xref: /openbmc/linux/net/wireless/nl80211.c (revision d2168146) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include <net/inet_connection_sock.h>
23 #include "core.h"
24 #include "nl80211.h"
25 #include "reg.h"
26 #include "rdev-ops.h"
27 
28 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
29 				   struct genl_info *info,
30 				   struct cfg80211_crypto_settings *settings,
31 				   int cipher_limit);
32 
33 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
34 			    struct genl_info *info);
35 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
36 			      struct genl_info *info);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam = {
40 	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
41 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
42 	.hdrsize = 0,			/* no private header */
43 	.version = 1,			/* no particular meaning now */
44 	.maxattr = NL80211_ATTR_MAX,
45 	.netnsok = true,
46 	.pre_doit = nl80211_pre_doit,
47 	.post_doit = nl80211_post_doit,
48 };
49 
50 /* multicast groups */
51 enum nl80211_multicast_groups {
52 	NL80211_MCGRP_CONFIG,
53 	NL80211_MCGRP_SCAN,
54 	NL80211_MCGRP_REGULATORY,
55 	NL80211_MCGRP_MLME,
56 	NL80211_MCGRP_VENDOR,
57 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
58 };
59 
60 static const struct genl_multicast_group nl80211_mcgrps[] = {
61 	[NL80211_MCGRP_CONFIG] = { .name = "config", },
62 	[NL80211_MCGRP_SCAN] = { .name = "scan", },
63 	[NL80211_MCGRP_REGULATORY] = { .name = "regulatory", },
64 	[NL80211_MCGRP_MLME] = { .name = "mlme", },
65 	[NL80211_MCGRP_VENDOR] = { .name = "vendor", },
66 #ifdef CONFIG_NL80211_TESTMODE
67 	[NL80211_MCGRP_TESTMODE] = { .name = "testmode", }
68 #endif
69 };
70 
71 /* returns ERR_PTR values */
72 static struct wireless_dev *
73 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
74 {
75 	struct cfg80211_registered_device *rdev;
76 	struct wireless_dev *result = NULL;
77 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
78 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
79 	u64 wdev_id;
80 	int wiphy_idx = -1;
81 	int ifidx = -1;
82 
83 	ASSERT_RTNL();
84 
85 	if (!have_ifidx && !have_wdev_id)
86 		return ERR_PTR(-EINVAL);
87 
88 	if (have_ifidx)
89 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
90 	if (have_wdev_id) {
91 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
92 		wiphy_idx = wdev_id >> 32;
93 	}
94 
95 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
96 		struct wireless_dev *wdev;
97 
98 		if (wiphy_net(&rdev->wiphy) != netns)
99 			continue;
100 
101 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
102 			continue;
103 
104 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
105 			if (have_ifidx && wdev->netdev &&
106 			    wdev->netdev->ifindex == ifidx) {
107 				result = wdev;
108 				break;
109 			}
110 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
111 				result = wdev;
112 				break;
113 			}
114 		}
115 
116 		if (result)
117 			break;
118 	}
119 
120 	if (result)
121 		return result;
122 	return ERR_PTR(-ENODEV);
123 }
124 
125 static struct cfg80211_registered_device *
126 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
127 {
128 	struct cfg80211_registered_device *rdev = NULL, *tmp;
129 	struct net_device *netdev;
130 
131 	ASSERT_RTNL();
132 
133 	if (!attrs[NL80211_ATTR_WIPHY] &&
134 	    !attrs[NL80211_ATTR_IFINDEX] &&
135 	    !attrs[NL80211_ATTR_WDEV])
136 		return ERR_PTR(-EINVAL);
137 
138 	if (attrs[NL80211_ATTR_WIPHY])
139 		rdev = cfg80211_rdev_by_wiphy_idx(
140 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
141 
142 	if (attrs[NL80211_ATTR_WDEV]) {
143 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
144 		struct wireless_dev *wdev;
145 		bool found = false;
146 
147 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
148 		if (tmp) {
149 			/* make sure wdev exists */
150 			list_for_each_entry(wdev, &tmp->wdev_list, list) {
151 				if (wdev->identifier != (u32)wdev_id)
152 					continue;
153 				found = true;
154 				break;
155 			}
156 
157 			if (!found)
158 				tmp = NULL;
159 
160 			if (rdev && tmp != rdev)
161 				return ERR_PTR(-EINVAL);
162 			rdev = tmp;
163 		}
164 	}
165 
166 	if (attrs[NL80211_ATTR_IFINDEX]) {
167 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
168 		netdev = __dev_get_by_index(netns, ifindex);
169 		if (netdev) {
170 			if (netdev->ieee80211_ptr)
171 				tmp = wiphy_to_rdev(
172 					netdev->ieee80211_ptr->wiphy);
173 			else
174 				tmp = NULL;
175 
176 			/* not wireless device -- return error */
177 			if (!tmp)
178 				return ERR_PTR(-EINVAL);
179 
180 			/* mismatch -- return error */
181 			if (rdev && tmp != rdev)
182 				return ERR_PTR(-EINVAL);
183 
184 			rdev = tmp;
185 		}
186 	}
187 
188 	if (!rdev)
189 		return ERR_PTR(-ENODEV);
190 
191 	if (netns != wiphy_net(&rdev->wiphy))
192 		return ERR_PTR(-ENODEV);
193 
194 	return rdev;
195 }
196 
197 /*
198  * This function returns a pointer to the driver
199  * that the genl_info item that is passed refers to.
200  *
201  * The result of this can be a PTR_ERR and hence must
202  * be checked with IS_ERR() for errors.
203  */
204 static struct cfg80211_registered_device *
205 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
206 {
207 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
208 }
209 
210 /* policy for the attributes */
211 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
212 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
213 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
214 				      .len = 20-1 },
215 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
216 
217 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
218 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
219 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
220 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
221 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
222 
223 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
224 	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
225 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
226 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
227 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
228 
229 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
230 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
231 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
232 
233 	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
234 	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
235 
236 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
237 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
238 				    .len = WLAN_MAX_KEY_LEN },
239 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
240 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
241 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
242 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
243 	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
244 
245 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
246 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
247 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
248 				       .len = IEEE80211_MAX_DATA_LEN },
249 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
250 				       .len = IEEE80211_MAX_DATA_LEN },
251 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
252 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
253 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
254 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
255 					       .len = NL80211_MAX_SUPP_RATES },
256 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
257 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
258 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
259 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
260 				   .len = IEEE80211_MAX_MESH_ID_LEN },
261 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
262 
263 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
264 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
265 
266 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
267 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
268 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
269 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
270 					   .len = NL80211_MAX_SUPP_RATES },
271 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
272 
273 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
274 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
275 
276 	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
277 
278 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
279 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
280 			      .len = IEEE80211_MAX_DATA_LEN },
281 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
282 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
283 
284 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
285 				.len = IEEE80211_MAX_SSID_LEN },
286 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
287 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
288 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
289 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
290 	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
291 	[NL80211_ATTR_STA_FLAGS2] = {
292 		.len = sizeof(struct nl80211_sta_flag_update),
293 	},
294 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
295 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
296 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
297 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
298 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
299 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
300 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
301 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
302 	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
303 				 .len = WLAN_PMKID_LEN },
304 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
305 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
306 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
307 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
308 				 .len = IEEE80211_MAX_DATA_LEN },
309 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
310 	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
311 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
312 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
313 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
314 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
315 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
316 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
317 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
318 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
319 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
320 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
321 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
322 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
323 	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
324 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
325 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
326 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
327 	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
328 	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
329 					 .len = IEEE80211_MAX_DATA_LEN },
330 	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
331 					 .len = IEEE80211_MAX_DATA_LEN },
332 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
333 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
334 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
335 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
336 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
337 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
338 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
339 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
340 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
341 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
342 				      .len = IEEE80211_MAX_DATA_LEN },
343 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
344 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
345 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
346 		.len = NL80211_HT_CAPABILITY_LEN
347 	},
348 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
349 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
350 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
351 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
352 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
353 	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
354 	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
355 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
356 	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
357 	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
358 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
359 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
360 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
361 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
362 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
363 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
364 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
365 		.len = NL80211_VHT_CAPABILITY_LEN,
366 	},
367 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
368 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
369 				  .len = IEEE80211_MAX_DATA_LEN },
370 	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
371 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
372 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
373 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
374 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
375 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
376 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
377 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
378 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
379 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
380 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
381 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
382 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
383 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
384 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
385 	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
386 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
387 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
388 	[NL80211_ATTR_IFACE_SOCKET_OWNER] = { .type = NLA_FLAG },
389 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
390 };
391 
392 /* policy for the key attributes */
393 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
394 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
395 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
396 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
397 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
398 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
399 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
400 	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
401 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
402 };
403 
404 /* policy for the key default flags */
405 static const struct nla_policy
406 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
407 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
408 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
409 };
410 
411 /* policy for WoWLAN attributes */
412 static const struct nla_policy
413 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
414 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
415 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
416 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
417 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
418 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
419 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
420 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
421 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
422 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
423 };
424 
425 static const struct nla_policy
426 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
427 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
428 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
429 	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
430 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
431 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
432 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
433 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
434 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
435 	},
436 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
437 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
438 	},
439 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
440 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
441 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
442 };
443 
444 /* policy for coalesce rule attributes */
445 static const struct nla_policy
446 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
447 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
448 	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
449 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
450 };
451 
452 /* policy for GTK rekey offload attributes */
453 static const struct nla_policy
454 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
455 	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
456 	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
457 	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
458 };
459 
460 static const struct nla_policy
461 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
462 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
463 						 .len = IEEE80211_MAX_SSID_LEN },
464 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
465 };
466 
467 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
468 				     struct netlink_callback *cb,
469 				     struct cfg80211_registered_device **rdev,
470 				     struct wireless_dev **wdev)
471 {
472 	int err;
473 
474 	rtnl_lock();
475 
476 	if (!cb->args[0]) {
477 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
478 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
479 				  nl80211_policy);
480 		if (err)
481 			goto out_unlock;
482 
483 		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
484 						   nl80211_fam.attrbuf);
485 		if (IS_ERR(*wdev)) {
486 			err = PTR_ERR(*wdev);
487 			goto out_unlock;
488 		}
489 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
490 		/* 0 is the first index - add 1 to parse only once */
491 		cb->args[0] = (*rdev)->wiphy_idx + 1;
492 		cb->args[1] = (*wdev)->identifier;
493 	} else {
494 		/* subtract the 1 again here */
495 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
496 		struct wireless_dev *tmp;
497 
498 		if (!wiphy) {
499 			err = -ENODEV;
500 			goto out_unlock;
501 		}
502 		*rdev = wiphy_to_rdev(wiphy);
503 		*wdev = NULL;
504 
505 		list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
506 			if (tmp->identifier == cb->args[1]) {
507 				*wdev = tmp;
508 				break;
509 			}
510 		}
511 
512 		if (!*wdev) {
513 			err = -ENODEV;
514 			goto out_unlock;
515 		}
516 	}
517 
518 	return 0;
519  out_unlock:
520 	rtnl_unlock();
521 	return err;
522 }
523 
524 static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
525 {
526 	rtnl_unlock();
527 }
528 
529 /* IE validation */
530 static bool is_valid_ie_attr(const struct nlattr *attr)
531 {
532 	const u8 *pos;
533 	int len;
534 
535 	if (!attr)
536 		return true;
537 
538 	pos = nla_data(attr);
539 	len = nla_len(attr);
540 
541 	while (len) {
542 		u8 elemlen;
543 
544 		if (len < 2)
545 			return false;
546 		len -= 2;
547 
548 		elemlen = pos[1];
549 		if (elemlen > len)
550 			return false;
551 
552 		len -= elemlen;
553 		pos += 2 + elemlen;
554 	}
555 
556 	return true;
557 }
558 
559 /* message building helper */
560 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
561 				   int flags, u8 cmd)
562 {
563 	/* since there is no private header just add the generic one */
564 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
565 }
566 
567 static int nl80211_msg_put_channel(struct sk_buff *msg,
568 				   struct ieee80211_channel *chan,
569 				   bool large)
570 {
571 	/* Some channels must be completely excluded from the
572 	 * list to protect old user-space tools from breaking
573 	 */
574 	if (!large && chan->flags &
575 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
576 		return 0;
577 
578 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
579 			chan->center_freq))
580 		goto nla_put_failure;
581 
582 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
583 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
584 		goto nla_put_failure;
585 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
586 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
587 			goto nla_put_failure;
588 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
589 			goto nla_put_failure;
590 	}
591 	if (chan->flags & IEEE80211_CHAN_RADAR) {
592 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
593 			goto nla_put_failure;
594 		if (large) {
595 			u32 time;
596 
597 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
598 
599 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
600 					chan->dfs_state))
601 				goto nla_put_failure;
602 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
603 					time))
604 				goto nla_put_failure;
605 			if (nla_put_u32(msg,
606 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
607 					chan->dfs_cac_ms))
608 				goto nla_put_failure;
609 		}
610 	}
611 
612 	if (large) {
613 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
614 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
615 			goto nla_put_failure;
616 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
617 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
618 			goto nla_put_failure;
619 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
620 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
621 			goto nla_put_failure;
622 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
623 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
624 			goto nla_put_failure;
625 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
626 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
627 			goto nla_put_failure;
628 		if ((chan->flags & IEEE80211_CHAN_GO_CONCURRENT) &&
629 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_GO_CONCURRENT))
630 			goto nla_put_failure;
631 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
632 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
633 			goto nla_put_failure;
634 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
635 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
636 			goto nla_put_failure;
637 	}
638 
639 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
640 			DBM_TO_MBM(chan->max_power)))
641 		goto nla_put_failure;
642 
643 	return 0;
644 
645  nla_put_failure:
646 	return -ENOBUFS;
647 }
648 
649 /* netlink command implementations */
650 
651 struct key_parse {
652 	struct key_params p;
653 	int idx;
654 	int type;
655 	bool def, defmgmt;
656 	bool def_uni, def_multi;
657 };
658 
659 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
660 {
661 	struct nlattr *tb[NL80211_KEY_MAX + 1];
662 	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
663 				   nl80211_key_policy);
664 	if (err)
665 		return err;
666 
667 	k->def = !!tb[NL80211_KEY_DEFAULT];
668 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
669 
670 	if (k->def) {
671 		k->def_uni = true;
672 		k->def_multi = true;
673 	}
674 	if (k->defmgmt)
675 		k->def_multi = true;
676 
677 	if (tb[NL80211_KEY_IDX])
678 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
679 
680 	if (tb[NL80211_KEY_DATA]) {
681 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
682 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
683 	}
684 
685 	if (tb[NL80211_KEY_SEQ]) {
686 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
687 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
688 	}
689 
690 	if (tb[NL80211_KEY_CIPHER])
691 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
692 
693 	if (tb[NL80211_KEY_TYPE]) {
694 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
695 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
696 			return -EINVAL;
697 	}
698 
699 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
700 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
701 		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
702 				       tb[NL80211_KEY_DEFAULT_TYPES],
703 				       nl80211_key_default_policy);
704 		if (err)
705 			return err;
706 
707 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
708 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
709 	}
710 
711 	return 0;
712 }
713 
714 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
715 {
716 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
717 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
718 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
719 	}
720 
721 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
722 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
723 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
724 	}
725 
726 	if (info->attrs[NL80211_ATTR_KEY_IDX])
727 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
728 
729 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
730 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
731 
732 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
733 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
734 
735 	if (k->def) {
736 		k->def_uni = true;
737 		k->def_multi = true;
738 	}
739 	if (k->defmgmt)
740 		k->def_multi = true;
741 
742 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
743 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
744 		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
745 			return -EINVAL;
746 	}
747 
748 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
749 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
750 		int err = nla_parse_nested(
751 				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
752 				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
753 				nl80211_key_default_policy);
754 		if (err)
755 			return err;
756 
757 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
758 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
759 	}
760 
761 	return 0;
762 }
763 
764 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
765 {
766 	int err;
767 
768 	memset(k, 0, sizeof(*k));
769 	k->idx = -1;
770 	k->type = -1;
771 
772 	if (info->attrs[NL80211_ATTR_KEY])
773 		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
774 	else
775 		err = nl80211_parse_key_old(info, k);
776 
777 	if (err)
778 		return err;
779 
780 	if (k->def && k->defmgmt)
781 		return -EINVAL;
782 
783 	if (k->defmgmt) {
784 		if (k->def_uni || !k->def_multi)
785 			return -EINVAL;
786 	}
787 
788 	if (k->idx != -1) {
789 		if (k->defmgmt) {
790 			if (k->idx < 4 || k->idx > 5)
791 				return -EINVAL;
792 		} else if (k->def) {
793 			if (k->idx < 0 || k->idx > 3)
794 				return -EINVAL;
795 		} else {
796 			if (k->idx < 0 || k->idx > 5)
797 				return -EINVAL;
798 		}
799 	}
800 
801 	return 0;
802 }
803 
804 static struct cfg80211_cached_keys *
805 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
806 		       struct nlattr *keys, bool *no_ht)
807 {
808 	struct key_parse parse;
809 	struct nlattr *key;
810 	struct cfg80211_cached_keys *result;
811 	int rem, err, def = 0;
812 
813 	result = kzalloc(sizeof(*result), GFP_KERNEL);
814 	if (!result)
815 		return ERR_PTR(-ENOMEM);
816 
817 	result->def = -1;
818 	result->defmgmt = -1;
819 
820 	nla_for_each_nested(key, keys, rem) {
821 		memset(&parse, 0, sizeof(parse));
822 		parse.idx = -1;
823 
824 		err = nl80211_parse_key_new(key, &parse);
825 		if (err)
826 			goto error;
827 		err = -EINVAL;
828 		if (!parse.p.key)
829 			goto error;
830 		if (parse.idx < 0 || parse.idx > 4)
831 			goto error;
832 		if (parse.def) {
833 			if (def)
834 				goto error;
835 			def = 1;
836 			result->def = parse.idx;
837 			if (!parse.def_uni || !parse.def_multi)
838 				goto error;
839 		} else if (parse.defmgmt)
840 			goto error;
841 		err = cfg80211_validate_key_settings(rdev, &parse.p,
842 						     parse.idx, false, NULL);
843 		if (err)
844 			goto error;
845 		result->params[parse.idx].cipher = parse.p.cipher;
846 		result->params[parse.idx].key_len = parse.p.key_len;
847 		result->params[parse.idx].key = result->data[parse.idx];
848 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
849 
850 		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
851 		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
852 			if (no_ht)
853 				*no_ht = true;
854 		}
855 	}
856 
857 	return result;
858  error:
859 	kfree(result);
860 	return ERR_PTR(err);
861 }
862 
863 static int nl80211_key_allowed(struct wireless_dev *wdev)
864 {
865 	ASSERT_WDEV_LOCK(wdev);
866 
867 	switch (wdev->iftype) {
868 	case NL80211_IFTYPE_AP:
869 	case NL80211_IFTYPE_AP_VLAN:
870 	case NL80211_IFTYPE_P2P_GO:
871 	case NL80211_IFTYPE_MESH_POINT:
872 		break;
873 	case NL80211_IFTYPE_ADHOC:
874 	case NL80211_IFTYPE_STATION:
875 	case NL80211_IFTYPE_P2P_CLIENT:
876 		if (!wdev->current_bss)
877 			return -ENOLINK;
878 		break;
879 	default:
880 		return -EINVAL;
881 	}
882 
883 	return 0;
884 }
885 
886 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
887 							struct nlattr *tb)
888 {
889 	struct ieee80211_channel *chan;
890 
891 	if (tb == NULL)
892 		return NULL;
893 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
894 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
895 		return NULL;
896 	return chan;
897 }
898 
899 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
900 {
901 	struct nlattr *nl_modes = nla_nest_start(msg, attr);
902 	int i;
903 
904 	if (!nl_modes)
905 		goto nla_put_failure;
906 
907 	i = 0;
908 	while (ifmodes) {
909 		if ((ifmodes & 1) && nla_put_flag(msg, i))
910 			goto nla_put_failure;
911 		ifmodes >>= 1;
912 		i++;
913 	}
914 
915 	nla_nest_end(msg, nl_modes);
916 	return 0;
917 
918 nla_put_failure:
919 	return -ENOBUFS;
920 }
921 
922 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
923 					  struct sk_buff *msg,
924 					  bool large)
925 {
926 	struct nlattr *nl_combis;
927 	int i, j;
928 
929 	nl_combis = nla_nest_start(msg,
930 				NL80211_ATTR_INTERFACE_COMBINATIONS);
931 	if (!nl_combis)
932 		goto nla_put_failure;
933 
934 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
935 		const struct ieee80211_iface_combination *c;
936 		struct nlattr *nl_combi, *nl_limits;
937 
938 		c = &wiphy->iface_combinations[i];
939 
940 		nl_combi = nla_nest_start(msg, i + 1);
941 		if (!nl_combi)
942 			goto nla_put_failure;
943 
944 		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
945 		if (!nl_limits)
946 			goto nla_put_failure;
947 
948 		for (j = 0; j < c->n_limits; j++) {
949 			struct nlattr *nl_limit;
950 
951 			nl_limit = nla_nest_start(msg, j + 1);
952 			if (!nl_limit)
953 				goto nla_put_failure;
954 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
955 					c->limits[j].max))
956 				goto nla_put_failure;
957 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
958 						c->limits[j].types))
959 				goto nla_put_failure;
960 			nla_nest_end(msg, nl_limit);
961 		}
962 
963 		nla_nest_end(msg, nl_limits);
964 
965 		if (c->beacon_int_infra_match &&
966 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
967 			goto nla_put_failure;
968 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
969 				c->num_different_channels) ||
970 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
971 				c->max_interfaces))
972 			goto nla_put_failure;
973 		if (large &&
974 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
975 				c->radar_detect_widths) ||
976 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
977 				c->radar_detect_regions)))
978 			goto nla_put_failure;
979 
980 		nla_nest_end(msg, nl_combi);
981 	}
982 
983 	nla_nest_end(msg, nl_combis);
984 
985 	return 0;
986 nla_put_failure:
987 	return -ENOBUFS;
988 }
989 
990 #ifdef CONFIG_PM
991 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
992 					struct sk_buff *msg)
993 {
994 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
995 	struct nlattr *nl_tcp;
996 
997 	if (!tcp)
998 		return 0;
999 
1000 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1001 	if (!nl_tcp)
1002 		return -ENOBUFS;
1003 
1004 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1005 			tcp->data_payload_max))
1006 		return -ENOBUFS;
1007 
1008 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1009 			tcp->data_payload_max))
1010 		return -ENOBUFS;
1011 
1012 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1013 		return -ENOBUFS;
1014 
1015 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1016 				sizeof(*tcp->tok), tcp->tok))
1017 		return -ENOBUFS;
1018 
1019 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1020 			tcp->data_interval_max))
1021 		return -ENOBUFS;
1022 
1023 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1024 			tcp->wake_payload_max))
1025 		return -ENOBUFS;
1026 
1027 	nla_nest_end(msg, nl_tcp);
1028 	return 0;
1029 }
1030 
1031 static int nl80211_send_wowlan(struct sk_buff *msg,
1032 			       struct cfg80211_registered_device *rdev,
1033 			       bool large)
1034 {
1035 	struct nlattr *nl_wowlan;
1036 
1037 	if (!rdev->wiphy.wowlan)
1038 		return 0;
1039 
1040 	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1041 	if (!nl_wowlan)
1042 		return -ENOBUFS;
1043 
1044 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1045 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1046 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1047 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1048 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1049 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1050 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1051 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1052 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1053 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1054 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1055 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1056 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1057 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1058 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1059 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1060 		return -ENOBUFS;
1061 
1062 	if (rdev->wiphy.wowlan->n_patterns) {
1063 		struct nl80211_pattern_support pat = {
1064 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1065 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1066 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1067 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1068 		};
1069 
1070 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1071 			    sizeof(pat), &pat))
1072 			return -ENOBUFS;
1073 	}
1074 
1075 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1076 		return -ENOBUFS;
1077 
1078 	nla_nest_end(msg, nl_wowlan);
1079 
1080 	return 0;
1081 }
1082 #endif
1083 
1084 static int nl80211_send_coalesce(struct sk_buff *msg,
1085 				 struct cfg80211_registered_device *rdev)
1086 {
1087 	struct nl80211_coalesce_rule_support rule;
1088 
1089 	if (!rdev->wiphy.coalesce)
1090 		return 0;
1091 
1092 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1093 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1094 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1095 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1096 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1097 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1098 
1099 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1100 		return -ENOBUFS;
1101 
1102 	return 0;
1103 }
1104 
1105 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1106 				      struct ieee80211_supported_band *sband)
1107 {
1108 	struct nlattr *nl_rates, *nl_rate;
1109 	struct ieee80211_rate *rate;
1110 	int i;
1111 
1112 	/* add HT info */
1113 	if (sband->ht_cap.ht_supported &&
1114 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1115 		     sizeof(sband->ht_cap.mcs),
1116 		     &sband->ht_cap.mcs) ||
1117 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1118 			 sband->ht_cap.cap) ||
1119 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1120 			sband->ht_cap.ampdu_factor) ||
1121 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1122 			sband->ht_cap.ampdu_density)))
1123 		return -ENOBUFS;
1124 
1125 	/* add VHT info */
1126 	if (sband->vht_cap.vht_supported &&
1127 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1128 		     sizeof(sband->vht_cap.vht_mcs),
1129 		     &sband->vht_cap.vht_mcs) ||
1130 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1131 			 sband->vht_cap.cap)))
1132 		return -ENOBUFS;
1133 
1134 	/* add bitrates */
1135 	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1136 	if (!nl_rates)
1137 		return -ENOBUFS;
1138 
1139 	for (i = 0; i < sband->n_bitrates; i++) {
1140 		nl_rate = nla_nest_start(msg, i);
1141 		if (!nl_rate)
1142 			return -ENOBUFS;
1143 
1144 		rate = &sband->bitrates[i];
1145 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1146 				rate->bitrate))
1147 			return -ENOBUFS;
1148 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1149 		    nla_put_flag(msg,
1150 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1151 			return -ENOBUFS;
1152 
1153 		nla_nest_end(msg, nl_rate);
1154 	}
1155 
1156 	nla_nest_end(msg, nl_rates);
1157 
1158 	return 0;
1159 }
1160 
1161 static int
1162 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1163 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1164 {
1165 	u16 stypes;
1166 	struct nlattr *nl_ftypes, *nl_ifs;
1167 	enum nl80211_iftype ift;
1168 	int i;
1169 
1170 	if (!mgmt_stypes)
1171 		return 0;
1172 
1173 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1174 	if (!nl_ifs)
1175 		return -ENOBUFS;
1176 
1177 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1178 		nl_ftypes = nla_nest_start(msg, ift);
1179 		if (!nl_ftypes)
1180 			return -ENOBUFS;
1181 		i = 0;
1182 		stypes = mgmt_stypes[ift].tx;
1183 		while (stypes) {
1184 			if ((stypes & 1) &&
1185 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1186 					(i << 4) | IEEE80211_FTYPE_MGMT))
1187 				return -ENOBUFS;
1188 			stypes >>= 1;
1189 			i++;
1190 		}
1191 		nla_nest_end(msg, nl_ftypes);
1192 	}
1193 
1194 	nla_nest_end(msg, nl_ifs);
1195 
1196 	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1197 	if (!nl_ifs)
1198 		return -ENOBUFS;
1199 
1200 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1201 		nl_ftypes = nla_nest_start(msg, ift);
1202 		if (!nl_ftypes)
1203 			return -ENOBUFS;
1204 		i = 0;
1205 		stypes = mgmt_stypes[ift].rx;
1206 		while (stypes) {
1207 			if ((stypes & 1) &&
1208 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1209 					(i << 4) | IEEE80211_FTYPE_MGMT))
1210 				return -ENOBUFS;
1211 			stypes >>= 1;
1212 			i++;
1213 		}
1214 		nla_nest_end(msg, nl_ftypes);
1215 	}
1216 	nla_nest_end(msg, nl_ifs);
1217 
1218 	return 0;
1219 }
1220 
1221 struct nl80211_dump_wiphy_state {
1222 	s64 filter_wiphy;
1223 	long start;
1224 	long split_start, band_start, chan_start;
1225 	bool split;
1226 };
1227 
1228 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1229 			      enum nl80211_commands cmd,
1230 			      struct sk_buff *msg, u32 portid, u32 seq,
1231 			      int flags, struct nl80211_dump_wiphy_state *state)
1232 {
1233 	void *hdr;
1234 	struct nlattr *nl_bands, *nl_band;
1235 	struct nlattr *nl_freqs, *nl_freq;
1236 	struct nlattr *nl_cmds;
1237 	enum ieee80211_band band;
1238 	struct ieee80211_channel *chan;
1239 	int i;
1240 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1241 				rdev->wiphy.mgmt_stypes;
1242 	u32 features;
1243 
1244 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1245 	if (!hdr)
1246 		return -ENOBUFS;
1247 
1248 	if (WARN_ON(!state))
1249 		return -EINVAL;
1250 
1251 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1252 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1253 			   wiphy_name(&rdev->wiphy)) ||
1254 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1255 			cfg80211_rdev_list_generation))
1256 		goto nla_put_failure;
1257 
1258 	if (cmd != NL80211_CMD_NEW_WIPHY)
1259 		goto finish;
1260 
1261 	switch (state->split_start) {
1262 	case 0:
1263 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1264 			       rdev->wiphy.retry_short) ||
1265 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1266 			       rdev->wiphy.retry_long) ||
1267 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1268 				rdev->wiphy.frag_threshold) ||
1269 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1270 				rdev->wiphy.rts_threshold) ||
1271 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1272 			       rdev->wiphy.coverage_class) ||
1273 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1274 			       rdev->wiphy.max_scan_ssids) ||
1275 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1276 			       rdev->wiphy.max_sched_scan_ssids) ||
1277 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1278 				rdev->wiphy.max_scan_ie_len) ||
1279 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1280 				rdev->wiphy.max_sched_scan_ie_len) ||
1281 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1282 			       rdev->wiphy.max_match_sets))
1283 			goto nla_put_failure;
1284 
1285 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1286 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1287 			goto nla_put_failure;
1288 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1289 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1290 			goto nla_put_failure;
1291 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1292 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1293 			goto nla_put_failure;
1294 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1295 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1296 			goto nla_put_failure;
1297 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1298 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1299 			goto nla_put_failure;
1300 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1301 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1302 			goto nla_put_failure;
1303 		state->split_start++;
1304 		if (state->split)
1305 			break;
1306 	case 1:
1307 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1308 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1309 			    rdev->wiphy.cipher_suites))
1310 			goto nla_put_failure;
1311 
1312 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1313 			       rdev->wiphy.max_num_pmkids))
1314 			goto nla_put_failure;
1315 
1316 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1317 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1318 			goto nla_put_failure;
1319 
1320 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1321 				rdev->wiphy.available_antennas_tx) ||
1322 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1323 				rdev->wiphy.available_antennas_rx))
1324 			goto nla_put_failure;
1325 
1326 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1327 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1328 				rdev->wiphy.probe_resp_offload))
1329 			goto nla_put_failure;
1330 
1331 		if ((rdev->wiphy.available_antennas_tx ||
1332 		     rdev->wiphy.available_antennas_rx) &&
1333 		    rdev->ops->get_antenna) {
1334 			u32 tx_ant = 0, rx_ant = 0;
1335 			int res;
1336 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1337 			if (!res) {
1338 				if (nla_put_u32(msg,
1339 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1340 						tx_ant) ||
1341 				    nla_put_u32(msg,
1342 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1343 						rx_ant))
1344 					goto nla_put_failure;
1345 			}
1346 		}
1347 
1348 		state->split_start++;
1349 		if (state->split)
1350 			break;
1351 	case 2:
1352 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1353 					rdev->wiphy.interface_modes))
1354 				goto nla_put_failure;
1355 		state->split_start++;
1356 		if (state->split)
1357 			break;
1358 	case 3:
1359 		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1360 		if (!nl_bands)
1361 			goto nla_put_failure;
1362 
1363 		for (band = state->band_start;
1364 		     band < IEEE80211_NUM_BANDS; band++) {
1365 			struct ieee80211_supported_band *sband;
1366 
1367 			sband = rdev->wiphy.bands[band];
1368 
1369 			if (!sband)
1370 				continue;
1371 
1372 			nl_band = nla_nest_start(msg, band);
1373 			if (!nl_band)
1374 				goto nla_put_failure;
1375 
1376 			switch (state->chan_start) {
1377 			case 0:
1378 				if (nl80211_send_band_rateinfo(msg, sband))
1379 					goto nla_put_failure;
1380 				state->chan_start++;
1381 				if (state->split)
1382 					break;
1383 			default:
1384 				/* add frequencies */
1385 				nl_freqs = nla_nest_start(
1386 					msg, NL80211_BAND_ATTR_FREQS);
1387 				if (!nl_freqs)
1388 					goto nla_put_failure;
1389 
1390 				for (i = state->chan_start - 1;
1391 				     i < sband->n_channels;
1392 				     i++) {
1393 					nl_freq = nla_nest_start(msg, i);
1394 					if (!nl_freq)
1395 						goto nla_put_failure;
1396 
1397 					chan = &sband->channels[i];
1398 
1399 					if (nl80211_msg_put_channel(
1400 							msg, chan,
1401 							state->split))
1402 						goto nla_put_failure;
1403 
1404 					nla_nest_end(msg, nl_freq);
1405 					if (state->split)
1406 						break;
1407 				}
1408 				if (i < sband->n_channels)
1409 					state->chan_start = i + 2;
1410 				else
1411 					state->chan_start = 0;
1412 				nla_nest_end(msg, nl_freqs);
1413 			}
1414 
1415 			nla_nest_end(msg, nl_band);
1416 
1417 			if (state->split) {
1418 				/* start again here */
1419 				if (state->chan_start)
1420 					band--;
1421 				break;
1422 			}
1423 		}
1424 		nla_nest_end(msg, nl_bands);
1425 
1426 		if (band < IEEE80211_NUM_BANDS)
1427 			state->band_start = band + 1;
1428 		else
1429 			state->band_start = 0;
1430 
1431 		/* if bands & channels are done, continue outside */
1432 		if (state->band_start == 0 && state->chan_start == 0)
1433 			state->split_start++;
1434 		if (state->split)
1435 			break;
1436 	case 4:
1437 		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1438 		if (!nl_cmds)
1439 			goto nla_put_failure;
1440 
1441 		i = 0;
1442 #define CMD(op, n)							\
1443 		 do {							\
1444 			if (rdev->ops->op) {				\
1445 				i++;					\
1446 				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1447 					goto nla_put_failure;		\
1448 			}						\
1449 		} while (0)
1450 
1451 		CMD(add_virtual_intf, NEW_INTERFACE);
1452 		CMD(change_virtual_intf, SET_INTERFACE);
1453 		CMD(add_key, NEW_KEY);
1454 		CMD(start_ap, START_AP);
1455 		CMD(add_station, NEW_STATION);
1456 		CMD(add_mpath, NEW_MPATH);
1457 		CMD(update_mesh_config, SET_MESH_CONFIG);
1458 		CMD(change_bss, SET_BSS);
1459 		CMD(auth, AUTHENTICATE);
1460 		CMD(assoc, ASSOCIATE);
1461 		CMD(deauth, DEAUTHENTICATE);
1462 		CMD(disassoc, DISASSOCIATE);
1463 		CMD(join_ibss, JOIN_IBSS);
1464 		CMD(join_mesh, JOIN_MESH);
1465 		CMD(set_pmksa, SET_PMKSA);
1466 		CMD(del_pmksa, DEL_PMKSA);
1467 		CMD(flush_pmksa, FLUSH_PMKSA);
1468 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1469 			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1470 		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1471 		CMD(mgmt_tx, FRAME);
1472 		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1473 		if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1474 			i++;
1475 			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1476 				goto nla_put_failure;
1477 		}
1478 		if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1479 		    rdev->ops->join_mesh) {
1480 			i++;
1481 			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1482 				goto nla_put_failure;
1483 		}
1484 		CMD(set_wds_peer, SET_WDS_PEER);
1485 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1486 			CMD(tdls_mgmt, TDLS_MGMT);
1487 			CMD(tdls_oper, TDLS_OPER);
1488 		}
1489 		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1490 			CMD(sched_scan_start, START_SCHED_SCAN);
1491 		CMD(probe_client, PROBE_CLIENT);
1492 		CMD(set_noack_map, SET_NOACK_MAP);
1493 		if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1494 			i++;
1495 			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1496 				goto nla_put_failure;
1497 		}
1498 		CMD(start_p2p_device, START_P2P_DEVICE);
1499 		CMD(set_mcast_rate, SET_MCAST_RATE);
1500 #ifdef CONFIG_NL80211_TESTMODE
1501 		CMD(testmode_cmd, TESTMODE);
1502 #endif
1503 		if (state->split) {
1504 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1505 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1506 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1507 				CMD(channel_switch, CHANNEL_SWITCH);
1508 			CMD(set_qos_map, SET_QOS_MAP);
1509 		}
1510 		/* add into the if now */
1511 #undef CMD
1512 
1513 		if (rdev->ops->connect || rdev->ops->auth) {
1514 			i++;
1515 			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1516 				goto nla_put_failure;
1517 		}
1518 
1519 		if (rdev->ops->disconnect || rdev->ops->deauth) {
1520 			i++;
1521 			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1522 				goto nla_put_failure;
1523 		}
1524 
1525 		nla_nest_end(msg, nl_cmds);
1526 		state->split_start++;
1527 		if (state->split)
1528 			break;
1529 	case 5:
1530 		if (rdev->ops->remain_on_channel &&
1531 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1532 		    nla_put_u32(msg,
1533 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1534 				rdev->wiphy.max_remain_on_channel_duration))
1535 			goto nla_put_failure;
1536 
1537 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1538 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1539 			goto nla_put_failure;
1540 
1541 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1542 			goto nla_put_failure;
1543 		state->split_start++;
1544 		if (state->split)
1545 			break;
1546 	case 6:
1547 #ifdef CONFIG_PM
1548 		if (nl80211_send_wowlan(msg, rdev, state->split))
1549 			goto nla_put_failure;
1550 		state->split_start++;
1551 		if (state->split)
1552 			break;
1553 #else
1554 		state->split_start++;
1555 #endif
1556 	case 7:
1557 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1558 					rdev->wiphy.software_iftypes))
1559 			goto nla_put_failure;
1560 
1561 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1562 						   state->split))
1563 			goto nla_put_failure;
1564 
1565 		state->split_start++;
1566 		if (state->split)
1567 			break;
1568 	case 8:
1569 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1570 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1571 				rdev->wiphy.ap_sme_capa))
1572 			goto nla_put_failure;
1573 
1574 		features = rdev->wiphy.features;
1575 		/*
1576 		 * We can only add the per-channel limit information if the
1577 		 * dump is split, otherwise it makes it too big. Therefore
1578 		 * only advertise it in that case.
1579 		 */
1580 		if (state->split)
1581 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1582 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1583 			goto nla_put_failure;
1584 
1585 		if (rdev->wiphy.ht_capa_mod_mask &&
1586 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1587 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
1588 			    rdev->wiphy.ht_capa_mod_mask))
1589 			goto nla_put_failure;
1590 
1591 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1592 		    rdev->wiphy.max_acl_mac_addrs &&
1593 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1594 				rdev->wiphy.max_acl_mac_addrs))
1595 			goto nla_put_failure;
1596 
1597 		/*
1598 		 * Any information below this point is only available to
1599 		 * applications that can deal with it being split. This
1600 		 * helps ensure that newly added capabilities don't break
1601 		 * older tools by overrunning their buffers.
1602 		 *
1603 		 * We still increment split_start so that in the split
1604 		 * case we'll continue with more data in the next round,
1605 		 * but break unconditionally so unsplit data stops here.
1606 		 */
1607 		state->split_start++;
1608 		break;
1609 	case 9:
1610 		if (rdev->wiphy.extended_capabilities &&
1611 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1612 			     rdev->wiphy.extended_capabilities_len,
1613 			     rdev->wiphy.extended_capabilities) ||
1614 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1615 			     rdev->wiphy.extended_capabilities_len,
1616 			     rdev->wiphy.extended_capabilities_mask)))
1617 			goto nla_put_failure;
1618 
1619 		if (rdev->wiphy.vht_capa_mod_mask &&
1620 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1621 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
1622 			    rdev->wiphy.vht_capa_mod_mask))
1623 			goto nla_put_failure;
1624 
1625 		state->split_start++;
1626 		break;
1627 	case 10:
1628 		if (nl80211_send_coalesce(msg, rdev))
1629 			goto nla_put_failure;
1630 
1631 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1632 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1633 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1634 			goto nla_put_failure;
1635 
1636 		if (rdev->wiphy.max_ap_assoc_sta &&
1637 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1638 				rdev->wiphy.max_ap_assoc_sta))
1639 			goto nla_put_failure;
1640 
1641 		state->split_start++;
1642 		break;
1643 	case 11:
1644 		if (rdev->wiphy.n_vendor_commands) {
1645 			const struct nl80211_vendor_cmd_info *info;
1646 			struct nlattr *nested;
1647 
1648 			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1649 			if (!nested)
1650 				goto nla_put_failure;
1651 
1652 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1653 				info = &rdev->wiphy.vendor_commands[i].info;
1654 				if (nla_put(msg, i + 1, sizeof(*info), info))
1655 					goto nla_put_failure;
1656 			}
1657 			nla_nest_end(msg, nested);
1658 		}
1659 
1660 		if (rdev->wiphy.n_vendor_events) {
1661 			const struct nl80211_vendor_cmd_info *info;
1662 			struct nlattr *nested;
1663 
1664 			nested = nla_nest_start(msg,
1665 						NL80211_ATTR_VENDOR_EVENTS);
1666 			if (!nested)
1667 				goto nla_put_failure;
1668 
1669 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1670 				info = &rdev->wiphy.vendor_events[i];
1671 				if (nla_put(msg, i + 1, sizeof(*info), info))
1672 					goto nla_put_failure;
1673 			}
1674 			nla_nest_end(msg, nested);
1675 		}
1676 		state->split_start++;
1677 		break;
1678 	case 12:
1679 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1680 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1681 			       rdev->wiphy.max_num_csa_counters))
1682 			goto nla_put_failure;
1683 
1684 		/* done */
1685 		state->split_start = 0;
1686 		break;
1687 	}
1688  finish:
1689 	return genlmsg_end(msg, hdr);
1690 
1691  nla_put_failure:
1692 	genlmsg_cancel(msg, hdr);
1693 	return -EMSGSIZE;
1694 }
1695 
1696 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1697 				    struct netlink_callback *cb,
1698 				    struct nl80211_dump_wiphy_state *state)
1699 {
1700 	struct nlattr **tb = nl80211_fam.attrbuf;
1701 	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1702 			      tb, nl80211_fam.maxattr, nl80211_policy);
1703 	/* ignore parse errors for backward compatibility */
1704 	if (ret)
1705 		return 0;
1706 
1707 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1708 	if (tb[NL80211_ATTR_WIPHY])
1709 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1710 	if (tb[NL80211_ATTR_WDEV])
1711 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1712 	if (tb[NL80211_ATTR_IFINDEX]) {
1713 		struct net_device *netdev;
1714 		struct cfg80211_registered_device *rdev;
1715 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1716 
1717 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1718 		if (!netdev)
1719 			return -ENODEV;
1720 		if (netdev->ieee80211_ptr) {
1721 			rdev = wiphy_to_rdev(
1722 				netdev->ieee80211_ptr->wiphy);
1723 			state->filter_wiphy = rdev->wiphy_idx;
1724 		}
1725 	}
1726 
1727 	return 0;
1728 }
1729 
1730 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1731 {
1732 	int idx = 0, ret;
1733 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1734 	struct cfg80211_registered_device *rdev;
1735 
1736 	rtnl_lock();
1737 	if (!state) {
1738 		state = kzalloc(sizeof(*state), GFP_KERNEL);
1739 		if (!state) {
1740 			rtnl_unlock();
1741 			return -ENOMEM;
1742 		}
1743 		state->filter_wiphy = -1;
1744 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1745 		if (ret) {
1746 			kfree(state);
1747 			rtnl_unlock();
1748 			return ret;
1749 		}
1750 		cb->args[0] = (long)state;
1751 	}
1752 
1753 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1754 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1755 			continue;
1756 		if (++idx <= state->start)
1757 			continue;
1758 		if (state->filter_wiphy != -1 &&
1759 		    state->filter_wiphy != rdev->wiphy_idx)
1760 			continue;
1761 		/* attempt to fit multiple wiphy data chunks into the skb */
1762 		do {
1763 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1764 						 skb,
1765 						 NETLINK_CB(cb->skb).portid,
1766 						 cb->nlh->nlmsg_seq,
1767 						 NLM_F_MULTI, state);
1768 			if (ret < 0) {
1769 				/*
1770 				 * If sending the wiphy data didn't fit (ENOBUFS
1771 				 * or EMSGSIZE returned), this SKB is still
1772 				 * empty (so it's not too big because another
1773 				 * wiphy dataset is already in the skb) and
1774 				 * we've not tried to adjust the dump allocation
1775 				 * yet ... then adjust the alloc size to be
1776 				 * bigger, and return 1 but with the empty skb.
1777 				 * This results in an empty message being RX'ed
1778 				 * in userspace, but that is ignored.
1779 				 *
1780 				 * We can then retry with the larger buffer.
1781 				 */
1782 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1783 				    !skb->len && !state->split &&
1784 				    cb->min_dump_alloc < 4096) {
1785 					cb->min_dump_alloc = 4096;
1786 					state->split_start = 0;
1787 					rtnl_unlock();
1788 					return 1;
1789 				}
1790 				idx--;
1791 				break;
1792 			}
1793 		} while (state->split_start > 0);
1794 		break;
1795 	}
1796 	rtnl_unlock();
1797 
1798 	state->start = idx;
1799 
1800 	return skb->len;
1801 }
1802 
1803 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1804 {
1805 	kfree((void *)cb->args[0]);
1806 	return 0;
1807 }
1808 
1809 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1810 {
1811 	struct sk_buff *msg;
1812 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1813 	struct nl80211_dump_wiphy_state state = {};
1814 
1815 	msg = nlmsg_new(4096, GFP_KERNEL);
1816 	if (!msg)
1817 		return -ENOMEM;
1818 
1819 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
1820 			       info->snd_portid, info->snd_seq, 0,
1821 			       &state) < 0) {
1822 		nlmsg_free(msg);
1823 		return -ENOBUFS;
1824 	}
1825 
1826 	return genlmsg_reply(msg, info);
1827 }
1828 
1829 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1830 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1831 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1832 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1833 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1834 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1835 };
1836 
1837 static int parse_txq_params(struct nlattr *tb[],
1838 			    struct ieee80211_txq_params *txq_params)
1839 {
1840 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1841 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1842 	    !tb[NL80211_TXQ_ATTR_AIFS])
1843 		return -EINVAL;
1844 
1845 	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1846 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1847 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1848 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1849 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1850 
1851 	if (txq_params->ac >= NL80211_NUM_ACS)
1852 		return -EINVAL;
1853 
1854 	return 0;
1855 }
1856 
1857 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1858 {
1859 	/*
1860 	 * You can only set the channel explicitly for WDS interfaces,
1861 	 * all others have their channel managed via their respective
1862 	 * "establish a connection" command (connect, join, ...)
1863 	 *
1864 	 * For AP/GO and mesh mode, the channel can be set with the
1865 	 * channel userspace API, but is only stored and passed to the
1866 	 * low-level driver when the AP starts or the mesh is joined.
1867 	 * This is for backward compatibility, userspace can also give
1868 	 * the channel in the start-ap or join-mesh commands instead.
1869 	 *
1870 	 * Monitors are special as they are normally slaved to
1871 	 * whatever else is going on, so they have their own special
1872 	 * operation to set the monitor channel if possible.
1873 	 */
1874 	return !wdev ||
1875 		wdev->iftype == NL80211_IFTYPE_AP ||
1876 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1877 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1878 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1879 }
1880 
1881 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1882 				 struct genl_info *info,
1883 				 struct cfg80211_chan_def *chandef)
1884 {
1885 	u32 control_freq;
1886 
1887 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1888 		return -EINVAL;
1889 
1890 	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1891 
1892 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1893 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1894 	chandef->center_freq1 = control_freq;
1895 	chandef->center_freq2 = 0;
1896 
1897 	/* Primary channel not allowed */
1898 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1899 		return -EINVAL;
1900 
1901 	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1902 		enum nl80211_channel_type chantype;
1903 
1904 		chantype = nla_get_u32(
1905 				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1906 
1907 		switch (chantype) {
1908 		case NL80211_CHAN_NO_HT:
1909 		case NL80211_CHAN_HT20:
1910 		case NL80211_CHAN_HT40PLUS:
1911 		case NL80211_CHAN_HT40MINUS:
1912 			cfg80211_chandef_create(chandef, chandef->chan,
1913 						chantype);
1914 			break;
1915 		default:
1916 			return -EINVAL;
1917 		}
1918 	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1919 		chandef->width =
1920 			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1921 		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1922 			chandef->center_freq1 =
1923 				nla_get_u32(
1924 					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1925 		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1926 			chandef->center_freq2 =
1927 				nla_get_u32(
1928 					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1929 	}
1930 
1931 	if (!cfg80211_chandef_valid(chandef))
1932 		return -EINVAL;
1933 
1934 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1935 				     IEEE80211_CHAN_DISABLED))
1936 		return -EINVAL;
1937 
1938 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1939 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
1940 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1941 		return -EINVAL;
1942 
1943 	return 0;
1944 }
1945 
1946 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1947 				 struct net_device *dev,
1948 				 struct genl_info *info)
1949 {
1950 	struct cfg80211_chan_def chandef;
1951 	int result;
1952 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1953 	struct wireless_dev *wdev = NULL;
1954 
1955 	if (dev)
1956 		wdev = dev->ieee80211_ptr;
1957 	if (!nl80211_can_set_dev_channel(wdev))
1958 		return -EOPNOTSUPP;
1959 	if (wdev)
1960 		iftype = wdev->iftype;
1961 
1962 	result = nl80211_parse_chandef(rdev, info, &chandef);
1963 	if (result)
1964 		return result;
1965 
1966 	switch (iftype) {
1967 	case NL80211_IFTYPE_AP:
1968 	case NL80211_IFTYPE_P2P_GO:
1969 		if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef, iftype)) {
1970 			result = -EINVAL;
1971 			break;
1972 		}
1973 		if (wdev->beacon_interval) {
1974 			if (!dev || !rdev->ops->set_ap_chanwidth ||
1975 			    !(rdev->wiphy.features &
1976 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
1977 				result = -EBUSY;
1978 				break;
1979 			}
1980 
1981 			/* Only allow dynamic channel width changes */
1982 			if (chandef.chan != wdev->preset_chandef.chan) {
1983 				result = -EBUSY;
1984 				break;
1985 			}
1986 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
1987 			if (result)
1988 				break;
1989 		}
1990 		wdev->preset_chandef = chandef;
1991 		result = 0;
1992 		break;
1993 	case NL80211_IFTYPE_MESH_POINT:
1994 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
1995 		break;
1996 	case NL80211_IFTYPE_MONITOR:
1997 		result = cfg80211_set_monitor_channel(rdev, &chandef);
1998 		break;
1999 	default:
2000 		result = -EINVAL;
2001 	}
2002 
2003 	return result;
2004 }
2005 
2006 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2007 {
2008 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2009 	struct net_device *netdev = info->user_ptr[1];
2010 
2011 	return __nl80211_set_channel(rdev, netdev, info);
2012 }
2013 
2014 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2015 {
2016 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2017 	struct net_device *dev = info->user_ptr[1];
2018 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2019 	const u8 *bssid;
2020 
2021 	if (!info->attrs[NL80211_ATTR_MAC])
2022 		return -EINVAL;
2023 
2024 	if (netif_running(dev))
2025 		return -EBUSY;
2026 
2027 	if (!rdev->ops->set_wds_peer)
2028 		return -EOPNOTSUPP;
2029 
2030 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2031 		return -EOPNOTSUPP;
2032 
2033 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2034 	return rdev_set_wds_peer(rdev, dev, bssid);
2035 }
2036 
2037 
2038 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2039 {
2040 	struct cfg80211_registered_device *rdev;
2041 	struct net_device *netdev = NULL;
2042 	struct wireless_dev *wdev;
2043 	int result = 0, rem_txq_params = 0;
2044 	struct nlattr *nl_txq_params;
2045 	u32 changed;
2046 	u8 retry_short = 0, retry_long = 0;
2047 	u32 frag_threshold = 0, rts_threshold = 0;
2048 	u8 coverage_class = 0;
2049 
2050 	ASSERT_RTNL();
2051 
2052 	/*
2053 	 * Try to find the wiphy and netdev. Normally this
2054 	 * function shouldn't need the netdev, but this is
2055 	 * done for backward compatibility -- previously
2056 	 * setting the channel was done per wiphy, but now
2057 	 * it is per netdev. Previous userland like hostapd
2058 	 * also passed a netdev to set_wiphy, so that it is
2059 	 * possible to let that go to the right netdev!
2060 	 */
2061 
2062 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2063 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2064 
2065 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2066 		if (netdev && netdev->ieee80211_ptr)
2067 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2068 		else
2069 			netdev = NULL;
2070 	}
2071 
2072 	if (!netdev) {
2073 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2074 						  info->attrs);
2075 		if (IS_ERR(rdev))
2076 			return PTR_ERR(rdev);
2077 		wdev = NULL;
2078 		netdev = NULL;
2079 		result = 0;
2080 	} else
2081 		wdev = netdev->ieee80211_ptr;
2082 
2083 	/*
2084 	 * end workaround code, by now the rdev is available
2085 	 * and locked, and wdev may or may not be NULL.
2086 	 */
2087 
2088 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2089 		result = cfg80211_dev_rename(
2090 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2091 
2092 	if (result)
2093 		return result;
2094 
2095 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2096 		struct ieee80211_txq_params txq_params;
2097 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2098 
2099 		if (!rdev->ops->set_txq_params)
2100 			return -EOPNOTSUPP;
2101 
2102 		if (!netdev)
2103 			return -EINVAL;
2104 
2105 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2106 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2107 			return -EINVAL;
2108 
2109 		if (!netif_running(netdev))
2110 			return -ENETDOWN;
2111 
2112 		nla_for_each_nested(nl_txq_params,
2113 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2114 				    rem_txq_params) {
2115 			result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2116 					   nla_data(nl_txq_params),
2117 					   nla_len(nl_txq_params),
2118 					   txq_params_policy);
2119 			if (result)
2120 				return result;
2121 			result = parse_txq_params(tb, &txq_params);
2122 			if (result)
2123 				return result;
2124 
2125 			result = rdev_set_txq_params(rdev, netdev,
2126 						     &txq_params);
2127 			if (result)
2128 				return result;
2129 		}
2130 	}
2131 
2132 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2133 		result = __nl80211_set_channel(
2134 			rdev,
2135 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2136 			info);
2137 		if (result)
2138 			return result;
2139 	}
2140 
2141 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2142 		struct wireless_dev *txp_wdev = wdev;
2143 		enum nl80211_tx_power_setting type;
2144 		int idx, mbm = 0;
2145 
2146 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2147 			txp_wdev = NULL;
2148 
2149 		if (!rdev->ops->set_tx_power)
2150 			return -EOPNOTSUPP;
2151 
2152 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2153 		type = nla_get_u32(info->attrs[idx]);
2154 
2155 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2156 		    (type != NL80211_TX_POWER_AUTOMATIC))
2157 			return -EINVAL;
2158 
2159 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2160 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2161 			mbm = nla_get_u32(info->attrs[idx]);
2162 		}
2163 
2164 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2165 		if (result)
2166 			return result;
2167 	}
2168 
2169 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2170 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2171 		u32 tx_ant, rx_ant;
2172 		if ((!rdev->wiphy.available_antennas_tx &&
2173 		     !rdev->wiphy.available_antennas_rx) ||
2174 		    !rdev->ops->set_antenna)
2175 			return -EOPNOTSUPP;
2176 
2177 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2178 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2179 
2180 		/* reject antenna configurations which don't match the
2181 		 * available antenna masks, except for the "all" mask */
2182 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2183 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2184 			return -EINVAL;
2185 
2186 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2187 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2188 
2189 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2190 		if (result)
2191 			return result;
2192 	}
2193 
2194 	changed = 0;
2195 
2196 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2197 		retry_short = nla_get_u8(
2198 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2199 		if (retry_short == 0)
2200 			return -EINVAL;
2201 
2202 		changed |= WIPHY_PARAM_RETRY_SHORT;
2203 	}
2204 
2205 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2206 		retry_long = nla_get_u8(
2207 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2208 		if (retry_long == 0)
2209 			return -EINVAL;
2210 
2211 		changed |= WIPHY_PARAM_RETRY_LONG;
2212 	}
2213 
2214 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2215 		frag_threshold = nla_get_u32(
2216 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2217 		if (frag_threshold < 256)
2218 			return -EINVAL;
2219 
2220 		if (frag_threshold != (u32) -1) {
2221 			/*
2222 			 * Fragments (apart from the last one) are required to
2223 			 * have even length. Make the fragmentation code
2224 			 * simpler by stripping LSB should someone try to use
2225 			 * odd threshold value.
2226 			 */
2227 			frag_threshold &= ~0x1;
2228 		}
2229 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2230 	}
2231 
2232 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2233 		rts_threshold = nla_get_u32(
2234 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2235 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2236 	}
2237 
2238 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2239 		coverage_class = nla_get_u8(
2240 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2241 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2242 	}
2243 
2244 	if (changed) {
2245 		u8 old_retry_short, old_retry_long;
2246 		u32 old_frag_threshold, old_rts_threshold;
2247 		u8 old_coverage_class;
2248 
2249 		if (!rdev->ops->set_wiphy_params)
2250 			return -EOPNOTSUPP;
2251 
2252 		old_retry_short = rdev->wiphy.retry_short;
2253 		old_retry_long = rdev->wiphy.retry_long;
2254 		old_frag_threshold = rdev->wiphy.frag_threshold;
2255 		old_rts_threshold = rdev->wiphy.rts_threshold;
2256 		old_coverage_class = rdev->wiphy.coverage_class;
2257 
2258 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2259 			rdev->wiphy.retry_short = retry_short;
2260 		if (changed & WIPHY_PARAM_RETRY_LONG)
2261 			rdev->wiphy.retry_long = retry_long;
2262 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2263 			rdev->wiphy.frag_threshold = frag_threshold;
2264 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2265 			rdev->wiphy.rts_threshold = rts_threshold;
2266 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2267 			rdev->wiphy.coverage_class = coverage_class;
2268 
2269 		result = rdev_set_wiphy_params(rdev, changed);
2270 		if (result) {
2271 			rdev->wiphy.retry_short = old_retry_short;
2272 			rdev->wiphy.retry_long = old_retry_long;
2273 			rdev->wiphy.frag_threshold = old_frag_threshold;
2274 			rdev->wiphy.rts_threshold = old_rts_threshold;
2275 			rdev->wiphy.coverage_class = old_coverage_class;
2276 		}
2277 	}
2278 	return 0;
2279 }
2280 
2281 static inline u64 wdev_id(struct wireless_dev *wdev)
2282 {
2283 	return (u64)wdev->identifier |
2284 	       ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2285 }
2286 
2287 static int nl80211_send_chandef(struct sk_buff *msg,
2288 				const struct cfg80211_chan_def *chandef)
2289 {
2290 	WARN_ON(!cfg80211_chandef_valid(chandef));
2291 
2292 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2293 			chandef->chan->center_freq))
2294 		return -ENOBUFS;
2295 	switch (chandef->width) {
2296 	case NL80211_CHAN_WIDTH_20_NOHT:
2297 	case NL80211_CHAN_WIDTH_20:
2298 	case NL80211_CHAN_WIDTH_40:
2299 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2300 				cfg80211_get_chandef_type(chandef)))
2301 			return -ENOBUFS;
2302 		break;
2303 	default:
2304 		break;
2305 	}
2306 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2307 		return -ENOBUFS;
2308 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2309 		return -ENOBUFS;
2310 	if (chandef->center_freq2 &&
2311 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2312 		return -ENOBUFS;
2313 	return 0;
2314 }
2315 
2316 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2317 			      struct cfg80211_registered_device *rdev,
2318 			      struct wireless_dev *wdev)
2319 {
2320 	struct net_device *dev = wdev->netdev;
2321 	void *hdr;
2322 
2323 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
2324 	if (!hdr)
2325 		return -1;
2326 
2327 	if (dev &&
2328 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2329 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2330 		goto nla_put_failure;
2331 
2332 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2333 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2334 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2335 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2336 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2337 			rdev->devlist_generation ^
2338 			(cfg80211_rdev_list_generation << 2)))
2339 		goto nla_put_failure;
2340 
2341 	if (rdev->ops->get_channel) {
2342 		int ret;
2343 		struct cfg80211_chan_def chandef;
2344 
2345 		ret = rdev_get_channel(rdev, wdev, &chandef);
2346 		if (ret == 0) {
2347 			if (nl80211_send_chandef(msg, &chandef))
2348 				goto nla_put_failure;
2349 		}
2350 	}
2351 
2352 	if (wdev->ssid_len) {
2353 		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2354 			goto nla_put_failure;
2355 	}
2356 
2357 	return genlmsg_end(msg, hdr);
2358 
2359  nla_put_failure:
2360 	genlmsg_cancel(msg, hdr);
2361 	return -EMSGSIZE;
2362 }
2363 
2364 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2365 {
2366 	int wp_idx = 0;
2367 	int if_idx = 0;
2368 	int wp_start = cb->args[0];
2369 	int if_start = cb->args[1];
2370 	struct cfg80211_registered_device *rdev;
2371 	struct wireless_dev *wdev;
2372 
2373 	rtnl_lock();
2374 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2375 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2376 			continue;
2377 		if (wp_idx < wp_start) {
2378 			wp_idx++;
2379 			continue;
2380 		}
2381 		if_idx = 0;
2382 
2383 		list_for_each_entry(wdev, &rdev->wdev_list, list) {
2384 			if (if_idx < if_start) {
2385 				if_idx++;
2386 				continue;
2387 			}
2388 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2389 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2390 					       rdev, wdev) < 0) {
2391 				goto out;
2392 			}
2393 			if_idx++;
2394 		}
2395 
2396 		wp_idx++;
2397 	}
2398  out:
2399 	rtnl_unlock();
2400 
2401 	cb->args[0] = wp_idx;
2402 	cb->args[1] = if_idx;
2403 
2404 	return skb->len;
2405 }
2406 
2407 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2408 {
2409 	struct sk_buff *msg;
2410 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2411 	struct wireless_dev *wdev = info->user_ptr[1];
2412 
2413 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2414 	if (!msg)
2415 		return -ENOMEM;
2416 
2417 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2418 			       rdev, wdev) < 0) {
2419 		nlmsg_free(msg);
2420 		return -ENOBUFS;
2421 	}
2422 
2423 	return genlmsg_reply(msg, info);
2424 }
2425 
2426 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2427 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2428 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2429 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2430 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2431 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2432 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2433 };
2434 
2435 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2436 {
2437 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2438 	int flag;
2439 
2440 	*mntrflags = 0;
2441 
2442 	if (!nla)
2443 		return -EINVAL;
2444 
2445 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2446 			     nla, mntr_flags_policy))
2447 		return -EINVAL;
2448 
2449 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2450 		if (flags[flag])
2451 			*mntrflags |= (1<<flag);
2452 
2453 	return 0;
2454 }
2455 
2456 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2457 			       struct net_device *netdev, u8 use_4addr,
2458 			       enum nl80211_iftype iftype)
2459 {
2460 	if (!use_4addr) {
2461 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2462 			return -EBUSY;
2463 		return 0;
2464 	}
2465 
2466 	switch (iftype) {
2467 	case NL80211_IFTYPE_AP_VLAN:
2468 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2469 			return 0;
2470 		break;
2471 	case NL80211_IFTYPE_STATION:
2472 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2473 			return 0;
2474 		break;
2475 	default:
2476 		break;
2477 	}
2478 
2479 	return -EOPNOTSUPP;
2480 }
2481 
2482 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2483 {
2484 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2485 	struct vif_params params;
2486 	int err;
2487 	enum nl80211_iftype otype, ntype;
2488 	struct net_device *dev = info->user_ptr[1];
2489 	u32 _flags, *flags = NULL;
2490 	bool change = false;
2491 
2492 	memset(&params, 0, sizeof(params));
2493 
2494 	otype = ntype = dev->ieee80211_ptr->iftype;
2495 
2496 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2497 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2498 		if (otype != ntype)
2499 			change = true;
2500 		if (ntype > NL80211_IFTYPE_MAX)
2501 			return -EINVAL;
2502 	}
2503 
2504 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2505 		struct wireless_dev *wdev = dev->ieee80211_ptr;
2506 
2507 		if (ntype != NL80211_IFTYPE_MESH_POINT)
2508 			return -EINVAL;
2509 		if (netif_running(dev))
2510 			return -EBUSY;
2511 
2512 		wdev_lock(wdev);
2513 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2514 			     IEEE80211_MAX_MESH_ID_LEN);
2515 		wdev->mesh_id_up_len =
2516 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2517 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2518 		       wdev->mesh_id_up_len);
2519 		wdev_unlock(wdev);
2520 	}
2521 
2522 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2523 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2524 		change = true;
2525 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2526 		if (err)
2527 			return err;
2528 	} else {
2529 		params.use_4addr = -1;
2530 	}
2531 
2532 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2533 		if (ntype != NL80211_IFTYPE_MONITOR)
2534 			return -EINVAL;
2535 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2536 					  &_flags);
2537 		if (err)
2538 			return err;
2539 
2540 		flags = &_flags;
2541 		change = true;
2542 	}
2543 
2544 	if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2545 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2546 		return -EOPNOTSUPP;
2547 
2548 	if (change)
2549 		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2550 	else
2551 		err = 0;
2552 
2553 	if (!err && params.use_4addr != -1)
2554 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2555 
2556 	return err;
2557 }
2558 
2559 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2560 {
2561 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2562 	struct vif_params params;
2563 	struct wireless_dev *wdev;
2564 	struct sk_buff *msg;
2565 	int err;
2566 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2567 	u32 flags;
2568 
2569 	/* to avoid failing a new interface creation due to pending removal */
2570 	cfg80211_destroy_ifaces(rdev);
2571 
2572 	memset(&params, 0, sizeof(params));
2573 
2574 	if (!info->attrs[NL80211_ATTR_IFNAME])
2575 		return -EINVAL;
2576 
2577 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2578 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2579 		if (type > NL80211_IFTYPE_MAX)
2580 			return -EINVAL;
2581 	}
2582 
2583 	if (!rdev->ops->add_virtual_intf ||
2584 	    !(rdev->wiphy.interface_modes & (1 << type)))
2585 		return -EOPNOTSUPP;
2586 
2587 	if (type == NL80211_IFTYPE_P2P_DEVICE && info->attrs[NL80211_ATTR_MAC]) {
2588 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2589 			   ETH_ALEN);
2590 		if (!is_valid_ether_addr(params.macaddr))
2591 			return -EADDRNOTAVAIL;
2592 	}
2593 
2594 	if (info->attrs[NL80211_ATTR_4ADDR]) {
2595 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2596 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2597 		if (err)
2598 			return err;
2599 	}
2600 
2601 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2602 	if (!msg)
2603 		return -ENOMEM;
2604 
2605 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2606 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2607 				  &flags);
2608 
2609 	if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2610 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2611 		return -EOPNOTSUPP;
2612 
2613 	wdev = rdev_add_virtual_intf(rdev,
2614 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2615 				type, err ? NULL : &flags, &params);
2616 	if (IS_ERR(wdev)) {
2617 		nlmsg_free(msg);
2618 		return PTR_ERR(wdev);
2619 	}
2620 
2621 	if (info->attrs[NL80211_ATTR_IFACE_SOCKET_OWNER])
2622 		wdev->owner_nlportid = info->snd_portid;
2623 
2624 	switch (type) {
2625 	case NL80211_IFTYPE_MESH_POINT:
2626 		if (!info->attrs[NL80211_ATTR_MESH_ID])
2627 			break;
2628 		wdev_lock(wdev);
2629 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2630 			     IEEE80211_MAX_MESH_ID_LEN);
2631 		wdev->mesh_id_up_len =
2632 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2633 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2634 		       wdev->mesh_id_up_len);
2635 		wdev_unlock(wdev);
2636 		break;
2637 	case NL80211_IFTYPE_P2P_DEVICE:
2638 		/*
2639 		 * P2P Device doesn't have a netdev, so doesn't go
2640 		 * through the netdev notifier and must be added here
2641 		 */
2642 		mutex_init(&wdev->mtx);
2643 		INIT_LIST_HEAD(&wdev->event_list);
2644 		spin_lock_init(&wdev->event_lock);
2645 		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2646 		spin_lock_init(&wdev->mgmt_registrations_lock);
2647 
2648 		wdev->identifier = ++rdev->wdev_id;
2649 		list_add_rcu(&wdev->list, &rdev->wdev_list);
2650 		rdev->devlist_generation++;
2651 		break;
2652 	default:
2653 		break;
2654 	}
2655 
2656 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2657 			       rdev, wdev) < 0) {
2658 		nlmsg_free(msg);
2659 		return -ENOBUFS;
2660 	}
2661 
2662 	return genlmsg_reply(msg, info);
2663 }
2664 
2665 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2666 {
2667 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2668 	struct wireless_dev *wdev = info->user_ptr[1];
2669 
2670 	if (!rdev->ops->del_virtual_intf)
2671 		return -EOPNOTSUPP;
2672 
2673 	/*
2674 	 * If we remove a wireless device without a netdev then clear
2675 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2676 	 * to check if it needs to do dev_put(). Otherwise it crashes
2677 	 * since the wdev has been freed, unlike with a netdev where
2678 	 * we need the dev_put() for the netdev to really be freed.
2679 	 */
2680 	if (!wdev->netdev)
2681 		info->user_ptr[1] = NULL;
2682 
2683 	return rdev_del_virtual_intf(rdev, wdev);
2684 }
2685 
2686 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2687 {
2688 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2689 	struct net_device *dev = info->user_ptr[1];
2690 	u16 noack_map;
2691 
2692 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2693 		return -EINVAL;
2694 
2695 	if (!rdev->ops->set_noack_map)
2696 		return -EOPNOTSUPP;
2697 
2698 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2699 
2700 	return rdev_set_noack_map(rdev, dev, noack_map);
2701 }
2702 
2703 struct get_key_cookie {
2704 	struct sk_buff *msg;
2705 	int error;
2706 	int idx;
2707 };
2708 
2709 static void get_key_callback(void *c, struct key_params *params)
2710 {
2711 	struct nlattr *key;
2712 	struct get_key_cookie *cookie = c;
2713 
2714 	if ((params->key &&
2715 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2716 		     params->key_len, params->key)) ||
2717 	    (params->seq &&
2718 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2719 		     params->seq_len, params->seq)) ||
2720 	    (params->cipher &&
2721 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2722 			 params->cipher)))
2723 		goto nla_put_failure;
2724 
2725 	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2726 	if (!key)
2727 		goto nla_put_failure;
2728 
2729 	if ((params->key &&
2730 	     nla_put(cookie->msg, NL80211_KEY_DATA,
2731 		     params->key_len, params->key)) ||
2732 	    (params->seq &&
2733 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2734 		     params->seq_len, params->seq)) ||
2735 	    (params->cipher &&
2736 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2737 			 params->cipher)))
2738 		goto nla_put_failure;
2739 
2740 	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2741 		goto nla_put_failure;
2742 
2743 	nla_nest_end(cookie->msg, key);
2744 
2745 	return;
2746  nla_put_failure:
2747 	cookie->error = 1;
2748 }
2749 
2750 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2751 {
2752 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2753 	int err;
2754 	struct net_device *dev = info->user_ptr[1];
2755 	u8 key_idx = 0;
2756 	const u8 *mac_addr = NULL;
2757 	bool pairwise;
2758 	struct get_key_cookie cookie = {
2759 		.error = 0,
2760 	};
2761 	void *hdr;
2762 	struct sk_buff *msg;
2763 
2764 	if (info->attrs[NL80211_ATTR_KEY_IDX])
2765 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2766 
2767 	if (key_idx > 5)
2768 		return -EINVAL;
2769 
2770 	if (info->attrs[NL80211_ATTR_MAC])
2771 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2772 
2773 	pairwise = !!mac_addr;
2774 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2775 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2776 		if (kt >= NUM_NL80211_KEYTYPES)
2777 			return -EINVAL;
2778 		if (kt != NL80211_KEYTYPE_GROUP &&
2779 		    kt != NL80211_KEYTYPE_PAIRWISE)
2780 			return -EINVAL;
2781 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2782 	}
2783 
2784 	if (!rdev->ops->get_key)
2785 		return -EOPNOTSUPP;
2786 
2787 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2788 	if (!msg)
2789 		return -ENOMEM;
2790 
2791 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2792 			     NL80211_CMD_NEW_KEY);
2793 	if (!hdr)
2794 		goto nla_put_failure;
2795 
2796 	cookie.msg = msg;
2797 	cookie.idx = key_idx;
2798 
2799 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2800 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2801 		goto nla_put_failure;
2802 	if (mac_addr &&
2803 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2804 		goto nla_put_failure;
2805 
2806 	if (pairwise && mac_addr &&
2807 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2808 		return -ENOENT;
2809 
2810 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2811 			   get_key_callback);
2812 
2813 	if (err)
2814 		goto free_msg;
2815 
2816 	if (cookie.error)
2817 		goto nla_put_failure;
2818 
2819 	genlmsg_end(msg, hdr);
2820 	return genlmsg_reply(msg, info);
2821 
2822  nla_put_failure:
2823 	err = -ENOBUFS;
2824  free_msg:
2825 	nlmsg_free(msg);
2826 	return err;
2827 }
2828 
2829 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2830 {
2831 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2832 	struct key_parse key;
2833 	int err;
2834 	struct net_device *dev = info->user_ptr[1];
2835 
2836 	err = nl80211_parse_key(info, &key);
2837 	if (err)
2838 		return err;
2839 
2840 	if (key.idx < 0)
2841 		return -EINVAL;
2842 
2843 	/* only support setting default key */
2844 	if (!key.def && !key.defmgmt)
2845 		return -EINVAL;
2846 
2847 	wdev_lock(dev->ieee80211_ptr);
2848 
2849 	if (key.def) {
2850 		if (!rdev->ops->set_default_key) {
2851 			err = -EOPNOTSUPP;
2852 			goto out;
2853 		}
2854 
2855 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2856 		if (err)
2857 			goto out;
2858 
2859 		err = rdev_set_default_key(rdev, dev, key.idx,
2860 						 key.def_uni, key.def_multi);
2861 
2862 		if (err)
2863 			goto out;
2864 
2865 #ifdef CONFIG_CFG80211_WEXT
2866 		dev->ieee80211_ptr->wext.default_key = key.idx;
2867 #endif
2868 	} else {
2869 		if (key.def_uni || !key.def_multi) {
2870 			err = -EINVAL;
2871 			goto out;
2872 		}
2873 
2874 		if (!rdev->ops->set_default_mgmt_key) {
2875 			err = -EOPNOTSUPP;
2876 			goto out;
2877 		}
2878 
2879 		err = nl80211_key_allowed(dev->ieee80211_ptr);
2880 		if (err)
2881 			goto out;
2882 
2883 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2884 		if (err)
2885 			goto out;
2886 
2887 #ifdef CONFIG_CFG80211_WEXT
2888 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2889 #endif
2890 	}
2891 
2892  out:
2893 	wdev_unlock(dev->ieee80211_ptr);
2894 
2895 	return err;
2896 }
2897 
2898 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2899 {
2900 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2901 	int err;
2902 	struct net_device *dev = info->user_ptr[1];
2903 	struct key_parse key;
2904 	const u8 *mac_addr = NULL;
2905 
2906 	err = nl80211_parse_key(info, &key);
2907 	if (err)
2908 		return err;
2909 
2910 	if (!key.p.key)
2911 		return -EINVAL;
2912 
2913 	if (info->attrs[NL80211_ATTR_MAC])
2914 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2915 
2916 	if (key.type == -1) {
2917 		if (mac_addr)
2918 			key.type = NL80211_KEYTYPE_PAIRWISE;
2919 		else
2920 			key.type = NL80211_KEYTYPE_GROUP;
2921 	}
2922 
2923 	/* for now */
2924 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2925 	    key.type != NL80211_KEYTYPE_GROUP)
2926 		return -EINVAL;
2927 
2928 	if (!rdev->ops->add_key)
2929 		return -EOPNOTSUPP;
2930 
2931 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2932 					   key.type == NL80211_KEYTYPE_PAIRWISE,
2933 					   mac_addr))
2934 		return -EINVAL;
2935 
2936 	wdev_lock(dev->ieee80211_ptr);
2937 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2938 	if (!err)
2939 		err = rdev_add_key(rdev, dev, key.idx,
2940 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2941 				    mac_addr, &key.p);
2942 	wdev_unlock(dev->ieee80211_ptr);
2943 
2944 	return err;
2945 }
2946 
2947 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2948 {
2949 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2950 	int err;
2951 	struct net_device *dev = info->user_ptr[1];
2952 	u8 *mac_addr = NULL;
2953 	struct key_parse key;
2954 
2955 	err = nl80211_parse_key(info, &key);
2956 	if (err)
2957 		return err;
2958 
2959 	if (info->attrs[NL80211_ATTR_MAC])
2960 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2961 
2962 	if (key.type == -1) {
2963 		if (mac_addr)
2964 			key.type = NL80211_KEYTYPE_PAIRWISE;
2965 		else
2966 			key.type = NL80211_KEYTYPE_GROUP;
2967 	}
2968 
2969 	/* for now */
2970 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2971 	    key.type != NL80211_KEYTYPE_GROUP)
2972 		return -EINVAL;
2973 
2974 	if (!rdev->ops->del_key)
2975 		return -EOPNOTSUPP;
2976 
2977 	wdev_lock(dev->ieee80211_ptr);
2978 	err = nl80211_key_allowed(dev->ieee80211_ptr);
2979 
2980 	if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2981 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2982 		err = -ENOENT;
2983 
2984 	if (!err)
2985 		err = rdev_del_key(rdev, dev, key.idx,
2986 				   key.type == NL80211_KEYTYPE_PAIRWISE,
2987 				   mac_addr);
2988 
2989 #ifdef CONFIG_CFG80211_WEXT
2990 	if (!err) {
2991 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
2992 			dev->ieee80211_ptr->wext.default_key = -1;
2993 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2994 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2995 	}
2996 #endif
2997 	wdev_unlock(dev->ieee80211_ptr);
2998 
2999 	return err;
3000 }
3001 
3002 /* This function returns an error or the number of nested attributes */
3003 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3004 {
3005 	struct nlattr *attr;
3006 	int n_entries = 0, tmp;
3007 
3008 	nla_for_each_nested(attr, nl_attr, tmp) {
3009 		if (nla_len(attr) != ETH_ALEN)
3010 			return -EINVAL;
3011 
3012 		n_entries++;
3013 	}
3014 
3015 	return n_entries;
3016 }
3017 
3018 /*
3019  * This function parses ACL information and allocates memory for ACL data.
3020  * On successful return, the calling function is responsible to free the
3021  * ACL buffer returned by this function.
3022  */
3023 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3024 						struct genl_info *info)
3025 {
3026 	enum nl80211_acl_policy acl_policy;
3027 	struct nlattr *attr;
3028 	struct cfg80211_acl_data *acl;
3029 	int i = 0, n_entries, tmp;
3030 
3031 	if (!wiphy->max_acl_mac_addrs)
3032 		return ERR_PTR(-EOPNOTSUPP);
3033 
3034 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3035 		return ERR_PTR(-EINVAL);
3036 
3037 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3038 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3039 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3040 		return ERR_PTR(-EINVAL);
3041 
3042 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3043 		return ERR_PTR(-EINVAL);
3044 
3045 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3046 	if (n_entries < 0)
3047 		return ERR_PTR(n_entries);
3048 
3049 	if (n_entries > wiphy->max_acl_mac_addrs)
3050 		return ERR_PTR(-ENOTSUPP);
3051 
3052 	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3053 		      GFP_KERNEL);
3054 	if (!acl)
3055 		return ERR_PTR(-ENOMEM);
3056 
3057 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3058 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3059 		i++;
3060 	}
3061 
3062 	acl->n_acl_entries = n_entries;
3063 	acl->acl_policy = acl_policy;
3064 
3065 	return acl;
3066 }
3067 
3068 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3069 {
3070 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3071 	struct net_device *dev = info->user_ptr[1];
3072 	struct cfg80211_acl_data *acl;
3073 	int err;
3074 
3075 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3076 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3077 		return -EOPNOTSUPP;
3078 
3079 	if (!dev->ieee80211_ptr->beacon_interval)
3080 		return -EINVAL;
3081 
3082 	acl = parse_acl_data(&rdev->wiphy, info);
3083 	if (IS_ERR(acl))
3084 		return PTR_ERR(acl);
3085 
3086 	err = rdev_set_mac_acl(rdev, dev, acl);
3087 
3088 	kfree(acl);
3089 
3090 	return err;
3091 }
3092 
3093 static int nl80211_parse_beacon(struct nlattr *attrs[],
3094 				struct cfg80211_beacon_data *bcn)
3095 {
3096 	bool haveinfo = false;
3097 
3098 	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3099 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3100 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3101 	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3102 		return -EINVAL;
3103 
3104 	memset(bcn, 0, sizeof(*bcn));
3105 
3106 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3107 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3108 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3109 		if (!bcn->head_len)
3110 			return -EINVAL;
3111 		haveinfo = true;
3112 	}
3113 
3114 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3115 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3116 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3117 		haveinfo = true;
3118 	}
3119 
3120 	if (!haveinfo)
3121 		return -EINVAL;
3122 
3123 	if (attrs[NL80211_ATTR_IE]) {
3124 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3125 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3126 	}
3127 
3128 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3129 		bcn->proberesp_ies =
3130 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3131 		bcn->proberesp_ies_len =
3132 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3133 	}
3134 
3135 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3136 		bcn->assocresp_ies =
3137 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3138 		bcn->assocresp_ies_len =
3139 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3140 	}
3141 
3142 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
3143 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3144 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3145 	}
3146 
3147 	return 0;
3148 }
3149 
3150 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3151 				   struct cfg80211_ap_settings *params)
3152 {
3153 	struct wireless_dev *wdev;
3154 	bool ret = false;
3155 
3156 	list_for_each_entry(wdev, &rdev->wdev_list, list) {
3157 		if (wdev->iftype != NL80211_IFTYPE_AP &&
3158 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
3159 			continue;
3160 
3161 		if (!wdev->preset_chandef.chan)
3162 			continue;
3163 
3164 		params->chandef = wdev->preset_chandef;
3165 		ret = true;
3166 		break;
3167 	}
3168 
3169 	return ret;
3170 }
3171 
3172 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3173 				    enum nl80211_auth_type auth_type,
3174 				    enum nl80211_commands cmd)
3175 {
3176 	if (auth_type > NL80211_AUTHTYPE_MAX)
3177 		return false;
3178 
3179 	switch (cmd) {
3180 	case NL80211_CMD_AUTHENTICATE:
3181 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3182 		    auth_type == NL80211_AUTHTYPE_SAE)
3183 			return false;
3184 		return true;
3185 	case NL80211_CMD_CONNECT:
3186 	case NL80211_CMD_START_AP:
3187 		/* SAE not supported yet */
3188 		if (auth_type == NL80211_AUTHTYPE_SAE)
3189 			return false;
3190 		return true;
3191 	default:
3192 		return false;
3193 	}
3194 }
3195 
3196 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3197 {
3198 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3199 	struct net_device *dev = info->user_ptr[1];
3200 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3201 	struct cfg80211_ap_settings params;
3202 	int err;
3203 
3204 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3205 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3206 		return -EOPNOTSUPP;
3207 
3208 	if (!rdev->ops->start_ap)
3209 		return -EOPNOTSUPP;
3210 
3211 	if (wdev->beacon_interval)
3212 		return -EALREADY;
3213 
3214 	memset(&params, 0, sizeof(params));
3215 
3216 	/* these are required for START_AP */
3217 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3218 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3219 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3220 		return -EINVAL;
3221 
3222 	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3223 	if (err)
3224 		return err;
3225 
3226 	params.beacon_interval =
3227 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3228 	params.dtim_period =
3229 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3230 
3231 	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3232 	if (err)
3233 		return err;
3234 
3235 	/*
3236 	 * In theory, some of these attributes should be required here
3237 	 * but since they were not used when the command was originally
3238 	 * added, keep them optional for old user space programs to let
3239 	 * them continue to work with drivers that do not need the
3240 	 * additional information -- drivers must check!
3241 	 */
3242 	if (info->attrs[NL80211_ATTR_SSID]) {
3243 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3244 		params.ssid_len =
3245 			nla_len(info->attrs[NL80211_ATTR_SSID]);
3246 		if (params.ssid_len == 0 ||
3247 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
3248 			return -EINVAL;
3249 	}
3250 
3251 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3252 		params.hidden_ssid = nla_get_u32(
3253 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3254 		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3255 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3256 		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3257 			return -EINVAL;
3258 	}
3259 
3260 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3261 
3262 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3263 		params.auth_type = nla_get_u32(
3264 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3265 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
3266 					     NL80211_CMD_START_AP))
3267 			return -EINVAL;
3268 	} else
3269 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3270 
3271 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
3272 				      NL80211_MAX_NR_CIPHER_SUITES);
3273 	if (err)
3274 		return err;
3275 
3276 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3277 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3278 			return -EOPNOTSUPP;
3279 		params.inactivity_timeout = nla_get_u16(
3280 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3281 	}
3282 
3283 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3284 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3285 			return -EINVAL;
3286 		params.p2p_ctwindow =
3287 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3288 		if (params.p2p_ctwindow > 127)
3289 			return -EINVAL;
3290 		if (params.p2p_ctwindow != 0 &&
3291 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3292 			return -EINVAL;
3293 	}
3294 
3295 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3296 		u8 tmp;
3297 
3298 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3299 			return -EINVAL;
3300 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3301 		if (tmp > 1)
3302 			return -EINVAL;
3303 		params.p2p_opp_ps = tmp;
3304 		if (params.p2p_opp_ps != 0 &&
3305 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3306 			return -EINVAL;
3307 	}
3308 
3309 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3310 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
3311 		if (err)
3312 			return err;
3313 	} else if (wdev->preset_chandef.chan) {
3314 		params.chandef = wdev->preset_chandef;
3315 	} else if (!nl80211_get_ap_channel(rdev, &params))
3316 		return -EINVAL;
3317 
3318 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
3319 				     wdev->iftype))
3320 		return -EINVAL;
3321 
3322 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3323 		params.acl = parse_acl_data(&rdev->wiphy, info);
3324 		if (IS_ERR(params.acl))
3325 			return PTR_ERR(params.acl);
3326 	}
3327 
3328 	wdev_lock(wdev);
3329 	err = rdev_start_ap(rdev, dev, &params);
3330 	if (!err) {
3331 		wdev->preset_chandef = params.chandef;
3332 		wdev->beacon_interval = params.beacon_interval;
3333 		wdev->chandef = params.chandef;
3334 		wdev->ssid_len = params.ssid_len;
3335 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3336 	}
3337 	wdev_unlock(wdev);
3338 
3339 	kfree(params.acl);
3340 
3341 	return err;
3342 }
3343 
3344 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3345 {
3346 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3347 	struct net_device *dev = info->user_ptr[1];
3348 	struct wireless_dev *wdev = dev->ieee80211_ptr;
3349 	struct cfg80211_beacon_data params;
3350 	int err;
3351 
3352 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3353 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3354 		return -EOPNOTSUPP;
3355 
3356 	if (!rdev->ops->change_beacon)
3357 		return -EOPNOTSUPP;
3358 
3359 	if (!wdev->beacon_interval)
3360 		return -EINVAL;
3361 
3362 	err = nl80211_parse_beacon(info->attrs, &params);
3363 	if (err)
3364 		return err;
3365 
3366 	wdev_lock(wdev);
3367 	err = rdev_change_beacon(rdev, dev, &params);
3368 	wdev_unlock(wdev);
3369 
3370 	return err;
3371 }
3372 
3373 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3374 {
3375 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3376 	struct net_device *dev = info->user_ptr[1];
3377 
3378 	return cfg80211_stop_ap(rdev, dev, false);
3379 }
3380 
3381 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3382 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3383 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3384 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3385 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3386 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3387 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3388 };
3389 
3390 static int parse_station_flags(struct genl_info *info,
3391 			       enum nl80211_iftype iftype,
3392 			       struct station_parameters *params)
3393 {
3394 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3395 	struct nlattr *nla;
3396 	int flag;
3397 
3398 	/*
3399 	 * Try parsing the new attribute first so userspace
3400 	 * can specify both for older kernels.
3401 	 */
3402 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3403 	if (nla) {
3404 		struct nl80211_sta_flag_update *sta_flags;
3405 
3406 		sta_flags = nla_data(nla);
3407 		params->sta_flags_mask = sta_flags->mask;
3408 		params->sta_flags_set = sta_flags->set;
3409 		params->sta_flags_set &= params->sta_flags_mask;
3410 		if ((params->sta_flags_mask |
3411 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3412 			return -EINVAL;
3413 		return 0;
3414 	}
3415 
3416 	/* if present, parse the old attribute */
3417 
3418 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3419 	if (!nla)
3420 		return 0;
3421 
3422 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3423 			     nla, sta_flags_policy))
3424 		return -EINVAL;
3425 
3426 	/*
3427 	 * Only allow certain flags for interface types so that
3428 	 * other attributes are silently ignored. Remember that
3429 	 * this is backward compatibility code with old userspace
3430 	 * and shouldn't be hit in other cases anyway.
3431 	 */
3432 	switch (iftype) {
3433 	case NL80211_IFTYPE_AP:
3434 	case NL80211_IFTYPE_AP_VLAN:
3435 	case NL80211_IFTYPE_P2P_GO:
3436 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3437 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3438 					 BIT(NL80211_STA_FLAG_WME) |
3439 					 BIT(NL80211_STA_FLAG_MFP);
3440 		break;
3441 	case NL80211_IFTYPE_P2P_CLIENT:
3442 	case NL80211_IFTYPE_STATION:
3443 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3444 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3445 		break;
3446 	case NL80211_IFTYPE_MESH_POINT:
3447 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3448 					 BIT(NL80211_STA_FLAG_MFP) |
3449 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3450 	default:
3451 		return -EINVAL;
3452 	}
3453 
3454 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3455 		if (flags[flag]) {
3456 			params->sta_flags_set |= (1<<flag);
3457 
3458 			/* no longer support new API additions in old API */
3459 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3460 				return -EINVAL;
3461 		}
3462 	}
3463 
3464 	return 0;
3465 }
3466 
3467 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3468 				 int attr)
3469 {
3470 	struct nlattr *rate;
3471 	u32 bitrate;
3472 	u16 bitrate_compat;
3473 
3474 	rate = nla_nest_start(msg, attr);
3475 	if (!rate)
3476 		return false;
3477 
3478 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3479 	bitrate = cfg80211_calculate_bitrate(info);
3480 	/* report 16-bit bitrate only if we can */
3481 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3482 	if (bitrate > 0 &&
3483 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3484 		return false;
3485 	if (bitrate_compat > 0 &&
3486 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3487 		return false;
3488 
3489 	if (info->flags & RATE_INFO_FLAGS_MCS) {
3490 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3491 			return false;
3492 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3493 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3494 			return false;
3495 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3496 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3497 			return false;
3498 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3499 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3500 			return false;
3501 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3502 			return false;
3503 		if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH &&
3504 		    nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH))
3505 			return false;
3506 		if (info->flags & RATE_INFO_FLAGS_80_MHZ_WIDTH &&
3507 		    nla_put_flag(msg, NL80211_RATE_INFO_80_MHZ_WIDTH))
3508 			return false;
3509 		if (info->flags & RATE_INFO_FLAGS_80P80_MHZ_WIDTH &&
3510 		    nla_put_flag(msg, NL80211_RATE_INFO_80P80_MHZ_WIDTH))
3511 			return false;
3512 		if (info->flags & RATE_INFO_FLAGS_160_MHZ_WIDTH &&
3513 		    nla_put_flag(msg, NL80211_RATE_INFO_160_MHZ_WIDTH))
3514 			return false;
3515 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3516 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3517 			return false;
3518 	}
3519 
3520 	nla_nest_end(msg, rate);
3521 	return true;
3522 }
3523 
3524 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3525 			       int id)
3526 {
3527 	void *attr;
3528 	int i = 0;
3529 
3530 	if (!mask)
3531 		return true;
3532 
3533 	attr = nla_nest_start(msg, id);
3534 	if (!attr)
3535 		return false;
3536 
3537 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3538 		if (!(mask & BIT(i)))
3539 			continue;
3540 
3541 		if (nla_put_u8(msg, i, signal[i]))
3542 			return false;
3543 	}
3544 
3545 	nla_nest_end(msg, attr);
3546 
3547 	return true;
3548 }
3549 
3550 static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
3551 				int flags,
3552 				struct cfg80211_registered_device *rdev,
3553 				struct net_device *dev,
3554 				const u8 *mac_addr, struct station_info *sinfo)
3555 {
3556 	void *hdr;
3557 	struct nlattr *sinfoattr, *bss_param;
3558 
3559 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
3560 	if (!hdr)
3561 		return -1;
3562 
3563 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3564 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3565 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3566 		goto nla_put_failure;
3567 
3568 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3569 	if (!sinfoattr)
3570 		goto nla_put_failure;
3571 	if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
3572 	    nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
3573 			sinfo->connected_time))
3574 		goto nla_put_failure;
3575 	if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
3576 	    nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
3577 			sinfo->inactive_time))
3578 		goto nla_put_failure;
3579 	if ((sinfo->filled & (STATION_INFO_RX_BYTES |
3580 			      STATION_INFO_RX_BYTES64)) &&
3581 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3582 			(u32)sinfo->rx_bytes))
3583 		goto nla_put_failure;
3584 	if ((sinfo->filled & (STATION_INFO_TX_BYTES |
3585 			      STATION_INFO_TX_BYTES64)) &&
3586 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3587 			(u32)sinfo->tx_bytes))
3588 		goto nla_put_failure;
3589 	if ((sinfo->filled & STATION_INFO_RX_BYTES64) &&
3590 	    nla_put_u64(msg, NL80211_STA_INFO_RX_BYTES64,
3591 			sinfo->rx_bytes))
3592 		goto nla_put_failure;
3593 	if ((sinfo->filled & STATION_INFO_TX_BYTES64) &&
3594 	    nla_put_u64(msg, NL80211_STA_INFO_TX_BYTES64,
3595 			sinfo->tx_bytes))
3596 		goto nla_put_failure;
3597 	if ((sinfo->filled & STATION_INFO_LLID) &&
3598 	    nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
3599 		goto nla_put_failure;
3600 	if ((sinfo->filled & STATION_INFO_PLID) &&
3601 	    nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
3602 		goto nla_put_failure;
3603 	if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
3604 	    nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
3605 		       sinfo->plink_state))
3606 		goto nla_put_failure;
3607 	switch (rdev->wiphy.signal_type) {
3608 	case CFG80211_SIGNAL_TYPE_MBM:
3609 		if ((sinfo->filled & STATION_INFO_SIGNAL) &&
3610 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
3611 			       sinfo->signal))
3612 			goto nla_put_failure;
3613 		if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
3614 		    nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
3615 			       sinfo->signal_avg))
3616 			goto nla_put_failure;
3617 		break;
3618 	default:
3619 		break;
3620 	}
3621 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL) {
3622 		if (!nl80211_put_signal(msg, sinfo->chains,
3623 					sinfo->chain_signal,
3624 					NL80211_STA_INFO_CHAIN_SIGNAL))
3625 			goto nla_put_failure;
3626 	}
3627 	if (sinfo->filled & STATION_INFO_CHAIN_SIGNAL_AVG) {
3628 		if (!nl80211_put_signal(msg, sinfo->chains,
3629 					sinfo->chain_signal_avg,
3630 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3631 			goto nla_put_failure;
3632 	}
3633 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
3634 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3635 					  NL80211_STA_INFO_TX_BITRATE))
3636 			goto nla_put_failure;
3637 	}
3638 	if (sinfo->filled & STATION_INFO_RX_BITRATE) {
3639 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3640 					  NL80211_STA_INFO_RX_BITRATE))
3641 			goto nla_put_failure;
3642 	}
3643 	if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
3644 	    nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
3645 			sinfo->rx_packets))
3646 		goto nla_put_failure;
3647 	if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
3648 	    nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
3649 			sinfo->tx_packets))
3650 		goto nla_put_failure;
3651 	if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
3652 	    nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
3653 			sinfo->tx_retries))
3654 		goto nla_put_failure;
3655 	if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
3656 	    nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
3657 			sinfo->tx_failed))
3658 		goto nla_put_failure;
3659 	if ((sinfo->filled & STATION_INFO_EXPECTED_THROUGHPUT) &&
3660 	    nla_put_u32(msg, NL80211_STA_INFO_EXPECTED_THROUGHPUT,
3661 			sinfo->expected_throughput))
3662 		goto nla_put_failure;
3663 	if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
3664 	    nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
3665 			sinfo->beacon_loss_count))
3666 		goto nla_put_failure;
3667 	if ((sinfo->filled & STATION_INFO_LOCAL_PM) &&
3668 	    nla_put_u32(msg, NL80211_STA_INFO_LOCAL_PM,
3669 			sinfo->local_pm))
3670 		goto nla_put_failure;
3671 	if ((sinfo->filled & STATION_INFO_PEER_PM) &&
3672 	    nla_put_u32(msg, NL80211_STA_INFO_PEER_PM,
3673 			sinfo->peer_pm))
3674 		goto nla_put_failure;
3675 	if ((sinfo->filled & STATION_INFO_NONPEER_PM) &&
3676 	    nla_put_u32(msg, NL80211_STA_INFO_NONPEER_PM,
3677 			sinfo->nonpeer_pm))
3678 		goto nla_put_failure;
3679 	if (sinfo->filled & STATION_INFO_BSS_PARAM) {
3680 		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3681 		if (!bss_param)
3682 			goto nla_put_failure;
3683 
3684 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3685 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3686 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3687 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3688 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3689 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3690 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3691 			       sinfo->bss_param.dtim_period) ||
3692 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3693 				sinfo->bss_param.beacon_interval))
3694 			goto nla_put_failure;
3695 
3696 		nla_nest_end(msg, bss_param);
3697 	}
3698 	if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
3699 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3700 		    sizeof(struct nl80211_sta_flag_update),
3701 		    &sinfo->sta_flags))
3702 		goto nla_put_failure;
3703 	if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
3704 		nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
3705 			    sinfo->t_offset))
3706 		goto nla_put_failure;
3707 	nla_nest_end(msg, sinfoattr);
3708 
3709 	if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
3710 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3711 		    sinfo->assoc_req_ies))
3712 		goto nla_put_failure;
3713 
3714 	return genlmsg_end(msg, hdr);
3715 
3716  nla_put_failure:
3717 	genlmsg_cancel(msg, hdr);
3718 	return -EMSGSIZE;
3719 }
3720 
3721 static int nl80211_dump_station(struct sk_buff *skb,
3722 				struct netlink_callback *cb)
3723 {
3724 	struct station_info sinfo;
3725 	struct cfg80211_registered_device *rdev;
3726 	struct wireless_dev *wdev;
3727 	u8 mac_addr[ETH_ALEN];
3728 	int sta_idx = cb->args[2];
3729 	int err;
3730 
3731 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3732 	if (err)
3733 		return err;
3734 
3735 	if (!wdev->netdev) {
3736 		err = -EINVAL;
3737 		goto out_err;
3738 	}
3739 
3740 	if (!rdev->ops->dump_station) {
3741 		err = -EOPNOTSUPP;
3742 		goto out_err;
3743 	}
3744 
3745 	while (1) {
3746 		memset(&sinfo, 0, sizeof(sinfo));
3747 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
3748 					mac_addr, &sinfo);
3749 		if (err == -ENOENT)
3750 			break;
3751 		if (err)
3752 			goto out_err;
3753 
3754 		if (nl80211_send_station(skb,
3755 				NETLINK_CB(cb->skb).portid,
3756 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3757 				rdev, wdev->netdev, mac_addr,
3758 				&sinfo) < 0)
3759 			goto out;
3760 
3761 		sta_idx++;
3762 	}
3763 
3764 
3765  out:
3766 	cb->args[2] = sta_idx;
3767 	err = skb->len;
3768  out_err:
3769 	nl80211_finish_wdev_dump(rdev);
3770 
3771 	return err;
3772 }
3773 
3774 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3775 {
3776 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3777 	struct net_device *dev = info->user_ptr[1];
3778 	struct station_info sinfo;
3779 	struct sk_buff *msg;
3780 	u8 *mac_addr = NULL;
3781 	int err;
3782 
3783 	memset(&sinfo, 0, sizeof(sinfo));
3784 
3785 	if (!info->attrs[NL80211_ATTR_MAC])
3786 		return -EINVAL;
3787 
3788 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3789 
3790 	if (!rdev->ops->get_station)
3791 		return -EOPNOTSUPP;
3792 
3793 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3794 	if (err)
3795 		return err;
3796 
3797 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3798 	if (!msg)
3799 		return -ENOMEM;
3800 
3801 	if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
3802 				 rdev, dev, mac_addr, &sinfo) < 0) {
3803 		nlmsg_free(msg);
3804 		return -ENOBUFS;
3805 	}
3806 
3807 	return genlmsg_reply(msg, info);
3808 }
3809 
3810 int cfg80211_check_station_change(struct wiphy *wiphy,
3811 				  struct station_parameters *params,
3812 				  enum cfg80211_station_type statype)
3813 {
3814 	if (params->listen_interval != -1)
3815 		return -EINVAL;
3816 	if (params->aid)
3817 		return -EINVAL;
3818 
3819 	/* When you run into this, adjust the code below for the new flag */
3820 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3821 
3822 	switch (statype) {
3823 	case CFG80211_STA_MESH_PEER_KERNEL:
3824 	case CFG80211_STA_MESH_PEER_USER:
3825 		/*
3826 		 * No ignoring the TDLS flag here -- the userspace mesh
3827 		 * code doesn't have the bug of including TDLS in the
3828 		 * mask everywhere.
3829 		 */
3830 		if (params->sta_flags_mask &
3831 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3832 				  BIT(NL80211_STA_FLAG_MFP) |
3833 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3834 			return -EINVAL;
3835 		break;
3836 	case CFG80211_STA_TDLS_PEER_SETUP:
3837 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3838 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3839 			return -EINVAL;
3840 		/* ignore since it can't change */
3841 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3842 		break;
3843 	default:
3844 		/* disallow mesh-specific things */
3845 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3846 			return -EINVAL;
3847 		if (params->local_pm)
3848 			return -EINVAL;
3849 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3850 			return -EINVAL;
3851 	}
3852 
3853 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3854 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3855 		/* TDLS can't be set, ... */
3856 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3857 			return -EINVAL;
3858 		/*
3859 		 * ... but don't bother the driver with it. This works around
3860 		 * a hostapd/wpa_supplicant issue -- it always includes the
3861 		 * TLDS_PEER flag in the mask even for AP mode.
3862 		 */
3863 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3864 	}
3865 
3866 	if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
3867 		/* reject other things that can't change */
3868 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
3869 			return -EINVAL;
3870 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
3871 			return -EINVAL;
3872 		if (params->supported_rates)
3873 			return -EINVAL;
3874 		if (params->ext_capab || params->ht_capa || params->vht_capa)
3875 			return -EINVAL;
3876 	}
3877 
3878 	if (statype != CFG80211_STA_AP_CLIENT) {
3879 		if (params->vlan)
3880 			return -EINVAL;
3881 	}
3882 
3883 	switch (statype) {
3884 	case CFG80211_STA_AP_MLME_CLIENT:
3885 		/* Use this only for authorizing/unauthorizing a station */
3886 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
3887 			return -EOPNOTSUPP;
3888 		break;
3889 	case CFG80211_STA_AP_CLIENT:
3890 		/* accept only the listed bits */
3891 		if (params->sta_flags_mask &
3892 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3893 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3894 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
3895 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3896 				  BIT(NL80211_STA_FLAG_WME) |
3897 				  BIT(NL80211_STA_FLAG_MFP)))
3898 			return -EINVAL;
3899 
3900 		/* but authenticated/associated only if driver handles it */
3901 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
3902 		    params->sta_flags_mask &
3903 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3904 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
3905 			return -EINVAL;
3906 		break;
3907 	case CFG80211_STA_IBSS:
3908 	case CFG80211_STA_AP_STA:
3909 		/* reject any changes other than AUTHORIZED */
3910 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
3911 			return -EINVAL;
3912 		break;
3913 	case CFG80211_STA_TDLS_PEER_SETUP:
3914 		/* reject any changes other than AUTHORIZED or WME */
3915 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
3916 					       BIT(NL80211_STA_FLAG_WME)))
3917 			return -EINVAL;
3918 		/* force (at least) rates when authorizing */
3919 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
3920 		    !params->supported_rates)
3921 			return -EINVAL;
3922 		break;
3923 	case CFG80211_STA_TDLS_PEER_ACTIVE:
3924 		/* reject any changes */
3925 		return -EINVAL;
3926 	case CFG80211_STA_MESH_PEER_KERNEL:
3927 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3928 			return -EINVAL;
3929 		break;
3930 	case CFG80211_STA_MESH_PEER_USER:
3931 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3932 			return -EINVAL;
3933 		break;
3934 	}
3935 
3936 	return 0;
3937 }
3938 EXPORT_SYMBOL(cfg80211_check_station_change);
3939 
3940 /*
3941  * Get vlan interface making sure it is running and on the right wiphy.
3942  */
3943 static struct net_device *get_vlan(struct genl_info *info,
3944 				   struct cfg80211_registered_device *rdev)
3945 {
3946 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
3947 	struct net_device *v;
3948 	int ret;
3949 
3950 	if (!vlanattr)
3951 		return NULL;
3952 
3953 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
3954 	if (!v)
3955 		return ERR_PTR(-ENODEV);
3956 
3957 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
3958 		ret = -EINVAL;
3959 		goto error;
3960 	}
3961 
3962 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
3963 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3964 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
3965 		ret = -EINVAL;
3966 		goto error;
3967 	}
3968 
3969 	if (!netif_running(v)) {
3970 		ret = -ENETDOWN;
3971 		goto error;
3972 	}
3973 
3974 	return v;
3975  error:
3976 	dev_put(v);
3977 	return ERR_PTR(ret);
3978 }
3979 
3980 static const struct nla_policy
3981 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
3982 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
3983 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
3984 };
3985 
3986 static int nl80211_parse_sta_wme(struct genl_info *info,
3987 				 struct station_parameters *params)
3988 {
3989 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
3990 	struct nlattr *nla;
3991 	int err;
3992 
3993 	/* parse WME attributes if present */
3994 	if (!info->attrs[NL80211_ATTR_STA_WME])
3995 		return 0;
3996 
3997 	nla = info->attrs[NL80211_ATTR_STA_WME];
3998 	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
3999 			       nl80211_sta_wme_policy);
4000 	if (err)
4001 		return err;
4002 
4003 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4004 		params->uapsd_queues = nla_get_u8(
4005 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
4006 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4007 		return -EINVAL;
4008 
4009 	if (tb[NL80211_STA_WME_MAX_SP])
4010 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4011 
4012 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4013 		return -EINVAL;
4014 
4015 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4016 
4017 	return 0;
4018 }
4019 
4020 static int nl80211_parse_sta_channel_info(struct genl_info *info,
4021 				      struct station_parameters *params)
4022 {
4023 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4024 		params->supported_channels =
4025 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4026 		params->supported_channels_len =
4027 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4028 		/*
4029 		 * Need to include at least one (first channel, number of
4030 		 * channels) tuple for each subband, and must have proper
4031 		 * tuples for the rest of the data as well.
4032 		 */
4033 		if (params->supported_channels_len < 2)
4034 			return -EINVAL;
4035 		if (params->supported_channels_len % 2)
4036 			return -EINVAL;
4037 	}
4038 
4039 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4040 		params->supported_oper_classes =
4041 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4042 		params->supported_oper_classes_len =
4043 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4044 		/*
4045 		 * The value of the Length field of the Supported Operating
4046 		 * Classes element is between 2 and 253.
4047 		 */
4048 		if (params->supported_oper_classes_len < 2 ||
4049 		    params->supported_oper_classes_len > 253)
4050 			return -EINVAL;
4051 	}
4052 	return 0;
4053 }
4054 
4055 static int nl80211_set_station_tdls(struct genl_info *info,
4056 				    struct station_parameters *params)
4057 {
4058 	int err;
4059 	/* Dummy STA entry gets updated once the peer capabilities are known */
4060 	if (info->attrs[NL80211_ATTR_PEER_AID])
4061 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4062 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4063 		params->ht_capa =
4064 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4065 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4066 		params->vht_capa =
4067 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4068 
4069 	err = nl80211_parse_sta_channel_info(info, params);
4070 	if (err)
4071 		return err;
4072 
4073 	return nl80211_parse_sta_wme(info, params);
4074 }
4075 
4076 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4077 {
4078 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4079 	struct net_device *dev = info->user_ptr[1];
4080 	struct station_parameters params;
4081 	u8 *mac_addr;
4082 	int err;
4083 
4084 	memset(&params, 0, sizeof(params));
4085 
4086 	params.listen_interval = -1;
4087 
4088 	if (!rdev->ops->change_station)
4089 		return -EOPNOTSUPP;
4090 
4091 	if (info->attrs[NL80211_ATTR_STA_AID])
4092 		return -EINVAL;
4093 
4094 	if (!info->attrs[NL80211_ATTR_MAC])
4095 		return -EINVAL;
4096 
4097 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4098 
4099 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4100 		params.supported_rates =
4101 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4102 		params.supported_rates_len =
4103 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4104 	}
4105 
4106 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4107 		params.capability =
4108 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4109 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4110 	}
4111 
4112 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4113 		params.ext_capab =
4114 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4115 		params.ext_capab_len =
4116 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4117 	}
4118 
4119 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4120 		return -EINVAL;
4121 
4122 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4123 		return -EINVAL;
4124 
4125 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4126 		params.plink_action =
4127 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4128 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4129 			return -EINVAL;
4130 	}
4131 
4132 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4133 		params.plink_state =
4134 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4135 		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4136 			return -EINVAL;
4137 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4138 	}
4139 
4140 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4141 		enum nl80211_mesh_power_mode pm = nla_get_u32(
4142 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4143 
4144 		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4145 		    pm > NL80211_MESH_POWER_MAX)
4146 			return -EINVAL;
4147 
4148 		params.local_pm = pm;
4149 	}
4150 
4151 	/* Include parameters for TDLS peer (will check later) */
4152 	err = nl80211_set_station_tdls(info, &params);
4153 	if (err)
4154 		return err;
4155 
4156 	params.vlan = get_vlan(info, rdev);
4157 	if (IS_ERR(params.vlan))
4158 		return PTR_ERR(params.vlan);
4159 
4160 	switch (dev->ieee80211_ptr->iftype) {
4161 	case NL80211_IFTYPE_AP:
4162 	case NL80211_IFTYPE_AP_VLAN:
4163 	case NL80211_IFTYPE_P2P_GO:
4164 	case NL80211_IFTYPE_P2P_CLIENT:
4165 	case NL80211_IFTYPE_STATION:
4166 	case NL80211_IFTYPE_ADHOC:
4167 	case NL80211_IFTYPE_MESH_POINT:
4168 		break;
4169 	default:
4170 		err = -EOPNOTSUPP;
4171 		goto out_put_vlan;
4172 	}
4173 
4174 	/* driver will call cfg80211_check_station_change() */
4175 	err = rdev_change_station(rdev, dev, mac_addr, &params);
4176 
4177  out_put_vlan:
4178 	if (params.vlan)
4179 		dev_put(params.vlan);
4180 
4181 	return err;
4182 }
4183 
4184 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4185 {
4186 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4187 	int err;
4188 	struct net_device *dev = info->user_ptr[1];
4189 	struct station_parameters params;
4190 	u8 *mac_addr = NULL;
4191 
4192 	memset(&params, 0, sizeof(params));
4193 
4194 	if (!rdev->ops->add_station)
4195 		return -EOPNOTSUPP;
4196 
4197 	if (!info->attrs[NL80211_ATTR_MAC])
4198 		return -EINVAL;
4199 
4200 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4201 		return -EINVAL;
4202 
4203 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4204 		return -EINVAL;
4205 
4206 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
4207 	    !info->attrs[NL80211_ATTR_PEER_AID])
4208 		return -EINVAL;
4209 
4210 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4211 	params.supported_rates =
4212 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4213 	params.supported_rates_len =
4214 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4215 	params.listen_interval =
4216 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4217 
4218 	if (info->attrs[NL80211_ATTR_PEER_AID])
4219 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4220 	else
4221 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4222 	if (!params.aid || params.aid > IEEE80211_MAX_AID)
4223 		return -EINVAL;
4224 
4225 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4226 		params.capability =
4227 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4228 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4229 	}
4230 
4231 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4232 		params.ext_capab =
4233 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4234 		params.ext_capab_len =
4235 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4236 	}
4237 
4238 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4239 		params.ht_capa =
4240 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4241 
4242 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4243 		params.vht_capa =
4244 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4245 
4246 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4247 		params.opmode_notif_used = true;
4248 		params.opmode_notif =
4249 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4250 	}
4251 
4252 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4253 		params.plink_action =
4254 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4255 		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4256 			return -EINVAL;
4257 	}
4258 
4259 	err = nl80211_parse_sta_channel_info(info, &params);
4260 	if (err)
4261 		return err;
4262 
4263 	err = nl80211_parse_sta_wme(info, &params);
4264 	if (err)
4265 		return err;
4266 
4267 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4268 		return -EINVAL;
4269 
4270 	/* When you run into this, adjust the code below for the new flag */
4271 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4272 
4273 	switch (dev->ieee80211_ptr->iftype) {
4274 	case NL80211_IFTYPE_AP:
4275 	case NL80211_IFTYPE_AP_VLAN:
4276 	case NL80211_IFTYPE_P2P_GO:
4277 		/* ignore WME attributes if iface/sta is not capable */
4278 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4279 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4280 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4281 
4282 		/* TDLS peers cannot be added */
4283 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4284 		    info->attrs[NL80211_ATTR_PEER_AID])
4285 			return -EINVAL;
4286 		/* but don't bother the driver with it */
4287 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4288 
4289 		/* allow authenticated/associated only if driver handles it */
4290 		if (!(rdev->wiphy.features &
4291 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4292 		    params.sta_flags_mask &
4293 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4294 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4295 			return -EINVAL;
4296 
4297 		/* must be last in here for error handling */
4298 		params.vlan = get_vlan(info, rdev);
4299 		if (IS_ERR(params.vlan))
4300 			return PTR_ERR(params.vlan);
4301 		break;
4302 	case NL80211_IFTYPE_MESH_POINT:
4303 		/* ignore uAPSD data */
4304 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4305 
4306 		/* associated is disallowed */
4307 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4308 			return -EINVAL;
4309 		/* TDLS peers cannot be added */
4310 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4311 		    info->attrs[NL80211_ATTR_PEER_AID])
4312 			return -EINVAL;
4313 		break;
4314 	case NL80211_IFTYPE_STATION:
4315 	case NL80211_IFTYPE_P2P_CLIENT:
4316 		/* ignore uAPSD data */
4317 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4318 
4319 		/* these are disallowed */
4320 		if (params.sta_flags_mask &
4321 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4322 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4323 			return -EINVAL;
4324 		/* Only TDLS peers can be added */
4325 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4326 			return -EINVAL;
4327 		/* Can only add if TDLS ... */
4328 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4329 			return -EOPNOTSUPP;
4330 		/* ... with external setup is supported */
4331 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4332 			return -EOPNOTSUPP;
4333 		/*
4334 		 * Older wpa_supplicant versions always mark the TDLS peer
4335 		 * as authorized, but it shouldn't yet be.
4336 		 */
4337 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4338 		break;
4339 	default:
4340 		return -EOPNOTSUPP;
4341 	}
4342 
4343 	/* be aware of params.vlan when changing code here */
4344 
4345 	err = rdev_add_station(rdev, dev, mac_addr, &params);
4346 
4347 	if (params.vlan)
4348 		dev_put(params.vlan);
4349 	return err;
4350 }
4351 
4352 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4353 {
4354 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4355 	struct net_device *dev = info->user_ptr[1];
4356 	u8 *mac_addr = NULL;
4357 
4358 	if (info->attrs[NL80211_ATTR_MAC])
4359 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4360 
4361 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4362 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4363 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4364 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4365 		return -EINVAL;
4366 
4367 	if (!rdev->ops->del_station)
4368 		return -EOPNOTSUPP;
4369 
4370 	return rdev_del_station(rdev, dev, mac_addr);
4371 }
4372 
4373 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4374 				int flags, struct net_device *dev,
4375 				u8 *dst, u8 *next_hop,
4376 				struct mpath_info *pinfo)
4377 {
4378 	void *hdr;
4379 	struct nlattr *pinfoattr;
4380 
4381 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
4382 	if (!hdr)
4383 		return -1;
4384 
4385 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4386 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4387 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4388 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4389 		goto nla_put_failure;
4390 
4391 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4392 	if (!pinfoattr)
4393 		goto nla_put_failure;
4394 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4395 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4396 			pinfo->frame_qlen))
4397 		goto nla_put_failure;
4398 	if (((pinfo->filled & MPATH_INFO_SN) &&
4399 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4400 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
4401 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4402 			 pinfo->metric)) ||
4403 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4404 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4405 			 pinfo->exptime)) ||
4406 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
4407 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4408 			pinfo->flags)) ||
4409 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4410 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4411 			 pinfo->discovery_timeout)) ||
4412 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4413 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4414 			pinfo->discovery_retries)))
4415 		goto nla_put_failure;
4416 
4417 	nla_nest_end(msg, pinfoattr);
4418 
4419 	return genlmsg_end(msg, hdr);
4420 
4421  nla_put_failure:
4422 	genlmsg_cancel(msg, hdr);
4423 	return -EMSGSIZE;
4424 }
4425 
4426 static int nl80211_dump_mpath(struct sk_buff *skb,
4427 			      struct netlink_callback *cb)
4428 {
4429 	struct mpath_info pinfo;
4430 	struct cfg80211_registered_device *rdev;
4431 	struct wireless_dev *wdev;
4432 	u8 dst[ETH_ALEN];
4433 	u8 next_hop[ETH_ALEN];
4434 	int path_idx = cb->args[2];
4435 	int err;
4436 
4437 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4438 	if (err)
4439 		return err;
4440 
4441 	if (!rdev->ops->dump_mpath) {
4442 		err = -EOPNOTSUPP;
4443 		goto out_err;
4444 	}
4445 
4446 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4447 		err = -EOPNOTSUPP;
4448 		goto out_err;
4449 	}
4450 
4451 	while (1) {
4452 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4453 				      next_hop, &pinfo);
4454 		if (err == -ENOENT)
4455 			break;
4456 		if (err)
4457 			goto out_err;
4458 
4459 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4460 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4461 				       wdev->netdev, dst, next_hop,
4462 				       &pinfo) < 0)
4463 			goto out;
4464 
4465 		path_idx++;
4466 	}
4467 
4468 
4469  out:
4470 	cb->args[2] = path_idx;
4471 	err = skb->len;
4472  out_err:
4473 	nl80211_finish_wdev_dump(rdev);
4474 	return err;
4475 }
4476 
4477 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4478 {
4479 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4480 	int err;
4481 	struct net_device *dev = info->user_ptr[1];
4482 	struct mpath_info pinfo;
4483 	struct sk_buff *msg;
4484 	u8 *dst = NULL;
4485 	u8 next_hop[ETH_ALEN];
4486 
4487 	memset(&pinfo, 0, sizeof(pinfo));
4488 
4489 	if (!info->attrs[NL80211_ATTR_MAC])
4490 		return -EINVAL;
4491 
4492 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4493 
4494 	if (!rdev->ops->get_mpath)
4495 		return -EOPNOTSUPP;
4496 
4497 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4498 		return -EOPNOTSUPP;
4499 
4500 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4501 	if (err)
4502 		return err;
4503 
4504 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4505 	if (!msg)
4506 		return -ENOMEM;
4507 
4508 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4509 				 dev, dst, next_hop, &pinfo) < 0) {
4510 		nlmsg_free(msg);
4511 		return -ENOBUFS;
4512 	}
4513 
4514 	return genlmsg_reply(msg, info);
4515 }
4516 
4517 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4518 {
4519 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4520 	struct net_device *dev = info->user_ptr[1];
4521 	u8 *dst = NULL;
4522 	u8 *next_hop = NULL;
4523 
4524 	if (!info->attrs[NL80211_ATTR_MAC])
4525 		return -EINVAL;
4526 
4527 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4528 		return -EINVAL;
4529 
4530 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4531 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4532 
4533 	if (!rdev->ops->change_mpath)
4534 		return -EOPNOTSUPP;
4535 
4536 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4537 		return -EOPNOTSUPP;
4538 
4539 	return rdev_change_mpath(rdev, dev, dst, next_hop);
4540 }
4541 
4542 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4543 {
4544 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4545 	struct net_device *dev = info->user_ptr[1];
4546 	u8 *dst = NULL;
4547 	u8 *next_hop = NULL;
4548 
4549 	if (!info->attrs[NL80211_ATTR_MAC])
4550 		return -EINVAL;
4551 
4552 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4553 		return -EINVAL;
4554 
4555 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4556 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4557 
4558 	if (!rdev->ops->add_mpath)
4559 		return -EOPNOTSUPP;
4560 
4561 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4562 		return -EOPNOTSUPP;
4563 
4564 	return rdev_add_mpath(rdev, dev, dst, next_hop);
4565 }
4566 
4567 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4568 {
4569 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4570 	struct net_device *dev = info->user_ptr[1];
4571 	u8 *dst = NULL;
4572 
4573 	if (info->attrs[NL80211_ATTR_MAC])
4574 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4575 
4576 	if (!rdev->ops->del_mpath)
4577 		return -EOPNOTSUPP;
4578 
4579 	return rdev_del_mpath(rdev, dev, dst);
4580 }
4581 
4582 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4583 {
4584 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4585 	struct net_device *dev = info->user_ptr[1];
4586 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4587 	struct bss_parameters params;
4588 	int err;
4589 
4590 	memset(&params, 0, sizeof(params));
4591 	/* default to not changing parameters */
4592 	params.use_cts_prot = -1;
4593 	params.use_short_preamble = -1;
4594 	params.use_short_slot_time = -1;
4595 	params.ap_isolate = -1;
4596 	params.ht_opmode = -1;
4597 	params.p2p_ctwindow = -1;
4598 	params.p2p_opp_ps = -1;
4599 
4600 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4601 		params.use_cts_prot =
4602 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4603 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4604 		params.use_short_preamble =
4605 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4606 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4607 		params.use_short_slot_time =
4608 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4609 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4610 		params.basic_rates =
4611 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4612 		params.basic_rates_len =
4613 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4614 	}
4615 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4616 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4617 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4618 		params.ht_opmode =
4619 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4620 
4621 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4622 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4623 			return -EINVAL;
4624 		params.p2p_ctwindow =
4625 			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4626 		if (params.p2p_ctwindow < 0)
4627 			return -EINVAL;
4628 		if (params.p2p_ctwindow != 0 &&
4629 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4630 			return -EINVAL;
4631 	}
4632 
4633 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4634 		u8 tmp;
4635 
4636 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4637 			return -EINVAL;
4638 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4639 		if (tmp > 1)
4640 			return -EINVAL;
4641 		params.p2p_opp_ps = tmp;
4642 		if (params.p2p_opp_ps &&
4643 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4644 			return -EINVAL;
4645 	}
4646 
4647 	if (!rdev->ops->change_bss)
4648 		return -EOPNOTSUPP;
4649 
4650 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4651 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4652 		return -EOPNOTSUPP;
4653 
4654 	wdev_lock(wdev);
4655 	err = rdev_change_bss(rdev, dev, &params);
4656 	wdev_unlock(wdev);
4657 
4658 	return err;
4659 }
4660 
4661 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4662 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
4663 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
4664 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
4665 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
4666 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
4667 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
4668 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
4669 };
4670 
4671 static int parse_reg_rule(struct nlattr *tb[],
4672 	struct ieee80211_reg_rule *reg_rule)
4673 {
4674 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4675 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4676 
4677 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4678 		return -EINVAL;
4679 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4680 		return -EINVAL;
4681 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4682 		return -EINVAL;
4683 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4684 		return -EINVAL;
4685 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4686 		return -EINVAL;
4687 
4688 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4689 
4690 	freq_range->start_freq_khz =
4691 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4692 	freq_range->end_freq_khz =
4693 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4694 	freq_range->max_bandwidth_khz =
4695 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4696 
4697 	power_rule->max_eirp =
4698 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4699 
4700 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4701 		power_rule->max_antenna_gain =
4702 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4703 
4704 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
4705 		reg_rule->dfs_cac_ms =
4706 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
4707 
4708 	return 0;
4709 }
4710 
4711 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4712 {
4713 	char *data = NULL;
4714 	enum nl80211_user_reg_hint_type user_reg_hint_type;
4715 
4716 	/*
4717 	 * You should only get this when cfg80211 hasn't yet initialized
4718 	 * completely when built-in to the kernel right between the time
4719 	 * window between nl80211_init() and regulatory_init(), if that is
4720 	 * even possible.
4721 	 */
4722 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4723 		return -EINPROGRESS;
4724 
4725 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4726 		user_reg_hint_type =
4727 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4728 	else
4729 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4730 
4731 	switch (user_reg_hint_type) {
4732 	case NL80211_USER_REG_HINT_USER:
4733 	case NL80211_USER_REG_HINT_CELL_BASE:
4734 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4735 			return -EINVAL;
4736 
4737 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4738 		return regulatory_hint_user(data, user_reg_hint_type);
4739 	case NL80211_USER_REG_HINT_INDOOR:
4740 		return regulatory_hint_indoor_user();
4741 	default:
4742 		return -EINVAL;
4743 	}
4744 }
4745 
4746 static int nl80211_get_mesh_config(struct sk_buff *skb,
4747 				   struct genl_info *info)
4748 {
4749 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4750 	struct net_device *dev = info->user_ptr[1];
4751 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4752 	struct mesh_config cur_params;
4753 	int err = 0;
4754 	void *hdr;
4755 	struct nlattr *pinfoattr;
4756 	struct sk_buff *msg;
4757 
4758 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
4759 		return -EOPNOTSUPP;
4760 
4761 	if (!rdev->ops->get_mesh_config)
4762 		return -EOPNOTSUPP;
4763 
4764 	wdev_lock(wdev);
4765 	/* If not connected, get default parameters */
4766 	if (!wdev->mesh_id_len)
4767 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
4768 	else
4769 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
4770 	wdev_unlock(wdev);
4771 
4772 	if (err)
4773 		return err;
4774 
4775 	/* Draw up a netlink message to send back */
4776 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4777 	if (!msg)
4778 		return -ENOMEM;
4779 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
4780 			     NL80211_CMD_GET_MESH_CONFIG);
4781 	if (!hdr)
4782 		goto out;
4783 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
4784 	if (!pinfoattr)
4785 		goto nla_put_failure;
4786 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4787 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
4788 			cur_params.dot11MeshRetryTimeout) ||
4789 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4790 			cur_params.dot11MeshConfirmTimeout) ||
4791 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
4792 			cur_params.dot11MeshHoldingTimeout) ||
4793 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
4794 			cur_params.dot11MeshMaxPeerLinks) ||
4795 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
4796 		       cur_params.dot11MeshMaxRetries) ||
4797 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
4798 		       cur_params.dot11MeshTTL) ||
4799 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
4800 		       cur_params.element_ttl) ||
4801 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4802 		       cur_params.auto_open_plinks) ||
4803 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4804 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
4805 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4806 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
4807 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
4808 			cur_params.path_refresh_time) ||
4809 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4810 			cur_params.min_discovery_timeout) ||
4811 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4812 			cur_params.dot11MeshHWMPactivePathTimeout) ||
4813 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4814 			cur_params.dot11MeshHWMPpreqMinInterval) ||
4815 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4816 			cur_params.dot11MeshHWMPperrMinInterval) ||
4817 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4818 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
4819 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
4820 		       cur_params.dot11MeshHWMPRootMode) ||
4821 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4822 			cur_params.dot11MeshHWMPRannInterval) ||
4823 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4824 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
4825 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
4826 		       cur_params.dot11MeshForwarding) ||
4827 	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
4828 			cur_params.rssi_threshold) ||
4829 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
4830 			cur_params.ht_opmode) ||
4831 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
4832 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
4833 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
4834 			cur_params.dot11MeshHWMProotInterval) ||
4835 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
4836 			cur_params.dot11MeshHWMPconfirmationInterval) ||
4837 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
4838 			cur_params.power_mode) ||
4839 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
4840 			cur_params.dot11MeshAwakeWindowDuration) ||
4841 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
4842 			cur_params.plink_timeout))
4843 		goto nla_put_failure;
4844 	nla_nest_end(msg, pinfoattr);
4845 	genlmsg_end(msg, hdr);
4846 	return genlmsg_reply(msg, info);
4847 
4848  nla_put_failure:
4849 	genlmsg_cancel(msg, hdr);
4850  out:
4851 	nlmsg_free(msg);
4852 	return -ENOBUFS;
4853 }
4854 
4855 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
4856 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
4857 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
4858 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
4859 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
4860 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
4861 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
4862 	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
4863 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
4864 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
4865 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
4866 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
4867 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
4868 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
4869 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
4870 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
4871 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
4872 	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
4873 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
4874 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
4875 	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
4876 	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
4877 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
4878 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
4879 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
4880 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
4881 	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
4882 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
4883 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
4884 };
4885 
4886 static const struct nla_policy
4887 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
4888 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
4889 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
4890 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
4891 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
4892 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
4893 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
4894 	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
4895 				    .len = IEEE80211_MAX_DATA_LEN },
4896 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
4897 };
4898 
4899 static int nl80211_parse_mesh_config(struct genl_info *info,
4900 				     struct mesh_config *cfg,
4901 				     u32 *mask_out)
4902 {
4903 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
4904 	u32 mask = 0;
4905 
4906 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
4907 do {									    \
4908 	if (tb[attr]) {							    \
4909 		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
4910 			return -EINVAL;					    \
4911 		cfg->param = fn(tb[attr]);				    \
4912 		mask |= (1 << (attr - 1));				    \
4913 	}								    \
4914 } while (0)
4915 
4916 
4917 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
4918 		return -EINVAL;
4919 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
4920 			     info->attrs[NL80211_ATTR_MESH_CONFIG],
4921 			     nl80211_meshconf_params_policy))
4922 		return -EINVAL;
4923 
4924 	/* This makes sure that there aren't more than 32 mesh config
4925 	 * parameters (otherwise our bitfield scheme would not work.) */
4926 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
4927 
4928 	/* Fill in the params struct */
4929 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
4930 				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
4931 				  nla_get_u16);
4932 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
4933 				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
4934 				  nla_get_u16);
4935 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
4936 				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
4937 				  nla_get_u16);
4938 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
4939 				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
4940 				  nla_get_u16);
4941 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
4942 				  mask, NL80211_MESHCONF_MAX_RETRIES,
4943 				  nla_get_u8);
4944 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
4945 				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
4946 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
4947 				  mask, NL80211_MESHCONF_ELEMENT_TTL,
4948 				  nla_get_u8);
4949 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
4950 				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
4951 				  nla_get_u8);
4952 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
4953 				  1, 255, mask,
4954 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
4955 				  nla_get_u32);
4956 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
4957 				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
4958 				  nla_get_u8);
4959 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
4960 				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
4961 				  nla_get_u32);
4962 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
4963 				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
4964 				  nla_get_u16);
4965 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
4966 				  1, 65535, mask,
4967 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
4968 				  nla_get_u32);
4969 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
4970 				  1, 65535, mask,
4971 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
4972 				  nla_get_u16);
4973 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
4974 				  1, 65535, mask,
4975 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
4976 				  nla_get_u16);
4977 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4978 				  dot11MeshHWMPnetDiameterTraversalTime,
4979 				  1, 65535, mask,
4980 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
4981 				  nla_get_u16);
4982 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
4983 				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
4984 				  nla_get_u8);
4985 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
4986 				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
4987 				  nla_get_u16);
4988 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
4989 				  dot11MeshGateAnnouncementProtocol, 0, 1,
4990 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
4991 				  nla_get_u8);
4992 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
4993 				  mask, NL80211_MESHCONF_FORWARDING,
4994 				  nla_get_u8);
4995 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
4996 				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
4997 				  nla_get_s32);
4998 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
4999 				  mask, NL80211_MESHCONF_HT_OPMODE,
5000 				  nla_get_u16);
5001 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5002 				  1, 65535, mask,
5003 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5004 				  nla_get_u32);
5005 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5006 				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5007 				  nla_get_u16);
5008 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5009 				  dot11MeshHWMPconfirmationInterval,
5010 				  1, 65535, mask,
5011 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5012 				  nla_get_u16);
5013 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
5014 				  NL80211_MESH_POWER_ACTIVE,
5015 				  NL80211_MESH_POWER_MAX,
5016 				  mask, NL80211_MESHCONF_POWER_MODE,
5017 				  nla_get_u32);
5018 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
5019 				  0, 65535, mask,
5020 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
5021 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 1, 0xffffffff,
5022 				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
5023 				  nla_get_u32);
5024 	if (mask_out)
5025 		*mask_out = mask;
5026 
5027 	return 0;
5028 
5029 #undef FILL_IN_MESH_PARAM_IF_SET
5030 }
5031 
5032 static int nl80211_parse_mesh_setup(struct genl_info *info,
5033 				     struct mesh_setup *setup)
5034 {
5035 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5036 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
5037 
5038 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
5039 		return -EINVAL;
5040 	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
5041 			     info->attrs[NL80211_ATTR_MESH_SETUP],
5042 			     nl80211_mesh_setup_params_policy))
5043 		return -EINVAL;
5044 
5045 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5046 		setup->sync_method =
5047 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5048 		 IEEE80211_SYNC_METHOD_VENDOR :
5049 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5050 
5051 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5052 		setup->path_sel_proto =
5053 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5054 		 IEEE80211_PATH_PROTOCOL_VENDOR :
5055 		 IEEE80211_PATH_PROTOCOL_HWMP;
5056 
5057 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5058 		setup->path_metric =
5059 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5060 		 IEEE80211_PATH_METRIC_VENDOR :
5061 		 IEEE80211_PATH_METRIC_AIRTIME;
5062 
5063 
5064 	if (tb[NL80211_MESH_SETUP_IE]) {
5065 		struct nlattr *ieattr =
5066 			tb[NL80211_MESH_SETUP_IE];
5067 		if (!is_valid_ie_attr(ieattr))
5068 			return -EINVAL;
5069 		setup->ie = nla_data(ieattr);
5070 		setup->ie_len = nla_len(ieattr);
5071 	}
5072 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5073 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5074 		return -EINVAL;
5075 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5076 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5077 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5078 	if (setup->is_secure)
5079 		setup->user_mpm = true;
5080 
5081 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5082 		if (!setup->user_mpm)
5083 			return -EINVAL;
5084 		setup->auth_id =
5085 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5086 	}
5087 
5088 	return 0;
5089 }
5090 
5091 static int nl80211_update_mesh_config(struct sk_buff *skb,
5092 				      struct genl_info *info)
5093 {
5094 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5095 	struct net_device *dev = info->user_ptr[1];
5096 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5097 	struct mesh_config cfg;
5098 	u32 mask;
5099 	int err;
5100 
5101 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5102 		return -EOPNOTSUPP;
5103 
5104 	if (!rdev->ops->update_mesh_config)
5105 		return -EOPNOTSUPP;
5106 
5107 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
5108 	if (err)
5109 		return err;
5110 
5111 	wdev_lock(wdev);
5112 	if (!wdev->mesh_id_len)
5113 		err = -ENOLINK;
5114 
5115 	if (!err)
5116 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5117 
5118 	wdev_unlock(wdev);
5119 
5120 	return err;
5121 }
5122 
5123 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
5124 {
5125 	const struct ieee80211_regdomain *regdom;
5126 	struct sk_buff *msg;
5127 	void *hdr = NULL;
5128 	struct nlattr *nl_reg_rules;
5129 	unsigned int i;
5130 
5131 	if (!cfg80211_regdomain)
5132 		return -EINVAL;
5133 
5134 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5135 	if (!msg)
5136 		return -ENOBUFS;
5137 
5138 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5139 			     NL80211_CMD_GET_REG);
5140 	if (!hdr)
5141 		goto put_failure;
5142 
5143 	if (reg_last_request_cell_base() &&
5144 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5145 			NL80211_USER_REG_HINT_CELL_BASE))
5146 		goto nla_put_failure;
5147 
5148 	rcu_read_lock();
5149 	regdom = rcu_dereference(cfg80211_regdomain);
5150 
5151 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5152 	    (regdom->dfs_region &&
5153 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5154 		goto nla_put_failure_rcu;
5155 
5156 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5157 	if (!nl_reg_rules)
5158 		goto nla_put_failure_rcu;
5159 
5160 	for (i = 0; i < regdom->n_reg_rules; i++) {
5161 		struct nlattr *nl_reg_rule;
5162 		const struct ieee80211_reg_rule *reg_rule;
5163 		const struct ieee80211_freq_range *freq_range;
5164 		const struct ieee80211_power_rule *power_rule;
5165 		unsigned int max_bandwidth_khz;
5166 
5167 		reg_rule = &regdom->reg_rules[i];
5168 		freq_range = &reg_rule->freq_range;
5169 		power_rule = &reg_rule->power_rule;
5170 
5171 		nl_reg_rule = nla_nest_start(msg, i);
5172 		if (!nl_reg_rule)
5173 			goto nla_put_failure_rcu;
5174 
5175 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
5176 		if (!max_bandwidth_khz)
5177 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5178 								  reg_rule);
5179 
5180 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5181 				reg_rule->flags) ||
5182 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5183 				freq_range->start_freq_khz) ||
5184 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5185 				freq_range->end_freq_khz) ||
5186 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5187 				max_bandwidth_khz) ||
5188 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5189 				power_rule->max_antenna_gain) ||
5190 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5191 				power_rule->max_eirp) ||
5192 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5193 				reg_rule->dfs_cac_ms))
5194 			goto nla_put_failure_rcu;
5195 
5196 		nla_nest_end(msg, nl_reg_rule);
5197 	}
5198 	rcu_read_unlock();
5199 
5200 	nla_nest_end(msg, nl_reg_rules);
5201 
5202 	genlmsg_end(msg, hdr);
5203 	return genlmsg_reply(msg, info);
5204 
5205 nla_put_failure_rcu:
5206 	rcu_read_unlock();
5207 nla_put_failure:
5208 	genlmsg_cancel(msg, hdr);
5209 put_failure:
5210 	nlmsg_free(msg);
5211 	return -EMSGSIZE;
5212 }
5213 
5214 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5215 {
5216 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5217 	struct nlattr *nl_reg_rule;
5218 	char *alpha2 = NULL;
5219 	int rem_reg_rules = 0, r = 0;
5220 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
5221 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5222 	struct ieee80211_regdomain *rd = NULL;
5223 
5224 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5225 		return -EINVAL;
5226 
5227 	if (!info->attrs[NL80211_ATTR_REG_RULES])
5228 		return -EINVAL;
5229 
5230 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5231 
5232 	if (info->attrs[NL80211_ATTR_DFS_REGION])
5233 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5234 
5235 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5236 			    rem_reg_rules) {
5237 		num_rules++;
5238 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5239 			return -EINVAL;
5240 	}
5241 
5242 	if (!reg_is_valid_request(alpha2))
5243 		return -EINVAL;
5244 
5245 	size_of_regd = sizeof(struct ieee80211_regdomain) +
5246 		       num_rules * sizeof(struct ieee80211_reg_rule);
5247 
5248 	rd = kzalloc(size_of_regd, GFP_KERNEL);
5249 	if (!rd)
5250 		return -ENOMEM;
5251 
5252 	rd->n_reg_rules = num_rules;
5253 	rd->alpha2[0] = alpha2[0];
5254 	rd->alpha2[1] = alpha2[1];
5255 
5256 	/*
5257 	 * Disable DFS master mode if the DFS region was
5258 	 * not supported or known on this kernel.
5259 	 */
5260 	if (reg_supported_dfs_region(dfs_region))
5261 		rd->dfs_region = dfs_region;
5262 
5263 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5264 			    rem_reg_rules) {
5265 		r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5266 			      nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5267 			      reg_rule_policy);
5268 		if (r)
5269 			goto bad_reg;
5270 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5271 		if (r)
5272 			goto bad_reg;
5273 
5274 		rule_idx++;
5275 
5276 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5277 			r = -EINVAL;
5278 			goto bad_reg;
5279 		}
5280 	}
5281 
5282 	r = set_regdom(rd);
5283 	/* set_regdom took ownership */
5284 	rd = NULL;
5285 
5286  bad_reg:
5287 	kfree(rd);
5288 	return r;
5289 }
5290 
5291 static int validate_scan_freqs(struct nlattr *freqs)
5292 {
5293 	struct nlattr *attr1, *attr2;
5294 	int n_channels = 0, tmp1, tmp2;
5295 
5296 	nla_for_each_nested(attr1, freqs, tmp1) {
5297 		n_channels++;
5298 		/*
5299 		 * Some hardware has a limited channel list for
5300 		 * scanning, and it is pretty much nonsensical
5301 		 * to scan for a channel twice, so disallow that
5302 		 * and don't require drivers to check that the
5303 		 * channel list they get isn't longer than what
5304 		 * they can scan, as long as they can scan all
5305 		 * the channels they registered at once.
5306 		 */
5307 		nla_for_each_nested(attr2, freqs, tmp2)
5308 			if (attr1 != attr2 &&
5309 			    nla_get_u32(attr1) == nla_get_u32(attr2))
5310 				return 0;
5311 	}
5312 
5313 	return n_channels;
5314 }
5315 
5316 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5317 {
5318 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5319 	struct wireless_dev *wdev = info->user_ptr[1];
5320 	struct cfg80211_scan_request *request;
5321 	struct nlattr *attr;
5322 	struct wiphy *wiphy;
5323 	int err, tmp, n_ssids = 0, n_channels, i;
5324 	size_t ie_len;
5325 
5326 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5327 		return -EINVAL;
5328 
5329 	wiphy = &rdev->wiphy;
5330 
5331 	if (!rdev->ops->scan)
5332 		return -EOPNOTSUPP;
5333 
5334 	if (rdev->scan_req || rdev->scan_msg) {
5335 		err = -EBUSY;
5336 		goto unlock;
5337 	}
5338 
5339 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5340 		n_channels = validate_scan_freqs(
5341 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5342 		if (!n_channels) {
5343 			err = -EINVAL;
5344 			goto unlock;
5345 		}
5346 	} else {
5347 		n_channels = ieee80211_get_num_supported_channels(wiphy);
5348 	}
5349 
5350 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5351 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5352 			n_ssids++;
5353 
5354 	if (n_ssids > wiphy->max_scan_ssids) {
5355 		err = -EINVAL;
5356 		goto unlock;
5357 	}
5358 
5359 	if (info->attrs[NL80211_ATTR_IE])
5360 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5361 	else
5362 		ie_len = 0;
5363 
5364 	if (ie_len > wiphy->max_scan_ie_len) {
5365 		err = -EINVAL;
5366 		goto unlock;
5367 	}
5368 
5369 	request = kzalloc(sizeof(*request)
5370 			+ sizeof(*request->ssids) * n_ssids
5371 			+ sizeof(*request->channels) * n_channels
5372 			+ ie_len, GFP_KERNEL);
5373 	if (!request) {
5374 		err = -ENOMEM;
5375 		goto unlock;
5376 	}
5377 
5378 	if (n_ssids)
5379 		request->ssids = (void *)&request->channels[n_channels];
5380 	request->n_ssids = n_ssids;
5381 	if (ie_len) {
5382 		if (request->ssids)
5383 			request->ie = (void *)(request->ssids + n_ssids);
5384 		else
5385 			request->ie = (void *)(request->channels + n_channels);
5386 	}
5387 
5388 	i = 0;
5389 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5390 		/* user specified, bail out if channel not found */
5391 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5392 			struct ieee80211_channel *chan;
5393 
5394 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5395 
5396 			if (!chan) {
5397 				err = -EINVAL;
5398 				goto out_free;
5399 			}
5400 
5401 			/* ignore disabled channels */
5402 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5403 				continue;
5404 
5405 			request->channels[i] = chan;
5406 			i++;
5407 		}
5408 	} else {
5409 		enum ieee80211_band band;
5410 
5411 		/* all channels */
5412 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5413 			int j;
5414 			if (!wiphy->bands[band])
5415 				continue;
5416 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5417 				struct ieee80211_channel *chan;
5418 
5419 				chan = &wiphy->bands[band]->channels[j];
5420 
5421 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5422 					continue;
5423 
5424 				request->channels[i] = chan;
5425 				i++;
5426 			}
5427 		}
5428 	}
5429 
5430 	if (!i) {
5431 		err = -EINVAL;
5432 		goto out_free;
5433 	}
5434 
5435 	request->n_channels = i;
5436 
5437 	i = 0;
5438 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5439 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5440 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5441 				err = -EINVAL;
5442 				goto out_free;
5443 			}
5444 			request->ssids[i].ssid_len = nla_len(attr);
5445 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5446 			i++;
5447 		}
5448 	}
5449 
5450 	if (info->attrs[NL80211_ATTR_IE]) {
5451 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5452 		memcpy((void *)request->ie,
5453 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5454 		       request->ie_len);
5455 	}
5456 
5457 	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5458 		if (wiphy->bands[i])
5459 			request->rates[i] =
5460 				(1 << wiphy->bands[i]->n_bitrates) - 1;
5461 
5462 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5463 		nla_for_each_nested(attr,
5464 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5465 				    tmp) {
5466 			enum ieee80211_band band = nla_type(attr);
5467 
5468 			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5469 				err = -EINVAL;
5470 				goto out_free;
5471 			}
5472 
5473 			if (!wiphy->bands[band])
5474 				continue;
5475 
5476 			err = ieee80211_get_ratemask(wiphy->bands[band],
5477 						     nla_data(attr),
5478 						     nla_len(attr),
5479 						     &request->rates[band]);
5480 			if (err)
5481 				goto out_free;
5482 		}
5483 	}
5484 
5485 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5486 		request->flags = nla_get_u32(
5487 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5488 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5489 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5490 			err = -EOPNOTSUPP;
5491 			goto out_free;
5492 		}
5493 	}
5494 
5495 	request->no_cck =
5496 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5497 
5498 	request->wdev = wdev;
5499 	request->wiphy = &rdev->wiphy;
5500 	request->scan_start = jiffies;
5501 
5502 	rdev->scan_req = request;
5503 	err = rdev_scan(rdev, request);
5504 
5505 	if (!err) {
5506 		nl80211_send_scan_start(rdev, wdev);
5507 		if (wdev->netdev)
5508 			dev_hold(wdev->netdev);
5509 	} else {
5510  out_free:
5511 		rdev->scan_req = NULL;
5512 		kfree(request);
5513 	}
5514 
5515  unlock:
5516 	return err;
5517 }
5518 
5519 static int nl80211_start_sched_scan(struct sk_buff *skb,
5520 				    struct genl_info *info)
5521 {
5522 	struct cfg80211_sched_scan_request *request;
5523 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5524 	struct net_device *dev = info->user_ptr[1];
5525 	struct nlattr *attr;
5526 	struct wiphy *wiphy;
5527 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5528 	u32 interval;
5529 	enum ieee80211_band band;
5530 	size_t ie_len;
5531 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5532 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
5533 
5534 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5535 	    !rdev->ops->sched_scan_start)
5536 		return -EOPNOTSUPP;
5537 
5538 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5539 		return -EINVAL;
5540 
5541 	if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5542 		return -EINVAL;
5543 
5544 	interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5545 	if (interval == 0)
5546 		return -EINVAL;
5547 
5548 	wiphy = &rdev->wiphy;
5549 
5550 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5551 		n_channels = validate_scan_freqs(
5552 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5553 		if (!n_channels)
5554 			return -EINVAL;
5555 	} else {
5556 		n_channels = ieee80211_get_num_supported_channels(wiphy);
5557 	}
5558 
5559 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5560 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5561 				    tmp)
5562 			n_ssids++;
5563 
5564 	if (n_ssids > wiphy->max_sched_scan_ssids)
5565 		return -EINVAL;
5566 
5567 	/*
5568 	 * First, count the number of 'real' matchsets. Due to an issue with
5569 	 * the old implementation, matchsets containing only the RSSI attribute
5570 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
5571 	 * RSSI for all matchsets, rather than their own matchset for reporting
5572 	 * all APs with a strong RSSI. This is needed to be compatible with
5573 	 * older userspace that treated a matchset with only the RSSI as the
5574 	 * global RSSI for all other matchsets - if there are other matchsets.
5575 	 */
5576 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5577 		nla_for_each_nested(attr,
5578 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5579 				    tmp) {
5580 			struct nlattr *rssi;
5581 
5582 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5583 					nla_data(attr), nla_len(attr),
5584 					nl80211_match_policy);
5585 			if (err)
5586 				return err;
5587 			/* add other standalone attributes here */
5588 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
5589 				n_match_sets++;
5590 				continue;
5591 			}
5592 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5593 			if (rssi)
5594 				default_match_rssi = nla_get_s32(rssi);
5595 		}
5596 	}
5597 
5598 	/* However, if there's no other matchset, add the RSSI one */
5599 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
5600 		n_match_sets = 1;
5601 
5602 	if (n_match_sets > wiphy->max_match_sets)
5603 		return -EINVAL;
5604 
5605 	if (info->attrs[NL80211_ATTR_IE])
5606 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5607 	else
5608 		ie_len = 0;
5609 
5610 	if (ie_len > wiphy->max_sched_scan_ie_len)
5611 		return -EINVAL;
5612 
5613 	if (rdev->sched_scan_req) {
5614 		err = -EINPROGRESS;
5615 		goto out;
5616 	}
5617 
5618 	request = kzalloc(sizeof(*request)
5619 			+ sizeof(*request->ssids) * n_ssids
5620 			+ sizeof(*request->match_sets) * n_match_sets
5621 			+ sizeof(*request->channels) * n_channels
5622 			+ ie_len, GFP_KERNEL);
5623 	if (!request) {
5624 		err = -ENOMEM;
5625 		goto out;
5626 	}
5627 
5628 	if (n_ssids)
5629 		request->ssids = (void *)&request->channels[n_channels];
5630 	request->n_ssids = n_ssids;
5631 	if (ie_len) {
5632 		if (request->ssids)
5633 			request->ie = (void *)(request->ssids + n_ssids);
5634 		else
5635 			request->ie = (void *)(request->channels + n_channels);
5636 	}
5637 
5638 	if (n_match_sets) {
5639 		if (request->ie)
5640 			request->match_sets = (void *)(request->ie + ie_len);
5641 		else if (request->ssids)
5642 			request->match_sets =
5643 				(void *)(request->ssids + n_ssids);
5644 		else
5645 			request->match_sets =
5646 				(void *)(request->channels + n_channels);
5647 	}
5648 	request->n_match_sets = n_match_sets;
5649 
5650 	i = 0;
5651 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5652 		/* user specified, bail out if channel not found */
5653 		nla_for_each_nested(attr,
5654 				    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
5655 				    tmp) {
5656 			struct ieee80211_channel *chan;
5657 
5658 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5659 
5660 			if (!chan) {
5661 				err = -EINVAL;
5662 				goto out_free;
5663 			}
5664 
5665 			/* ignore disabled channels */
5666 			if (chan->flags & IEEE80211_CHAN_DISABLED)
5667 				continue;
5668 
5669 			request->channels[i] = chan;
5670 			i++;
5671 		}
5672 	} else {
5673 		/* all channels */
5674 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5675 			int j;
5676 			if (!wiphy->bands[band])
5677 				continue;
5678 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5679 				struct ieee80211_channel *chan;
5680 
5681 				chan = &wiphy->bands[band]->channels[j];
5682 
5683 				if (chan->flags & IEEE80211_CHAN_DISABLED)
5684 					continue;
5685 
5686 				request->channels[i] = chan;
5687 				i++;
5688 			}
5689 		}
5690 	}
5691 
5692 	if (!i) {
5693 		err = -EINVAL;
5694 		goto out_free;
5695 	}
5696 
5697 	request->n_channels = i;
5698 
5699 	i = 0;
5700 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
5701 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
5702 				    tmp) {
5703 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5704 				err = -EINVAL;
5705 				goto out_free;
5706 			}
5707 			request->ssids[i].ssid_len = nla_len(attr);
5708 			memcpy(request->ssids[i].ssid, nla_data(attr),
5709 			       nla_len(attr));
5710 			i++;
5711 		}
5712 	}
5713 
5714 	i = 0;
5715 	if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
5716 		nla_for_each_nested(attr,
5717 				    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
5718 				    tmp) {
5719 			struct nlattr *ssid, *rssi;
5720 
5721 			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
5722 					nla_data(attr), nla_len(attr),
5723 					nl80211_match_policy);
5724 			if (err)
5725 				goto out_free;
5726 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
5727 			if (ssid) {
5728 				if (WARN_ON(i >= n_match_sets)) {
5729 					/* this indicates a programming error,
5730 					 * the loop above should have verified
5731 					 * things properly
5732 					 */
5733 					err = -EINVAL;
5734 					goto out_free;
5735 				}
5736 
5737 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
5738 					err = -EINVAL;
5739 					goto out_free;
5740 				}
5741 				memcpy(request->match_sets[i].ssid.ssid,
5742 				       nla_data(ssid), nla_len(ssid));
5743 				request->match_sets[i].ssid.ssid_len =
5744 					nla_len(ssid);
5745 				/* special attribute - old implemenation w/a */
5746 				request->match_sets[i].rssi_thold =
5747 					default_match_rssi;
5748 				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
5749 				if (rssi)
5750 					request->match_sets[i].rssi_thold =
5751 						nla_get_s32(rssi);
5752 			}
5753 			i++;
5754 		}
5755 
5756 		/* there was no other matchset, so the RSSI one is alone */
5757 		if (i == 0)
5758 			request->match_sets[0].rssi_thold = default_match_rssi;
5759 
5760 		request->min_rssi_thold = INT_MAX;
5761 		for (i = 0; i < n_match_sets; i++)
5762 			request->min_rssi_thold =
5763 				min(request->match_sets[i].rssi_thold,
5764 				    request->min_rssi_thold);
5765 	} else {
5766 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
5767 	}
5768 
5769 	if (ie_len) {
5770 		request->ie_len = ie_len;
5771 		memcpy((void *)request->ie,
5772 		       nla_data(info->attrs[NL80211_ATTR_IE]),
5773 		       request->ie_len);
5774 	}
5775 
5776 	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5777 		request->flags = nla_get_u32(
5778 			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5779 		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5780 		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5781 			err = -EOPNOTSUPP;
5782 			goto out_free;
5783 		}
5784 	}
5785 
5786 	request->dev = dev;
5787 	request->wiphy = &rdev->wiphy;
5788 	request->interval = interval;
5789 	request->scan_start = jiffies;
5790 
5791 	err = rdev_sched_scan_start(rdev, dev, request);
5792 	if (!err) {
5793 		rdev->sched_scan_req = request;
5794 		nl80211_send_sched_scan(rdev, dev,
5795 					NL80211_CMD_START_SCHED_SCAN);
5796 		goto out;
5797 	}
5798 
5799 out_free:
5800 	kfree(request);
5801 out:
5802 	return err;
5803 }
5804 
5805 static int nl80211_stop_sched_scan(struct sk_buff *skb,
5806 				   struct genl_info *info)
5807 {
5808 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5809 
5810 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
5811 	    !rdev->ops->sched_scan_stop)
5812 		return -EOPNOTSUPP;
5813 
5814 	return __cfg80211_stop_sched_scan(rdev, false);
5815 }
5816 
5817 static int nl80211_start_radar_detection(struct sk_buff *skb,
5818 					 struct genl_info *info)
5819 {
5820 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5821 	struct net_device *dev = info->user_ptr[1];
5822 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5823 	struct cfg80211_chan_def chandef;
5824 	enum nl80211_dfs_regions dfs_region;
5825 	unsigned int cac_time_ms;
5826 	int err;
5827 
5828 	dfs_region = reg_get_dfs_region(wdev->wiphy);
5829 	if (dfs_region == NL80211_DFS_UNSET)
5830 		return -EINVAL;
5831 
5832 	err = nl80211_parse_chandef(rdev, info, &chandef);
5833 	if (err)
5834 		return err;
5835 
5836 	if (netif_carrier_ok(dev))
5837 		return -EBUSY;
5838 
5839 	if (wdev->cac_started)
5840 		return -EBUSY;
5841 
5842 	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
5843 					    wdev->iftype);
5844 	if (err < 0)
5845 		return err;
5846 
5847 	if (err == 0)
5848 		return -EINVAL;
5849 
5850 	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
5851 		return -EINVAL;
5852 
5853 	if (!rdev->ops->start_radar_detection)
5854 		return -EOPNOTSUPP;
5855 
5856 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
5857 	if (WARN_ON(!cac_time_ms))
5858 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
5859 
5860 	err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef,
5861 					       cac_time_ms);
5862 	if (!err) {
5863 		wdev->chandef = chandef;
5864 		wdev->cac_started = true;
5865 		wdev->cac_start_time = jiffies;
5866 		wdev->cac_time_ms = cac_time_ms;
5867 	}
5868 	return err;
5869 }
5870 
5871 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
5872 {
5873 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5874 	struct net_device *dev = info->user_ptr[1];
5875 	struct wireless_dev *wdev = dev->ieee80211_ptr;
5876 	struct cfg80211_csa_settings params;
5877 	/* csa_attrs is defined static to avoid waste of stack size - this
5878 	 * function is called under RTNL lock, so this should not be a problem.
5879 	 */
5880 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
5881 	u8 radar_detect_width = 0;
5882 	int err;
5883 	bool need_new_beacon = false;
5884 	int len, i;
5885 
5886 	if (!rdev->ops->channel_switch ||
5887 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
5888 		return -EOPNOTSUPP;
5889 
5890 	switch (dev->ieee80211_ptr->iftype) {
5891 	case NL80211_IFTYPE_AP:
5892 	case NL80211_IFTYPE_P2P_GO:
5893 		need_new_beacon = true;
5894 
5895 		/* useless if AP is not running */
5896 		if (!wdev->beacon_interval)
5897 			return -ENOTCONN;
5898 		break;
5899 	case NL80211_IFTYPE_ADHOC:
5900 		if (!wdev->ssid_len)
5901 			return -ENOTCONN;
5902 		break;
5903 	case NL80211_IFTYPE_MESH_POINT:
5904 		if (!wdev->mesh_id_len)
5905 			return -ENOTCONN;
5906 		break;
5907 	default:
5908 		return -EOPNOTSUPP;
5909 	}
5910 
5911 	memset(&params, 0, sizeof(params));
5912 
5913 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5914 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
5915 		return -EINVAL;
5916 
5917 	/* only important for AP, IBSS and mesh create IEs internally */
5918 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
5919 		return -EINVAL;
5920 
5921 	params.count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
5922 
5923 	if (!need_new_beacon)
5924 		goto skip_beacons;
5925 
5926 	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
5927 	if (err)
5928 		return err;
5929 
5930 	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
5931 			       info->attrs[NL80211_ATTR_CSA_IES],
5932 			       nl80211_policy);
5933 	if (err)
5934 		return err;
5935 
5936 	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
5937 	if (err)
5938 		return err;
5939 
5940 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
5941 		return -EINVAL;
5942 
5943 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5944 	if (!len || (len % sizeof(u16)))
5945 		return -EINVAL;
5946 
5947 	params.n_counter_offsets_beacon = len / sizeof(u16);
5948 	if (rdev->wiphy.max_num_csa_counters &&
5949 	    (params.n_counter_offsets_beacon >
5950 	     rdev->wiphy.max_num_csa_counters))
5951 		return -EINVAL;
5952 
5953 	params.counter_offsets_beacon =
5954 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
5955 
5956 	/* sanity checks - counters should fit and be the same */
5957 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
5958 		u16 offset = params.counter_offsets_beacon[i];
5959 
5960 		if (offset >= params.beacon_csa.tail_len)
5961 			return -EINVAL;
5962 
5963 		if (params.beacon_csa.tail[offset] != params.count)
5964 			return -EINVAL;
5965 	}
5966 
5967 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
5968 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
5969 		if (!len || (len % sizeof(u16)))
5970 			return -EINVAL;
5971 
5972 		params.n_counter_offsets_presp = len / sizeof(u16);
5973 		if (rdev->wiphy.max_num_csa_counters &&
5974 		    (params.n_counter_offsets_beacon >
5975 		     rdev->wiphy.max_num_csa_counters))
5976 			return -EINVAL;
5977 
5978 		params.counter_offsets_presp =
5979 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
5980 
5981 		/* sanity checks - counters should fit and be the same */
5982 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
5983 			u16 offset = params.counter_offsets_presp[i];
5984 
5985 			if (offset >= params.beacon_csa.probe_resp_len)
5986 				return -EINVAL;
5987 
5988 			if (params.beacon_csa.probe_resp[offset] !=
5989 			    params.count)
5990 				return -EINVAL;
5991 		}
5992 	}
5993 
5994 skip_beacons:
5995 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
5996 	if (err)
5997 		return err;
5998 
5999 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
6000 				     wdev->iftype))
6001 		return -EINVAL;
6002 
6003 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
6004 					    &params.chandef,
6005 					    wdev->iftype);
6006 	if (err < 0)
6007 		return err;
6008 
6009 	if (err > 0) {
6010 		radar_detect_width = BIT(params.chandef.width);
6011 		params.radar_required = true;
6012 	}
6013 
6014 	/* TODO: I left this here for now.  With channel switch, the
6015 	 * verification is a bit more complicated, because we only do
6016 	 * it later when the channel switch really happens.
6017 	 */
6018 	err = cfg80211_can_use_iftype_chan(rdev, wdev, wdev->iftype,
6019 					   params.chandef.chan,
6020 					   CHAN_MODE_SHARED,
6021 					   radar_detect_width);
6022 	if (err)
6023 		return err;
6024 
6025 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
6026 		params.block_tx = true;
6027 
6028 	wdev_lock(wdev);
6029 	err = rdev_channel_switch(rdev, dev, &params);
6030 	wdev_unlock(wdev);
6031 
6032 	return err;
6033 }
6034 
6035 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
6036 			    u32 seq, int flags,
6037 			    struct cfg80211_registered_device *rdev,
6038 			    struct wireless_dev *wdev,
6039 			    struct cfg80211_internal_bss *intbss)
6040 {
6041 	struct cfg80211_bss *res = &intbss->pub;
6042 	const struct cfg80211_bss_ies *ies;
6043 	void *hdr;
6044 	struct nlattr *bss;
6045 	bool tsf = false;
6046 
6047 	ASSERT_WDEV_LOCK(wdev);
6048 
6049 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6050 			     NL80211_CMD_NEW_SCAN_RESULTS);
6051 	if (!hdr)
6052 		return -1;
6053 
6054 	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6055 
6056 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
6057 		goto nla_put_failure;
6058 	if (wdev->netdev &&
6059 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
6060 		goto nla_put_failure;
6061 	if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
6062 		goto nla_put_failure;
6063 
6064 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
6065 	if (!bss)
6066 		goto nla_put_failure;
6067 	if ((!is_zero_ether_addr(res->bssid) &&
6068 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6069 		goto nla_put_failure;
6070 
6071 	rcu_read_lock();
6072 	ies = rcu_dereference(res->ies);
6073 	if (ies) {
6074 		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6075 			goto fail_unlock_rcu;
6076 		tsf = true;
6077 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
6078 					ies->len, ies->data))
6079 			goto fail_unlock_rcu;
6080 	}
6081 	ies = rcu_dereference(res->beacon_ies);
6082 	if (ies) {
6083 		if (!tsf && nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6084 			goto fail_unlock_rcu;
6085 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
6086 					ies->len, ies->data))
6087 			goto fail_unlock_rcu;
6088 	}
6089 	rcu_read_unlock();
6090 
6091 	if (res->beacon_interval &&
6092 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
6093 		goto nla_put_failure;
6094 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
6095 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6096 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6097 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6098 			jiffies_to_msecs(jiffies - intbss->ts)))
6099 		goto nla_put_failure;
6100 
6101 	switch (rdev->wiphy.signal_type) {
6102 	case CFG80211_SIGNAL_TYPE_MBM:
6103 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6104 			goto nla_put_failure;
6105 		break;
6106 	case CFG80211_SIGNAL_TYPE_UNSPEC:
6107 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6108 			goto nla_put_failure;
6109 		break;
6110 	default:
6111 		break;
6112 	}
6113 
6114 	switch (wdev->iftype) {
6115 	case NL80211_IFTYPE_P2P_CLIENT:
6116 	case NL80211_IFTYPE_STATION:
6117 		if (intbss == wdev->current_bss &&
6118 		    nla_put_u32(msg, NL80211_BSS_STATUS,
6119 				NL80211_BSS_STATUS_ASSOCIATED))
6120 			goto nla_put_failure;
6121 		break;
6122 	case NL80211_IFTYPE_ADHOC:
6123 		if (intbss == wdev->current_bss &&
6124 		    nla_put_u32(msg, NL80211_BSS_STATUS,
6125 				NL80211_BSS_STATUS_IBSS_JOINED))
6126 			goto nla_put_failure;
6127 		break;
6128 	default:
6129 		break;
6130 	}
6131 
6132 	nla_nest_end(msg, bss);
6133 
6134 	return genlmsg_end(msg, hdr);
6135 
6136  fail_unlock_rcu:
6137 	rcu_read_unlock();
6138  nla_put_failure:
6139 	genlmsg_cancel(msg, hdr);
6140 	return -EMSGSIZE;
6141 }
6142 
6143 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6144 {
6145 	struct cfg80211_registered_device *rdev;
6146 	struct cfg80211_internal_bss *scan;
6147 	struct wireless_dev *wdev;
6148 	int start = cb->args[2], idx = 0;
6149 	int err;
6150 
6151 	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6152 	if (err)
6153 		return err;
6154 
6155 	wdev_lock(wdev);
6156 	spin_lock_bh(&rdev->bss_lock);
6157 	cfg80211_bss_expire(rdev);
6158 
6159 	cb->seq = rdev->bss_generation;
6160 
6161 	list_for_each_entry(scan, &rdev->bss_list, list) {
6162 		if (++idx <= start)
6163 			continue;
6164 		if (nl80211_send_bss(skb, cb,
6165 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6166 				rdev, wdev, scan) < 0) {
6167 			idx--;
6168 			break;
6169 		}
6170 	}
6171 
6172 	spin_unlock_bh(&rdev->bss_lock);
6173 	wdev_unlock(wdev);
6174 
6175 	cb->args[2] = idx;
6176 	nl80211_finish_wdev_dump(rdev);
6177 
6178 	return skb->len;
6179 }
6180 
6181 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6182 				int flags, struct net_device *dev,
6183 				struct survey_info *survey)
6184 {
6185 	void *hdr;
6186 	struct nlattr *infoattr;
6187 
6188 	hdr = nl80211hdr_put(msg, portid, seq, flags,
6189 			     NL80211_CMD_NEW_SURVEY_RESULTS);
6190 	if (!hdr)
6191 		return -ENOMEM;
6192 
6193 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6194 		goto nla_put_failure;
6195 
6196 	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6197 	if (!infoattr)
6198 		goto nla_put_failure;
6199 
6200 	if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6201 			survey->channel->center_freq))
6202 		goto nla_put_failure;
6203 
6204 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6205 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6206 		goto nla_put_failure;
6207 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
6208 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6209 		goto nla_put_failure;
6210 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
6211 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
6212 			survey->channel_time))
6213 		goto nla_put_failure;
6214 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
6215 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
6216 			survey->channel_time_busy))
6217 		goto nla_put_failure;
6218 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
6219 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
6220 			survey->channel_time_ext_busy))
6221 		goto nla_put_failure;
6222 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
6223 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
6224 			survey->channel_time_rx))
6225 		goto nla_put_failure;
6226 	if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
6227 	    nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
6228 			survey->channel_time_tx))
6229 		goto nla_put_failure;
6230 
6231 	nla_nest_end(msg, infoattr);
6232 
6233 	return genlmsg_end(msg, hdr);
6234 
6235  nla_put_failure:
6236 	genlmsg_cancel(msg, hdr);
6237 	return -EMSGSIZE;
6238 }
6239 
6240 static int nl80211_dump_survey(struct sk_buff *skb,
6241 			struct netlink_callback *cb)
6242 {
6243 	struct survey_info survey;
6244 	struct cfg80211_registered_device *rdev;
6245 	struct wireless_dev *wdev;
6246 	int survey_idx = cb->args[2];
6247 	int res;
6248 
6249 	res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6250 	if (res)
6251 		return res;
6252 
6253 	if (!wdev->netdev) {
6254 		res = -EINVAL;
6255 		goto out_err;
6256 	}
6257 
6258 	if (!rdev->ops->dump_survey) {
6259 		res = -EOPNOTSUPP;
6260 		goto out_err;
6261 	}
6262 
6263 	while (1) {
6264 		struct ieee80211_channel *chan;
6265 
6266 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6267 		if (res == -ENOENT)
6268 			break;
6269 		if (res)
6270 			goto out_err;
6271 
6272 		/* Survey without a channel doesn't make sense */
6273 		if (!survey.channel) {
6274 			res = -EINVAL;
6275 			goto out;
6276 		}
6277 
6278 		chan = ieee80211_get_channel(&rdev->wiphy,
6279 					     survey.channel->center_freq);
6280 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
6281 			survey_idx++;
6282 			continue;
6283 		}
6284 
6285 		if (nl80211_send_survey(skb,
6286 				NETLINK_CB(cb->skb).portid,
6287 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6288 				wdev->netdev, &survey) < 0)
6289 			goto out;
6290 		survey_idx++;
6291 	}
6292 
6293  out:
6294 	cb->args[2] = survey_idx;
6295 	res = skb->len;
6296  out_err:
6297 	nl80211_finish_wdev_dump(rdev);
6298 	return res;
6299 }
6300 
6301 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6302 {
6303 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6304 				  NL80211_WPA_VERSION_2));
6305 }
6306 
6307 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6308 {
6309 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6310 	struct net_device *dev = info->user_ptr[1];
6311 	struct ieee80211_channel *chan;
6312 	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6313 	int err, ssid_len, ie_len = 0, sae_data_len = 0;
6314 	enum nl80211_auth_type auth_type;
6315 	struct key_parse key;
6316 	bool local_state_change;
6317 
6318 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6319 		return -EINVAL;
6320 
6321 	if (!info->attrs[NL80211_ATTR_MAC])
6322 		return -EINVAL;
6323 
6324 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6325 		return -EINVAL;
6326 
6327 	if (!info->attrs[NL80211_ATTR_SSID])
6328 		return -EINVAL;
6329 
6330 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6331 		return -EINVAL;
6332 
6333 	err = nl80211_parse_key(info, &key);
6334 	if (err)
6335 		return err;
6336 
6337 	if (key.idx >= 0) {
6338 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
6339 			return -EINVAL;
6340 		if (!key.p.key || !key.p.key_len)
6341 			return -EINVAL;
6342 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
6343 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
6344 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
6345 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
6346 			return -EINVAL;
6347 		if (key.idx > 4)
6348 			return -EINVAL;
6349 	} else {
6350 		key.p.key_len = 0;
6351 		key.p.key = NULL;
6352 	}
6353 
6354 	if (key.idx >= 0) {
6355 		int i;
6356 		bool ok = false;
6357 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
6358 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
6359 				ok = true;
6360 				break;
6361 			}
6362 		}
6363 		if (!ok)
6364 			return -EINVAL;
6365 	}
6366 
6367 	if (!rdev->ops->auth)
6368 		return -EOPNOTSUPP;
6369 
6370 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6371 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6372 		return -EOPNOTSUPP;
6373 
6374 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6375 	chan = nl80211_get_valid_chan(&rdev->wiphy,
6376 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6377 	if (!chan)
6378 		return -EINVAL;
6379 
6380 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6381 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6382 
6383 	if (info->attrs[NL80211_ATTR_IE]) {
6384 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6385 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6386 	}
6387 
6388 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6389 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6390 		return -EINVAL;
6391 
6392 	if (auth_type == NL80211_AUTHTYPE_SAE &&
6393 	    !info->attrs[NL80211_ATTR_SAE_DATA])
6394 		return -EINVAL;
6395 
6396 	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
6397 		if (auth_type != NL80211_AUTHTYPE_SAE)
6398 			return -EINVAL;
6399 		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
6400 		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
6401 		/* need to include at least Auth Transaction and Status Code */
6402 		if (sae_data_len < 4)
6403 			return -EINVAL;
6404 	}
6405 
6406 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6407 
6408 	/*
6409 	 * Since we no longer track auth state, ignore
6410 	 * requests to only change local state.
6411 	 */
6412 	if (local_state_change)
6413 		return 0;
6414 
6415 	wdev_lock(dev->ieee80211_ptr);
6416 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
6417 				 ssid, ssid_len, ie, ie_len,
6418 				 key.p.key, key.p.key_len, key.idx,
6419 				 sae_data, sae_data_len);
6420 	wdev_unlock(dev->ieee80211_ptr);
6421 	return err;
6422 }
6423 
6424 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
6425 				   struct genl_info *info,
6426 				   struct cfg80211_crypto_settings *settings,
6427 				   int cipher_limit)
6428 {
6429 	memset(settings, 0, sizeof(*settings));
6430 
6431 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
6432 
6433 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
6434 		u16 proto;
6435 		proto = nla_get_u16(
6436 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
6437 		settings->control_port_ethertype = cpu_to_be16(proto);
6438 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
6439 		    proto != ETH_P_PAE)
6440 			return -EINVAL;
6441 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
6442 			settings->control_port_no_encrypt = true;
6443 	} else
6444 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
6445 
6446 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
6447 		void *data;
6448 		int len, i;
6449 
6450 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6451 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6452 		settings->n_ciphers_pairwise = len / sizeof(u32);
6453 
6454 		if (len % sizeof(u32))
6455 			return -EINVAL;
6456 
6457 		if (settings->n_ciphers_pairwise > cipher_limit)
6458 			return -EINVAL;
6459 
6460 		memcpy(settings->ciphers_pairwise, data, len);
6461 
6462 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
6463 			if (!cfg80211_supported_cipher_suite(
6464 					&rdev->wiphy,
6465 					settings->ciphers_pairwise[i]))
6466 				return -EINVAL;
6467 	}
6468 
6469 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6470 		settings->cipher_group =
6471 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6472 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6473 						     settings->cipher_group))
6474 			return -EINVAL;
6475 	}
6476 
6477 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6478 		settings->wpa_versions =
6479 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6480 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6481 			return -EINVAL;
6482 	}
6483 
6484 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6485 		void *data;
6486 		int len;
6487 
6488 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6489 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6490 		settings->n_akm_suites = len / sizeof(u32);
6491 
6492 		if (len % sizeof(u32))
6493 			return -EINVAL;
6494 
6495 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6496 			return -EINVAL;
6497 
6498 		memcpy(settings->akm_suites, data, len);
6499 	}
6500 
6501 	return 0;
6502 }
6503 
6504 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
6505 {
6506 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6507 	struct net_device *dev = info->user_ptr[1];
6508 	struct ieee80211_channel *chan;
6509 	struct cfg80211_assoc_request req = {};
6510 	const u8 *bssid, *ssid;
6511 	int err, ssid_len = 0;
6512 
6513 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6514 		return -EINVAL;
6515 
6516 	if (!info->attrs[NL80211_ATTR_MAC] ||
6517 	    !info->attrs[NL80211_ATTR_SSID] ||
6518 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
6519 		return -EINVAL;
6520 
6521 	if (!rdev->ops->assoc)
6522 		return -EOPNOTSUPP;
6523 
6524 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6525 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6526 		return -EOPNOTSUPP;
6527 
6528 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6529 
6530 	chan = nl80211_get_valid_chan(&rdev->wiphy,
6531 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6532 	if (!chan)
6533 		return -EINVAL;
6534 
6535 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6536 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6537 
6538 	if (info->attrs[NL80211_ATTR_IE]) {
6539 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6540 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6541 	}
6542 
6543 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
6544 		enum nl80211_mfp mfp =
6545 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
6546 		if (mfp == NL80211_MFP_REQUIRED)
6547 			req.use_mfp = true;
6548 		else if (mfp != NL80211_MFP_NO)
6549 			return -EINVAL;
6550 	}
6551 
6552 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
6553 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
6554 
6555 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
6556 		req.flags |= ASSOC_REQ_DISABLE_HT;
6557 
6558 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6559 		memcpy(&req.ht_capa_mask,
6560 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6561 		       sizeof(req.ht_capa_mask));
6562 
6563 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6564 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6565 			return -EINVAL;
6566 		memcpy(&req.ht_capa,
6567 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6568 		       sizeof(req.ht_capa));
6569 	}
6570 
6571 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
6572 		req.flags |= ASSOC_REQ_DISABLE_VHT;
6573 
6574 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6575 		memcpy(&req.vht_capa_mask,
6576 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
6577 		       sizeof(req.vht_capa_mask));
6578 
6579 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
6580 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
6581 			return -EINVAL;
6582 		memcpy(&req.vht_capa,
6583 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
6584 		       sizeof(req.vht_capa));
6585 	}
6586 
6587 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
6588 	if (!err) {
6589 		wdev_lock(dev->ieee80211_ptr);
6590 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
6591 					  ssid, ssid_len, &req);
6592 		wdev_unlock(dev->ieee80211_ptr);
6593 	}
6594 
6595 	return err;
6596 }
6597 
6598 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
6599 {
6600 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6601 	struct net_device *dev = info->user_ptr[1];
6602 	const u8 *ie = NULL, *bssid;
6603 	int ie_len = 0, err;
6604 	u16 reason_code;
6605 	bool local_state_change;
6606 
6607 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6608 		return -EINVAL;
6609 
6610 	if (!info->attrs[NL80211_ATTR_MAC])
6611 		return -EINVAL;
6612 
6613 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6614 		return -EINVAL;
6615 
6616 	if (!rdev->ops->deauth)
6617 		return -EOPNOTSUPP;
6618 
6619 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6620 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6621 		return -EOPNOTSUPP;
6622 
6623 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6624 
6625 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6626 	if (reason_code == 0) {
6627 		/* Reason Code 0 is reserved */
6628 		return -EINVAL;
6629 	}
6630 
6631 	if (info->attrs[NL80211_ATTR_IE]) {
6632 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6633 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6634 	}
6635 
6636 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6637 
6638 	wdev_lock(dev->ieee80211_ptr);
6639 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
6640 				   local_state_change);
6641 	wdev_unlock(dev->ieee80211_ptr);
6642 	return err;
6643 }
6644 
6645 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
6646 {
6647 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6648 	struct net_device *dev = info->user_ptr[1];
6649 	const u8 *ie = NULL, *bssid;
6650 	int ie_len = 0, err;
6651 	u16 reason_code;
6652 	bool local_state_change;
6653 
6654 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6655 		return -EINVAL;
6656 
6657 	if (!info->attrs[NL80211_ATTR_MAC])
6658 		return -EINVAL;
6659 
6660 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
6661 		return -EINVAL;
6662 
6663 	if (!rdev->ops->disassoc)
6664 		return -EOPNOTSUPP;
6665 
6666 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6667 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6668 		return -EOPNOTSUPP;
6669 
6670 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6671 
6672 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
6673 	if (reason_code == 0) {
6674 		/* Reason Code 0 is reserved */
6675 		return -EINVAL;
6676 	}
6677 
6678 	if (info->attrs[NL80211_ATTR_IE]) {
6679 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6680 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6681 	}
6682 
6683 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6684 
6685 	wdev_lock(dev->ieee80211_ptr);
6686 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
6687 				     local_state_change);
6688 	wdev_unlock(dev->ieee80211_ptr);
6689 	return err;
6690 }
6691 
6692 static bool
6693 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
6694 			 int mcast_rate[IEEE80211_NUM_BANDS],
6695 			 int rateval)
6696 {
6697 	struct wiphy *wiphy = &rdev->wiphy;
6698 	bool found = false;
6699 	int band, i;
6700 
6701 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6702 		struct ieee80211_supported_band *sband;
6703 
6704 		sband = wiphy->bands[band];
6705 		if (!sband)
6706 			continue;
6707 
6708 		for (i = 0; i < sband->n_bitrates; i++) {
6709 			if (sband->bitrates[i].bitrate == rateval) {
6710 				mcast_rate[band] = i + 1;
6711 				found = true;
6712 				break;
6713 			}
6714 		}
6715 	}
6716 
6717 	return found;
6718 }
6719 
6720 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
6721 {
6722 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6723 	struct net_device *dev = info->user_ptr[1];
6724 	struct cfg80211_ibss_params ibss;
6725 	struct wiphy *wiphy;
6726 	struct cfg80211_cached_keys *connkeys = NULL;
6727 	int err;
6728 
6729 	memset(&ibss, 0, sizeof(ibss));
6730 
6731 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6732 		return -EINVAL;
6733 
6734 	if (!info->attrs[NL80211_ATTR_SSID] ||
6735 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
6736 		return -EINVAL;
6737 
6738 	ibss.beacon_interval = 100;
6739 
6740 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
6741 		ibss.beacon_interval =
6742 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
6743 		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
6744 			return -EINVAL;
6745 	}
6746 
6747 	if (!rdev->ops->join_ibss)
6748 		return -EOPNOTSUPP;
6749 
6750 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6751 		return -EOPNOTSUPP;
6752 
6753 	wiphy = &rdev->wiphy;
6754 
6755 	if (info->attrs[NL80211_ATTR_MAC]) {
6756 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6757 
6758 		if (!is_valid_ether_addr(ibss.bssid))
6759 			return -EINVAL;
6760 	}
6761 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6762 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6763 
6764 	if (info->attrs[NL80211_ATTR_IE]) {
6765 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6766 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6767 	}
6768 
6769 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
6770 	if (err)
6771 		return err;
6772 
6773 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
6774 				     NL80211_IFTYPE_ADHOC))
6775 		return -EINVAL;
6776 
6777 	switch (ibss.chandef.width) {
6778 	case NL80211_CHAN_WIDTH_5:
6779 	case NL80211_CHAN_WIDTH_10:
6780 	case NL80211_CHAN_WIDTH_20_NOHT:
6781 		break;
6782 	case NL80211_CHAN_WIDTH_20:
6783 	case NL80211_CHAN_WIDTH_40:
6784 		if (rdev->wiphy.features & NL80211_FEATURE_HT_IBSS)
6785 			break;
6786 	default:
6787 		return -EINVAL;
6788 	}
6789 
6790 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
6791 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
6792 
6793 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6794 		u8 *rates =
6795 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6796 		int n_rates =
6797 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6798 		struct ieee80211_supported_band *sband =
6799 			wiphy->bands[ibss.chandef.chan->band];
6800 
6801 		err = ieee80211_get_ratemask(sband, rates, n_rates,
6802 					     &ibss.basic_rates);
6803 		if (err)
6804 			return err;
6805 	}
6806 
6807 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6808 		memcpy(&ibss.ht_capa_mask,
6809 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
6810 		       sizeof(ibss.ht_capa_mask));
6811 
6812 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
6813 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
6814 			return -EINVAL;
6815 		memcpy(&ibss.ht_capa,
6816 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
6817 		       sizeof(ibss.ht_capa));
6818 	}
6819 
6820 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
6821 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
6822 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
6823 		return -EINVAL;
6824 
6825 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
6826 		bool no_ht = false;
6827 
6828 		connkeys = nl80211_parse_connkeys(rdev,
6829 					  info->attrs[NL80211_ATTR_KEYS],
6830 					  &no_ht);
6831 		if (IS_ERR(connkeys))
6832 			return PTR_ERR(connkeys);
6833 
6834 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
6835 		    no_ht) {
6836 			kfree(connkeys);
6837 			return -EINVAL;
6838 		}
6839 	}
6840 
6841 	ibss.control_port =
6842 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
6843 
6844 	ibss.userspace_handles_dfs =
6845 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
6846 
6847 	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
6848 	if (err)
6849 		kfree(connkeys);
6850 	return err;
6851 }
6852 
6853 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
6854 {
6855 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6856 	struct net_device *dev = info->user_ptr[1];
6857 
6858 	if (!rdev->ops->leave_ibss)
6859 		return -EOPNOTSUPP;
6860 
6861 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
6862 		return -EOPNOTSUPP;
6863 
6864 	return cfg80211_leave_ibss(rdev, dev, false);
6865 }
6866 
6867 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
6868 {
6869 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6870 	struct net_device *dev = info->user_ptr[1];
6871 	int mcast_rate[IEEE80211_NUM_BANDS];
6872 	u32 nla_rate;
6873 	int err;
6874 
6875 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
6876 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6877 		return -EOPNOTSUPP;
6878 
6879 	if (!rdev->ops->set_mcast_rate)
6880 		return -EOPNOTSUPP;
6881 
6882 	memset(mcast_rate, 0, sizeof(mcast_rate));
6883 
6884 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
6885 		return -EINVAL;
6886 
6887 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
6888 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
6889 		return -EINVAL;
6890 
6891 	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
6892 
6893 	return err;
6894 }
6895 
6896 static struct sk_buff *
6897 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
6898 			    int approxlen, u32 portid, u32 seq,
6899 			    enum nl80211_commands cmd,
6900 			    enum nl80211_attrs attr,
6901 			    const struct nl80211_vendor_cmd_info *info,
6902 			    gfp_t gfp)
6903 {
6904 	struct sk_buff *skb;
6905 	void *hdr;
6906 	struct nlattr *data;
6907 
6908 	skb = nlmsg_new(approxlen + 100, gfp);
6909 	if (!skb)
6910 		return NULL;
6911 
6912 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
6913 	if (!hdr) {
6914 		kfree_skb(skb);
6915 		return NULL;
6916 	}
6917 
6918 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
6919 		goto nla_put_failure;
6920 
6921 	if (info) {
6922 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
6923 				info->vendor_id))
6924 			goto nla_put_failure;
6925 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
6926 				info->subcmd))
6927 			goto nla_put_failure;
6928 	}
6929 
6930 	data = nla_nest_start(skb, attr);
6931 
6932 	((void **)skb->cb)[0] = rdev;
6933 	((void **)skb->cb)[1] = hdr;
6934 	((void **)skb->cb)[2] = data;
6935 
6936 	return skb;
6937 
6938  nla_put_failure:
6939 	kfree_skb(skb);
6940 	return NULL;
6941 }
6942 
6943 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
6944 					   enum nl80211_commands cmd,
6945 					   enum nl80211_attrs attr,
6946 					   int vendor_event_idx,
6947 					   int approxlen, gfp_t gfp)
6948 {
6949 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
6950 	const struct nl80211_vendor_cmd_info *info;
6951 
6952 	switch (cmd) {
6953 	case NL80211_CMD_TESTMODE:
6954 		if (WARN_ON(vendor_event_idx != -1))
6955 			return NULL;
6956 		info = NULL;
6957 		break;
6958 	case NL80211_CMD_VENDOR:
6959 		if (WARN_ON(vendor_event_idx < 0 ||
6960 			    vendor_event_idx >= wiphy->n_vendor_events))
6961 			return NULL;
6962 		info = &wiphy->vendor_events[vendor_event_idx];
6963 		break;
6964 	default:
6965 		WARN_ON(1);
6966 		return NULL;
6967 	}
6968 
6969 	return __cfg80211_alloc_vendor_skb(rdev, approxlen, 0, 0,
6970 					   cmd, attr, info, gfp);
6971 }
6972 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
6973 
6974 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
6975 {
6976 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
6977 	void *hdr = ((void **)skb->cb)[1];
6978 	struct nlattr *data = ((void **)skb->cb)[2];
6979 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
6980 
6981 	nla_nest_end(skb, data);
6982 	genlmsg_end(skb, hdr);
6983 
6984 	if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
6985 		mcgrp = NL80211_MCGRP_VENDOR;
6986 
6987 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
6988 				mcgrp, gfp);
6989 }
6990 EXPORT_SYMBOL(__cfg80211_send_event_skb);
6991 
6992 #ifdef CONFIG_NL80211_TESTMODE
6993 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
6994 {
6995 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6996 	struct wireless_dev *wdev =
6997 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
6998 	int err;
6999 
7000 	if (!rdev->ops->testmode_cmd)
7001 		return -EOPNOTSUPP;
7002 
7003 	if (IS_ERR(wdev)) {
7004 		err = PTR_ERR(wdev);
7005 		if (err != -EINVAL)
7006 			return err;
7007 		wdev = NULL;
7008 	} else if (wdev->wiphy != &rdev->wiphy) {
7009 		return -EINVAL;
7010 	}
7011 
7012 	if (!info->attrs[NL80211_ATTR_TESTDATA])
7013 		return -EINVAL;
7014 
7015 	rdev->cur_cmd_info = info;
7016 	err = rdev_testmode_cmd(rdev, wdev,
7017 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
7018 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
7019 	rdev->cur_cmd_info = NULL;
7020 
7021 	return err;
7022 }
7023 
7024 static int nl80211_testmode_dump(struct sk_buff *skb,
7025 				 struct netlink_callback *cb)
7026 {
7027 	struct cfg80211_registered_device *rdev;
7028 	int err;
7029 	long phy_idx;
7030 	void *data = NULL;
7031 	int data_len = 0;
7032 
7033 	rtnl_lock();
7034 
7035 	if (cb->args[0]) {
7036 		/*
7037 		 * 0 is a valid index, but not valid for args[0],
7038 		 * so we need to offset by 1.
7039 		 */
7040 		phy_idx = cb->args[0] - 1;
7041 	} else {
7042 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
7043 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
7044 				  nl80211_policy);
7045 		if (err)
7046 			goto out_err;
7047 
7048 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
7049 						  nl80211_fam.attrbuf);
7050 		if (IS_ERR(rdev)) {
7051 			err = PTR_ERR(rdev);
7052 			goto out_err;
7053 		}
7054 		phy_idx = rdev->wiphy_idx;
7055 		rdev = NULL;
7056 
7057 		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
7058 			cb->args[1] =
7059 				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
7060 	}
7061 
7062 	if (cb->args[1]) {
7063 		data = nla_data((void *)cb->args[1]);
7064 		data_len = nla_len((void *)cb->args[1]);
7065 	}
7066 
7067 	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
7068 	if (!rdev) {
7069 		err = -ENOENT;
7070 		goto out_err;
7071 	}
7072 
7073 	if (!rdev->ops->testmode_dump) {
7074 		err = -EOPNOTSUPP;
7075 		goto out_err;
7076 	}
7077 
7078 	while (1) {
7079 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
7080 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
7081 					   NL80211_CMD_TESTMODE);
7082 		struct nlattr *tmdata;
7083 
7084 		if (!hdr)
7085 			break;
7086 
7087 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
7088 			genlmsg_cancel(skb, hdr);
7089 			break;
7090 		}
7091 
7092 		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
7093 		if (!tmdata) {
7094 			genlmsg_cancel(skb, hdr);
7095 			break;
7096 		}
7097 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7098 		nla_nest_end(skb, tmdata);
7099 
7100 		if (err == -ENOBUFS || err == -ENOENT) {
7101 			genlmsg_cancel(skb, hdr);
7102 			break;
7103 		} else if (err) {
7104 			genlmsg_cancel(skb, hdr);
7105 			goto out_err;
7106 		}
7107 
7108 		genlmsg_end(skb, hdr);
7109 	}
7110 
7111 	err = skb->len;
7112 	/* see above */
7113 	cb->args[0] = phy_idx + 1;
7114  out_err:
7115 	rtnl_unlock();
7116 	return err;
7117 }
7118 #endif
7119 
7120 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7121 {
7122 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7123 	struct net_device *dev = info->user_ptr[1];
7124 	struct cfg80211_connect_params connect;
7125 	struct wiphy *wiphy;
7126 	struct cfg80211_cached_keys *connkeys = NULL;
7127 	int err;
7128 
7129 	memset(&connect, 0, sizeof(connect));
7130 
7131 	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7132 		return -EINVAL;
7133 
7134 	if (!info->attrs[NL80211_ATTR_SSID] ||
7135 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7136 		return -EINVAL;
7137 
7138 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7139 		connect.auth_type =
7140 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7141 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7142 					     NL80211_CMD_CONNECT))
7143 			return -EINVAL;
7144 	} else
7145 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7146 
7147 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7148 
7149 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7150 				      NL80211_MAX_NR_CIPHER_SUITES);
7151 	if (err)
7152 		return err;
7153 
7154 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7155 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7156 		return -EOPNOTSUPP;
7157 
7158 	wiphy = &rdev->wiphy;
7159 
7160 	connect.bg_scan_period = -1;
7161 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7162 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7163 		connect.bg_scan_period =
7164 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7165 	}
7166 
7167 	if (info->attrs[NL80211_ATTR_MAC])
7168 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7169 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
7170 		connect.bssid_hint =
7171 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7172 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7173 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7174 
7175 	if (info->attrs[NL80211_ATTR_IE]) {
7176 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7177 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7178 	}
7179 
7180 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7181 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7182 		if (connect.mfp != NL80211_MFP_REQUIRED &&
7183 		    connect.mfp != NL80211_MFP_NO)
7184 			return -EINVAL;
7185 	} else {
7186 		connect.mfp = NL80211_MFP_NO;
7187 	}
7188 
7189 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7190 		connect.channel = nl80211_get_valid_chan(
7191 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7192 		if (!connect.channel)
7193 			return -EINVAL;
7194 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7195 		connect.channel_hint = nl80211_get_valid_chan(
7196 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7197 		if (!connect.channel_hint)
7198 			return -EINVAL;
7199 	}
7200 
7201 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7202 		connkeys = nl80211_parse_connkeys(rdev,
7203 					  info->attrs[NL80211_ATTR_KEYS], NULL);
7204 		if (IS_ERR(connkeys))
7205 			return PTR_ERR(connkeys);
7206 	}
7207 
7208 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7209 		connect.flags |= ASSOC_REQ_DISABLE_HT;
7210 
7211 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7212 		memcpy(&connect.ht_capa_mask,
7213 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7214 		       sizeof(connect.ht_capa_mask));
7215 
7216 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7217 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7218 			kfree(connkeys);
7219 			return -EINVAL;
7220 		}
7221 		memcpy(&connect.ht_capa,
7222 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7223 		       sizeof(connect.ht_capa));
7224 	}
7225 
7226 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7227 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
7228 
7229 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7230 		memcpy(&connect.vht_capa_mask,
7231 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7232 		       sizeof(connect.vht_capa_mask));
7233 
7234 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7235 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7236 			kfree(connkeys);
7237 			return -EINVAL;
7238 		}
7239 		memcpy(&connect.vht_capa,
7240 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7241 		       sizeof(connect.vht_capa));
7242 	}
7243 
7244 	wdev_lock(dev->ieee80211_ptr);
7245 	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7246 	wdev_unlock(dev->ieee80211_ptr);
7247 	if (err)
7248 		kfree(connkeys);
7249 	return err;
7250 }
7251 
7252 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7253 {
7254 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7255 	struct net_device *dev = info->user_ptr[1];
7256 	u16 reason;
7257 	int ret;
7258 
7259 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7260 		reason = WLAN_REASON_DEAUTH_LEAVING;
7261 	else
7262 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7263 
7264 	if (reason == 0)
7265 		return -EINVAL;
7266 
7267 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7268 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7269 		return -EOPNOTSUPP;
7270 
7271 	wdev_lock(dev->ieee80211_ptr);
7272 	ret = cfg80211_disconnect(rdev, dev, reason, true);
7273 	wdev_unlock(dev->ieee80211_ptr);
7274 	return ret;
7275 }
7276 
7277 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7278 {
7279 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7280 	struct net *net;
7281 	int err;
7282 	u32 pid;
7283 
7284 	if (!info->attrs[NL80211_ATTR_PID])
7285 		return -EINVAL;
7286 
7287 	pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7288 
7289 	net = get_net_ns_by_pid(pid);
7290 	if (IS_ERR(net))
7291 		return PTR_ERR(net);
7292 
7293 	err = 0;
7294 
7295 	/* check if anything to do */
7296 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
7297 		err = cfg80211_switch_netns(rdev, net);
7298 
7299 	put_net(net);
7300 	return err;
7301 }
7302 
7303 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
7304 {
7305 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7306 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
7307 			struct cfg80211_pmksa *pmksa) = NULL;
7308 	struct net_device *dev = info->user_ptr[1];
7309 	struct cfg80211_pmksa pmksa;
7310 
7311 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
7312 
7313 	if (!info->attrs[NL80211_ATTR_MAC])
7314 		return -EINVAL;
7315 
7316 	if (!info->attrs[NL80211_ATTR_PMKID])
7317 		return -EINVAL;
7318 
7319 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
7320 	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7321 
7322 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7323 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7324 		return -EOPNOTSUPP;
7325 
7326 	switch (info->genlhdr->cmd) {
7327 	case NL80211_CMD_SET_PMKSA:
7328 		rdev_ops = rdev->ops->set_pmksa;
7329 		break;
7330 	case NL80211_CMD_DEL_PMKSA:
7331 		rdev_ops = rdev->ops->del_pmksa;
7332 		break;
7333 	default:
7334 		WARN_ON(1);
7335 		break;
7336 	}
7337 
7338 	if (!rdev_ops)
7339 		return -EOPNOTSUPP;
7340 
7341 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
7342 }
7343 
7344 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
7345 {
7346 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7347 	struct net_device *dev = info->user_ptr[1];
7348 
7349 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7350 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7351 		return -EOPNOTSUPP;
7352 
7353 	if (!rdev->ops->flush_pmksa)
7354 		return -EOPNOTSUPP;
7355 
7356 	return rdev_flush_pmksa(rdev, dev);
7357 }
7358 
7359 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
7360 {
7361 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7362 	struct net_device *dev = info->user_ptr[1];
7363 	u8 action_code, dialog_token;
7364 	u32 peer_capability = 0;
7365 	u16 status_code;
7366 	u8 *peer;
7367 
7368 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7369 	    !rdev->ops->tdls_mgmt)
7370 		return -EOPNOTSUPP;
7371 
7372 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
7373 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
7374 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
7375 	    !info->attrs[NL80211_ATTR_IE] ||
7376 	    !info->attrs[NL80211_ATTR_MAC])
7377 		return -EINVAL;
7378 
7379 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7380 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
7381 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
7382 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
7383 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
7384 		peer_capability =
7385 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
7386 
7387 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
7388 			      dialog_token, status_code, peer_capability,
7389 			      nla_data(info->attrs[NL80211_ATTR_IE]),
7390 			      nla_len(info->attrs[NL80211_ATTR_IE]));
7391 }
7392 
7393 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
7394 {
7395 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7396 	struct net_device *dev = info->user_ptr[1];
7397 	enum nl80211_tdls_operation operation;
7398 	u8 *peer;
7399 
7400 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7401 	    !rdev->ops->tdls_oper)
7402 		return -EOPNOTSUPP;
7403 
7404 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
7405 	    !info->attrs[NL80211_ATTR_MAC])
7406 		return -EINVAL;
7407 
7408 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
7409 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7410 
7411 	return rdev_tdls_oper(rdev, dev, peer, operation);
7412 }
7413 
7414 static int nl80211_remain_on_channel(struct sk_buff *skb,
7415 				     struct genl_info *info)
7416 {
7417 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7418 	struct wireless_dev *wdev = info->user_ptr[1];
7419 	struct cfg80211_chan_def chandef;
7420 	struct sk_buff *msg;
7421 	void *hdr;
7422 	u64 cookie;
7423 	u32 duration;
7424 	int err;
7425 
7426 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7427 	    !info->attrs[NL80211_ATTR_DURATION])
7428 		return -EINVAL;
7429 
7430 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7431 
7432 	if (!rdev->ops->remain_on_channel ||
7433 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
7434 		return -EOPNOTSUPP;
7435 
7436 	/*
7437 	 * We should be on that channel for at least a minimum amount of
7438 	 * time (10ms) but no longer than the driver supports.
7439 	 */
7440 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7441 	    duration > rdev->wiphy.max_remain_on_channel_duration)
7442 		return -EINVAL;
7443 
7444 	err = nl80211_parse_chandef(rdev, info, &chandef);
7445 	if (err)
7446 		return err;
7447 
7448 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7449 	if (!msg)
7450 		return -ENOMEM;
7451 
7452 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7453 			     NL80211_CMD_REMAIN_ON_CHANNEL);
7454 	if (!hdr) {
7455 		err = -ENOBUFS;
7456 		goto free_msg;
7457 	}
7458 
7459 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
7460 				     duration, &cookie);
7461 
7462 	if (err)
7463 		goto free_msg;
7464 
7465 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7466 		goto nla_put_failure;
7467 
7468 	genlmsg_end(msg, hdr);
7469 
7470 	return genlmsg_reply(msg, info);
7471 
7472  nla_put_failure:
7473 	err = -ENOBUFS;
7474  free_msg:
7475 	nlmsg_free(msg);
7476 	return err;
7477 }
7478 
7479 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
7480 					    struct genl_info *info)
7481 {
7482 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7483 	struct wireless_dev *wdev = info->user_ptr[1];
7484 	u64 cookie;
7485 
7486 	if (!info->attrs[NL80211_ATTR_COOKIE])
7487 		return -EINVAL;
7488 
7489 	if (!rdev->ops->cancel_remain_on_channel)
7490 		return -EOPNOTSUPP;
7491 
7492 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7493 
7494 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
7495 }
7496 
7497 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
7498 			   u8 *rates, u8 rates_len)
7499 {
7500 	u8 i;
7501 	u32 mask = 0;
7502 
7503 	for (i = 0; i < rates_len; i++) {
7504 		int rate = (rates[i] & 0x7f) * 5;
7505 		int ridx;
7506 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
7507 			struct ieee80211_rate *srate =
7508 				&sband->bitrates[ridx];
7509 			if (rate == srate->bitrate) {
7510 				mask |= 1 << ridx;
7511 				break;
7512 			}
7513 		}
7514 		if (ridx == sband->n_bitrates)
7515 			return 0; /* rate not found */
7516 	}
7517 
7518 	return mask;
7519 }
7520 
7521 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
7522 			       u8 *rates, u8 rates_len,
7523 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
7524 {
7525 	u8 i;
7526 
7527 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
7528 
7529 	for (i = 0; i < rates_len; i++) {
7530 		int ridx, rbit;
7531 
7532 		ridx = rates[i] / 8;
7533 		rbit = BIT(rates[i] % 8);
7534 
7535 		/* check validity */
7536 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
7537 			return false;
7538 
7539 		/* check availability */
7540 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
7541 			mcs[ridx] |= rbit;
7542 		else
7543 			return false;
7544 	}
7545 
7546 	return true;
7547 }
7548 
7549 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
7550 {
7551 	u16 mcs_mask = 0;
7552 
7553 	switch (vht_mcs_map) {
7554 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
7555 		break;
7556 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
7557 		mcs_mask = 0x00FF;
7558 		break;
7559 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
7560 		mcs_mask = 0x01FF;
7561 		break;
7562 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
7563 		mcs_mask = 0x03FF;
7564 		break;
7565 	default:
7566 		break;
7567 	}
7568 
7569 	return mcs_mask;
7570 }
7571 
7572 static void vht_build_mcs_mask(u16 vht_mcs_map,
7573 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
7574 {
7575 	u8 nss;
7576 
7577 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
7578 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
7579 		vht_mcs_map >>= 2;
7580 	}
7581 }
7582 
7583 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
7584 			     struct nl80211_txrate_vht *txrate,
7585 			     u16 mcs[NL80211_VHT_NSS_MAX])
7586 {
7587 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7588 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
7589 	u8 i;
7590 
7591 	if (!sband->vht_cap.vht_supported)
7592 		return false;
7593 
7594 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
7595 
7596 	/* Build vht_mcs_mask from VHT capabilities */
7597 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
7598 
7599 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
7600 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
7601 			mcs[i] = txrate->mcs[i];
7602 		else
7603 			return false;
7604 	}
7605 
7606 	return true;
7607 }
7608 
7609 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
7610 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
7611 				    .len = NL80211_MAX_SUPP_RATES },
7612 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
7613 				.len = NL80211_MAX_SUPP_HT_RATES },
7614 	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
7615 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
7616 };
7617 
7618 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
7619 				       struct genl_info *info)
7620 {
7621 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
7622 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7623 	struct cfg80211_bitrate_mask mask;
7624 	int rem, i;
7625 	struct net_device *dev = info->user_ptr[1];
7626 	struct nlattr *tx_rates;
7627 	struct ieee80211_supported_band *sband;
7628 	u16 vht_tx_mcs_map;
7629 
7630 	if (!rdev->ops->set_bitrate_mask)
7631 		return -EOPNOTSUPP;
7632 
7633 	memset(&mask, 0, sizeof(mask));
7634 	/* Default to all rates enabled */
7635 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
7636 		sband = rdev->wiphy.bands[i];
7637 
7638 		if (!sband)
7639 			continue;
7640 
7641 		mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
7642 		memcpy(mask.control[i].ht_mcs,
7643 		       sband->ht_cap.mcs.rx_mask,
7644 		       sizeof(mask.control[i].ht_mcs));
7645 
7646 		if (!sband->vht_cap.vht_supported)
7647 			continue;
7648 
7649 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
7650 		vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
7651 	}
7652 
7653 	/* if no rates are given set it back to the defaults */
7654 	if (!info->attrs[NL80211_ATTR_TX_RATES])
7655 		goto out;
7656 
7657 	/*
7658 	 * The nested attribute uses enum nl80211_band as the index. This maps
7659 	 * directly to the enum ieee80211_band values used in cfg80211.
7660 	 */
7661 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
7662 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
7663 		enum ieee80211_band band = nla_type(tx_rates);
7664 		int err;
7665 
7666 		if (band < 0 || band >= IEEE80211_NUM_BANDS)
7667 			return -EINVAL;
7668 		sband = rdev->wiphy.bands[band];
7669 		if (sband == NULL)
7670 			return -EINVAL;
7671 		err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
7672 				nla_len(tx_rates), nl80211_txattr_policy);
7673 		if (err)
7674 			return err;
7675 		if (tb[NL80211_TXRATE_LEGACY]) {
7676 			mask.control[band].legacy = rateset_to_mask(
7677 				sband,
7678 				nla_data(tb[NL80211_TXRATE_LEGACY]),
7679 				nla_len(tb[NL80211_TXRATE_LEGACY]));
7680 			if ((mask.control[band].legacy == 0) &&
7681 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
7682 				return -EINVAL;
7683 		}
7684 		if (tb[NL80211_TXRATE_HT]) {
7685 			if (!ht_rateset_to_mask(
7686 					sband,
7687 					nla_data(tb[NL80211_TXRATE_HT]),
7688 					nla_len(tb[NL80211_TXRATE_HT]),
7689 					mask.control[band].ht_mcs))
7690 				return -EINVAL;
7691 		}
7692 		if (tb[NL80211_TXRATE_VHT]) {
7693 			if (!vht_set_mcs_mask(
7694 					sband,
7695 					nla_data(tb[NL80211_TXRATE_VHT]),
7696 					mask.control[band].vht_mcs))
7697 				return -EINVAL;
7698 		}
7699 		if (tb[NL80211_TXRATE_GI]) {
7700 			mask.control[band].gi =
7701 				nla_get_u8(tb[NL80211_TXRATE_GI]);
7702 			if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
7703 				return -EINVAL;
7704 		}
7705 
7706 		if (mask.control[band].legacy == 0) {
7707 			/* don't allow empty legacy rates if HT or VHT
7708 			 * are not even supported.
7709 			 */
7710 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
7711 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
7712 				return -EINVAL;
7713 
7714 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
7715 				if (mask.control[band].ht_mcs[i])
7716 					goto out;
7717 
7718 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
7719 				if (mask.control[band].vht_mcs[i])
7720 					goto out;
7721 
7722 			/* legacy and mcs rates may not be both empty */
7723 			return -EINVAL;
7724 		}
7725 	}
7726 
7727 out:
7728 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
7729 }
7730 
7731 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
7732 {
7733 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7734 	struct wireless_dev *wdev = info->user_ptr[1];
7735 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
7736 
7737 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
7738 		return -EINVAL;
7739 
7740 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
7741 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
7742 
7743 	switch (wdev->iftype) {
7744 	case NL80211_IFTYPE_STATION:
7745 	case NL80211_IFTYPE_ADHOC:
7746 	case NL80211_IFTYPE_P2P_CLIENT:
7747 	case NL80211_IFTYPE_AP:
7748 	case NL80211_IFTYPE_AP_VLAN:
7749 	case NL80211_IFTYPE_MESH_POINT:
7750 	case NL80211_IFTYPE_P2P_GO:
7751 	case NL80211_IFTYPE_P2P_DEVICE:
7752 		break;
7753 	default:
7754 		return -EOPNOTSUPP;
7755 	}
7756 
7757 	/* not much point in registering if we can't reply */
7758 	if (!rdev->ops->mgmt_tx)
7759 		return -EOPNOTSUPP;
7760 
7761 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
7762 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
7763 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
7764 }
7765 
7766 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
7767 {
7768 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7769 	struct wireless_dev *wdev = info->user_ptr[1];
7770 	struct cfg80211_chan_def chandef;
7771 	int err;
7772 	void *hdr = NULL;
7773 	u64 cookie;
7774 	struct sk_buff *msg = NULL;
7775 	struct cfg80211_mgmt_tx_params params = {
7776 		.dont_wait_for_ack =
7777 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
7778 	};
7779 
7780 	if (!info->attrs[NL80211_ATTR_FRAME])
7781 		return -EINVAL;
7782 
7783 	if (!rdev->ops->mgmt_tx)
7784 		return -EOPNOTSUPP;
7785 
7786 	switch (wdev->iftype) {
7787 	case NL80211_IFTYPE_P2P_DEVICE:
7788 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
7789 			return -EINVAL;
7790 	case NL80211_IFTYPE_STATION:
7791 	case NL80211_IFTYPE_ADHOC:
7792 	case NL80211_IFTYPE_P2P_CLIENT:
7793 	case NL80211_IFTYPE_AP:
7794 	case NL80211_IFTYPE_AP_VLAN:
7795 	case NL80211_IFTYPE_MESH_POINT:
7796 	case NL80211_IFTYPE_P2P_GO:
7797 		break;
7798 	default:
7799 		return -EOPNOTSUPP;
7800 	}
7801 
7802 	if (info->attrs[NL80211_ATTR_DURATION]) {
7803 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7804 			return -EINVAL;
7805 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7806 
7807 		/*
7808 		 * We should wait on the channel for at least a minimum amount
7809 		 * of time (10ms) but no longer than the driver supports.
7810 		 */
7811 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7812 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
7813 			return -EINVAL;
7814 
7815 	}
7816 
7817 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
7818 
7819 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
7820 		return -EINVAL;
7821 
7822 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7823 
7824 	/* get the channel if any has been specified, otherwise pass NULL to
7825 	 * the driver. The latter will use the current one
7826 	 */
7827 	chandef.chan = NULL;
7828 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7829 		err = nl80211_parse_chandef(rdev, info, &chandef);
7830 		if (err)
7831 			return err;
7832 	}
7833 
7834 	if (!chandef.chan && params.offchan)
7835 		return -EINVAL;
7836 
7837 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
7838 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
7839 
7840 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
7841 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
7842 		int i;
7843 
7844 		if (len % sizeof(u16))
7845 			return -EINVAL;
7846 
7847 		params.n_csa_offsets = len / sizeof(u16);
7848 		params.csa_offsets =
7849 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
7850 
7851 		/* check that all the offsets fit the frame */
7852 		for (i = 0; i < params.n_csa_offsets; i++) {
7853 			if (params.csa_offsets[i] >= params.len)
7854 				return -EINVAL;
7855 		}
7856 	}
7857 
7858 	if (!params.dont_wait_for_ack) {
7859 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7860 		if (!msg)
7861 			return -ENOMEM;
7862 
7863 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7864 				     NL80211_CMD_FRAME);
7865 		if (!hdr) {
7866 			err = -ENOBUFS;
7867 			goto free_msg;
7868 		}
7869 	}
7870 
7871 	params.chan = chandef.chan;
7872 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
7873 	if (err)
7874 		goto free_msg;
7875 
7876 	if (msg) {
7877 		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
7878 			goto nla_put_failure;
7879 
7880 		genlmsg_end(msg, hdr);
7881 		return genlmsg_reply(msg, info);
7882 	}
7883 
7884 	return 0;
7885 
7886  nla_put_failure:
7887 	err = -ENOBUFS;
7888  free_msg:
7889 	nlmsg_free(msg);
7890 	return err;
7891 }
7892 
7893 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
7894 {
7895 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7896 	struct wireless_dev *wdev = info->user_ptr[1];
7897 	u64 cookie;
7898 
7899 	if (!info->attrs[NL80211_ATTR_COOKIE])
7900 		return -EINVAL;
7901 
7902 	if (!rdev->ops->mgmt_tx_cancel_wait)
7903 		return -EOPNOTSUPP;
7904 
7905 	switch (wdev->iftype) {
7906 	case NL80211_IFTYPE_STATION:
7907 	case NL80211_IFTYPE_ADHOC:
7908 	case NL80211_IFTYPE_P2P_CLIENT:
7909 	case NL80211_IFTYPE_AP:
7910 	case NL80211_IFTYPE_AP_VLAN:
7911 	case NL80211_IFTYPE_P2P_GO:
7912 	case NL80211_IFTYPE_P2P_DEVICE:
7913 		break;
7914 	default:
7915 		return -EOPNOTSUPP;
7916 	}
7917 
7918 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
7919 
7920 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
7921 }
7922 
7923 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
7924 {
7925 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7926 	struct wireless_dev *wdev;
7927 	struct net_device *dev = info->user_ptr[1];
7928 	u8 ps_state;
7929 	bool state;
7930 	int err;
7931 
7932 	if (!info->attrs[NL80211_ATTR_PS_STATE])
7933 		return -EINVAL;
7934 
7935 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
7936 
7937 	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
7938 		return -EINVAL;
7939 
7940 	wdev = dev->ieee80211_ptr;
7941 
7942 	if (!rdev->ops->set_power_mgmt)
7943 		return -EOPNOTSUPP;
7944 
7945 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
7946 
7947 	if (state == wdev->ps)
7948 		return 0;
7949 
7950 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
7951 	if (!err)
7952 		wdev->ps = state;
7953 	return err;
7954 }
7955 
7956 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
7957 {
7958 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7959 	enum nl80211_ps_state ps_state;
7960 	struct wireless_dev *wdev;
7961 	struct net_device *dev = info->user_ptr[1];
7962 	struct sk_buff *msg;
7963 	void *hdr;
7964 	int err;
7965 
7966 	wdev = dev->ieee80211_ptr;
7967 
7968 	if (!rdev->ops->set_power_mgmt)
7969 		return -EOPNOTSUPP;
7970 
7971 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7972 	if (!msg)
7973 		return -ENOMEM;
7974 
7975 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7976 			     NL80211_CMD_GET_POWER_SAVE);
7977 	if (!hdr) {
7978 		err = -ENOBUFS;
7979 		goto free_msg;
7980 	}
7981 
7982 	if (wdev->ps)
7983 		ps_state = NL80211_PS_ENABLED;
7984 	else
7985 		ps_state = NL80211_PS_DISABLED;
7986 
7987 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
7988 		goto nla_put_failure;
7989 
7990 	genlmsg_end(msg, hdr);
7991 	return genlmsg_reply(msg, info);
7992 
7993  nla_put_failure:
7994 	err = -ENOBUFS;
7995  free_msg:
7996 	nlmsg_free(msg);
7997 	return err;
7998 }
7999 
8000 static const struct nla_policy
8001 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
8002 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
8003 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
8004 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
8005 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
8006 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
8007 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
8008 };
8009 
8010 static int nl80211_set_cqm_txe(struct genl_info *info,
8011 			       u32 rate, u32 pkts, u32 intvl)
8012 {
8013 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8014 	struct net_device *dev = info->user_ptr[1];
8015 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8016 
8017 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
8018 		return -EINVAL;
8019 
8020 	if (!rdev->ops->set_cqm_txe_config)
8021 		return -EOPNOTSUPP;
8022 
8023 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8024 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8025 		return -EOPNOTSUPP;
8026 
8027 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
8028 }
8029 
8030 static int nl80211_set_cqm_rssi(struct genl_info *info,
8031 				s32 threshold, u32 hysteresis)
8032 {
8033 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8034 	struct net_device *dev = info->user_ptr[1];
8035 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8036 
8037 	if (threshold > 0)
8038 		return -EINVAL;
8039 
8040 	/* disabling - hysteresis should also be zero then */
8041 	if (threshold == 0)
8042 		hysteresis = 0;
8043 
8044 	if (!rdev->ops->set_cqm_rssi_config)
8045 		return -EOPNOTSUPP;
8046 
8047 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8048 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8049 		return -EOPNOTSUPP;
8050 
8051 	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
8052 }
8053 
8054 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
8055 {
8056 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
8057 	struct nlattr *cqm;
8058 	int err;
8059 
8060 	cqm = info->attrs[NL80211_ATTR_CQM];
8061 	if (!cqm)
8062 		return -EINVAL;
8063 
8064 	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
8065 			       nl80211_attr_cqm_policy);
8066 	if (err)
8067 		return err;
8068 
8069 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
8070 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
8071 		s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
8072 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
8073 
8074 		return nl80211_set_cqm_rssi(info, threshold, hysteresis);
8075 	}
8076 
8077 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
8078 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
8079 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
8080 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
8081 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
8082 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
8083 
8084 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
8085 	}
8086 
8087 	return -EINVAL;
8088 }
8089 
8090 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
8091 {
8092 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8093 	struct net_device *dev = info->user_ptr[1];
8094 	struct mesh_config cfg;
8095 	struct mesh_setup setup;
8096 	int err;
8097 
8098 	/* start with default */
8099 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8100 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
8101 
8102 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8103 		/* and parse parameters if given */
8104 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
8105 		if (err)
8106 			return err;
8107 	}
8108 
8109 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
8110 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
8111 		return -EINVAL;
8112 
8113 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
8114 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
8115 
8116 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8117 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
8118 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8119 			return -EINVAL;
8120 
8121 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8122 		setup.beacon_interval =
8123 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8124 		if (setup.beacon_interval < 10 ||
8125 		    setup.beacon_interval > 10000)
8126 			return -EINVAL;
8127 	}
8128 
8129 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8130 		setup.dtim_period =
8131 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8132 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
8133 			return -EINVAL;
8134 	}
8135 
8136 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8137 		/* parse additional setup parameters if given */
8138 		err = nl80211_parse_mesh_setup(info, &setup);
8139 		if (err)
8140 			return err;
8141 	}
8142 
8143 	if (setup.user_mpm)
8144 		cfg.auto_open_plinks = false;
8145 
8146 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8147 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8148 		if (err)
8149 			return err;
8150 	} else {
8151 		/* cfg80211_join_mesh() will sort it out */
8152 		setup.chandef.chan = NULL;
8153 	}
8154 
8155 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8156 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8157 		int n_rates =
8158 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8159 		struct ieee80211_supported_band *sband;
8160 
8161 		if (!setup.chandef.chan)
8162 			return -EINVAL;
8163 
8164 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
8165 
8166 		err = ieee80211_get_ratemask(sband, rates, n_rates,
8167 					     &setup.basic_rates);
8168 		if (err)
8169 			return err;
8170 	}
8171 
8172 	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8173 }
8174 
8175 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8176 {
8177 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8178 	struct net_device *dev = info->user_ptr[1];
8179 
8180 	return cfg80211_leave_mesh(rdev, dev);
8181 }
8182 
8183 #ifdef CONFIG_PM
8184 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8185 					struct cfg80211_registered_device *rdev)
8186 {
8187 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8188 	struct nlattr *nl_pats, *nl_pat;
8189 	int i, pat_len;
8190 
8191 	if (!wowlan->n_patterns)
8192 		return 0;
8193 
8194 	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8195 	if (!nl_pats)
8196 		return -ENOBUFS;
8197 
8198 	for (i = 0; i < wowlan->n_patterns; i++) {
8199 		nl_pat = nla_nest_start(msg, i + 1);
8200 		if (!nl_pat)
8201 			return -ENOBUFS;
8202 		pat_len = wowlan->patterns[i].pattern_len;
8203 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8204 			    wowlan->patterns[i].mask) ||
8205 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8206 			    wowlan->patterns[i].pattern) ||
8207 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8208 				wowlan->patterns[i].pkt_offset))
8209 			return -ENOBUFS;
8210 		nla_nest_end(msg, nl_pat);
8211 	}
8212 	nla_nest_end(msg, nl_pats);
8213 
8214 	return 0;
8215 }
8216 
8217 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
8218 				   struct cfg80211_wowlan_tcp *tcp)
8219 {
8220 	struct nlattr *nl_tcp;
8221 
8222 	if (!tcp)
8223 		return 0;
8224 
8225 	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
8226 	if (!nl_tcp)
8227 		return -ENOBUFS;
8228 
8229 	if (nla_put_be32(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
8230 	    nla_put_be32(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
8231 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
8232 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
8233 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
8234 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
8235 		    tcp->payload_len, tcp->payload) ||
8236 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
8237 			tcp->data_interval) ||
8238 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
8239 		    tcp->wake_len, tcp->wake_data) ||
8240 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
8241 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
8242 		return -ENOBUFS;
8243 
8244 	if (tcp->payload_seq.len &&
8245 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
8246 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
8247 		return -ENOBUFS;
8248 
8249 	if (tcp->payload_tok.len &&
8250 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
8251 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
8252 		    &tcp->payload_tok))
8253 		return -ENOBUFS;
8254 
8255 	nla_nest_end(msg, nl_tcp);
8256 
8257 	return 0;
8258 }
8259 
8260 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
8261 {
8262 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8263 	struct sk_buff *msg;
8264 	void *hdr;
8265 	u32 size = NLMSG_DEFAULT_SIZE;
8266 
8267 	if (!rdev->wiphy.wowlan)
8268 		return -EOPNOTSUPP;
8269 
8270 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
8271 		/* adjust size to have room for all the data */
8272 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
8273 			rdev->wiphy.wowlan_config->tcp->payload_len +
8274 			rdev->wiphy.wowlan_config->tcp->wake_len +
8275 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
8276 	}
8277 
8278 	msg = nlmsg_new(size, GFP_KERNEL);
8279 	if (!msg)
8280 		return -ENOMEM;
8281 
8282 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8283 			     NL80211_CMD_GET_WOWLAN);
8284 	if (!hdr)
8285 		goto nla_put_failure;
8286 
8287 	if (rdev->wiphy.wowlan_config) {
8288 		struct nlattr *nl_wowlan;
8289 
8290 		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
8291 		if (!nl_wowlan)
8292 			goto nla_put_failure;
8293 
8294 		if ((rdev->wiphy.wowlan_config->any &&
8295 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
8296 		    (rdev->wiphy.wowlan_config->disconnect &&
8297 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
8298 		    (rdev->wiphy.wowlan_config->magic_pkt &&
8299 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
8300 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
8301 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
8302 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
8303 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
8304 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
8305 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
8306 		    (rdev->wiphy.wowlan_config->rfkill_release &&
8307 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
8308 			goto nla_put_failure;
8309 
8310 		if (nl80211_send_wowlan_patterns(msg, rdev))
8311 			goto nla_put_failure;
8312 
8313 		if (nl80211_send_wowlan_tcp(msg,
8314 					    rdev->wiphy.wowlan_config->tcp))
8315 			goto nla_put_failure;
8316 
8317 		nla_nest_end(msg, nl_wowlan);
8318 	}
8319 
8320 	genlmsg_end(msg, hdr);
8321 	return genlmsg_reply(msg, info);
8322 
8323 nla_put_failure:
8324 	nlmsg_free(msg);
8325 	return -ENOBUFS;
8326 }
8327 
8328 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
8329 				    struct nlattr *attr,
8330 				    struct cfg80211_wowlan *trig)
8331 {
8332 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
8333 	struct cfg80211_wowlan_tcp *cfg;
8334 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
8335 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
8336 	u32 size;
8337 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
8338 	int err, port;
8339 
8340 	if (!rdev->wiphy.wowlan->tcp)
8341 		return -EINVAL;
8342 
8343 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
8344 			nla_data(attr), nla_len(attr),
8345 			nl80211_wowlan_tcp_policy);
8346 	if (err)
8347 		return err;
8348 
8349 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
8350 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
8351 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
8352 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
8353 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
8354 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
8355 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
8356 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
8357 		return -EINVAL;
8358 
8359 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
8360 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
8361 		return -EINVAL;
8362 
8363 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
8364 			rdev->wiphy.wowlan->tcp->data_interval_max ||
8365 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
8366 		return -EINVAL;
8367 
8368 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
8369 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
8370 		return -EINVAL;
8371 
8372 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
8373 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
8374 		return -EINVAL;
8375 
8376 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
8377 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8378 
8379 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8380 		tokens_size = tokln - sizeof(*tok);
8381 
8382 		if (!tok->len || tokens_size % tok->len)
8383 			return -EINVAL;
8384 		if (!rdev->wiphy.wowlan->tcp->tok)
8385 			return -EINVAL;
8386 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
8387 			return -EINVAL;
8388 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
8389 			return -EINVAL;
8390 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
8391 			return -EINVAL;
8392 		if (tok->offset + tok->len > data_size)
8393 			return -EINVAL;
8394 	}
8395 
8396 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
8397 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
8398 		if (!rdev->wiphy.wowlan->tcp->seq)
8399 			return -EINVAL;
8400 		if (seq->len == 0 || seq->len > 4)
8401 			return -EINVAL;
8402 		if (seq->len + seq->offset > data_size)
8403 			return -EINVAL;
8404 	}
8405 
8406 	size = sizeof(*cfg);
8407 	size += data_size;
8408 	size += wake_size + wake_mask_size;
8409 	size += tokens_size;
8410 
8411 	cfg = kzalloc(size, GFP_KERNEL);
8412 	if (!cfg)
8413 		return -ENOMEM;
8414 	cfg->src = nla_get_be32(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
8415 	cfg->dst = nla_get_be32(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
8416 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
8417 	       ETH_ALEN);
8418 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
8419 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
8420 	else
8421 		port = 0;
8422 #ifdef CONFIG_INET
8423 	/* allocate a socket and port for it and use it */
8424 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
8425 			    IPPROTO_TCP, &cfg->sock, 1);
8426 	if (err) {
8427 		kfree(cfg);
8428 		return err;
8429 	}
8430 	if (inet_csk_get_port(cfg->sock->sk, port)) {
8431 		sock_release(cfg->sock);
8432 		kfree(cfg);
8433 		return -EADDRINUSE;
8434 	}
8435 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
8436 #else
8437 	if (!port) {
8438 		kfree(cfg);
8439 		return -EINVAL;
8440 	}
8441 	cfg->src_port = port;
8442 #endif
8443 
8444 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
8445 	cfg->payload_len = data_size;
8446 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
8447 	memcpy((void *)cfg->payload,
8448 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
8449 	       data_size);
8450 	if (seq)
8451 		cfg->payload_seq = *seq;
8452 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
8453 	cfg->wake_len = wake_size;
8454 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
8455 	memcpy((void *)cfg->wake_data,
8456 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
8457 	       wake_size);
8458 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
8459 			 data_size + wake_size;
8460 	memcpy((void *)cfg->wake_mask,
8461 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
8462 	       wake_mask_size);
8463 	if (tok) {
8464 		cfg->tokens_size = tokens_size;
8465 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
8466 	}
8467 
8468 	trig->tcp = cfg;
8469 
8470 	return 0;
8471 }
8472 
8473 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
8474 {
8475 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8476 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
8477 	struct cfg80211_wowlan new_triggers = {};
8478 	struct cfg80211_wowlan *ntrig;
8479 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
8480 	int err, i;
8481 	bool prev_enabled = rdev->wiphy.wowlan_config;
8482 
8483 	if (!wowlan)
8484 		return -EOPNOTSUPP;
8485 
8486 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
8487 		cfg80211_rdev_free_wowlan(rdev);
8488 		rdev->wiphy.wowlan_config = NULL;
8489 		goto set_wakeup;
8490 	}
8491 
8492 	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
8493 			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8494 			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
8495 			nl80211_wowlan_policy);
8496 	if (err)
8497 		return err;
8498 
8499 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
8500 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
8501 			return -EINVAL;
8502 		new_triggers.any = true;
8503 	}
8504 
8505 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
8506 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
8507 			return -EINVAL;
8508 		new_triggers.disconnect = true;
8509 	}
8510 
8511 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
8512 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
8513 			return -EINVAL;
8514 		new_triggers.magic_pkt = true;
8515 	}
8516 
8517 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
8518 		return -EINVAL;
8519 
8520 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
8521 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
8522 			return -EINVAL;
8523 		new_triggers.gtk_rekey_failure = true;
8524 	}
8525 
8526 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
8527 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
8528 			return -EINVAL;
8529 		new_triggers.eap_identity_req = true;
8530 	}
8531 
8532 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
8533 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
8534 			return -EINVAL;
8535 		new_triggers.four_way_handshake = true;
8536 	}
8537 
8538 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
8539 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
8540 			return -EINVAL;
8541 		new_triggers.rfkill_release = true;
8542 	}
8543 
8544 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
8545 		struct nlattr *pat;
8546 		int n_patterns = 0;
8547 		int rem, pat_len, mask_len, pkt_offset;
8548 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8549 
8550 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8551 				    rem)
8552 			n_patterns++;
8553 		if (n_patterns > wowlan->n_patterns)
8554 			return -EINVAL;
8555 
8556 		new_triggers.patterns = kcalloc(n_patterns,
8557 						sizeof(new_triggers.patterns[0]),
8558 						GFP_KERNEL);
8559 		if (!new_triggers.patterns)
8560 			return -ENOMEM;
8561 
8562 		new_triggers.n_patterns = n_patterns;
8563 		i = 0;
8564 
8565 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
8566 				    rem) {
8567 			u8 *mask_pat;
8568 
8569 			nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8570 				  nla_len(pat), NULL);
8571 			err = -EINVAL;
8572 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
8573 			    !pat_tb[NL80211_PKTPAT_PATTERN])
8574 				goto error;
8575 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8576 			mask_len = DIV_ROUND_UP(pat_len, 8);
8577 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8578 				goto error;
8579 			if (pat_len > wowlan->pattern_max_len ||
8580 			    pat_len < wowlan->pattern_min_len)
8581 				goto error;
8582 
8583 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
8584 				pkt_offset = 0;
8585 			else
8586 				pkt_offset = nla_get_u32(
8587 					pat_tb[NL80211_PKTPAT_OFFSET]);
8588 			if (pkt_offset > wowlan->max_pkt_offset)
8589 				goto error;
8590 			new_triggers.patterns[i].pkt_offset = pkt_offset;
8591 
8592 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
8593 			if (!mask_pat) {
8594 				err = -ENOMEM;
8595 				goto error;
8596 			}
8597 			new_triggers.patterns[i].mask = mask_pat;
8598 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8599 			       mask_len);
8600 			mask_pat += mask_len;
8601 			new_triggers.patterns[i].pattern = mask_pat;
8602 			new_triggers.patterns[i].pattern_len = pat_len;
8603 			memcpy(mask_pat,
8604 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8605 			       pat_len);
8606 			i++;
8607 		}
8608 	}
8609 
8610 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
8611 		err = nl80211_parse_wowlan_tcp(
8612 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
8613 			&new_triggers);
8614 		if (err)
8615 			goto error;
8616 	}
8617 
8618 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
8619 	if (!ntrig) {
8620 		err = -ENOMEM;
8621 		goto error;
8622 	}
8623 	cfg80211_rdev_free_wowlan(rdev);
8624 	rdev->wiphy.wowlan_config = ntrig;
8625 
8626  set_wakeup:
8627 	if (rdev->ops->set_wakeup &&
8628 	    prev_enabled != !!rdev->wiphy.wowlan_config)
8629 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
8630 
8631 	return 0;
8632  error:
8633 	for (i = 0; i < new_triggers.n_patterns; i++)
8634 		kfree(new_triggers.patterns[i].mask);
8635 	kfree(new_triggers.patterns);
8636 	if (new_triggers.tcp && new_triggers.tcp->sock)
8637 		sock_release(new_triggers.tcp->sock);
8638 	kfree(new_triggers.tcp);
8639 	return err;
8640 }
8641 #endif
8642 
8643 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
8644 				       struct cfg80211_registered_device *rdev)
8645 {
8646 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
8647 	int i, j, pat_len;
8648 	struct cfg80211_coalesce_rules *rule;
8649 
8650 	if (!rdev->coalesce->n_rules)
8651 		return 0;
8652 
8653 	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
8654 	if (!nl_rules)
8655 		return -ENOBUFS;
8656 
8657 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
8658 		nl_rule = nla_nest_start(msg, i + 1);
8659 		if (!nl_rule)
8660 			return -ENOBUFS;
8661 
8662 		rule = &rdev->coalesce->rules[i];
8663 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
8664 				rule->delay))
8665 			return -ENOBUFS;
8666 
8667 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
8668 				rule->condition))
8669 			return -ENOBUFS;
8670 
8671 		nl_pats = nla_nest_start(msg,
8672 				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
8673 		if (!nl_pats)
8674 			return -ENOBUFS;
8675 
8676 		for (j = 0; j < rule->n_patterns; j++) {
8677 			nl_pat = nla_nest_start(msg, j + 1);
8678 			if (!nl_pat)
8679 				return -ENOBUFS;
8680 			pat_len = rule->patterns[j].pattern_len;
8681 			if (nla_put(msg, NL80211_PKTPAT_MASK,
8682 				    DIV_ROUND_UP(pat_len, 8),
8683 				    rule->patterns[j].mask) ||
8684 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8685 				    rule->patterns[j].pattern) ||
8686 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8687 					rule->patterns[j].pkt_offset))
8688 				return -ENOBUFS;
8689 			nla_nest_end(msg, nl_pat);
8690 		}
8691 		nla_nest_end(msg, nl_pats);
8692 		nla_nest_end(msg, nl_rule);
8693 	}
8694 	nla_nest_end(msg, nl_rules);
8695 
8696 	return 0;
8697 }
8698 
8699 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
8700 {
8701 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8702 	struct sk_buff *msg;
8703 	void *hdr;
8704 
8705 	if (!rdev->wiphy.coalesce)
8706 		return -EOPNOTSUPP;
8707 
8708 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8709 	if (!msg)
8710 		return -ENOMEM;
8711 
8712 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8713 			     NL80211_CMD_GET_COALESCE);
8714 	if (!hdr)
8715 		goto nla_put_failure;
8716 
8717 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
8718 		goto nla_put_failure;
8719 
8720 	genlmsg_end(msg, hdr);
8721 	return genlmsg_reply(msg, info);
8722 
8723 nla_put_failure:
8724 	nlmsg_free(msg);
8725 	return -ENOBUFS;
8726 }
8727 
8728 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
8729 {
8730 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
8731 	int i, j;
8732 	struct cfg80211_coalesce_rules *rule;
8733 
8734 	if (!coalesce)
8735 		return;
8736 
8737 	for (i = 0; i < coalesce->n_rules; i++) {
8738 		rule = &coalesce->rules[i];
8739 		for (j = 0; j < rule->n_patterns; j++)
8740 			kfree(rule->patterns[j].mask);
8741 		kfree(rule->patterns);
8742 	}
8743 	kfree(coalesce->rules);
8744 	kfree(coalesce);
8745 	rdev->coalesce = NULL;
8746 }
8747 
8748 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
8749 				       struct nlattr *rule,
8750 				       struct cfg80211_coalesce_rules *new_rule)
8751 {
8752 	int err, i;
8753 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8754 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
8755 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
8756 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
8757 
8758 	err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
8759 			nla_len(rule), nl80211_coalesce_policy);
8760 	if (err)
8761 		return err;
8762 
8763 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
8764 		new_rule->delay =
8765 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
8766 	if (new_rule->delay > coalesce->max_delay)
8767 		return -EINVAL;
8768 
8769 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
8770 		new_rule->condition =
8771 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
8772 	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
8773 	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
8774 		return -EINVAL;
8775 
8776 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
8777 		return -EINVAL;
8778 
8779 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8780 			    rem)
8781 		n_patterns++;
8782 	if (n_patterns > coalesce->n_patterns)
8783 		return -EINVAL;
8784 
8785 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
8786 				     GFP_KERNEL);
8787 	if (!new_rule->patterns)
8788 		return -ENOMEM;
8789 
8790 	new_rule->n_patterns = n_patterns;
8791 	i = 0;
8792 
8793 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
8794 			    rem) {
8795 		u8 *mask_pat;
8796 
8797 		nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
8798 			  nla_len(pat), NULL);
8799 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
8800 		    !pat_tb[NL80211_PKTPAT_PATTERN])
8801 			return -EINVAL;
8802 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
8803 		mask_len = DIV_ROUND_UP(pat_len, 8);
8804 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
8805 			return -EINVAL;
8806 		if (pat_len > coalesce->pattern_max_len ||
8807 		    pat_len < coalesce->pattern_min_len)
8808 			return -EINVAL;
8809 
8810 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
8811 			pkt_offset = 0;
8812 		else
8813 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
8814 		if (pkt_offset > coalesce->max_pkt_offset)
8815 			return -EINVAL;
8816 		new_rule->patterns[i].pkt_offset = pkt_offset;
8817 
8818 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
8819 		if (!mask_pat)
8820 			return -ENOMEM;
8821 
8822 		new_rule->patterns[i].mask = mask_pat;
8823 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
8824 		       mask_len);
8825 
8826 		mask_pat += mask_len;
8827 		new_rule->patterns[i].pattern = mask_pat;
8828 		new_rule->patterns[i].pattern_len = pat_len;
8829 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
8830 		       pat_len);
8831 		i++;
8832 	}
8833 
8834 	return 0;
8835 }
8836 
8837 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
8838 {
8839 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8840 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
8841 	struct cfg80211_coalesce new_coalesce = {};
8842 	struct cfg80211_coalesce *n_coalesce;
8843 	int err, rem_rule, n_rules = 0, i, j;
8844 	struct nlattr *rule;
8845 	struct cfg80211_coalesce_rules *tmp_rule;
8846 
8847 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
8848 		return -EOPNOTSUPP;
8849 
8850 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
8851 		cfg80211_rdev_free_coalesce(rdev);
8852 		rdev->ops->set_coalesce(&rdev->wiphy, NULL);
8853 		return 0;
8854 	}
8855 
8856 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8857 			    rem_rule)
8858 		n_rules++;
8859 	if (n_rules > coalesce->n_rules)
8860 		return -EINVAL;
8861 
8862 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
8863 				     GFP_KERNEL);
8864 	if (!new_coalesce.rules)
8865 		return -ENOMEM;
8866 
8867 	new_coalesce.n_rules = n_rules;
8868 	i = 0;
8869 
8870 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
8871 			    rem_rule) {
8872 		err = nl80211_parse_coalesce_rule(rdev, rule,
8873 						  &new_coalesce.rules[i]);
8874 		if (err)
8875 			goto error;
8876 
8877 		i++;
8878 	}
8879 
8880 	err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
8881 	if (err)
8882 		goto error;
8883 
8884 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
8885 	if (!n_coalesce) {
8886 		err = -ENOMEM;
8887 		goto error;
8888 	}
8889 	cfg80211_rdev_free_coalesce(rdev);
8890 	rdev->coalesce = n_coalesce;
8891 
8892 	return 0;
8893 error:
8894 	for (i = 0; i < new_coalesce.n_rules; i++) {
8895 		tmp_rule = &new_coalesce.rules[i];
8896 		for (j = 0; j < tmp_rule->n_patterns; j++)
8897 			kfree(tmp_rule->patterns[j].mask);
8898 		kfree(tmp_rule->patterns);
8899 	}
8900 	kfree(new_coalesce.rules);
8901 
8902 	return err;
8903 }
8904 
8905 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
8906 {
8907 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8908 	struct net_device *dev = info->user_ptr[1];
8909 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8910 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
8911 	struct cfg80211_gtk_rekey_data rekey_data;
8912 	int err;
8913 
8914 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
8915 		return -EINVAL;
8916 
8917 	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
8918 			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
8919 			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
8920 			nl80211_rekey_policy);
8921 	if (err)
8922 		return err;
8923 
8924 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
8925 		return -ERANGE;
8926 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
8927 		return -ERANGE;
8928 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
8929 		return -ERANGE;
8930 
8931 	memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
8932 	       NL80211_KEK_LEN);
8933 	memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
8934 	       NL80211_KCK_LEN);
8935 	memcpy(rekey_data.replay_ctr,
8936 	       nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
8937 	       NL80211_REPLAY_CTR_LEN);
8938 
8939 	wdev_lock(wdev);
8940 	if (!wdev->current_bss) {
8941 		err = -ENOTCONN;
8942 		goto out;
8943 	}
8944 
8945 	if (!rdev->ops->set_rekey_data) {
8946 		err = -EOPNOTSUPP;
8947 		goto out;
8948 	}
8949 
8950 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
8951  out:
8952 	wdev_unlock(wdev);
8953 	return err;
8954 }
8955 
8956 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
8957 					     struct genl_info *info)
8958 {
8959 	struct net_device *dev = info->user_ptr[1];
8960 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8961 
8962 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8963 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8964 		return -EINVAL;
8965 
8966 	if (wdev->ap_unexpected_nlportid)
8967 		return -EBUSY;
8968 
8969 	wdev->ap_unexpected_nlportid = info->snd_portid;
8970 	return 0;
8971 }
8972 
8973 static int nl80211_probe_client(struct sk_buff *skb,
8974 				struct genl_info *info)
8975 {
8976 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8977 	struct net_device *dev = info->user_ptr[1];
8978 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8979 	struct sk_buff *msg;
8980 	void *hdr;
8981 	const u8 *addr;
8982 	u64 cookie;
8983 	int err;
8984 
8985 	if (wdev->iftype != NL80211_IFTYPE_AP &&
8986 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
8987 		return -EOPNOTSUPP;
8988 
8989 	if (!info->attrs[NL80211_ATTR_MAC])
8990 		return -EINVAL;
8991 
8992 	if (!rdev->ops->probe_client)
8993 		return -EOPNOTSUPP;
8994 
8995 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8996 	if (!msg)
8997 		return -ENOMEM;
8998 
8999 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9000 			     NL80211_CMD_PROBE_CLIENT);
9001 	if (!hdr) {
9002 		err = -ENOBUFS;
9003 		goto free_msg;
9004 	}
9005 
9006 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9007 
9008 	err = rdev_probe_client(rdev, dev, addr, &cookie);
9009 	if (err)
9010 		goto free_msg;
9011 
9012 	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9013 		goto nla_put_failure;
9014 
9015 	genlmsg_end(msg, hdr);
9016 
9017 	return genlmsg_reply(msg, info);
9018 
9019  nla_put_failure:
9020 	err = -ENOBUFS;
9021  free_msg:
9022 	nlmsg_free(msg);
9023 	return err;
9024 }
9025 
9026 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
9027 {
9028 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9029 	struct cfg80211_beacon_registration *reg, *nreg;
9030 	int rv;
9031 
9032 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
9033 		return -EOPNOTSUPP;
9034 
9035 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
9036 	if (!nreg)
9037 		return -ENOMEM;
9038 
9039 	/* First, check if already registered. */
9040 	spin_lock_bh(&rdev->beacon_registrations_lock);
9041 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9042 		if (reg->nlportid == info->snd_portid) {
9043 			rv = -EALREADY;
9044 			goto out_err;
9045 		}
9046 	}
9047 	/* Add it to the list */
9048 	nreg->nlportid = info->snd_portid;
9049 	list_add(&nreg->list, &rdev->beacon_registrations);
9050 
9051 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9052 
9053 	return 0;
9054 out_err:
9055 	spin_unlock_bh(&rdev->beacon_registrations_lock);
9056 	kfree(nreg);
9057 	return rv;
9058 }
9059 
9060 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
9061 {
9062 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9063 	struct wireless_dev *wdev = info->user_ptr[1];
9064 	int err;
9065 
9066 	if (!rdev->ops->start_p2p_device)
9067 		return -EOPNOTSUPP;
9068 
9069 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9070 		return -EOPNOTSUPP;
9071 
9072 	if (wdev->p2p_started)
9073 		return 0;
9074 
9075 	if (rfkill_blocked(rdev->rfkill))
9076 		return -ERFKILL;
9077 
9078 	err = rdev_start_p2p_device(rdev, wdev);
9079 	if (err)
9080 		return err;
9081 
9082 	wdev->p2p_started = true;
9083 	rdev->opencount++;
9084 
9085 	return 0;
9086 }
9087 
9088 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
9089 {
9090 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9091 	struct wireless_dev *wdev = info->user_ptr[1];
9092 
9093 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9094 		return -EOPNOTSUPP;
9095 
9096 	if (!rdev->ops->stop_p2p_device)
9097 		return -EOPNOTSUPP;
9098 
9099 	cfg80211_stop_p2p_device(rdev, wdev);
9100 
9101 	return 0;
9102 }
9103 
9104 static int nl80211_get_protocol_features(struct sk_buff *skb,
9105 					 struct genl_info *info)
9106 {
9107 	void *hdr;
9108 	struct sk_buff *msg;
9109 
9110 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9111 	if (!msg)
9112 		return -ENOMEM;
9113 
9114 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9115 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
9116 	if (!hdr)
9117 		goto nla_put_failure;
9118 
9119 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
9120 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
9121 		goto nla_put_failure;
9122 
9123 	genlmsg_end(msg, hdr);
9124 	return genlmsg_reply(msg, info);
9125 
9126  nla_put_failure:
9127 	kfree_skb(msg);
9128 	return -ENOBUFS;
9129 }
9130 
9131 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
9132 {
9133 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9134 	struct cfg80211_update_ft_ies_params ft_params;
9135 	struct net_device *dev = info->user_ptr[1];
9136 
9137 	if (!rdev->ops->update_ft_ies)
9138 		return -EOPNOTSUPP;
9139 
9140 	if (!info->attrs[NL80211_ATTR_MDID] ||
9141 	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9142 		return -EINVAL;
9143 
9144 	memset(&ft_params, 0, sizeof(ft_params));
9145 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
9146 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9147 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9148 
9149 	return rdev_update_ft_ies(rdev, dev, &ft_params);
9150 }
9151 
9152 static int nl80211_crit_protocol_start(struct sk_buff *skb,
9153 				       struct genl_info *info)
9154 {
9155 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9156 	struct wireless_dev *wdev = info->user_ptr[1];
9157 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
9158 	u16 duration;
9159 	int ret;
9160 
9161 	if (!rdev->ops->crit_proto_start)
9162 		return -EOPNOTSUPP;
9163 
9164 	if (WARN_ON(!rdev->ops->crit_proto_stop))
9165 		return -EINVAL;
9166 
9167 	if (rdev->crit_proto_nlportid)
9168 		return -EBUSY;
9169 
9170 	/* determine protocol if provided */
9171 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
9172 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
9173 
9174 	if (proto >= NUM_NL80211_CRIT_PROTO)
9175 		return -EINVAL;
9176 
9177 	/* timeout must be provided */
9178 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
9179 		return -EINVAL;
9180 
9181 	duration =
9182 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
9183 
9184 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
9185 		return -ERANGE;
9186 
9187 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
9188 	if (!ret)
9189 		rdev->crit_proto_nlportid = info->snd_portid;
9190 
9191 	return ret;
9192 }
9193 
9194 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
9195 				      struct genl_info *info)
9196 {
9197 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9198 	struct wireless_dev *wdev = info->user_ptr[1];
9199 
9200 	if (!rdev->ops->crit_proto_stop)
9201 		return -EOPNOTSUPP;
9202 
9203 	if (rdev->crit_proto_nlportid) {
9204 		rdev->crit_proto_nlportid = 0;
9205 		rdev_crit_proto_stop(rdev, wdev);
9206 	}
9207 	return 0;
9208 }
9209 
9210 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
9211 {
9212 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9213 	struct wireless_dev *wdev =
9214 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9215 	int i, err;
9216 	u32 vid, subcmd;
9217 
9218 	if (!rdev->wiphy.vendor_commands)
9219 		return -EOPNOTSUPP;
9220 
9221 	if (IS_ERR(wdev)) {
9222 		err = PTR_ERR(wdev);
9223 		if (err != -EINVAL)
9224 			return err;
9225 		wdev = NULL;
9226 	} else if (wdev->wiphy != &rdev->wiphy) {
9227 		return -EINVAL;
9228 	}
9229 
9230 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
9231 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
9232 		return -EINVAL;
9233 
9234 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
9235 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
9236 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
9237 		const struct wiphy_vendor_command *vcmd;
9238 		void *data = NULL;
9239 		int len = 0;
9240 
9241 		vcmd = &rdev->wiphy.vendor_commands[i];
9242 
9243 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
9244 			continue;
9245 
9246 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
9247 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
9248 			if (!wdev)
9249 				return -EINVAL;
9250 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
9251 			    !wdev->netdev)
9252 				return -EINVAL;
9253 
9254 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
9255 				if (wdev->netdev &&
9256 				    !netif_running(wdev->netdev))
9257 					return -ENETDOWN;
9258 				if (!wdev->netdev && !wdev->p2p_started)
9259 					return -ENETDOWN;
9260 			}
9261 		} else {
9262 			wdev = NULL;
9263 		}
9264 
9265 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
9266 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9267 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9268 		}
9269 
9270 		rdev->cur_cmd_info = info;
9271 		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
9272 							  data, len);
9273 		rdev->cur_cmd_info = NULL;
9274 		return err;
9275 	}
9276 
9277 	return -EOPNOTSUPP;
9278 }
9279 
9280 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
9281 					   enum nl80211_commands cmd,
9282 					   enum nl80211_attrs attr,
9283 					   int approxlen)
9284 {
9285 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9286 
9287 	if (WARN_ON(!rdev->cur_cmd_info))
9288 		return NULL;
9289 
9290 	return __cfg80211_alloc_vendor_skb(rdev, approxlen,
9291 					   rdev->cur_cmd_info->snd_portid,
9292 					   rdev->cur_cmd_info->snd_seq,
9293 					   cmd, attr, NULL, GFP_KERNEL);
9294 }
9295 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
9296 
9297 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
9298 {
9299 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9300 	void *hdr = ((void **)skb->cb)[1];
9301 	struct nlattr *data = ((void **)skb->cb)[2];
9302 
9303 	if (WARN_ON(!rdev->cur_cmd_info)) {
9304 		kfree_skb(skb);
9305 		return -EINVAL;
9306 	}
9307 
9308 	nla_nest_end(skb, data);
9309 	genlmsg_end(skb, hdr);
9310 	return genlmsg_reply(skb, rdev->cur_cmd_info);
9311 }
9312 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
9313 
9314 
9315 static int nl80211_set_qos_map(struct sk_buff *skb,
9316 			       struct genl_info *info)
9317 {
9318 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9319 	struct cfg80211_qos_map *qos_map = NULL;
9320 	struct net_device *dev = info->user_ptr[1];
9321 	u8 *pos, len, num_des, des_len, des;
9322 	int ret;
9323 
9324 	if (!rdev->ops->set_qos_map)
9325 		return -EOPNOTSUPP;
9326 
9327 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
9328 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
9329 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
9330 
9331 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
9332 		    len > IEEE80211_QOS_MAP_LEN_MAX)
9333 			return -EINVAL;
9334 
9335 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
9336 		if (!qos_map)
9337 			return -ENOMEM;
9338 
9339 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
9340 		if (num_des) {
9341 			des_len = num_des *
9342 				sizeof(struct cfg80211_dscp_exception);
9343 			memcpy(qos_map->dscp_exception, pos, des_len);
9344 			qos_map->num_des = num_des;
9345 			for (des = 0; des < num_des; des++) {
9346 				if (qos_map->dscp_exception[des].up > 7) {
9347 					kfree(qos_map);
9348 					return -EINVAL;
9349 				}
9350 			}
9351 			pos += des_len;
9352 		}
9353 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
9354 	}
9355 
9356 	wdev_lock(dev->ieee80211_ptr);
9357 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
9358 	if (!ret)
9359 		ret = rdev_set_qos_map(rdev, dev, qos_map);
9360 	wdev_unlock(dev->ieee80211_ptr);
9361 
9362 	kfree(qos_map);
9363 	return ret;
9364 }
9365 
9366 #define NL80211_FLAG_NEED_WIPHY		0x01
9367 #define NL80211_FLAG_NEED_NETDEV	0x02
9368 #define NL80211_FLAG_NEED_RTNL		0x04
9369 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
9370 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
9371 					 NL80211_FLAG_CHECK_NETDEV_UP)
9372 #define NL80211_FLAG_NEED_WDEV		0x10
9373 /* If a netdev is associated, it must be UP, P2P must be started */
9374 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
9375 					 NL80211_FLAG_CHECK_NETDEV_UP)
9376 
9377 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
9378 			    struct genl_info *info)
9379 {
9380 	struct cfg80211_registered_device *rdev;
9381 	struct wireless_dev *wdev;
9382 	struct net_device *dev;
9383 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
9384 
9385 	if (rtnl)
9386 		rtnl_lock();
9387 
9388 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
9389 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
9390 		if (IS_ERR(rdev)) {
9391 			if (rtnl)
9392 				rtnl_unlock();
9393 			return PTR_ERR(rdev);
9394 		}
9395 		info->user_ptr[0] = rdev;
9396 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
9397 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9398 		ASSERT_RTNL();
9399 
9400 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
9401 						  info->attrs);
9402 		if (IS_ERR(wdev)) {
9403 			if (rtnl)
9404 				rtnl_unlock();
9405 			return PTR_ERR(wdev);
9406 		}
9407 
9408 		dev = wdev->netdev;
9409 		rdev = wiphy_to_rdev(wdev->wiphy);
9410 
9411 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
9412 			if (!dev) {
9413 				if (rtnl)
9414 					rtnl_unlock();
9415 				return -EINVAL;
9416 			}
9417 
9418 			info->user_ptr[1] = dev;
9419 		} else {
9420 			info->user_ptr[1] = wdev;
9421 		}
9422 
9423 		if (dev) {
9424 			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
9425 			    !netif_running(dev)) {
9426 				if (rtnl)
9427 					rtnl_unlock();
9428 				return -ENETDOWN;
9429 			}
9430 
9431 			dev_hold(dev);
9432 		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
9433 			if (!wdev->p2p_started) {
9434 				if (rtnl)
9435 					rtnl_unlock();
9436 				return -ENETDOWN;
9437 			}
9438 		}
9439 
9440 		info->user_ptr[0] = rdev;
9441 	}
9442 
9443 	return 0;
9444 }
9445 
9446 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
9447 			      struct genl_info *info)
9448 {
9449 	if (info->user_ptr[1]) {
9450 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
9451 			struct wireless_dev *wdev = info->user_ptr[1];
9452 
9453 			if (wdev->netdev)
9454 				dev_put(wdev->netdev);
9455 		} else {
9456 			dev_put(info->user_ptr[1]);
9457 		}
9458 	}
9459 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
9460 		rtnl_unlock();
9461 }
9462 
9463 static const struct genl_ops nl80211_ops[] = {
9464 	{
9465 		.cmd = NL80211_CMD_GET_WIPHY,
9466 		.doit = nl80211_get_wiphy,
9467 		.dumpit = nl80211_dump_wiphy,
9468 		.done = nl80211_dump_wiphy_done,
9469 		.policy = nl80211_policy,
9470 		/* can be retrieved by unprivileged users */
9471 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9472 				  NL80211_FLAG_NEED_RTNL,
9473 	},
9474 	{
9475 		.cmd = NL80211_CMD_SET_WIPHY,
9476 		.doit = nl80211_set_wiphy,
9477 		.policy = nl80211_policy,
9478 		.flags = GENL_ADMIN_PERM,
9479 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9480 	},
9481 	{
9482 		.cmd = NL80211_CMD_GET_INTERFACE,
9483 		.doit = nl80211_get_interface,
9484 		.dumpit = nl80211_dump_interface,
9485 		.policy = nl80211_policy,
9486 		/* can be retrieved by unprivileged users */
9487 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9488 				  NL80211_FLAG_NEED_RTNL,
9489 	},
9490 	{
9491 		.cmd = NL80211_CMD_SET_INTERFACE,
9492 		.doit = nl80211_set_interface,
9493 		.policy = nl80211_policy,
9494 		.flags = GENL_ADMIN_PERM,
9495 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9496 				  NL80211_FLAG_NEED_RTNL,
9497 	},
9498 	{
9499 		.cmd = NL80211_CMD_NEW_INTERFACE,
9500 		.doit = nl80211_new_interface,
9501 		.policy = nl80211_policy,
9502 		.flags = GENL_ADMIN_PERM,
9503 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9504 				  NL80211_FLAG_NEED_RTNL,
9505 	},
9506 	{
9507 		.cmd = NL80211_CMD_DEL_INTERFACE,
9508 		.doit = nl80211_del_interface,
9509 		.policy = nl80211_policy,
9510 		.flags = GENL_ADMIN_PERM,
9511 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9512 				  NL80211_FLAG_NEED_RTNL,
9513 	},
9514 	{
9515 		.cmd = NL80211_CMD_GET_KEY,
9516 		.doit = nl80211_get_key,
9517 		.policy = nl80211_policy,
9518 		.flags = GENL_ADMIN_PERM,
9519 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9520 				  NL80211_FLAG_NEED_RTNL,
9521 	},
9522 	{
9523 		.cmd = NL80211_CMD_SET_KEY,
9524 		.doit = nl80211_set_key,
9525 		.policy = nl80211_policy,
9526 		.flags = GENL_ADMIN_PERM,
9527 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9528 				  NL80211_FLAG_NEED_RTNL,
9529 	},
9530 	{
9531 		.cmd = NL80211_CMD_NEW_KEY,
9532 		.doit = nl80211_new_key,
9533 		.policy = nl80211_policy,
9534 		.flags = GENL_ADMIN_PERM,
9535 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9536 				  NL80211_FLAG_NEED_RTNL,
9537 	},
9538 	{
9539 		.cmd = NL80211_CMD_DEL_KEY,
9540 		.doit = nl80211_del_key,
9541 		.policy = nl80211_policy,
9542 		.flags = GENL_ADMIN_PERM,
9543 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9544 				  NL80211_FLAG_NEED_RTNL,
9545 	},
9546 	{
9547 		.cmd = NL80211_CMD_SET_BEACON,
9548 		.policy = nl80211_policy,
9549 		.flags = GENL_ADMIN_PERM,
9550 		.doit = nl80211_set_beacon,
9551 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9552 				  NL80211_FLAG_NEED_RTNL,
9553 	},
9554 	{
9555 		.cmd = NL80211_CMD_START_AP,
9556 		.policy = nl80211_policy,
9557 		.flags = GENL_ADMIN_PERM,
9558 		.doit = nl80211_start_ap,
9559 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9560 				  NL80211_FLAG_NEED_RTNL,
9561 	},
9562 	{
9563 		.cmd = NL80211_CMD_STOP_AP,
9564 		.policy = nl80211_policy,
9565 		.flags = GENL_ADMIN_PERM,
9566 		.doit = nl80211_stop_ap,
9567 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9568 				  NL80211_FLAG_NEED_RTNL,
9569 	},
9570 	{
9571 		.cmd = NL80211_CMD_GET_STATION,
9572 		.doit = nl80211_get_station,
9573 		.dumpit = nl80211_dump_station,
9574 		.policy = nl80211_policy,
9575 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9576 				  NL80211_FLAG_NEED_RTNL,
9577 	},
9578 	{
9579 		.cmd = NL80211_CMD_SET_STATION,
9580 		.doit = nl80211_set_station,
9581 		.policy = nl80211_policy,
9582 		.flags = GENL_ADMIN_PERM,
9583 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9584 				  NL80211_FLAG_NEED_RTNL,
9585 	},
9586 	{
9587 		.cmd = NL80211_CMD_NEW_STATION,
9588 		.doit = nl80211_new_station,
9589 		.policy = nl80211_policy,
9590 		.flags = GENL_ADMIN_PERM,
9591 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9592 				  NL80211_FLAG_NEED_RTNL,
9593 	},
9594 	{
9595 		.cmd = NL80211_CMD_DEL_STATION,
9596 		.doit = nl80211_del_station,
9597 		.policy = nl80211_policy,
9598 		.flags = GENL_ADMIN_PERM,
9599 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9600 				  NL80211_FLAG_NEED_RTNL,
9601 	},
9602 	{
9603 		.cmd = NL80211_CMD_GET_MPATH,
9604 		.doit = nl80211_get_mpath,
9605 		.dumpit = nl80211_dump_mpath,
9606 		.policy = nl80211_policy,
9607 		.flags = GENL_ADMIN_PERM,
9608 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9609 				  NL80211_FLAG_NEED_RTNL,
9610 	},
9611 	{
9612 		.cmd = NL80211_CMD_SET_MPATH,
9613 		.doit = nl80211_set_mpath,
9614 		.policy = nl80211_policy,
9615 		.flags = GENL_ADMIN_PERM,
9616 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9617 				  NL80211_FLAG_NEED_RTNL,
9618 	},
9619 	{
9620 		.cmd = NL80211_CMD_NEW_MPATH,
9621 		.doit = nl80211_new_mpath,
9622 		.policy = nl80211_policy,
9623 		.flags = GENL_ADMIN_PERM,
9624 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9625 				  NL80211_FLAG_NEED_RTNL,
9626 	},
9627 	{
9628 		.cmd = NL80211_CMD_DEL_MPATH,
9629 		.doit = nl80211_del_mpath,
9630 		.policy = nl80211_policy,
9631 		.flags = GENL_ADMIN_PERM,
9632 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9633 				  NL80211_FLAG_NEED_RTNL,
9634 	},
9635 	{
9636 		.cmd = NL80211_CMD_SET_BSS,
9637 		.doit = nl80211_set_bss,
9638 		.policy = nl80211_policy,
9639 		.flags = GENL_ADMIN_PERM,
9640 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9641 				  NL80211_FLAG_NEED_RTNL,
9642 	},
9643 	{
9644 		.cmd = NL80211_CMD_GET_REG,
9645 		.doit = nl80211_get_reg,
9646 		.policy = nl80211_policy,
9647 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9648 		/* can be retrieved by unprivileged users */
9649 	},
9650 	{
9651 		.cmd = NL80211_CMD_SET_REG,
9652 		.doit = nl80211_set_reg,
9653 		.policy = nl80211_policy,
9654 		.flags = GENL_ADMIN_PERM,
9655 		.internal_flags = NL80211_FLAG_NEED_RTNL,
9656 	},
9657 	{
9658 		.cmd = NL80211_CMD_REQ_SET_REG,
9659 		.doit = nl80211_req_set_reg,
9660 		.policy = nl80211_policy,
9661 		.flags = GENL_ADMIN_PERM,
9662 	},
9663 	{
9664 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
9665 		.doit = nl80211_get_mesh_config,
9666 		.policy = nl80211_policy,
9667 		/* can be retrieved by unprivileged users */
9668 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9669 				  NL80211_FLAG_NEED_RTNL,
9670 	},
9671 	{
9672 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
9673 		.doit = nl80211_update_mesh_config,
9674 		.policy = nl80211_policy,
9675 		.flags = GENL_ADMIN_PERM,
9676 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9677 				  NL80211_FLAG_NEED_RTNL,
9678 	},
9679 	{
9680 		.cmd = NL80211_CMD_TRIGGER_SCAN,
9681 		.doit = nl80211_trigger_scan,
9682 		.policy = nl80211_policy,
9683 		.flags = GENL_ADMIN_PERM,
9684 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9685 				  NL80211_FLAG_NEED_RTNL,
9686 	},
9687 	{
9688 		.cmd = NL80211_CMD_GET_SCAN,
9689 		.policy = nl80211_policy,
9690 		.dumpit = nl80211_dump_scan,
9691 	},
9692 	{
9693 		.cmd = NL80211_CMD_START_SCHED_SCAN,
9694 		.doit = nl80211_start_sched_scan,
9695 		.policy = nl80211_policy,
9696 		.flags = GENL_ADMIN_PERM,
9697 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9698 				  NL80211_FLAG_NEED_RTNL,
9699 	},
9700 	{
9701 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
9702 		.doit = nl80211_stop_sched_scan,
9703 		.policy = nl80211_policy,
9704 		.flags = GENL_ADMIN_PERM,
9705 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9706 				  NL80211_FLAG_NEED_RTNL,
9707 	},
9708 	{
9709 		.cmd = NL80211_CMD_AUTHENTICATE,
9710 		.doit = nl80211_authenticate,
9711 		.policy = nl80211_policy,
9712 		.flags = GENL_ADMIN_PERM,
9713 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9714 				  NL80211_FLAG_NEED_RTNL,
9715 	},
9716 	{
9717 		.cmd = NL80211_CMD_ASSOCIATE,
9718 		.doit = nl80211_associate,
9719 		.policy = nl80211_policy,
9720 		.flags = GENL_ADMIN_PERM,
9721 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9722 				  NL80211_FLAG_NEED_RTNL,
9723 	},
9724 	{
9725 		.cmd = NL80211_CMD_DEAUTHENTICATE,
9726 		.doit = nl80211_deauthenticate,
9727 		.policy = nl80211_policy,
9728 		.flags = GENL_ADMIN_PERM,
9729 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9730 				  NL80211_FLAG_NEED_RTNL,
9731 	},
9732 	{
9733 		.cmd = NL80211_CMD_DISASSOCIATE,
9734 		.doit = nl80211_disassociate,
9735 		.policy = nl80211_policy,
9736 		.flags = GENL_ADMIN_PERM,
9737 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9738 				  NL80211_FLAG_NEED_RTNL,
9739 	},
9740 	{
9741 		.cmd = NL80211_CMD_JOIN_IBSS,
9742 		.doit = nl80211_join_ibss,
9743 		.policy = nl80211_policy,
9744 		.flags = GENL_ADMIN_PERM,
9745 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9746 				  NL80211_FLAG_NEED_RTNL,
9747 	},
9748 	{
9749 		.cmd = NL80211_CMD_LEAVE_IBSS,
9750 		.doit = nl80211_leave_ibss,
9751 		.policy = nl80211_policy,
9752 		.flags = GENL_ADMIN_PERM,
9753 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9754 				  NL80211_FLAG_NEED_RTNL,
9755 	},
9756 #ifdef CONFIG_NL80211_TESTMODE
9757 	{
9758 		.cmd = NL80211_CMD_TESTMODE,
9759 		.doit = nl80211_testmode_do,
9760 		.dumpit = nl80211_testmode_dump,
9761 		.policy = nl80211_policy,
9762 		.flags = GENL_ADMIN_PERM,
9763 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9764 				  NL80211_FLAG_NEED_RTNL,
9765 	},
9766 #endif
9767 	{
9768 		.cmd = NL80211_CMD_CONNECT,
9769 		.doit = nl80211_connect,
9770 		.policy = nl80211_policy,
9771 		.flags = GENL_ADMIN_PERM,
9772 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9773 				  NL80211_FLAG_NEED_RTNL,
9774 	},
9775 	{
9776 		.cmd = NL80211_CMD_DISCONNECT,
9777 		.doit = nl80211_disconnect,
9778 		.policy = nl80211_policy,
9779 		.flags = GENL_ADMIN_PERM,
9780 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9781 				  NL80211_FLAG_NEED_RTNL,
9782 	},
9783 	{
9784 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
9785 		.doit = nl80211_wiphy_netns,
9786 		.policy = nl80211_policy,
9787 		.flags = GENL_ADMIN_PERM,
9788 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9789 				  NL80211_FLAG_NEED_RTNL,
9790 	},
9791 	{
9792 		.cmd = NL80211_CMD_GET_SURVEY,
9793 		.policy = nl80211_policy,
9794 		.dumpit = nl80211_dump_survey,
9795 	},
9796 	{
9797 		.cmd = NL80211_CMD_SET_PMKSA,
9798 		.doit = nl80211_setdel_pmksa,
9799 		.policy = nl80211_policy,
9800 		.flags = GENL_ADMIN_PERM,
9801 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9802 				  NL80211_FLAG_NEED_RTNL,
9803 	},
9804 	{
9805 		.cmd = NL80211_CMD_DEL_PMKSA,
9806 		.doit = nl80211_setdel_pmksa,
9807 		.policy = nl80211_policy,
9808 		.flags = GENL_ADMIN_PERM,
9809 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9810 				  NL80211_FLAG_NEED_RTNL,
9811 	},
9812 	{
9813 		.cmd = NL80211_CMD_FLUSH_PMKSA,
9814 		.doit = nl80211_flush_pmksa,
9815 		.policy = nl80211_policy,
9816 		.flags = GENL_ADMIN_PERM,
9817 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9818 				  NL80211_FLAG_NEED_RTNL,
9819 	},
9820 	{
9821 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
9822 		.doit = nl80211_remain_on_channel,
9823 		.policy = nl80211_policy,
9824 		.flags = GENL_ADMIN_PERM,
9825 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9826 				  NL80211_FLAG_NEED_RTNL,
9827 	},
9828 	{
9829 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
9830 		.doit = nl80211_cancel_remain_on_channel,
9831 		.policy = nl80211_policy,
9832 		.flags = GENL_ADMIN_PERM,
9833 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9834 				  NL80211_FLAG_NEED_RTNL,
9835 	},
9836 	{
9837 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
9838 		.doit = nl80211_set_tx_bitrate_mask,
9839 		.policy = nl80211_policy,
9840 		.flags = GENL_ADMIN_PERM,
9841 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9842 				  NL80211_FLAG_NEED_RTNL,
9843 	},
9844 	{
9845 		.cmd = NL80211_CMD_REGISTER_FRAME,
9846 		.doit = nl80211_register_mgmt,
9847 		.policy = nl80211_policy,
9848 		.flags = GENL_ADMIN_PERM,
9849 		.internal_flags = NL80211_FLAG_NEED_WDEV |
9850 				  NL80211_FLAG_NEED_RTNL,
9851 	},
9852 	{
9853 		.cmd = NL80211_CMD_FRAME,
9854 		.doit = nl80211_tx_mgmt,
9855 		.policy = nl80211_policy,
9856 		.flags = GENL_ADMIN_PERM,
9857 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9858 				  NL80211_FLAG_NEED_RTNL,
9859 	},
9860 	{
9861 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
9862 		.doit = nl80211_tx_mgmt_cancel_wait,
9863 		.policy = nl80211_policy,
9864 		.flags = GENL_ADMIN_PERM,
9865 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
9866 				  NL80211_FLAG_NEED_RTNL,
9867 	},
9868 	{
9869 		.cmd = NL80211_CMD_SET_POWER_SAVE,
9870 		.doit = nl80211_set_power_save,
9871 		.policy = nl80211_policy,
9872 		.flags = GENL_ADMIN_PERM,
9873 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9874 				  NL80211_FLAG_NEED_RTNL,
9875 	},
9876 	{
9877 		.cmd = NL80211_CMD_GET_POWER_SAVE,
9878 		.doit = nl80211_get_power_save,
9879 		.policy = nl80211_policy,
9880 		/* can be retrieved by unprivileged users */
9881 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9882 				  NL80211_FLAG_NEED_RTNL,
9883 	},
9884 	{
9885 		.cmd = NL80211_CMD_SET_CQM,
9886 		.doit = nl80211_set_cqm,
9887 		.policy = nl80211_policy,
9888 		.flags = GENL_ADMIN_PERM,
9889 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9890 				  NL80211_FLAG_NEED_RTNL,
9891 	},
9892 	{
9893 		.cmd = NL80211_CMD_SET_CHANNEL,
9894 		.doit = nl80211_set_channel,
9895 		.policy = nl80211_policy,
9896 		.flags = GENL_ADMIN_PERM,
9897 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9898 				  NL80211_FLAG_NEED_RTNL,
9899 	},
9900 	{
9901 		.cmd = NL80211_CMD_SET_WDS_PEER,
9902 		.doit = nl80211_set_wds_peer,
9903 		.policy = nl80211_policy,
9904 		.flags = GENL_ADMIN_PERM,
9905 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9906 				  NL80211_FLAG_NEED_RTNL,
9907 	},
9908 	{
9909 		.cmd = NL80211_CMD_JOIN_MESH,
9910 		.doit = nl80211_join_mesh,
9911 		.policy = nl80211_policy,
9912 		.flags = GENL_ADMIN_PERM,
9913 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9914 				  NL80211_FLAG_NEED_RTNL,
9915 	},
9916 	{
9917 		.cmd = NL80211_CMD_LEAVE_MESH,
9918 		.doit = nl80211_leave_mesh,
9919 		.policy = nl80211_policy,
9920 		.flags = GENL_ADMIN_PERM,
9921 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9922 				  NL80211_FLAG_NEED_RTNL,
9923 	},
9924 #ifdef CONFIG_PM
9925 	{
9926 		.cmd = NL80211_CMD_GET_WOWLAN,
9927 		.doit = nl80211_get_wowlan,
9928 		.policy = nl80211_policy,
9929 		/* can be retrieved by unprivileged users */
9930 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9931 				  NL80211_FLAG_NEED_RTNL,
9932 	},
9933 	{
9934 		.cmd = NL80211_CMD_SET_WOWLAN,
9935 		.doit = nl80211_set_wowlan,
9936 		.policy = nl80211_policy,
9937 		.flags = GENL_ADMIN_PERM,
9938 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9939 				  NL80211_FLAG_NEED_RTNL,
9940 	},
9941 #endif
9942 	{
9943 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
9944 		.doit = nl80211_set_rekey_data,
9945 		.policy = nl80211_policy,
9946 		.flags = GENL_ADMIN_PERM,
9947 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9948 				  NL80211_FLAG_NEED_RTNL,
9949 	},
9950 	{
9951 		.cmd = NL80211_CMD_TDLS_MGMT,
9952 		.doit = nl80211_tdls_mgmt,
9953 		.policy = nl80211_policy,
9954 		.flags = GENL_ADMIN_PERM,
9955 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9956 				  NL80211_FLAG_NEED_RTNL,
9957 	},
9958 	{
9959 		.cmd = NL80211_CMD_TDLS_OPER,
9960 		.doit = nl80211_tdls_oper,
9961 		.policy = nl80211_policy,
9962 		.flags = GENL_ADMIN_PERM,
9963 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9964 				  NL80211_FLAG_NEED_RTNL,
9965 	},
9966 	{
9967 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
9968 		.doit = nl80211_register_unexpected_frame,
9969 		.policy = nl80211_policy,
9970 		.flags = GENL_ADMIN_PERM,
9971 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9972 				  NL80211_FLAG_NEED_RTNL,
9973 	},
9974 	{
9975 		.cmd = NL80211_CMD_PROBE_CLIENT,
9976 		.doit = nl80211_probe_client,
9977 		.policy = nl80211_policy,
9978 		.flags = GENL_ADMIN_PERM,
9979 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
9980 				  NL80211_FLAG_NEED_RTNL,
9981 	},
9982 	{
9983 		.cmd = NL80211_CMD_REGISTER_BEACONS,
9984 		.doit = nl80211_register_beacons,
9985 		.policy = nl80211_policy,
9986 		.flags = GENL_ADMIN_PERM,
9987 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
9988 				  NL80211_FLAG_NEED_RTNL,
9989 	},
9990 	{
9991 		.cmd = NL80211_CMD_SET_NOACK_MAP,
9992 		.doit = nl80211_set_noack_map,
9993 		.policy = nl80211_policy,
9994 		.flags = GENL_ADMIN_PERM,
9995 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
9996 				  NL80211_FLAG_NEED_RTNL,
9997 	},
9998 	{
9999 		.cmd = NL80211_CMD_START_P2P_DEVICE,
10000 		.doit = nl80211_start_p2p_device,
10001 		.policy = nl80211_policy,
10002 		.flags = GENL_ADMIN_PERM,
10003 		.internal_flags = NL80211_FLAG_NEED_WDEV |
10004 				  NL80211_FLAG_NEED_RTNL,
10005 	},
10006 	{
10007 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
10008 		.doit = nl80211_stop_p2p_device,
10009 		.policy = nl80211_policy,
10010 		.flags = GENL_ADMIN_PERM,
10011 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10012 				  NL80211_FLAG_NEED_RTNL,
10013 	},
10014 	{
10015 		.cmd = NL80211_CMD_SET_MCAST_RATE,
10016 		.doit = nl80211_set_mcast_rate,
10017 		.policy = nl80211_policy,
10018 		.flags = GENL_ADMIN_PERM,
10019 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10020 				  NL80211_FLAG_NEED_RTNL,
10021 	},
10022 	{
10023 		.cmd = NL80211_CMD_SET_MAC_ACL,
10024 		.doit = nl80211_set_mac_acl,
10025 		.policy = nl80211_policy,
10026 		.flags = GENL_ADMIN_PERM,
10027 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10028 				  NL80211_FLAG_NEED_RTNL,
10029 	},
10030 	{
10031 		.cmd = NL80211_CMD_RADAR_DETECT,
10032 		.doit = nl80211_start_radar_detection,
10033 		.policy = nl80211_policy,
10034 		.flags = GENL_ADMIN_PERM,
10035 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10036 				  NL80211_FLAG_NEED_RTNL,
10037 	},
10038 	{
10039 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
10040 		.doit = nl80211_get_protocol_features,
10041 		.policy = nl80211_policy,
10042 	},
10043 	{
10044 		.cmd = NL80211_CMD_UPDATE_FT_IES,
10045 		.doit = nl80211_update_ft_ies,
10046 		.policy = nl80211_policy,
10047 		.flags = GENL_ADMIN_PERM,
10048 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10049 				  NL80211_FLAG_NEED_RTNL,
10050 	},
10051 	{
10052 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
10053 		.doit = nl80211_crit_protocol_start,
10054 		.policy = nl80211_policy,
10055 		.flags = GENL_ADMIN_PERM,
10056 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10057 				  NL80211_FLAG_NEED_RTNL,
10058 	},
10059 	{
10060 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
10061 		.doit = nl80211_crit_protocol_stop,
10062 		.policy = nl80211_policy,
10063 		.flags = GENL_ADMIN_PERM,
10064 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10065 				  NL80211_FLAG_NEED_RTNL,
10066 	},
10067 	{
10068 		.cmd = NL80211_CMD_GET_COALESCE,
10069 		.doit = nl80211_get_coalesce,
10070 		.policy = nl80211_policy,
10071 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10072 				  NL80211_FLAG_NEED_RTNL,
10073 	},
10074 	{
10075 		.cmd = NL80211_CMD_SET_COALESCE,
10076 		.doit = nl80211_set_coalesce,
10077 		.policy = nl80211_policy,
10078 		.flags = GENL_ADMIN_PERM,
10079 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10080 				  NL80211_FLAG_NEED_RTNL,
10081 	},
10082 	{
10083 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
10084 		.doit = nl80211_channel_switch,
10085 		.policy = nl80211_policy,
10086 		.flags = GENL_ADMIN_PERM,
10087 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10088 				  NL80211_FLAG_NEED_RTNL,
10089 	},
10090 	{
10091 		.cmd = NL80211_CMD_VENDOR,
10092 		.doit = nl80211_vendor_cmd,
10093 		.policy = nl80211_policy,
10094 		.flags = GENL_ADMIN_PERM,
10095 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10096 				  NL80211_FLAG_NEED_RTNL,
10097 	},
10098 	{
10099 		.cmd = NL80211_CMD_SET_QOS_MAP,
10100 		.doit = nl80211_set_qos_map,
10101 		.policy = nl80211_policy,
10102 		.flags = GENL_ADMIN_PERM,
10103 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10104 				  NL80211_FLAG_NEED_RTNL,
10105 	},
10106 };
10107 
10108 /* notification functions */
10109 
10110 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
10111 			  enum nl80211_commands cmd)
10112 {
10113 	struct sk_buff *msg;
10114 	struct nl80211_dump_wiphy_state state = {};
10115 
10116 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
10117 		cmd != NL80211_CMD_DEL_WIPHY);
10118 
10119 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10120 	if (!msg)
10121 		return;
10122 
10123 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
10124 		nlmsg_free(msg);
10125 		return;
10126 	}
10127 
10128 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10129 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
10130 }
10131 
10132 static int nl80211_add_scan_req(struct sk_buff *msg,
10133 				struct cfg80211_registered_device *rdev)
10134 {
10135 	struct cfg80211_scan_request *req = rdev->scan_req;
10136 	struct nlattr *nest;
10137 	int i;
10138 
10139 	if (WARN_ON(!req))
10140 		return 0;
10141 
10142 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
10143 	if (!nest)
10144 		goto nla_put_failure;
10145 	for (i = 0; i < req->n_ssids; i++) {
10146 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
10147 			goto nla_put_failure;
10148 	}
10149 	nla_nest_end(msg, nest);
10150 
10151 	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10152 	if (!nest)
10153 		goto nla_put_failure;
10154 	for (i = 0; i < req->n_channels; i++) {
10155 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
10156 			goto nla_put_failure;
10157 	}
10158 	nla_nest_end(msg, nest);
10159 
10160 	if (req->ie &&
10161 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
10162 		goto nla_put_failure;
10163 
10164 	if (req->flags &&
10165 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
10166 		goto nla_put_failure;
10167 
10168 	return 0;
10169  nla_put_failure:
10170 	return -ENOBUFS;
10171 }
10172 
10173 static int nl80211_send_scan_msg(struct sk_buff *msg,
10174 				 struct cfg80211_registered_device *rdev,
10175 				 struct wireless_dev *wdev,
10176 				 u32 portid, u32 seq, int flags,
10177 				 u32 cmd)
10178 {
10179 	void *hdr;
10180 
10181 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10182 	if (!hdr)
10183 		return -1;
10184 
10185 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10186 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10187 					 wdev->netdev->ifindex)) ||
10188 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10189 		goto nla_put_failure;
10190 
10191 	/* ignore errors and send incomplete event anyway */
10192 	nl80211_add_scan_req(msg, rdev);
10193 
10194 	return genlmsg_end(msg, hdr);
10195 
10196  nla_put_failure:
10197 	genlmsg_cancel(msg, hdr);
10198 	return -EMSGSIZE;
10199 }
10200 
10201 static int
10202 nl80211_send_sched_scan_msg(struct sk_buff *msg,
10203 			    struct cfg80211_registered_device *rdev,
10204 			    struct net_device *netdev,
10205 			    u32 portid, u32 seq, int flags, u32 cmd)
10206 {
10207 	void *hdr;
10208 
10209 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
10210 	if (!hdr)
10211 		return -1;
10212 
10213 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10214 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
10215 		goto nla_put_failure;
10216 
10217 	return genlmsg_end(msg, hdr);
10218 
10219  nla_put_failure:
10220 	genlmsg_cancel(msg, hdr);
10221 	return -EMSGSIZE;
10222 }
10223 
10224 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
10225 			     struct wireless_dev *wdev)
10226 {
10227 	struct sk_buff *msg;
10228 
10229 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10230 	if (!msg)
10231 		return;
10232 
10233 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10234 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
10235 		nlmsg_free(msg);
10236 		return;
10237 	}
10238 
10239 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10240 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10241 }
10242 
10243 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
10244 				       struct wireless_dev *wdev, bool aborted)
10245 {
10246 	struct sk_buff *msg;
10247 
10248 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10249 	if (!msg)
10250 		return NULL;
10251 
10252 	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
10253 				  aborted ? NL80211_CMD_SCAN_ABORTED :
10254 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
10255 		nlmsg_free(msg);
10256 		return NULL;
10257 	}
10258 
10259 	return msg;
10260 }
10261 
10262 void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
10263 			      struct sk_buff *msg)
10264 {
10265 	if (!msg)
10266 		return;
10267 
10268 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10269 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10270 }
10271 
10272 void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
10273 				     struct net_device *netdev)
10274 {
10275 	struct sk_buff *msg;
10276 
10277 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10278 	if (!msg)
10279 		return;
10280 
10281 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
10282 					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
10283 		nlmsg_free(msg);
10284 		return;
10285 	}
10286 
10287 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10288 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10289 }
10290 
10291 void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
10292 			     struct net_device *netdev, u32 cmd)
10293 {
10294 	struct sk_buff *msg;
10295 
10296 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10297 	if (!msg)
10298 		return;
10299 
10300 	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
10301 		nlmsg_free(msg);
10302 		return;
10303 	}
10304 
10305 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10306 				NL80211_MCGRP_SCAN, GFP_KERNEL);
10307 }
10308 
10309 /*
10310  * This can happen on global regulatory changes or device specific settings
10311  * based on custom world regulatory domains.
10312  */
10313 void nl80211_send_reg_change_event(struct regulatory_request *request)
10314 {
10315 	struct sk_buff *msg;
10316 	void *hdr;
10317 
10318 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10319 	if (!msg)
10320 		return;
10321 
10322 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
10323 	if (!hdr) {
10324 		nlmsg_free(msg);
10325 		return;
10326 	}
10327 
10328 	/* Userspace can always count this one always being set */
10329 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
10330 		goto nla_put_failure;
10331 
10332 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
10333 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10334 			       NL80211_REGDOM_TYPE_WORLD))
10335 			goto nla_put_failure;
10336 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
10337 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10338 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
10339 			goto nla_put_failure;
10340 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
10341 		   request->intersect) {
10342 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10343 			       NL80211_REGDOM_TYPE_INTERSECTION))
10344 			goto nla_put_failure;
10345 	} else {
10346 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
10347 			       NL80211_REGDOM_TYPE_COUNTRY) ||
10348 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
10349 				   request->alpha2))
10350 			goto nla_put_failure;
10351 	}
10352 
10353 	if (request->wiphy_idx != WIPHY_IDX_INVALID &&
10354 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
10355 		goto nla_put_failure;
10356 
10357 	genlmsg_end(msg, hdr);
10358 
10359 	rcu_read_lock();
10360 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10361 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10362 	rcu_read_unlock();
10363 
10364 	return;
10365 
10366 nla_put_failure:
10367 	genlmsg_cancel(msg, hdr);
10368 	nlmsg_free(msg);
10369 }
10370 
10371 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
10372 				    struct net_device *netdev,
10373 				    const u8 *buf, size_t len,
10374 				    enum nl80211_commands cmd, gfp_t gfp)
10375 {
10376 	struct sk_buff *msg;
10377 	void *hdr;
10378 
10379 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10380 	if (!msg)
10381 		return;
10382 
10383 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10384 	if (!hdr) {
10385 		nlmsg_free(msg);
10386 		return;
10387 	}
10388 
10389 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10390 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10391 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
10392 		goto nla_put_failure;
10393 
10394 	genlmsg_end(msg, hdr);
10395 
10396 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10397 				NL80211_MCGRP_MLME, gfp);
10398 	return;
10399 
10400  nla_put_failure:
10401 	genlmsg_cancel(msg, hdr);
10402 	nlmsg_free(msg);
10403 }
10404 
10405 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
10406 			  struct net_device *netdev, const u8 *buf,
10407 			  size_t len, gfp_t gfp)
10408 {
10409 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10410 				NL80211_CMD_AUTHENTICATE, gfp);
10411 }
10412 
10413 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
10414 			   struct net_device *netdev, const u8 *buf,
10415 			   size_t len, gfp_t gfp)
10416 {
10417 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10418 				NL80211_CMD_ASSOCIATE, gfp);
10419 }
10420 
10421 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
10422 			 struct net_device *netdev, const u8 *buf,
10423 			 size_t len, gfp_t gfp)
10424 {
10425 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10426 				NL80211_CMD_DEAUTHENTICATE, gfp);
10427 }
10428 
10429 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
10430 			   struct net_device *netdev, const u8 *buf,
10431 			   size_t len, gfp_t gfp)
10432 {
10433 	nl80211_send_mlme_event(rdev, netdev, buf, len,
10434 				NL80211_CMD_DISASSOCIATE, gfp);
10435 }
10436 
10437 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
10438 				  size_t len)
10439 {
10440 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10441 	struct wiphy *wiphy = wdev->wiphy;
10442 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10443 	const struct ieee80211_mgmt *mgmt = (void *)buf;
10444 	u32 cmd;
10445 
10446 	if (WARN_ON(len < 2))
10447 		return;
10448 
10449 	if (ieee80211_is_deauth(mgmt->frame_control))
10450 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
10451 	else
10452 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
10453 
10454 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
10455 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC);
10456 }
10457 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
10458 
10459 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
10460 				      struct net_device *netdev, int cmd,
10461 				      const u8 *addr, gfp_t gfp)
10462 {
10463 	struct sk_buff *msg;
10464 	void *hdr;
10465 
10466 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10467 	if (!msg)
10468 		return;
10469 
10470 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10471 	if (!hdr) {
10472 		nlmsg_free(msg);
10473 		return;
10474 	}
10475 
10476 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10477 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10478 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
10479 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10480 		goto nla_put_failure;
10481 
10482 	genlmsg_end(msg, hdr);
10483 
10484 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10485 				NL80211_MCGRP_MLME, gfp);
10486 	return;
10487 
10488  nla_put_failure:
10489 	genlmsg_cancel(msg, hdr);
10490 	nlmsg_free(msg);
10491 }
10492 
10493 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
10494 			       struct net_device *netdev, const u8 *addr,
10495 			       gfp_t gfp)
10496 {
10497 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
10498 				  addr, gfp);
10499 }
10500 
10501 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
10502 				struct net_device *netdev, const u8 *addr,
10503 				gfp_t gfp)
10504 {
10505 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
10506 				  addr, gfp);
10507 }
10508 
10509 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
10510 				 struct net_device *netdev, const u8 *bssid,
10511 				 const u8 *req_ie, size_t req_ie_len,
10512 				 const u8 *resp_ie, size_t resp_ie_len,
10513 				 u16 status, gfp_t gfp)
10514 {
10515 	struct sk_buff *msg;
10516 	void *hdr;
10517 
10518 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10519 	if (!msg)
10520 		return;
10521 
10522 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
10523 	if (!hdr) {
10524 		nlmsg_free(msg);
10525 		return;
10526 	}
10527 
10528 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10529 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10530 	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
10531 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
10532 	    (req_ie &&
10533 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10534 	    (resp_ie &&
10535 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10536 		goto nla_put_failure;
10537 
10538 	genlmsg_end(msg, hdr);
10539 
10540 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10541 				NL80211_MCGRP_MLME, gfp);
10542 	return;
10543 
10544  nla_put_failure:
10545 	genlmsg_cancel(msg, hdr);
10546 	nlmsg_free(msg);
10547 
10548 }
10549 
10550 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
10551 			 struct net_device *netdev, const u8 *bssid,
10552 			 const u8 *req_ie, size_t req_ie_len,
10553 			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
10554 {
10555 	struct sk_buff *msg;
10556 	void *hdr;
10557 
10558 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10559 	if (!msg)
10560 		return;
10561 
10562 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
10563 	if (!hdr) {
10564 		nlmsg_free(msg);
10565 		return;
10566 	}
10567 
10568 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10569 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10570 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
10571 	    (req_ie &&
10572 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
10573 	    (resp_ie &&
10574 	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
10575 		goto nla_put_failure;
10576 
10577 	genlmsg_end(msg, hdr);
10578 
10579 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10580 				NL80211_MCGRP_MLME, gfp);
10581 	return;
10582 
10583  nla_put_failure:
10584 	genlmsg_cancel(msg, hdr);
10585 	nlmsg_free(msg);
10586 
10587 }
10588 
10589 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
10590 			       struct net_device *netdev, u16 reason,
10591 			       const u8 *ie, size_t ie_len, bool from_ap)
10592 {
10593 	struct sk_buff *msg;
10594 	void *hdr;
10595 
10596 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10597 	if (!msg)
10598 		return;
10599 
10600 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
10601 	if (!hdr) {
10602 		nlmsg_free(msg);
10603 		return;
10604 	}
10605 
10606 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10607 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10608 	    (from_ap && reason &&
10609 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
10610 	    (from_ap &&
10611 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
10612 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
10613 		goto nla_put_failure;
10614 
10615 	genlmsg_end(msg, hdr);
10616 
10617 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10618 				NL80211_MCGRP_MLME, GFP_KERNEL);
10619 	return;
10620 
10621  nla_put_failure:
10622 	genlmsg_cancel(msg, hdr);
10623 	nlmsg_free(msg);
10624 
10625 }
10626 
10627 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
10628 			     struct net_device *netdev, const u8 *bssid,
10629 			     gfp_t gfp)
10630 {
10631 	struct sk_buff *msg;
10632 	void *hdr;
10633 
10634 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10635 	if (!msg)
10636 		return;
10637 
10638 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
10639 	if (!hdr) {
10640 		nlmsg_free(msg);
10641 		return;
10642 	}
10643 
10644 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10645 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10646 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
10647 		goto nla_put_failure;
10648 
10649 	genlmsg_end(msg, hdr);
10650 
10651 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10652 				NL80211_MCGRP_MLME, gfp);
10653 	return;
10654 
10655  nla_put_failure:
10656 	genlmsg_cancel(msg, hdr);
10657 	nlmsg_free(msg);
10658 }
10659 
10660 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
10661 					const u8* ie, u8 ie_len, gfp_t gfp)
10662 {
10663 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10664 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
10665 	struct sk_buff *msg;
10666 	void *hdr;
10667 
10668 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
10669 		return;
10670 
10671 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
10672 
10673 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10674 	if (!msg)
10675 		return;
10676 
10677 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
10678 	if (!hdr) {
10679 		nlmsg_free(msg);
10680 		return;
10681 	}
10682 
10683 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10684 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10685 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10686 	    (ie_len && ie &&
10687 	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
10688 		goto nla_put_failure;
10689 
10690 	genlmsg_end(msg, hdr);
10691 
10692 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10693 				NL80211_MCGRP_MLME, gfp);
10694 	return;
10695 
10696  nla_put_failure:
10697 	genlmsg_cancel(msg, hdr);
10698 	nlmsg_free(msg);
10699 }
10700 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
10701 
10702 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
10703 				 struct net_device *netdev, const u8 *addr,
10704 				 enum nl80211_key_type key_type, int key_id,
10705 				 const u8 *tsc, gfp_t gfp)
10706 {
10707 	struct sk_buff *msg;
10708 	void *hdr;
10709 
10710 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10711 	if (!msg)
10712 		return;
10713 
10714 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
10715 	if (!hdr) {
10716 		nlmsg_free(msg);
10717 		return;
10718 	}
10719 
10720 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10721 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
10722 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
10723 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
10724 	    (key_id != -1 &&
10725 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
10726 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
10727 		goto nla_put_failure;
10728 
10729 	genlmsg_end(msg, hdr);
10730 
10731 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10732 				NL80211_MCGRP_MLME, gfp);
10733 	return;
10734 
10735  nla_put_failure:
10736 	genlmsg_cancel(msg, hdr);
10737 	nlmsg_free(msg);
10738 }
10739 
10740 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
10741 				    struct ieee80211_channel *channel_before,
10742 				    struct ieee80211_channel *channel_after)
10743 {
10744 	struct sk_buff *msg;
10745 	void *hdr;
10746 	struct nlattr *nl_freq;
10747 
10748 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
10749 	if (!msg)
10750 		return;
10751 
10752 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
10753 	if (!hdr) {
10754 		nlmsg_free(msg);
10755 		return;
10756 	}
10757 
10758 	/*
10759 	 * Since we are applying the beacon hint to a wiphy we know its
10760 	 * wiphy_idx is valid
10761 	 */
10762 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
10763 		goto nla_put_failure;
10764 
10765 	/* Before */
10766 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
10767 	if (!nl_freq)
10768 		goto nla_put_failure;
10769 	if (nl80211_msg_put_channel(msg, channel_before, false))
10770 		goto nla_put_failure;
10771 	nla_nest_end(msg, nl_freq);
10772 
10773 	/* After */
10774 	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
10775 	if (!nl_freq)
10776 		goto nla_put_failure;
10777 	if (nl80211_msg_put_channel(msg, channel_after, false))
10778 		goto nla_put_failure;
10779 	nla_nest_end(msg, nl_freq);
10780 
10781 	genlmsg_end(msg, hdr);
10782 
10783 	rcu_read_lock();
10784 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
10785 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
10786 	rcu_read_unlock();
10787 
10788 	return;
10789 
10790 nla_put_failure:
10791 	genlmsg_cancel(msg, hdr);
10792 	nlmsg_free(msg);
10793 }
10794 
10795 static void nl80211_send_remain_on_chan_event(
10796 	int cmd, struct cfg80211_registered_device *rdev,
10797 	struct wireless_dev *wdev, u64 cookie,
10798 	struct ieee80211_channel *chan,
10799 	unsigned int duration, gfp_t gfp)
10800 {
10801 	struct sk_buff *msg;
10802 	void *hdr;
10803 
10804 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10805 	if (!msg)
10806 		return;
10807 
10808 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10809 	if (!hdr) {
10810 		nlmsg_free(msg);
10811 		return;
10812 	}
10813 
10814 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10815 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
10816 					 wdev->netdev->ifindex)) ||
10817 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
10818 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
10819 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
10820 			NL80211_CHAN_NO_HT) ||
10821 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
10822 		goto nla_put_failure;
10823 
10824 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
10825 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
10826 		goto nla_put_failure;
10827 
10828 	genlmsg_end(msg, hdr);
10829 
10830 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10831 				NL80211_MCGRP_MLME, gfp);
10832 	return;
10833 
10834  nla_put_failure:
10835 	genlmsg_cancel(msg, hdr);
10836 	nlmsg_free(msg);
10837 }
10838 
10839 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
10840 			       struct ieee80211_channel *chan,
10841 			       unsigned int duration, gfp_t gfp)
10842 {
10843 	struct wiphy *wiphy = wdev->wiphy;
10844 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10845 
10846 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
10847 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
10848 					  rdev, wdev, cookie, chan,
10849 					  duration, gfp);
10850 }
10851 EXPORT_SYMBOL(cfg80211_ready_on_channel);
10852 
10853 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
10854 					struct ieee80211_channel *chan,
10855 					gfp_t gfp)
10856 {
10857 	struct wiphy *wiphy = wdev->wiphy;
10858 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10859 
10860 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
10861 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
10862 					  rdev, wdev, cookie, chan, 0, gfp);
10863 }
10864 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
10865 
10866 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
10867 		      struct station_info *sinfo, gfp_t gfp)
10868 {
10869 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10870 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10871 	struct sk_buff *msg;
10872 
10873 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
10874 
10875 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10876 	if (!msg)
10877 		return;
10878 
10879 	if (nl80211_send_station(msg, 0, 0, 0,
10880 				 rdev, dev, mac_addr, sinfo) < 0) {
10881 		nlmsg_free(msg);
10882 		return;
10883 	}
10884 
10885 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10886 				NL80211_MCGRP_MLME, gfp);
10887 }
10888 EXPORT_SYMBOL(cfg80211_new_sta);
10889 
10890 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp)
10891 {
10892 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10893 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10894 	struct sk_buff *msg;
10895 	void *hdr;
10896 
10897 	trace_cfg80211_del_sta(dev, mac_addr);
10898 
10899 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10900 	if (!msg)
10901 		return;
10902 
10903 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_STATION);
10904 	if (!hdr) {
10905 		nlmsg_free(msg);
10906 		return;
10907 	}
10908 
10909 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10910 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
10911 		goto nla_put_failure;
10912 
10913 	genlmsg_end(msg, hdr);
10914 
10915 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10916 				NL80211_MCGRP_MLME, gfp);
10917 	return;
10918 
10919  nla_put_failure:
10920 	genlmsg_cancel(msg, hdr);
10921 	nlmsg_free(msg);
10922 }
10923 EXPORT_SYMBOL(cfg80211_del_sta);
10924 
10925 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
10926 			  enum nl80211_connect_failed_reason reason,
10927 			  gfp_t gfp)
10928 {
10929 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
10930 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
10931 	struct sk_buff *msg;
10932 	void *hdr;
10933 
10934 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
10935 	if (!msg)
10936 		return;
10937 
10938 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
10939 	if (!hdr) {
10940 		nlmsg_free(msg);
10941 		return;
10942 	}
10943 
10944 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10945 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
10946 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
10947 		goto nla_put_failure;
10948 
10949 	genlmsg_end(msg, hdr);
10950 
10951 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
10952 				NL80211_MCGRP_MLME, gfp);
10953 	return;
10954 
10955  nla_put_failure:
10956 	genlmsg_cancel(msg, hdr);
10957 	nlmsg_free(msg);
10958 }
10959 EXPORT_SYMBOL(cfg80211_conn_failed);
10960 
10961 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
10962 				       const u8 *addr, gfp_t gfp)
10963 {
10964 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10965 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
10966 	struct sk_buff *msg;
10967 	void *hdr;
10968 	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
10969 
10970 	if (!nlportid)
10971 		return false;
10972 
10973 	msg = nlmsg_new(100, gfp);
10974 	if (!msg)
10975 		return true;
10976 
10977 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
10978 	if (!hdr) {
10979 		nlmsg_free(msg);
10980 		return true;
10981 	}
10982 
10983 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10984 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
10985 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
10986 		goto nla_put_failure;
10987 
10988 	genlmsg_end(msg, hdr);
10989 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10990 	return true;
10991 
10992  nla_put_failure:
10993 	genlmsg_cancel(msg, hdr);
10994 	nlmsg_free(msg);
10995 	return true;
10996 }
10997 
10998 bool cfg80211_rx_spurious_frame(struct net_device *dev,
10999 				const u8 *addr, gfp_t gfp)
11000 {
11001 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11002 	bool ret;
11003 
11004 	trace_cfg80211_rx_spurious_frame(dev, addr);
11005 
11006 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11007 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
11008 		trace_cfg80211_return_bool(false);
11009 		return false;
11010 	}
11011 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
11012 					 addr, gfp);
11013 	trace_cfg80211_return_bool(ret);
11014 	return ret;
11015 }
11016 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
11017 
11018 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
11019 					const u8 *addr, gfp_t gfp)
11020 {
11021 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11022 	bool ret;
11023 
11024 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
11025 
11026 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11027 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11028 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
11029 		trace_cfg80211_return_bool(false);
11030 		return false;
11031 	}
11032 	ret = __nl80211_unexpected_frame(dev,
11033 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
11034 					 addr, gfp);
11035 	trace_cfg80211_return_bool(ret);
11036 	return ret;
11037 }
11038 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
11039 
11040 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
11041 		      struct wireless_dev *wdev, u32 nlportid,
11042 		      int freq, int sig_dbm,
11043 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
11044 {
11045 	struct net_device *netdev = wdev->netdev;
11046 	struct sk_buff *msg;
11047 	void *hdr;
11048 
11049 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11050 	if (!msg)
11051 		return -ENOMEM;
11052 
11053 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11054 	if (!hdr) {
11055 		nlmsg_free(msg);
11056 		return -ENOMEM;
11057 	}
11058 
11059 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11060 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11061 					netdev->ifindex)) ||
11062 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11063 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
11064 	    (sig_dbm &&
11065 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11066 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
11067 	    (flags &&
11068 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
11069 		goto nla_put_failure;
11070 
11071 	genlmsg_end(msg, hdr);
11072 
11073 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11074 
11075  nla_put_failure:
11076 	genlmsg_cancel(msg, hdr);
11077 	nlmsg_free(msg);
11078 	return -ENOBUFS;
11079 }
11080 
11081 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
11082 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
11083 {
11084 	struct wiphy *wiphy = wdev->wiphy;
11085 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11086 	struct net_device *netdev = wdev->netdev;
11087 	struct sk_buff *msg;
11088 	void *hdr;
11089 
11090 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
11091 
11092 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11093 	if (!msg)
11094 		return;
11095 
11096 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
11097 	if (!hdr) {
11098 		nlmsg_free(msg);
11099 		return;
11100 	}
11101 
11102 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11103 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11104 				   netdev->ifindex)) ||
11105 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11106 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
11107 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11108 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
11109 		goto nla_put_failure;
11110 
11111 	genlmsg_end(msg, hdr);
11112 
11113 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11114 				NL80211_MCGRP_MLME, gfp);
11115 	return;
11116 
11117  nla_put_failure:
11118 	genlmsg_cancel(msg, hdr);
11119 	nlmsg_free(msg);
11120 }
11121 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
11122 
11123 void cfg80211_cqm_rssi_notify(struct net_device *dev,
11124 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
11125 			      gfp_t gfp)
11126 {
11127 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11128 	struct wiphy *wiphy = wdev->wiphy;
11129 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11130 	struct sk_buff *msg;
11131 	struct nlattr *pinfoattr;
11132 	void *hdr;
11133 
11134 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
11135 
11136 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11137 	if (!msg)
11138 		return;
11139 
11140 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11141 	if (!hdr) {
11142 		nlmsg_free(msg);
11143 		return;
11144 	}
11145 
11146 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11147 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
11148 		goto nla_put_failure;
11149 
11150 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11151 	if (!pinfoattr)
11152 		goto nla_put_failure;
11153 
11154 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
11155 			rssi_event))
11156 		goto nla_put_failure;
11157 
11158 	nla_nest_end(msg, pinfoattr);
11159 
11160 	genlmsg_end(msg, hdr);
11161 
11162 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11163 				NL80211_MCGRP_MLME, gfp);
11164 	return;
11165 
11166  nla_put_failure:
11167 	genlmsg_cancel(msg, hdr);
11168 	nlmsg_free(msg);
11169 }
11170 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
11171 
11172 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
11173 				     struct net_device *netdev, const u8 *bssid,
11174 				     const u8 *replay_ctr, gfp_t gfp)
11175 {
11176 	struct sk_buff *msg;
11177 	struct nlattr *rekey_attr;
11178 	void *hdr;
11179 
11180 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11181 	if (!msg)
11182 		return;
11183 
11184 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
11185 	if (!hdr) {
11186 		nlmsg_free(msg);
11187 		return;
11188 	}
11189 
11190 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11191 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11192 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
11193 		goto nla_put_failure;
11194 
11195 	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
11196 	if (!rekey_attr)
11197 		goto nla_put_failure;
11198 
11199 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
11200 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
11201 		goto nla_put_failure;
11202 
11203 	nla_nest_end(msg, rekey_attr);
11204 
11205 	genlmsg_end(msg, hdr);
11206 
11207 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11208 				NL80211_MCGRP_MLME, gfp);
11209 	return;
11210 
11211  nla_put_failure:
11212 	genlmsg_cancel(msg, hdr);
11213 	nlmsg_free(msg);
11214 }
11215 
11216 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
11217 			       const u8 *replay_ctr, gfp_t gfp)
11218 {
11219 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11220 	struct wiphy *wiphy = wdev->wiphy;
11221 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11222 
11223 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
11224 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
11225 }
11226 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
11227 
11228 static void
11229 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
11230 			       struct net_device *netdev, int index,
11231 			       const u8 *bssid, bool preauth, gfp_t gfp)
11232 {
11233 	struct sk_buff *msg;
11234 	struct nlattr *attr;
11235 	void *hdr;
11236 
11237 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11238 	if (!msg)
11239 		return;
11240 
11241 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
11242 	if (!hdr) {
11243 		nlmsg_free(msg);
11244 		return;
11245 	}
11246 
11247 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11248 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11249 		goto nla_put_failure;
11250 
11251 	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
11252 	if (!attr)
11253 		goto nla_put_failure;
11254 
11255 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
11256 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
11257 	    (preauth &&
11258 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
11259 		goto nla_put_failure;
11260 
11261 	nla_nest_end(msg, attr);
11262 
11263 	genlmsg_end(msg, hdr);
11264 
11265 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11266 				NL80211_MCGRP_MLME, gfp);
11267 	return;
11268 
11269  nla_put_failure:
11270 	genlmsg_cancel(msg, hdr);
11271 	nlmsg_free(msg);
11272 }
11273 
11274 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
11275 				     const u8 *bssid, bool preauth, gfp_t gfp)
11276 {
11277 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11278 	struct wiphy *wiphy = wdev->wiphy;
11279 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11280 
11281 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
11282 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
11283 }
11284 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
11285 
11286 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
11287 				     struct net_device *netdev,
11288 				     struct cfg80211_chan_def *chandef,
11289 				     gfp_t gfp)
11290 {
11291 	struct sk_buff *msg;
11292 	void *hdr;
11293 
11294 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11295 	if (!msg)
11296 		return;
11297 
11298 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CH_SWITCH_NOTIFY);
11299 	if (!hdr) {
11300 		nlmsg_free(msg);
11301 		return;
11302 	}
11303 
11304 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11305 		goto nla_put_failure;
11306 
11307 	if (nl80211_send_chandef(msg, chandef))
11308 		goto nla_put_failure;
11309 
11310 	genlmsg_end(msg, hdr);
11311 
11312 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11313 				NL80211_MCGRP_MLME, gfp);
11314 	return;
11315 
11316  nla_put_failure:
11317 	genlmsg_cancel(msg, hdr);
11318 	nlmsg_free(msg);
11319 }
11320 
11321 void cfg80211_ch_switch_notify(struct net_device *dev,
11322 			       struct cfg80211_chan_def *chandef)
11323 {
11324 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11325 	struct wiphy *wiphy = wdev->wiphy;
11326 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11327 
11328 	ASSERT_WDEV_LOCK(wdev);
11329 
11330 	trace_cfg80211_ch_switch_notify(dev, chandef);
11331 
11332 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11333 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11334 		    wdev->iftype != NL80211_IFTYPE_ADHOC &&
11335 		    wdev->iftype != NL80211_IFTYPE_MESH_POINT))
11336 		return;
11337 
11338 	wdev->chandef = *chandef;
11339 	wdev->preset_chandef = *chandef;
11340 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL);
11341 }
11342 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
11343 
11344 void cfg80211_cqm_txe_notify(struct net_device *dev,
11345 			     const u8 *peer, u32 num_packets,
11346 			     u32 rate, u32 intvl, gfp_t gfp)
11347 {
11348 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11349 	struct wiphy *wiphy = wdev->wiphy;
11350 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11351 	struct sk_buff *msg;
11352 	struct nlattr *pinfoattr;
11353 	void *hdr;
11354 
11355 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
11356 	if (!msg)
11357 		return;
11358 
11359 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11360 	if (!hdr) {
11361 		nlmsg_free(msg);
11362 		return;
11363 	}
11364 
11365 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11366 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11367 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11368 		goto nla_put_failure;
11369 
11370 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11371 	if (!pinfoattr)
11372 		goto nla_put_failure;
11373 
11374 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
11375 		goto nla_put_failure;
11376 
11377 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
11378 		goto nla_put_failure;
11379 
11380 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
11381 		goto nla_put_failure;
11382 
11383 	nla_nest_end(msg, pinfoattr);
11384 
11385 	genlmsg_end(msg, hdr);
11386 
11387 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11388 				NL80211_MCGRP_MLME, gfp);
11389 	return;
11390 
11391  nla_put_failure:
11392 	genlmsg_cancel(msg, hdr);
11393 	nlmsg_free(msg);
11394 }
11395 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
11396 
11397 void
11398 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
11399 		     const struct cfg80211_chan_def *chandef,
11400 		     enum nl80211_radar_event event,
11401 		     struct net_device *netdev, gfp_t gfp)
11402 {
11403 	struct sk_buff *msg;
11404 	void *hdr;
11405 
11406 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11407 	if (!msg)
11408 		return;
11409 
11410 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
11411 	if (!hdr) {
11412 		nlmsg_free(msg);
11413 		return;
11414 	}
11415 
11416 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
11417 		goto nla_put_failure;
11418 
11419 	/* NOP and radar events don't need a netdev parameter */
11420 	if (netdev) {
11421 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
11422 
11423 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11424 		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11425 			goto nla_put_failure;
11426 	}
11427 
11428 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
11429 		goto nla_put_failure;
11430 
11431 	if (nl80211_send_chandef(msg, chandef))
11432 		goto nla_put_failure;
11433 
11434 	genlmsg_end(msg, hdr);
11435 
11436 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11437 				NL80211_MCGRP_MLME, gfp);
11438 	return;
11439 
11440  nla_put_failure:
11441 	genlmsg_cancel(msg, hdr);
11442 	nlmsg_free(msg);
11443 }
11444 
11445 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
11446 				 const u8 *peer, u32 num_packets, gfp_t gfp)
11447 {
11448 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11449 	struct wiphy *wiphy = wdev->wiphy;
11450 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11451 	struct sk_buff *msg;
11452 	struct nlattr *pinfoattr;
11453 	void *hdr;
11454 
11455 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
11456 
11457 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11458 	if (!msg)
11459 		return;
11460 
11461 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
11462 	if (!hdr) {
11463 		nlmsg_free(msg);
11464 		return;
11465 	}
11466 
11467 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11468 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11469 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer))
11470 		goto nla_put_failure;
11471 
11472 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
11473 	if (!pinfoattr)
11474 		goto nla_put_failure;
11475 
11476 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
11477 		goto nla_put_failure;
11478 
11479 	nla_nest_end(msg, pinfoattr);
11480 
11481 	genlmsg_end(msg, hdr);
11482 
11483 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11484 				NL80211_MCGRP_MLME, gfp);
11485 	return;
11486 
11487  nla_put_failure:
11488 	genlmsg_cancel(msg, hdr);
11489 	nlmsg_free(msg);
11490 }
11491 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
11492 
11493 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
11494 			   u64 cookie, bool acked, gfp_t gfp)
11495 {
11496 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11497 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11498 	struct sk_buff *msg;
11499 	void *hdr;
11500 
11501 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
11502 
11503 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11504 
11505 	if (!msg)
11506 		return;
11507 
11508 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
11509 	if (!hdr) {
11510 		nlmsg_free(msg);
11511 		return;
11512 	}
11513 
11514 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11515 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11516 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11517 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
11518 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
11519 		goto nla_put_failure;
11520 
11521 	genlmsg_end(msg, hdr);
11522 
11523 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11524 				NL80211_MCGRP_MLME, gfp);
11525 	return;
11526 
11527  nla_put_failure:
11528 	genlmsg_cancel(msg, hdr);
11529 	nlmsg_free(msg);
11530 }
11531 EXPORT_SYMBOL(cfg80211_probe_status);
11532 
11533 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
11534 				 const u8 *frame, size_t len,
11535 				 int freq, int sig_dbm)
11536 {
11537 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11538 	struct sk_buff *msg;
11539 	void *hdr;
11540 	struct cfg80211_beacon_registration *reg;
11541 
11542 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
11543 
11544 	spin_lock_bh(&rdev->beacon_registrations_lock);
11545 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11546 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
11547 		if (!msg) {
11548 			spin_unlock_bh(&rdev->beacon_registrations_lock);
11549 			return;
11550 		}
11551 
11552 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
11553 		if (!hdr)
11554 			goto nla_put_failure;
11555 
11556 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11557 		    (freq &&
11558 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
11559 		    (sig_dbm &&
11560 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
11561 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
11562 			goto nla_put_failure;
11563 
11564 		genlmsg_end(msg, hdr);
11565 
11566 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
11567 	}
11568 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11569 	return;
11570 
11571  nla_put_failure:
11572 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11573 	if (hdr)
11574 		genlmsg_cancel(msg, hdr);
11575 	nlmsg_free(msg);
11576 }
11577 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
11578 
11579 #ifdef CONFIG_PM
11580 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
11581 				   struct cfg80211_wowlan_wakeup *wakeup,
11582 				   gfp_t gfp)
11583 {
11584 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11585 	struct sk_buff *msg;
11586 	void *hdr;
11587 	int size = 200;
11588 
11589 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
11590 
11591 	if (wakeup)
11592 		size += wakeup->packet_present_len;
11593 
11594 	msg = nlmsg_new(size, gfp);
11595 	if (!msg)
11596 		return;
11597 
11598 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
11599 	if (!hdr)
11600 		goto free_msg;
11601 
11602 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11603 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11604 		goto free_msg;
11605 
11606 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11607 					wdev->netdev->ifindex))
11608 		goto free_msg;
11609 
11610 	if (wakeup) {
11611 		struct nlattr *reasons;
11612 
11613 		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
11614 		if (!reasons)
11615 			goto free_msg;
11616 
11617 		if (wakeup->disconnect &&
11618 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
11619 			goto free_msg;
11620 		if (wakeup->magic_pkt &&
11621 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
11622 			goto free_msg;
11623 		if (wakeup->gtk_rekey_failure &&
11624 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
11625 			goto free_msg;
11626 		if (wakeup->eap_identity_req &&
11627 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
11628 			goto free_msg;
11629 		if (wakeup->four_way_handshake &&
11630 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
11631 			goto free_msg;
11632 		if (wakeup->rfkill_release &&
11633 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
11634 			goto free_msg;
11635 
11636 		if (wakeup->pattern_idx >= 0 &&
11637 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
11638 				wakeup->pattern_idx))
11639 			goto free_msg;
11640 
11641 		if (wakeup->tcp_match &&
11642 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
11643 			goto free_msg;
11644 
11645 		if (wakeup->tcp_connlost &&
11646 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
11647 			goto free_msg;
11648 
11649 		if (wakeup->tcp_nomoretokens &&
11650 		    nla_put_flag(msg,
11651 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
11652 			goto free_msg;
11653 
11654 		if (wakeup->packet) {
11655 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
11656 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
11657 
11658 			if (!wakeup->packet_80211) {
11659 				pkt_attr =
11660 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
11661 				len_attr =
11662 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
11663 			}
11664 
11665 			if (wakeup->packet_len &&
11666 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
11667 				goto free_msg;
11668 
11669 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
11670 				    wakeup->packet))
11671 				goto free_msg;
11672 		}
11673 
11674 		nla_nest_end(msg, reasons);
11675 	}
11676 
11677 	genlmsg_end(msg, hdr);
11678 
11679 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11680 				NL80211_MCGRP_MLME, gfp);
11681 	return;
11682 
11683  free_msg:
11684 	nlmsg_free(msg);
11685 }
11686 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
11687 #endif
11688 
11689 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
11690 				enum nl80211_tdls_operation oper,
11691 				u16 reason_code, gfp_t gfp)
11692 {
11693 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11694 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11695 	struct sk_buff *msg;
11696 	void *hdr;
11697 
11698 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
11699 					 reason_code);
11700 
11701 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11702 	if (!msg)
11703 		return;
11704 
11705 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
11706 	if (!hdr) {
11707 		nlmsg_free(msg);
11708 		return;
11709 	}
11710 
11711 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11712 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11713 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
11714 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
11715 	    (reason_code > 0 &&
11716 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
11717 		goto nla_put_failure;
11718 
11719 	genlmsg_end(msg, hdr);
11720 
11721 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11722 				NL80211_MCGRP_MLME, gfp);
11723 	return;
11724 
11725  nla_put_failure:
11726 	genlmsg_cancel(msg, hdr);
11727 	nlmsg_free(msg);
11728 }
11729 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
11730 
11731 static int nl80211_netlink_notify(struct notifier_block * nb,
11732 				  unsigned long state,
11733 				  void *_notify)
11734 {
11735 	struct netlink_notify *notify = _notify;
11736 	struct cfg80211_registered_device *rdev;
11737 	struct wireless_dev *wdev;
11738 	struct cfg80211_beacon_registration *reg, *tmp;
11739 
11740 	if (state != NETLINK_URELEASE)
11741 		return NOTIFY_DONE;
11742 
11743 	rcu_read_lock();
11744 
11745 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
11746 		bool schedule_destroy_work = false;
11747 
11748 		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
11749 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
11750 
11751 			if (wdev->owner_nlportid == notify->portid)
11752 				schedule_destroy_work = true;
11753 		}
11754 
11755 		spin_lock_bh(&rdev->beacon_registrations_lock);
11756 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
11757 					 list) {
11758 			if (reg->nlportid == notify->portid) {
11759 				list_del(&reg->list);
11760 				kfree(reg);
11761 				break;
11762 			}
11763 		}
11764 		spin_unlock_bh(&rdev->beacon_registrations_lock);
11765 
11766 		if (schedule_destroy_work) {
11767 			struct cfg80211_iface_destroy *destroy;
11768 
11769 			destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
11770 			if (destroy) {
11771 				destroy->nlportid = notify->portid;
11772 				spin_lock(&rdev->destroy_list_lock);
11773 				list_add(&destroy->list, &rdev->destroy_list);
11774 				spin_unlock(&rdev->destroy_list_lock);
11775 				schedule_work(&rdev->destroy_work);
11776 			}
11777 		}
11778 	}
11779 
11780 	rcu_read_unlock();
11781 
11782 	return NOTIFY_OK;
11783 }
11784 
11785 static struct notifier_block nl80211_netlink_notifier = {
11786 	.notifier_call = nl80211_netlink_notify,
11787 };
11788 
11789 void cfg80211_ft_event(struct net_device *netdev,
11790 		       struct cfg80211_ft_event_params *ft_event)
11791 {
11792 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
11793 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11794 	struct sk_buff *msg;
11795 	void *hdr;
11796 
11797 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
11798 
11799 	if (!ft_event->target_ap)
11800 		return;
11801 
11802 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11803 	if (!msg)
11804 		return;
11805 
11806 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
11807 	if (!hdr)
11808 		goto out;
11809 
11810 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11811 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11812 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
11813 		goto out;
11814 
11815 	if (ft_event->ies &&
11816 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
11817 		goto out;
11818 	if (ft_event->ric_ies &&
11819 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
11820 		    ft_event->ric_ies))
11821 		goto out;
11822 
11823 	genlmsg_end(msg, hdr);
11824 
11825 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11826 				NL80211_MCGRP_MLME, GFP_KERNEL);
11827 	return;
11828  out:
11829 	nlmsg_free(msg);
11830 }
11831 EXPORT_SYMBOL(cfg80211_ft_event);
11832 
11833 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
11834 {
11835 	struct cfg80211_registered_device *rdev;
11836 	struct sk_buff *msg;
11837 	void *hdr;
11838 	u32 nlportid;
11839 
11840 	rdev = wiphy_to_rdev(wdev->wiphy);
11841 	if (!rdev->crit_proto_nlportid)
11842 		return;
11843 
11844 	nlportid = rdev->crit_proto_nlportid;
11845 	rdev->crit_proto_nlportid = 0;
11846 
11847 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11848 	if (!msg)
11849 		return;
11850 
11851 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
11852 	if (!hdr)
11853 		goto nla_put_failure;
11854 
11855 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11856 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11857 		goto nla_put_failure;
11858 
11859 	genlmsg_end(msg, hdr);
11860 
11861 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11862 	return;
11863 
11864  nla_put_failure:
11865 	if (hdr)
11866 		genlmsg_cancel(msg, hdr);
11867 	nlmsg_free(msg);
11868 
11869 }
11870 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
11871 
11872 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
11873 {
11874 	struct wiphy *wiphy = wdev->wiphy;
11875 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11876 	struct sk_buff *msg;
11877 	void *hdr;
11878 
11879 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11880 	if (!msg)
11881 		return;
11882 
11883 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
11884 	if (!hdr)
11885 		goto out;
11886 
11887 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11888 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
11889 	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11890 		goto out;
11891 
11892 	genlmsg_end(msg, hdr);
11893 
11894 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
11895 				NL80211_MCGRP_MLME, GFP_KERNEL);
11896 	return;
11897  out:
11898 	nlmsg_free(msg);
11899 }
11900 
11901 /* initialisation/exit functions */
11902 
11903 int nl80211_init(void)
11904 {
11905 	int err;
11906 
11907 	err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
11908 						   nl80211_mcgrps);
11909 	if (err)
11910 		return err;
11911 
11912 	err = netlink_register_notifier(&nl80211_netlink_notifier);
11913 	if (err)
11914 		goto err_out;
11915 
11916 	return 0;
11917  err_out:
11918 	genl_unregister_family(&nl80211_fam);
11919 	return err;
11920 }
11921 
11922 void nl80211_exit(void)
11923 {
11924 	netlink_unregister_notifier(&nl80211_netlink_notifier);
11925 	genl_unregister_family(&nl80211_fam);
11926 }
11927