
16232 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
16233 	if (!hdr)
16234 		goto out;
16235 
16236 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16237 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16238 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
16239 		goto out;
16240 
16241 	if (ft_event->ies &&
16242 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
16243 		goto out;
16244 	if (ft_event->ric_ies &&
16245 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
16246 		    ft_event->ric_ies))
16247 		goto out;
16248 
16249 	genlmsg_end(msg, hdr);
16250 
16251 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16252 				NL80211_MCGRP_MLME, GFP_KERNEL);
16253 	return;
16254  out:
16255 	nlmsg_free(msg);
16256 }
16257 EXPORT_SYMBOL(cfg80211_ft_event);
16258 
16259 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
16260 {
16261 	struct cfg80211_registered_device *rdev;
16262 	struct sk_buff *msg;
16263 	void *hdr;
16264 	u32 nlportid;
16265 
16266 	rdev = wiphy_to_rdev(wdev->wiphy);
16267 	if (!rdev->crit_proto_nlportid)
16268 		return;
16269 
16270 	nlportid = rdev->crit_proto_nlportid;
16271 	rdev->crit_proto_nlportid = 0;
16272 
16273 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16274 	if (!msg)
16275 		return;
16276 
16277 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
16278 	if (!hdr)
16279 		goto nla_put_failure;
16280 
16281 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16282 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16283 			      NL80211_ATTR_PAD))
16284 		goto nla_put_failure;
16285 
16286 	genlmsg_end(msg, hdr);
16287 
16288 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16289 	return;
16290 
16291  nla_put_failure:
16292 	nlmsg_free(msg);
16293 }
16294 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
16295 
16296 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
16297 {
16298 	struct wiphy *wiphy = wdev->wiphy;
16299 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16300 	struct sk_buff *msg;
16301 	void *hdr;
16302 
16303 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16304 	if (!msg)
16305 		return;
16306 
16307 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
16308 	if (!hdr)
16309 		goto out;
16310 
16311 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16312 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
16313 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16314 			      NL80211_ATTR_PAD))
16315 		goto out;
16316 
16317 	genlmsg_end(msg, hdr);
16318 
16319 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
16320 				NL80211_MCGRP_MLME, GFP_KERNEL);
16321 	return;
16322  out:
16323 	nlmsg_free(msg);
16324 }
16325 
16326 int cfg80211_external_auth_request(struct net_device *dev,
16327 				   struct cfg80211_external_auth_params *params,
16328 				   gfp_t gfp)
16329 {
16330 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16331 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16332 	struct sk_buff *msg;
16333 	void *hdr;
16334 
16335 	if (!wdev->conn_owner_nlportid)
16336 		return -EINVAL;
16337 
16338 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16339 	if (!msg)
16340 		return -ENOMEM;
16341 
16342 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
16343 	if (!hdr)
16344 		goto nla_put_failure;
16345 
16346 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16347 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16348 	    nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
16349 	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
16350 			params->action) ||
16351 	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
16352 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
16353 		    params->ssid.ssid))
16354 		goto nla_put_failure;
16355 
16356 	genlmsg_end(msg, hdr);
16357 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16358 			wdev->conn_owner_nlportid);
16359 	return 0;
16360 
16361  nla_put_failure:
16362 	nlmsg_free(msg);
16363 	return -ENOBUFS;
16364 }
16365 EXPORT_SYMBOL(cfg80211_external_auth_request);
16366 
16367 /* initialisation/exit functions */
16368 
16369 int __init nl80211_init(void)
16370 {
16371 	int err;
16372 
16373 	err = genl_register_family(&nl80211_fam);
16374 	if (err)
16375 		return err;
16376 
16377 	err = netlink_register_notifier(&nl80211_netlink_notifier);
16378 	if (err)
16379 		goto err_out;
16380 
16381 	return 0;
16382  err_out:
16383 	genl_unregister_family(&nl80211_fam);
16384 	return err;
16385 }
16386 
16387 void nl80211_exit(void)
16388 {
16389 	netlink_unregister_notifier(&nl80211_netlink_notifier);
16390 	genl_unregister_family(&nl80211_fam);
16391 }
16392