xref: /openbmc/linux/net/wireless/nl80211.c (revision e6f4c346) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * This is the new netlink-based wireless configuration interface.
4  *
5  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
6  * Copyright 2013-2014  Intel Mobile Communications GmbH
7  * Copyright 2015-2017	Intel Deutschland GmbH
8  * Copyright (C) 2018-2019 Intel Corporation
9  */
10 
11 #include <linux/if.h>
12 #include <linux/module.h>
13 #include <linux/err.h>
14 #include <linux/slab.h>
15 #include <linux/list.h>
16 #include <linux/if_ether.h>
17 #include <linux/ieee80211.h>
18 #include <linux/nl80211.h>
19 #include <linux/rtnetlink.h>
20 #include <linux/netlink.h>
21 #include <linux/nospec.h>
22 #include <linux/etherdevice.h>
23 #include <net/net_namespace.h>
24 #include <net/genetlink.h>
25 #include <net/cfg80211.h>
26 #include <net/sock.h>
27 #include <net/inet_connection_sock.h>
28 #include "core.h"
29 #include "nl80211.h"
30 #include "reg.h"
31 #include "rdev-ops.h"
32 
33 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
34 				   struct genl_info *info,
35 				   struct cfg80211_crypto_settings *settings,
36 				   int cipher_limit);
37 
38 /* the netlink family */
39 static struct genl_family nl80211_fam;
40 
41 /* multicast groups */
42 enum nl80211_multicast_groups {
43 	NL80211_MCGRP_CONFIG,
44 	NL80211_MCGRP_SCAN,
45 	NL80211_MCGRP_REGULATORY,
46 	NL80211_MCGRP_MLME,
47 	NL80211_MCGRP_VENDOR,
48 	NL80211_MCGRP_NAN,
49 	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
50 };
51 
52 static const struct genl_multicast_group nl80211_mcgrps[] = {
53 	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
54 	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
55 	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
56 	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
57 	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
58 	[NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
59 #ifdef CONFIG_NL80211_TESTMODE
60 	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
61 #endif
62 };
63 
64 /* returns ERR_PTR values */
65 static struct wireless_dev *
66 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
67 {
68 	struct cfg80211_registered_device *rdev;
69 	struct wireless_dev *result = NULL;
70 	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
71 	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
72 	u64 wdev_id;
73 	int wiphy_idx = -1;
74 	int ifidx = -1;
75 
76 	ASSERT_RTNL();
77 
78 	if (!have_ifidx && !have_wdev_id)
79 		return ERR_PTR(-EINVAL);
80 
81 	if (have_ifidx)
82 		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
83 	if (have_wdev_id) {
84 		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
85 		wiphy_idx = wdev_id >> 32;
86 	}
87 
88 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
89 		struct wireless_dev *wdev;
90 
91 		if (wiphy_net(&rdev->wiphy) != netns)
92 			continue;
93 
94 		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
95 			continue;
96 
97 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
98 			if (have_ifidx && wdev->netdev &&
99 			    wdev->netdev->ifindex == ifidx) {
100 				result = wdev;
101 				break;
102 			}
103 			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
104 				result = wdev;
105 				break;
106 			}
107 		}
108 
109 		if (result)
110 			break;
111 	}
112 
113 	if (result)
114 		return result;
115 	return ERR_PTR(-ENODEV);
116 }
117 
118 static struct cfg80211_registered_device *
119 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
120 {
121 	struct cfg80211_registered_device *rdev = NULL, *tmp;
122 	struct net_device *netdev;
123 
124 	ASSERT_RTNL();
125 
126 	if (!attrs[NL80211_ATTR_WIPHY] &&
127 	    !attrs[NL80211_ATTR_IFINDEX] &&
128 	    !attrs[NL80211_ATTR_WDEV])
129 		return ERR_PTR(-EINVAL);
130 
131 	if (attrs[NL80211_ATTR_WIPHY])
132 		rdev = cfg80211_rdev_by_wiphy_idx(
133 				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
134 
135 	if (attrs[NL80211_ATTR_WDEV]) {
136 		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
137 		struct wireless_dev *wdev;
138 		bool found = false;
139 
140 		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
141 		if (tmp) {
142 			/* make sure wdev exists */
143 			list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
144 				if (wdev->identifier != (u32)wdev_id)
145 					continue;
146 				found = true;
147 				break;
148 			}
149 
150 			if (!found)
151 				tmp = NULL;
152 
153 			if (rdev && tmp != rdev)
154 				return ERR_PTR(-EINVAL);
155 			rdev = tmp;
156 		}
157 	}
158 
159 	if (attrs[NL80211_ATTR_IFINDEX]) {
160 		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
161 
162 		netdev = __dev_get_by_index(netns, ifindex);
163 		if (netdev) {
164 			if (netdev->ieee80211_ptr)
165 				tmp = wiphy_to_rdev(
166 					netdev->ieee80211_ptr->wiphy);
167 			else
168 				tmp = NULL;
169 
170 			/* not wireless device -- return error */
171 			if (!tmp)
172 				return ERR_PTR(-EINVAL);
173 
174 			/* mismatch -- return error */
175 			if (rdev && tmp != rdev)
176 				return ERR_PTR(-EINVAL);
177 
178 			rdev = tmp;
179 		}
180 	}
181 
182 	if (!rdev)
183 		return ERR_PTR(-ENODEV);
184 
185 	if (netns != wiphy_net(&rdev->wiphy))
186 		return ERR_PTR(-ENODEV);
187 
188 	return rdev;
189 }
190 
191 /*
192  * This function returns a pointer to the driver
193  * that the genl_info item that is passed refers to.
194  *
195  * The result of this can be a PTR_ERR and hence must
196  * be checked with IS_ERR() for errors.
197  */
198 static struct cfg80211_registered_device *
199 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
200 {
201 	return __cfg80211_rdev_from_attrs(netns, info->attrs);
202 }
203 
204 static int validate_ie_attr(const struct nlattr *attr,
205 			    struct netlink_ext_ack *extack)
206 {
207 	const u8 *data = nla_data(attr);
208 	unsigned int len = nla_len(attr);
209 	const struct element *elem;
210 
211 	for_each_element(elem, data, len) {
212 		/* nothing */
213 	}
214 
215 	if (for_each_element_completed(elem, data, len))
216 		return 0;
217 
218 	NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
219 	return -EINVAL;
220 }
221 
222 /* policy for the attributes */
223 static const struct nla_policy
224 nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
225 	[NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
226 	[NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
227 					.len = U8_MAX },
228 	[NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
229 					     .len = U8_MAX },
230 };
231 
232 static const struct nla_policy
233 nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
234 	[NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
235 	[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
236 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
237 		NLA_POLICY_MAX(NLA_U8, 15),
238 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
239 	[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
240 		NLA_POLICY_MAX(NLA_U8, 15),
241 	[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
242 		NLA_POLICY_MAX(NLA_U8, 31),
243 	[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
244 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
245 	[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
246 };
247 
248 static const struct nla_policy
249 nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
250 	[NL80211_PMSR_TYPE_FTM] =
251 		NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
252 };
253 
254 static const struct nla_policy
255 nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
256 	[NL80211_PMSR_REQ_ATTR_DATA] =
257 		NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
258 	[NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
259 };
260 
261 static const struct nla_policy
262 nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
263 	[NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
264 	/*
265 	 * we could specify this again to be the top-level policy,
266 	 * but that would open us up to recursion problems ...
267 	 */
268 	[NL80211_PMSR_PEER_ATTR_CHAN] = { .type = NLA_NESTED },
269 	[NL80211_PMSR_PEER_ATTR_REQ] =
270 		NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
271 	[NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
272 };
273 
274 static const struct nla_policy
275 nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
276 	[NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
277 	[NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
278 	[NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
279 	[NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
280 	[NL80211_PMSR_ATTR_PEERS] =
281 		NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
282 };
283 
284 const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
285 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
286 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
287 				      .len = 20-1 },
288 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
289 
290 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
291 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
292 	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
293 	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
294 	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
295 
296 	[NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
297 	[NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
298 	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
299 	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
300 	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
301 	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
302 
303 	[NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
304 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
305 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
306 
307 	[NL80211_ATTR_MAC] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
308 	[NL80211_ATTR_PREV_BSSID] = {
309 		.type = NLA_EXACT_LEN_WARN,
310 		.len = ETH_ALEN
311 	},
312 
313 	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
314 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
315 				    .len = WLAN_MAX_KEY_LEN },
316 	[NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 5),
317 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
318 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
319 	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
320 	[NL80211_ATTR_KEY_TYPE] =
321 		NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
322 
323 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
324 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
325 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
326 				       .len = IEEE80211_MAX_DATA_LEN },
327 	[NL80211_ATTR_BEACON_TAIL] =
328 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
329 				       IEEE80211_MAX_DATA_LEN),
330 	[NL80211_ATTR_STA_AID] =
331 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
332 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
333 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
334 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
335 					       .len = NL80211_MAX_SUPP_RATES },
336 	[NL80211_ATTR_STA_PLINK_ACTION] =
337 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
338 	[NL80211_ATTR_STA_TX_POWER_SETTING] =
339 		NLA_POLICY_RANGE(NLA_U8,
340 				 NL80211_TX_POWER_AUTOMATIC,
341 				 NL80211_TX_POWER_FIXED),
342 	[NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
343 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
344 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
345 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
346 				   .len = IEEE80211_MAX_MESH_ID_LEN },
347 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
348 
349 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
350 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
351 
352 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
353 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
354 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
355 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
356 					   .len = NL80211_MAX_SUPP_RATES },
357 	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
358 
359 	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
360 	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
361 
362 	[NL80211_ATTR_HT_CAPABILITY] = {
363 		.type = NLA_EXACT_LEN_WARN,
364 		.len = NL80211_HT_CAPABILITY_LEN
365 	},
366 
367 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
368 	[NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
369 						   validate_ie_attr,
370 						   IEEE80211_MAX_DATA_LEN),
371 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
372 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
373 
374 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
375 				.len = IEEE80211_MAX_SSID_LEN },
376 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
377 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
378 	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
379 	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
380 	[NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
381 						  NL80211_MFP_NO,
382 						  NL80211_MFP_OPTIONAL),
383 	[NL80211_ATTR_STA_FLAGS2] = {
384 		.len = sizeof(struct nl80211_sta_flag_update),
385 	},
386 	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
387 	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
388 	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
389 	[NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
390 	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
391 	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
392 	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
393 	[NL80211_ATTR_PID] = { .type = NLA_U32 },
394 	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
395 	[NL80211_ATTR_PMKID] = {
396 		.type = NLA_EXACT_LEN_WARN,
397 		.len = WLAN_PMKID_LEN
398 	},
399 	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
400 	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
401 	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
402 	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
403 				 .len = IEEE80211_MAX_DATA_LEN },
404 	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
405 	[NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
406 						   NL80211_PS_DISABLED,
407 						   NL80211_PS_ENABLED),
408 	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
409 	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
410 	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
411 	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
412 	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
413 	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
414 	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
415 	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
416 	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
417 	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
418 	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
419 	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
420 	[NL80211_ATTR_STA_PLINK_STATE] =
421 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
422 	[NL80211_ATTR_MESH_PEER_AID] =
423 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
424 	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
425 	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
426 	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
427 	[NL80211_ATTR_HIDDEN_SSID] =
428 		NLA_POLICY_RANGE(NLA_U32,
429 				 NL80211_HIDDEN_SSID_NOT_IN_USE,
430 				 NL80211_HIDDEN_SSID_ZERO_CONTENTS),
431 	[NL80211_ATTR_IE_PROBE_RESP] =
432 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
433 				       IEEE80211_MAX_DATA_LEN),
434 	[NL80211_ATTR_IE_ASSOC_RESP] =
435 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
436 				       IEEE80211_MAX_DATA_LEN),
437 	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
438 	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
439 	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
440 	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
441 	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
442 	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
443 	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
444 	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
445 	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
446 	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
447 	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
448 				      .len = IEEE80211_MAX_DATA_LEN },
449 	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
450 	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
451 	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
452 		.len = NL80211_HT_CAPABILITY_LEN
453 	},
454 	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
455 	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
456 	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
457 	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
458 	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
459 	[NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
460 	[NL80211_ATTR_VHT_CAPABILITY] = {
461 		.type = NLA_EXACT_LEN_WARN,
462 		.len = NL80211_VHT_CAPABILITY_LEN
463 	},
464 	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
465 	[NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
466 	[NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
467 	[NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
468 		NLA_POLICY_RANGE(NLA_U32,
469 				 NL80211_MESH_POWER_UNKNOWN + 1,
470 				 NL80211_MESH_POWER_MAX),
471 	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
472 	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
473 	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
474 	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
475 	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
476 	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
477 	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
478 		.len = NL80211_VHT_CAPABILITY_LEN,
479 	},
480 	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
481 	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
482 				  .len = IEEE80211_MAX_DATA_LEN },
483 	[NL80211_ATTR_PEER_AID] =
484 		NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
485 	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
486 	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
487 	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
488 	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
489 	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
490 	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
491 	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
492 	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
493 	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
494 	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
495 	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
496 	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
497 	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
498 				   .len = IEEE80211_QOS_MAP_LEN_MAX },
499 	[NL80211_ATTR_MAC_HINT] = {
500 		.type = NLA_EXACT_LEN_WARN,
501 		.len = ETH_ALEN
502 	},
503 	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
504 	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
505 	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
506 	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
507 	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
508 	[NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
509 	[NL80211_ATTR_USER_PRIO] =
510 		NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
511 	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
512 	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
513 	[NL80211_ATTR_MAC_MASK] = {
514 		.type = NLA_EXACT_LEN_WARN,
515 		.len = ETH_ALEN
516 	},
517 	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
518 	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
519 	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
520 	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
521 	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
522 	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
523 	[NL80211_ATTR_STA_SUPPORT_P2P_PS] =
524 		NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
525 	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
526 		.len = VHT_MUMIMO_GROUPS_DATA_LEN
527 	},
528 	[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = {
529 		.type = NLA_EXACT_LEN_WARN,
530 		.len = ETH_ALEN
531 	},
532 	[NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
533 	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
534 	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
535 	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
536 				    .len = FILS_MAX_KEK_LEN },
537 	[NL80211_ATTR_FILS_NONCES] = {
538 		.type = NLA_EXACT_LEN_WARN,
539 		.len = 2 * FILS_NONCE_LEN
540 	},
541 	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
542 	[NL80211_ATTR_BSSID] = { .type = NLA_EXACT_LEN_WARN, .len = ETH_ALEN },
543 	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
544 	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
545 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
546 	},
547 	[NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
548 	[NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
549 					     .len = FILS_ERP_MAX_USERNAME_LEN },
550 	[NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
551 					  .len = FILS_ERP_MAX_REALM_LEN },
552 	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
553 	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
554 					.len = FILS_ERP_MAX_RRK_LEN },
555 	[NL80211_ATTR_FILS_CACHE_ID] = { .type = NLA_EXACT_LEN_WARN, .len = 2 },
556 	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
557 	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
558 	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
559 
560 	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
561 	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
562 	[NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
563 	[NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
564 					 .len = NL80211_HE_MAX_CAPABILITY_LEN },
565 
566 	[NL80211_ATTR_FTM_RESPONDER] = {
567 		.type = NLA_NESTED,
568 		.validation_data = nl80211_ftm_responder_policy,
569 	},
570 	[NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
571 	[NL80211_ATTR_PEER_MEASUREMENTS] =
572 		NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
573 	[NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
574 	[NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
575 					.len = SAE_PASSWORD_MAX_LEN },
576 	[NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
577 };
578 
579 /* policy for the key attributes */
580 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
581 	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
582 	[NL80211_KEY_IDX] = { .type = NLA_U8 },
583 	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
584 	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
585 	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
586 	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
587 	[NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
588 	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
589 	[NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
590 };
591 
592 /* policy for the key default flags */
593 static const struct nla_policy
594 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
595 	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
596 	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
597 };
598 
599 #ifdef CONFIG_PM
600 /* policy for WoWLAN attributes */
601 static const struct nla_policy
602 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
603 	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
604 	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
605 	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
606 	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
607 	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
608 	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
609 	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
610 	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
611 	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
612 	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
613 };
614 
615 static const struct nla_policy
616 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
617 	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
618 	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
619 	[NL80211_WOWLAN_TCP_DST_MAC] = {
620 		.type = NLA_EXACT_LEN_WARN,
621 		.len = ETH_ALEN
622 	},
623 	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
624 	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
625 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
626 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
627 		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
628 	},
629 	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
630 		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
631 	},
632 	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
633 	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .type = NLA_MIN_LEN, .len = 1 },
634 	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .type = NLA_MIN_LEN, .len = 1 },
635 };
636 #endif /* CONFIG_PM */
637 
638 /* policy for coalesce rule attributes */
639 static const struct nla_policy
640 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
641 	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
642 	[NL80211_ATTR_COALESCE_RULE_CONDITION] =
643 		NLA_POLICY_RANGE(NLA_U32,
644 				 NL80211_COALESCE_CONDITION_MATCH,
645 				 NL80211_COALESCE_CONDITION_NO_MATCH),
646 	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
647 };
648 
649 /* policy for GTK rekey offload attributes */
650 static const struct nla_policy
651 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
652 	[NL80211_REKEY_DATA_KEK] = {
653 		.type = NLA_EXACT_LEN_WARN,
654 		.len = NL80211_KEK_LEN,
655 	},
656 	[NL80211_REKEY_DATA_KCK] = {
657 		.type = NLA_EXACT_LEN_WARN,
658 		.len = NL80211_KCK_LEN,
659 	},
660 	[NL80211_REKEY_DATA_REPLAY_CTR] = {
661 		.type = NLA_EXACT_LEN_WARN,
662 		.len = NL80211_REPLAY_CTR_LEN
663 	},
664 };
665 
666 static const struct nla_policy
667 nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
668 	[NL80211_BAND_2GHZ] = { .type = NLA_S32 },
669 	[NL80211_BAND_5GHZ] = { .type = NLA_S32 },
670 	[NL80211_BAND_60GHZ] = { .type = NLA_S32 },
671 };
672 
673 static const struct nla_policy
674 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
675 	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
676 						 .len = IEEE80211_MAX_SSID_LEN },
677 	[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = {
678 		.type = NLA_EXACT_LEN_WARN,
679 		.len = ETH_ALEN
680 	},
681 	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
682 	[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
683 		NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
684 };
685 
686 static const struct nla_policy
687 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
688 	[NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
689 	[NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
690 };
691 
692 static const struct nla_policy
693 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
694 	[NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
695 	[NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
696 	[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
697 		.len = sizeof(struct nl80211_bss_select_rssi_adjust)
698 	},
699 };
700 
701 /* policy for NAN function attributes */
702 static const struct nla_policy
703 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
704 	[NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
705 	[NL80211_NAN_FUNC_SERVICE_ID] = {
706 				    .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
707 	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
708 	[NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
709 	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
710 	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
711 	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
712 	[NL80211_NAN_FUNC_FOLLOW_UP_DEST] = {
713 		.type = NLA_EXACT_LEN_WARN,
714 		.len = ETH_ALEN
715 	},
716 	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
717 	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
718 	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
719 			.len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
720 	[NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
721 	[NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
722 	[NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
723 	[NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
724 	[NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
725 };
726 
727 /* policy for Service Response Filter attributes */
728 static const struct nla_policy
729 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
730 	[NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
731 	[NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
732 				 .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
733 	[NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
734 	[NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
735 };
736 
737 /* policy for packet pattern attributes */
738 static const struct nla_policy
739 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
740 	[NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
741 	[NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
742 	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
743 };
744 
745 int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
746 			      struct cfg80211_registered_device **rdev,
747 			      struct wireless_dev **wdev)
748 {
749 	int err;
750 
751 	if (!cb->args[0]) {
752 		err = nlmsg_parse_deprecated(cb->nlh,
753 					     GENL_HDRLEN + nl80211_fam.hdrsize,
754 					     genl_family_attrbuf(&nl80211_fam),
755 					     nl80211_fam.maxattr,
756 					     nl80211_policy, NULL);
757 		if (err)
758 			return err;
759 
760 		*wdev = __cfg80211_wdev_from_attrs(
761 					sock_net(cb->skb->sk),
762 					genl_family_attrbuf(&nl80211_fam));
763 		if (IS_ERR(*wdev))
764 			return PTR_ERR(*wdev);
765 		*rdev = wiphy_to_rdev((*wdev)->wiphy);
766 		/* 0 is the first index - add 1 to parse only once */
767 		cb->args[0] = (*rdev)->wiphy_idx + 1;
768 		cb->args[1] = (*wdev)->identifier;
769 	} else {
770 		/* subtract the 1 again here */
771 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
772 		struct wireless_dev *tmp;
773 
774 		if (!wiphy)
775 			return -ENODEV;
776 		*rdev = wiphy_to_rdev(wiphy);
777 		*wdev = NULL;
778 
779 		list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
780 			if (tmp->identifier == cb->args[1]) {
781 				*wdev = tmp;
782 				break;
783 			}
784 		}
785 
786 		if (!*wdev)
787 			return -ENODEV;
788 	}
789 
790 	return 0;
791 }
792 
793 /* message building helper */
794 void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
795 		     int flags, u8 cmd)
796 {
797 	/* since there is no private header just add the generic one */
798 	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
799 }
800 
801 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
802 				     const struct ieee80211_reg_rule *rule)
803 {
804 	int j;
805 	struct nlattr *nl_wmm_rules =
806 		nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
807 
808 	if (!nl_wmm_rules)
809 		goto nla_put_failure;
810 
811 	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
812 		struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
813 
814 		if (!nl_wmm_rule)
815 			goto nla_put_failure;
816 
817 		if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
818 				rule->wmm_rule.client[j].cw_min) ||
819 		    nla_put_u16(msg, NL80211_WMMR_CW_MAX,
820 				rule->wmm_rule.client[j].cw_max) ||
821 		    nla_put_u8(msg, NL80211_WMMR_AIFSN,
822 			       rule->wmm_rule.client[j].aifsn) ||
823 		    nla_put_u16(msg, NL80211_WMMR_TXOP,
824 			        rule->wmm_rule.client[j].cot))
825 			goto nla_put_failure;
826 
827 		nla_nest_end(msg, nl_wmm_rule);
828 	}
829 	nla_nest_end(msg, nl_wmm_rules);
830 
831 	return 0;
832 
833 nla_put_failure:
834 	return -ENOBUFS;
835 }
836 
837 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
838 				   struct ieee80211_channel *chan,
839 				   bool large)
840 {
841 	/* Some channels must be completely excluded from the
842 	 * list to protect old user-space tools from breaking
843 	 */
844 	if (!large && chan->flags &
845 	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
846 		return 0;
847 
848 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
849 			chan->center_freq))
850 		goto nla_put_failure;
851 
852 	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
853 	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
854 		goto nla_put_failure;
855 	if (chan->flags & IEEE80211_CHAN_NO_IR) {
856 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
857 			goto nla_put_failure;
858 		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
859 			goto nla_put_failure;
860 	}
861 	if (chan->flags & IEEE80211_CHAN_RADAR) {
862 		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
863 			goto nla_put_failure;
864 		if (large) {
865 			u32 time;
866 
867 			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
868 
869 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
870 					chan->dfs_state))
871 				goto nla_put_failure;
872 			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
873 					time))
874 				goto nla_put_failure;
875 			if (nla_put_u32(msg,
876 					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
877 					chan->dfs_cac_ms))
878 				goto nla_put_failure;
879 		}
880 	}
881 
882 	if (large) {
883 		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
884 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
885 			goto nla_put_failure;
886 		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
887 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
888 			goto nla_put_failure;
889 		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
890 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
891 			goto nla_put_failure;
892 		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
893 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
894 			goto nla_put_failure;
895 		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
896 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
897 			goto nla_put_failure;
898 		if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
899 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
900 			goto nla_put_failure;
901 		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
902 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
903 			goto nla_put_failure;
904 		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
905 		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
906 			goto nla_put_failure;
907 	}
908 
909 	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
910 			DBM_TO_MBM(chan->max_power)))
911 		goto nla_put_failure;
912 
913 	if (large) {
914 		const struct ieee80211_reg_rule *rule =
915 			freq_reg_info(wiphy, MHZ_TO_KHZ(chan->center_freq));
916 
917 		if (!IS_ERR_OR_NULL(rule) && rule->has_wmm) {
918 			if (nl80211_msg_put_wmm_rules(msg, rule))
919 				goto nla_put_failure;
920 		}
921 	}
922 
923 	return 0;
924 
925  nla_put_failure:
926 	return -ENOBUFS;
927 }
928 
929 static bool nl80211_put_txq_stats(struct sk_buff *msg,
930 				  struct cfg80211_txq_stats *txqstats,
931 				  int attrtype)
932 {
933 	struct nlattr *txqattr;
934 
935 #define PUT_TXQVAL_U32(attr, memb) do {					  \
936 	if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&	  \
937 	    nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
938 		return false;						  \
939 	} while (0)
940 
941 	txqattr = nla_nest_start_noflag(msg, attrtype);
942 	if (!txqattr)
943 		return false;
944 
945 	PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
946 	PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
947 	PUT_TXQVAL_U32(FLOWS, flows);
948 	PUT_TXQVAL_U32(DROPS, drops);
949 	PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
950 	PUT_TXQVAL_U32(OVERLIMIT, overlimit);
951 	PUT_TXQVAL_U32(OVERMEMORY, overmemory);
952 	PUT_TXQVAL_U32(COLLISIONS, collisions);
953 	PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
954 	PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
955 	PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
956 	nla_nest_end(msg, txqattr);
957 
958 #undef PUT_TXQVAL_U32
959 	return true;
960 }
961 
962 /* netlink command implementations */
963 
964 struct key_parse {
965 	struct key_params p;
966 	int idx;
967 	int type;
968 	bool def, defmgmt;
969 	bool def_uni, def_multi;
970 };
971 
972 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
973 				 struct key_parse *k)
974 {
975 	struct nlattr *tb[NL80211_KEY_MAX + 1];
976 	int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
977 					      nl80211_key_policy,
978 					      info->extack);
979 	if (err)
980 		return err;
981 
982 	k->def = !!tb[NL80211_KEY_DEFAULT];
983 	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
984 
985 	if (k->def) {
986 		k->def_uni = true;
987 		k->def_multi = true;
988 	}
989 	if (k->defmgmt)
990 		k->def_multi = true;
991 
992 	if (tb[NL80211_KEY_IDX])
993 		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
994 
995 	if (tb[NL80211_KEY_DATA]) {
996 		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
997 		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
998 	}
999 
1000 	if (tb[NL80211_KEY_SEQ]) {
1001 		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
1002 		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
1003 	}
1004 
1005 	if (tb[NL80211_KEY_CIPHER])
1006 		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
1007 
1008 	if (tb[NL80211_KEY_TYPE])
1009 		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
1010 
1011 	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
1012 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1013 
1014 		err = nla_parse_nested_deprecated(kdt,
1015 						  NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1016 						  tb[NL80211_KEY_DEFAULT_TYPES],
1017 						  nl80211_key_default_policy,
1018 						  info->extack);
1019 		if (err)
1020 			return err;
1021 
1022 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1023 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1024 	}
1025 
1026 	if (tb[NL80211_KEY_MODE])
1027 		k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
1028 
1029 	return 0;
1030 }
1031 
1032 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
1033 {
1034 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
1035 		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
1036 		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
1037 	}
1038 
1039 	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
1040 		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
1041 		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
1042 	}
1043 
1044 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1045 		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1046 
1047 	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
1048 		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
1049 
1050 	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
1051 	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
1052 
1053 	if (k->def) {
1054 		k->def_uni = true;
1055 		k->def_multi = true;
1056 	}
1057 	if (k->defmgmt)
1058 		k->def_multi = true;
1059 
1060 	if (info->attrs[NL80211_ATTR_KEY_TYPE])
1061 		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1062 
1063 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
1064 		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
1065 		int err = nla_parse_nested_deprecated(kdt,
1066 						      NUM_NL80211_KEY_DEFAULT_TYPES - 1,
1067 						      info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
1068 						      nl80211_key_default_policy,
1069 						      info->extack);
1070 		if (err)
1071 			return err;
1072 
1073 		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
1074 		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
1075 	}
1076 
1077 	return 0;
1078 }
1079 
1080 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
1081 {
1082 	int err;
1083 
1084 	memset(k, 0, sizeof(*k));
1085 	k->idx = -1;
1086 	k->type = -1;
1087 
1088 	if (info->attrs[NL80211_ATTR_KEY])
1089 		err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
1090 	else
1091 		err = nl80211_parse_key_old(info, k);
1092 
1093 	if (err)
1094 		return err;
1095 
1096 	if (k->def && k->defmgmt) {
1097 		GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
1098 		return -EINVAL;
1099 	}
1100 
1101 	if (k->defmgmt) {
1102 		if (k->def_uni || !k->def_multi) {
1103 			GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
1104 			return -EINVAL;
1105 		}
1106 	}
1107 
1108 	if (k->idx != -1) {
1109 		if (k->defmgmt) {
1110 			if (k->idx < 4 || k->idx > 5) {
1111 				GENL_SET_ERR_MSG(info,
1112 						 "defmgmt key idx not 4 or 5");
1113 				return -EINVAL;
1114 			}
1115 		} else if (k->def) {
1116 			if (k->idx < 0 || k->idx > 3) {
1117 				GENL_SET_ERR_MSG(info, "def key idx not 0-3");
1118 				return -EINVAL;
1119 			}
1120 		} else {
1121 			if (k->idx < 0 || k->idx > 5) {
1122 				GENL_SET_ERR_MSG(info, "key idx not 0-5");
1123 				return -EINVAL;
1124 			}
1125 		}
1126 	}
1127 
1128 	return 0;
1129 }
1130 
1131 static struct cfg80211_cached_keys *
1132 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
1133 		       struct genl_info *info, bool *no_ht)
1134 {
1135 	struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
1136 	struct key_parse parse;
1137 	struct nlattr *key;
1138 	struct cfg80211_cached_keys *result;
1139 	int rem, err, def = 0;
1140 	bool have_key = false;
1141 
1142 	nla_for_each_nested(key, keys, rem) {
1143 		have_key = true;
1144 		break;
1145 	}
1146 
1147 	if (!have_key)
1148 		return NULL;
1149 
1150 	result = kzalloc(sizeof(*result), GFP_KERNEL);
1151 	if (!result)
1152 		return ERR_PTR(-ENOMEM);
1153 
1154 	result->def = -1;
1155 
1156 	nla_for_each_nested(key, keys, rem) {
1157 		memset(&parse, 0, sizeof(parse));
1158 		parse.idx = -1;
1159 
1160 		err = nl80211_parse_key_new(info, key, &parse);
1161 		if (err)
1162 			goto error;
1163 		err = -EINVAL;
1164 		if (!parse.p.key)
1165 			goto error;
1166 		if (parse.idx < 0 || parse.idx > 3) {
1167 			GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1168 			goto error;
1169 		}
1170 		if (parse.def) {
1171 			if (def) {
1172 				GENL_SET_ERR_MSG(info,
1173 						 "only one key can be default");
1174 				goto error;
1175 			}
1176 			def = 1;
1177 			result->def = parse.idx;
1178 			if (!parse.def_uni || !parse.def_multi)
1179 				goto error;
1180 		} else if (parse.defmgmt)
1181 			goto error;
1182 		err = cfg80211_validate_key_settings(rdev, &parse.p,
1183 						     parse.idx, false, NULL);
1184 		if (err)
1185 			goto error;
1186 		if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1187 		    parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1188 			GENL_SET_ERR_MSG(info, "connect key must be WEP");
1189 			err = -EINVAL;
1190 			goto error;
1191 		}
1192 		result->params[parse.idx].cipher = parse.p.cipher;
1193 		result->params[parse.idx].key_len = parse.p.key_len;
1194 		result->params[parse.idx].key = result->data[parse.idx];
1195 		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1196 
1197 		/* must be WEP key if we got here */
1198 		if (no_ht)
1199 			*no_ht = true;
1200 	}
1201 
1202 	if (result->def < 0) {
1203 		err = -EINVAL;
1204 		GENL_SET_ERR_MSG(info, "need a default/TX key");
1205 		goto error;
1206 	}
1207 
1208 	return result;
1209  error:
1210 	kfree(result);
1211 	return ERR_PTR(err);
1212 }
1213 
1214 static int nl80211_key_allowed(struct wireless_dev *wdev)
1215 {
1216 	ASSERT_WDEV_LOCK(wdev);
1217 
1218 	switch (wdev->iftype) {
1219 	case NL80211_IFTYPE_AP:
1220 	case NL80211_IFTYPE_AP_VLAN:
1221 	case NL80211_IFTYPE_P2P_GO:
1222 	case NL80211_IFTYPE_MESH_POINT:
1223 		break;
1224 	case NL80211_IFTYPE_ADHOC:
1225 	case NL80211_IFTYPE_STATION:
1226 	case NL80211_IFTYPE_P2P_CLIENT:
1227 		if (!wdev->current_bss)
1228 			return -ENOLINK;
1229 		break;
1230 	case NL80211_IFTYPE_UNSPECIFIED:
1231 	case NL80211_IFTYPE_OCB:
1232 	case NL80211_IFTYPE_MONITOR:
1233 	case NL80211_IFTYPE_NAN:
1234 	case NL80211_IFTYPE_P2P_DEVICE:
1235 	case NL80211_IFTYPE_WDS:
1236 	case NUM_NL80211_IFTYPES:
1237 		return -EINVAL;
1238 	}
1239 
1240 	return 0;
1241 }
1242 
1243 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1244 							struct nlattr *tb)
1245 {
1246 	struct ieee80211_channel *chan;
1247 
1248 	if (tb == NULL)
1249 		return NULL;
1250 	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1251 	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1252 		return NULL;
1253 	return chan;
1254 }
1255 
1256 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1257 {
1258 	struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1259 	int i;
1260 
1261 	if (!nl_modes)
1262 		goto nla_put_failure;
1263 
1264 	i = 0;
1265 	while (ifmodes) {
1266 		if ((ifmodes & 1) && nla_put_flag(msg, i))
1267 			goto nla_put_failure;
1268 		ifmodes >>= 1;
1269 		i++;
1270 	}
1271 
1272 	nla_nest_end(msg, nl_modes);
1273 	return 0;
1274 
1275 nla_put_failure:
1276 	return -ENOBUFS;
1277 }
1278 
1279 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1280 					  struct sk_buff *msg,
1281 					  bool large)
1282 {
1283 	struct nlattr *nl_combis;
1284 	int i, j;
1285 
1286 	nl_combis = nla_nest_start_noflag(msg,
1287 					  NL80211_ATTR_INTERFACE_COMBINATIONS);
1288 	if (!nl_combis)
1289 		goto nla_put_failure;
1290 
1291 	for (i = 0; i < wiphy->n_iface_combinations; i++) {
1292 		const struct ieee80211_iface_combination *c;
1293 		struct nlattr *nl_combi, *nl_limits;
1294 
1295 		c = &wiphy->iface_combinations[i];
1296 
1297 		nl_combi = nla_nest_start_noflag(msg, i + 1);
1298 		if (!nl_combi)
1299 			goto nla_put_failure;
1300 
1301 		nl_limits = nla_nest_start_noflag(msg,
1302 						  NL80211_IFACE_COMB_LIMITS);
1303 		if (!nl_limits)
1304 			goto nla_put_failure;
1305 
1306 		for (j = 0; j < c->n_limits; j++) {
1307 			struct nlattr *nl_limit;
1308 
1309 			nl_limit = nla_nest_start_noflag(msg, j + 1);
1310 			if (!nl_limit)
1311 				goto nla_put_failure;
1312 			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1313 					c->limits[j].max))
1314 				goto nla_put_failure;
1315 			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1316 						c->limits[j].types))
1317 				goto nla_put_failure;
1318 			nla_nest_end(msg, nl_limit);
1319 		}
1320 
1321 		nla_nest_end(msg, nl_limits);
1322 
1323 		if (c->beacon_int_infra_match &&
1324 		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1325 			goto nla_put_failure;
1326 		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1327 				c->num_different_channels) ||
1328 		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1329 				c->max_interfaces))
1330 			goto nla_put_failure;
1331 		if (large &&
1332 		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1333 				c->radar_detect_widths) ||
1334 		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1335 				c->radar_detect_regions)))
1336 			goto nla_put_failure;
1337 		if (c->beacon_int_min_gcd &&
1338 		    nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1339 				c->beacon_int_min_gcd))
1340 			goto nla_put_failure;
1341 
1342 		nla_nest_end(msg, nl_combi);
1343 	}
1344 
1345 	nla_nest_end(msg, nl_combis);
1346 
1347 	return 0;
1348 nla_put_failure:
1349 	return -ENOBUFS;
1350 }
1351 
1352 #ifdef CONFIG_PM
1353 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1354 					struct sk_buff *msg)
1355 {
1356 	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1357 	struct nlattr *nl_tcp;
1358 
1359 	if (!tcp)
1360 		return 0;
1361 
1362 	nl_tcp = nla_nest_start_noflag(msg,
1363 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1364 	if (!nl_tcp)
1365 		return -ENOBUFS;
1366 
1367 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1368 			tcp->data_payload_max))
1369 		return -ENOBUFS;
1370 
1371 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1372 			tcp->data_payload_max))
1373 		return -ENOBUFS;
1374 
1375 	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1376 		return -ENOBUFS;
1377 
1378 	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1379 				sizeof(*tcp->tok), tcp->tok))
1380 		return -ENOBUFS;
1381 
1382 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1383 			tcp->data_interval_max))
1384 		return -ENOBUFS;
1385 
1386 	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1387 			tcp->wake_payload_max))
1388 		return -ENOBUFS;
1389 
1390 	nla_nest_end(msg, nl_tcp);
1391 	return 0;
1392 }
1393 
1394 static int nl80211_send_wowlan(struct sk_buff *msg,
1395 			       struct cfg80211_registered_device *rdev,
1396 			       bool large)
1397 {
1398 	struct nlattr *nl_wowlan;
1399 
1400 	if (!rdev->wiphy.wowlan)
1401 		return 0;
1402 
1403 	nl_wowlan = nla_nest_start_noflag(msg,
1404 					  NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1405 	if (!nl_wowlan)
1406 		return -ENOBUFS;
1407 
1408 	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1409 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1410 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1411 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1412 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1413 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1414 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1415 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1416 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1417 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1418 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1419 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1420 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1421 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1422 	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1423 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1424 		return -ENOBUFS;
1425 
1426 	if (rdev->wiphy.wowlan->n_patterns) {
1427 		struct nl80211_pattern_support pat = {
1428 			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1429 			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1430 			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1431 			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1432 		};
1433 
1434 		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1435 			    sizeof(pat), &pat))
1436 			return -ENOBUFS;
1437 	}
1438 
1439 	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1440 	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1441 			rdev->wiphy.wowlan->max_nd_match_sets))
1442 		return -ENOBUFS;
1443 
1444 	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1445 		return -ENOBUFS;
1446 
1447 	nla_nest_end(msg, nl_wowlan);
1448 
1449 	return 0;
1450 }
1451 #endif
1452 
1453 static int nl80211_send_coalesce(struct sk_buff *msg,
1454 				 struct cfg80211_registered_device *rdev)
1455 {
1456 	struct nl80211_coalesce_rule_support rule;
1457 
1458 	if (!rdev->wiphy.coalesce)
1459 		return 0;
1460 
1461 	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1462 	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1463 	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1464 	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1465 	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1466 	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1467 
1468 	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1469 		return -ENOBUFS;
1470 
1471 	return 0;
1472 }
1473 
1474 static int
1475 nl80211_send_iftype_data(struct sk_buff *msg,
1476 			 const struct ieee80211_sband_iftype_data *iftdata)
1477 {
1478 	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1479 
1480 	if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1481 				iftdata->types_mask))
1482 		return -ENOBUFS;
1483 
1484 	if (he_cap->has_he) {
1485 		if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1486 			    sizeof(he_cap->he_cap_elem.mac_cap_info),
1487 			    he_cap->he_cap_elem.mac_cap_info) ||
1488 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1489 			    sizeof(he_cap->he_cap_elem.phy_cap_info),
1490 			    he_cap->he_cap_elem.phy_cap_info) ||
1491 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1492 			    sizeof(he_cap->he_mcs_nss_supp),
1493 			    &he_cap->he_mcs_nss_supp) ||
1494 		    nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1495 			    sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1496 			return -ENOBUFS;
1497 	}
1498 
1499 	return 0;
1500 }
1501 
1502 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1503 				      struct ieee80211_supported_band *sband)
1504 {
1505 	struct nlattr *nl_rates, *nl_rate;
1506 	struct ieee80211_rate *rate;
1507 	int i;
1508 
1509 	/* add HT info */
1510 	if (sband->ht_cap.ht_supported &&
1511 	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1512 		     sizeof(sband->ht_cap.mcs),
1513 		     &sband->ht_cap.mcs) ||
1514 	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1515 			 sband->ht_cap.cap) ||
1516 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1517 			sband->ht_cap.ampdu_factor) ||
1518 	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1519 			sband->ht_cap.ampdu_density)))
1520 		return -ENOBUFS;
1521 
1522 	/* add VHT info */
1523 	if (sband->vht_cap.vht_supported &&
1524 	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1525 		     sizeof(sband->vht_cap.vht_mcs),
1526 		     &sband->vht_cap.vht_mcs) ||
1527 	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1528 			 sband->vht_cap.cap)))
1529 		return -ENOBUFS;
1530 
1531 	if (sband->n_iftype_data) {
1532 		struct nlattr *nl_iftype_data =
1533 			nla_nest_start_noflag(msg,
1534 					      NL80211_BAND_ATTR_IFTYPE_DATA);
1535 		int err;
1536 
1537 		if (!nl_iftype_data)
1538 			return -ENOBUFS;
1539 
1540 		for (i = 0; i < sband->n_iftype_data; i++) {
1541 			struct nlattr *iftdata;
1542 
1543 			iftdata = nla_nest_start_noflag(msg, i + 1);
1544 			if (!iftdata)
1545 				return -ENOBUFS;
1546 
1547 			err = nl80211_send_iftype_data(msg,
1548 						       &sband->iftype_data[i]);
1549 			if (err)
1550 				return err;
1551 
1552 			nla_nest_end(msg, iftdata);
1553 		}
1554 
1555 		nla_nest_end(msg, nl_iftype_data);
1556 	}
1557 
1558 	/* add bitrates */
1559 	nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1560 	if (!nl_rates)
1561 		return -ENOBUFS;
1562 
1563 	for (i = 0; i < sband->n_bitrates; i++) {
1564 		nl_rate = nla_nest_start_noflag(msg, i);
1565 		if (!nl_rate)
1566 			return -ENOBUFS;
1567 
1568 		rate = &sband->bitrates[i];
1569 		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1570 				rate->bitrate))
1571 			return -ENOBUFS;
1572 		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1573 		    nla_put_flag(msg,
1574 				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1575 			return -ENOBUFS;
1576 
1577 		nla_nest_end(msg, nl_rate);
1578 	}
1579 
1580 	nla_nest_end(msg, nl_rates);
1581 
1582 	return 0;
1583 }
1584 
1585 static int
1586 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1587 			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1588 {
1589 	u16 stypes;
1590 	struct nlattr *nl_ftypes, *nl_ifs;
1591 	enum nl80211_iftype ift;
1592 	int i;
1593 
1594 	if (!mgmt_stypes)
1595 		return 0;
1596 
1597 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1598 	if (!nl_ifs)
1599 		return -ENOBUFS;
1600 
1601 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1602 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1603 		if (!nl_ftypes)
1604 			return -ENOBUFS;
1605 		i = 0;
1606 		stypes = mgmt_stypes[ift].tx;
1607 		while (stypes) {
1608 			if ((stypes & 1) &&
1609 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1610 					(i << 4) | IEEE80211_FTYPE_MGMT))
1611 				return -ENOBUFS;
1612 			stypes >>= 1;
1613 			i++;
1614 		}
1615 		nla_nest_end(msg, nl_ftypes);
1616 	}
1617 
1618 	nla_nest_end(msg, nl_ifs);
1619 
1620 	nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1621 	if (!nl_ifs)
1622 		return -ENOBUFS;
1623 
1624 	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1625 		nl_ftypes = nla_nest_start_noflag(msg, ift);
1626 		if (!nl_ftypes)
1627 			return -ENOBUFS;
1628 		i = 0;
1629 		stypes = mgmt_stypes[ift].rx;
1630 		while (stypes) {
1631 			if ((stypes & 1) &&
1632 			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1633 					(i << 4) | IEEE80211_FTYPE_MGMT))
1634 				return -ENOBUFS;
1635 			stypes >>= 1;
1636 			i++;
1637 		}
1638 		nla_nest_end(msg, nl_ftypes);
1639 	}
1640 	nla_nest_end(msg, nl_ifs);
1641 
1642 	return 0;
1643 }
1644 
1645 #define CMD(op, n)							\
1646 	 do {								\
1647 		if (rdev->ops->op) {					\
1648 			i++;						\
1649 			if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) 	\
1650 				goto nla_put_failure;			\
1651 		}							\
1652 	} while (0)
1653 
1654 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1655 					struct sk_buff *msg)
1656 {
1657 	int i = 0;
1658 
1659 	/*
1660 	 * do *NOT* add anything into this function, new things need to be
1661 	 * advertised only to new versions of userspace that can deal with
1662 	 * the split (and they can't possibly care about new features...
1663 	 */
1664 	CMD(add_virtual_intf, NEW_INTERFACE);
1665 	CMD(change_virtual_intf, SET_INTERFACE);
1666 	CMD(add_key, NEW_KEY);
1667 	CMD(start_ap, START_AP);
1668 	CMD(add_station, NEW_STATION);
1669 	CMD(add_mpath, NEW_MPATH);
1670 	CMD(update_mesh_config, SET_MESH_CONFIG);
1671 	CMD(change_bss, SET_BSS);
1672 	CMD(auth, AUTHENTICATE);
1673 	CMD(assoc, ASSOCIATE);
1674 	CMD(deauth, DEAUTHENTICATE);
1675 	CMD(disassoc, DISASSOCIATE);
1676 	CMD(join_ibss, JOIN_IBSS);
1677 	CMD(join_mesh, JOIN_MESH);
1678 	CMD(set_pmksa, SET_PMKSA);
1679 	CMD(del_pmksa, DEL_PMKSA);
1680 	CMD(flush_pmksa, FLUSH_PMKSA);
1681 	if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1682 		CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1683 	CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1684 	CMD(mgmt_tx, FRAME);
1685 	CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1686 	if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1687 		i++;
1688 		if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1689 			goto nla_put_failure;
1690 	}
1691 	if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1692 	    rdev->ops->join_mesh) {
1693 		i++;
1694 		if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1695 			goto nla_put_failure;
1696 	}
1697 	CMD(set_wds_peer, SET_WDS_PEER);
1698 	if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1699 		CMD(tdls_mgmt, TDLS_MGMT);
1700 		CMD(tdls_oper, TDLS_OPER);
1701 	}
1702 	if (rdev->wiphy.max_sched_scan_reqs)
1703 		CMD(sched_scan_start, START_SCHED_SCAN);
1704 	CMD(probe_client, PROBE_CLIENT);
1705 	CMD(set_noack_map, SET_NOACK_MAP);
1706 	if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1707 		i++;
1708 		if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1709 			goto nla_put_failure;
1710 	}
1711 	CMD(start_p2p_device, START_P2P_DEVICE);
1712 	CMD(set_mcast_rate, SET_MCAST_RATE);
1713 #ifdef CONFIG_NL80211_TESTMODE
1714 	CMD(testmode_cmd, TESTMODE);
1715 #endif
1716 
1717 	if (rdev->ops->connect || rdev->ops->auth) {
1718 		i++;
1719 		if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1720 			goto nla_put_failure;
1721 	}
1722 
1723 	if (rdev->ops->disconnect || rdev->ops->deauth) {
1724 		i++;
1725 		if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1726 			goto nla_put_failure;
1727 	}
1728 
1729 	return i;
1730  nla_put_failure:
1731 	return -ENOBUFS;
1732 }
1733 
1734 static int
1735 nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
1736 			   struct sk_buff *msg)
1737 {
1738 	struct nlattr *ftm;
1739 
1740 	if (!cap->ftm.supported)
1741 		return 0;
1742 
1743 	ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
1744 	if (!ftm)
1745 		return -ENOBUFS;
1746 
1747 	if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
1748 		return -ENOBUFS;
1749 	if (cap->ftm.non_asap &&
1750 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
1751 		return -ENOBUFS;
1752 	if (cap->ftm.request_lci &&
1753 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
1754 		return -ENOBUFS;
1755 	if (cap->ftm.request_civicloc &&
1756 	    nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
1757 		return -ENOBUFS;
1758 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
1759 			cap->ftm.preambles))
1760 		return -ENOBUFS;
1761 	if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
1762 			cap->ftm.bandwidths))
1763 		return -ENOBUFS;
1764 	if (cap->ftm.max_bursts_exponent >= 0 &&
1765 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
1766 			cap->ftm.max_bursts_exponent))
1767 		return -ENOBUFS;
1768 	if (cap->ftm.max_ftms_per_burst &&
1769 	    nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
1770 			cap->ftm.max_ftms_per_burst))
1771 		return -ENOBUFS;
1772 
1773 	nla_nest_end(msg, ftm);
1774 	return 0;
1775 }
1776 
1777 static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
1778 				  struct sk_buff *msg)
1779 {
1780 	const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
1781 	struct nlattr *pmsr, *caps;
1782 
1783 	if (!cap)
1784 		return 0;
1785 
1786 	/*
1787 	 * we don't need to clean up anything here since the caller
1788 	 * will genlmsg_cancel() if we fail
1789 	 */
1790 
1791 	pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
1792 	if (!pmsr)
1793 		return -ENOBUFS;
1794 
1795 	if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
1796 		return -ENOBUFS;
1797 
1798 	if (cap->report_ap_tsf &&
1799 	    nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
1800 		return -ENOBUFS;
1801 
1802 	if (cap->randomize_mac_addr &&
1803 	    nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
1804 		return -ENOBUFS;
1805 
1806 	caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
1807 	if (!caps)
1808 		return -ENOBUFS;
1809 
1810 	if (nl80211_send_pmsr_ftm_capa(cap, msg))
1811 		return -ENOBUFS;
1812 
1813 	nla_nest_end(msg, caps);
1814 	nla_nest_end(msg, pmsr);
1815 
1816 	return 0;
1817 }
1818 
1819 struct nl80211_dump_wiphy_state {
1820 	s64 filter_wiphy;
1821 	long start;
1822 	long split_start, band_start, chan_start, capa_start;
1823 	bool split;
1824 };
1825 
1826 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1827 			      enum nl80211_commands cmd,
1828 			      struct sk_buff *msg, u32 portid, u32 seq,
1829 			      int flags, struct nl80211_dump_wiphy_state *state)
1830 {
1831 	void *hdr;
1832 	struct nlattr *nl_bands, *nl_band;
1833 	struct nlattr *nl_freqs, *nl_freq;
1834 	struct nlattr *nl_cmds;
1835 	enum nl80211_band band;
1836 	struct ieee80211_channel *chan;
1837 	int i;
1838 	const struct ieee80211_txrx_stypes *mgmt_stypes =
1839 				rdev->wiphy.mgmt_stypes;
1840 	u32 features;
1841 
1842 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1843 	if (!hdr)
1844 		return -ENOBUFS;
1845 
1846 	if (WARN_ON(!state))
1847 		return -EINVAL;
1848 
1849 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1850 	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1851 			   wiphy_name(&rdev->wiphy)) ||
1852 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1853 			cfg80211_rdev_list_generation))
1854 		goto nla_put_failure;
1855 
1856 	if (cmd != NL80211_CMD_NEW_WIPHY)
1857 		goto finish;
1858 
1859 	switch (state->split_start) {
1860 	case 0:
1861 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1862 			       rdev->wiphy.retry_short) ||
1863 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1864 			       rdev->wiphy.retry_long) ||
1865 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1866 				rdev->wiphy.frag_threshold) ||
1867 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1868 				rdev->wiphy.rts_threshold) ||
1869 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1870 			       rdev->wiphy.coverage_class) ||
1871 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1872 			       rdev->wiphy.max_scan_ssids) ||
1873 		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1874 			       rdev->wiphy.max_sched_scan_ssids) ||
1875 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1876 				rdev->wiphy.max_scan_ie_len) ||
1877 		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1878 				rdev->wiphy.max_sched_scan_ie_len) ||
1879 		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1880 			       rdev->wiphy.max_match_sets) ||
1881 		    nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1882 				rdev->wiphy.max_sched_scan_plans) ||
1883 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1884 				rdev->wiphy.max_sched_scan_plan_interval) ||
1885 		    nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1886 				rdev->wiphy.max_sched_scan_plan_iterations))
1887 			goto nla_put_failure;
1888 
1889 		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1890 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1891 			goto nla_put_failure;
1892 		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1893 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1894 			goto nla_put_failure;
1895 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1896 		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1897 			goto nla_put_failure;
1898 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1899 		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1900 			goto nla_put_failure;
1901 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1902 		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1903 			goto nla_put_failure;
1904 		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1905 		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1906 			goto nla_put_failure;
1907 		state->split_start++;
1908 		if (state->split)
1909 			break;
1910 		/* fall through */
1911 	case 1:
1912 		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1913 			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1914 			    rdev->wiphy.cipher_suites))
1915 			goto nla_put_failure;
1916 
1917 		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1918 			       rdev->wiphy.max_num_pmkids))
1919 			goto nla_put_failure;
1920 
1921 		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1922 		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1923 			goto nla_put_failure;
1924 
1925 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1926 				rdev->wiphy.available_antennas_tx) ||
1927 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1928 				rdev->wiphy.available_antennas_rx))
1929 			goto nla_put_failure;
1930 
1931 		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1932 		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1933 				rdev->wiphy.probe_resp_offload))
1934 			goto nla_put_failure;
1935 
1936 		if ((rdev->wiphy.available_antennas_tx ||
1937 		     rdev->wiphy.available_antennas_rx) &&
1938 		    rdev->ops->get_antenna) {
1939 			u32 tx_ant = 0, rx_ant = 0;
1940 			int res;
1941 
1942 			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1943 			if (!res) {
1944 				if (nla_put_u32(msg,
1945 						NL80211_ATTR_WIPHY_ANTENNA_TX,
1946 						tx_ant) ||
1947 				    nla_put_u32(msg,
1948 						NL80211_ATTR_WIPHY_ANTENNA_RX,
1949 						rx_ant))
1950 					goto nla_put_failure;
1951 			}
1952 		}
1953 
1954 		state->split_start++;
1955 		if (state->split)
1956 			break;
1957 		/* fall through */
1958 	case 2:
1959 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1960 					rdev->wiphy.interface_modes))
1961 				goto nla_put_failure;
1962 		state->split_start++;
1963 		if (state->split)
1964 			break;
1965 		/* fall through */
1966 	case 3:
1967 		nl_bands = nla_nest_start_noflag(msg,
1968 						 NL80211_ATTR_WIPHY_BANDS);
1969 		if (!nl_bands)
1970 			goto nla_put_failure;
1971 
1972 		for (band = state->band_start;
1973 		     band < NUM_NL80211_BANDS; band++) {
1974 			struct ieee80211_supported_band *sband;
1975 
1976 			sband = rdev->wiphy.bands[band];
1977 
1978 			if (!sband)
1979 				continue;
1980 
1981 			nl_band = nla_nest_start_noflag(msg, band);
1982 			if (!nl_band)
1983 				goto nla_put_failure;
1984 
1985 			switch (state->chan_start) {
1986 			case 0:
1987 				if (nl80211_send_band_rateinfo(msg, sband))
1988 					goto nla_put_failure;
1989 				state->chan_start++;
1990 				if (state->split)
1991 					break;
1992 				/* fall through */
1993 			default:
1994 				/* add frequencies */
1995 				nl_freqs = nla_nest_start_noflag(msg,
1996 								 NL80211_BAND_ATTR_FREQS);
1997 				if (!nl_freqs)
1998 					goto nla_put_failure;
1999 
2000 				for (i = state->chan_start - 1;
2001 				     i < sband->n_channels;
2002 				     i++) {
2003 					nl_freq = nla_nest_start_noflag(msg,
2004 									i);
2005 					if (!nl_freq)
2006 						goto nla_put_failure;
2007 
2008 					chan = &sband->channels[i];
2009 
2010 					if (nl80211_msg_put_channel(
2011 							msg, &rdev->wiphy, chan,
2012 							state->split))
2013 						goto nla_put_failure;
2014 
2015 					nla_nest_end(msg, nl_freq);
2016 					if (state->split)
2017 						break;
2018 				}
2019 				if (i < sband->n_channels)
2020 					state->chan_start = i + 2;
2021 				else
2022 					state->chan_start = 0;
2023 				nla_nest_end(msg, nl_freqs);
2024 			}
2025 
2026 			nla_nest_end(msg, nl_band);
2027 
2028 			if (state->split) {
2029 				/* start again here */
2030 				if (state->chan_start)
2031 					band--;
2032 				break;
2033 			}
2034 		}
2035 		nla_nest_end(msg, nl_bands);
2036 
2037 		if (band < NUM_NL80211_BANDS)
2038 			state->band_start = band + 1;
2039 		else
2040 			state->band_start = 0;
2041 
2042 		/* if bands & channels are done, continue outside */
2043 		if (state->band_start == 0 && state->chan_start == 0)
2044 			state->split_start++;
2045 		if (state->split)
2046 			break;
2047 		/* fall through */
2048 	case 4:
2049 		nl_cmds = nla_nest_start_noflag(msg,
2050 						NL80211_ATTR_SUPPORTED_COMMANDS);
2051 		if (!nl_cmds)
2052 			goto nla_put_failure;
2053 
2054 		i = nl80211_add_commands_unsplit(rdev, msg);
2055 		if (i < 0)
2056 			goto nla_put_failure;
2057 		if (state->split) {
2058 			CMD(crit_proto_start, CRIT_PROTOCOL_START);
2059 			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
2060 			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
2061 				CMD(channel_switch, CHANNEL_SWITCH);
2062 			CMD(set_qos_map, SET_QOS_MAP);
2063 			if (rdev->wiphy.features &
2064 					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
2065 				CMD(add_tx_ts, ADD_TX_TS);
2066 			CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
2067 			CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
2068 		}
2069 #undef CMD
2070 
2071 		nla_nest_end(msg, nl_cmds);
2072 		state->split_start++;
2073 		if (state->split)
2074 			break;
2075 		/* fall through */
2076 	case 5:
2077 		if (rdev->ops->remain_on_channel &&
2078 		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
2079 		    nla_put_u32(msg,
2080 				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
2081 				rdev->wiphy.max_remain_on_channel_duration))
2082 			goto nla_put_failure;
2083 
2084 		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
2085 		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
2086 			goto nla_put_failure;
2087 
2088 		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
2089 			goto nla_put_failure;
2090 		state->split_start++;
2091 		if (state->split)
2092 			break;
2093 		/* fall through */
2094 	case 6:
2095 #ifdef CONFIG_PM
2096 		if (nl80211_send_wowlan(msg, rdev, state->split))
2097 			goto nla_put_failure;
2098 		state->split_start++;
2099 		if (state->split)
2100 			break;
2101 #else
2102 		state->split_start++;
2103 #endif
2104 		/* fall through */
2105 	case 7:
2106 		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
2107 					rdev->wiphy.software_iftypes))
2108 			goto nla_put_failure;
2109 
2110 		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
2111 						   state->split))
2112 			goto nla_put_failure;
2113 
2114 		state->split_start++;
2115 		if (state->split)
2116 			break;
2117 		/* fall through */
2118 	case 8:
2119 		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
2120 		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
2121 				rdev->wiphy.ap_sme_capa))
2122 			goto nla_put_failure;
2123 
2124 		features = rdev->wiphy.features;
2125 		/*
2126 		 * We can only add the per-channel limit information if the
2127 		 * dump is split, otherwise it makes it too big. Therefore
2128 		 * only advertise it in that case.
2129 		 */
2130 		if (state->split)
2131 			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
2132 		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
2133 			goto nla_put_failure;
2134 
2135 		if (rdev->wiphy.ht_capa_mod_mask &&
2136 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
2137 			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
2138 			    rdev->wiphy.ht_capa_mod_mask))
2139 			goto nla_put_failure;
2140 
2141 		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
2142 		    rdev->wiphy.max_acl_mac_addrs &&
2143 		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
2144 				rdev->wiphy.max_acl_mac_addrs))
2145 			goto nla_put_failure;
2146 
2147 		/*
2148 		 * Any information below this point is only available to
2149 		 * applications that can deal with it being split. This
2150 		 * helps ensure that newly added capabilities don't break
2151 		 * older tools by overrunning their buffers.
2152 		 *
2153 		 * We still increment split_start so that in the split
2154 		 * case we'll continue with more data in the next round,
2155 		 * but break unconditionally so unsplit data stops here.
2156 		 */
2157 		state->split_start++;
2158 		break;
2159 	case 9:
2160 		if (rdev->wiphy.extended_capabilities &&
2161 		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
2162 			     rdev->wiphy.extended_capabilities_len,
2163 			     rdev->wiphy.extended_capabilities) ||
2164 		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2165 			     rdev->wiphy.extended_capabilities_len,
2166 			     rdev->wiphy.extended_capabilities_mask)))
2167 			goto nla_put_failure;
2168 
2169 		if (rdev->wiphy.vht_capa_mod_mask &&
2170 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
2171 			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
2172 			    rdev->wiphy.vht_capa_mod_mask))
2173 			goto nla_put_failure;
2174 
2175 		state->split_start++;
2176 		break;
2177 	case 10:
2178 		if (nl80211_send_coalesce(msg, rdev))
2179 			goto nla_put_failure;
2180 
2181 		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
2182 		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
2183 		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
2184 			goto nla_put_failure;
2185 
2186 		if (rdev->wiphy.max_ap_assoc_sta &&
2187 		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
2188 				rdev->wiphy.max_ap_assoc_sta))
2189 			goto nla_put_failure;
2190 
2191 		state->split_start++;
2192 		break;
2193 	case 11:
2194 		if (rdev->wiphy.n_vendor_commands) {
2195 			const struct nl80211_vendor_cmd_info *info;
2196 			struct nlattr *nested;
2197 
2198 			nested = nla_nest_start_noflag(msg,
2199 						       NL80211_ATTR_VENDOR_DATA);
2200 			if (!nested)
2201 				goto nla_put_failure;
2202 
2203 			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
2204 				info = &rdev->wiphy.vendor_commands[i].info;
2205 				if (nla_put(msg, i + 1, sizeof(*info), info))
2206 					goto nla_put_failure;
2207 			}
2208 			nla_nest_end(msg, nested);
2209 		}
2210 
2211 		if (rdev->wiphy.n_vendor_events) {
2212 			const struct nl80211_vendor_cmd_info *info;
2213 			struct nlattr *nested;
2214 
2215 			nested = nla_nest_start_noflag(msg,
2216 						       NL80211_ATTR_VENDOR_EVENTS);
2217 			if (!nested)
2218 				goto nla_put_failure;
2219 
2220 			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
2221 				info = &rdev->wiphy.vendor_events[i];
2222 				if (nla_put(msg, i + 1, sizeof(*info), info))
2223 					goto nla_put_failure;
2224 			}
2225 			nla_nest_end(msg, nested);
2226 		}
2227 		state->split_start++;
2228 		break;
2229 	case 12:
2230 		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
2231 		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
2232 			       rdev->wiphy.max_num_csa_counters))
2233 			goto nla_put_failure;
2234 
2235 		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
2236 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
2237 			goto nla_put_failure;
2238 
2239 		if (rdev->wiphy.max_sched_scan_reqs &&
2240 		    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
2241 				rdev->wiphy.max_sched_scan_reqs))
2242 			goto nla_put_failure;
2243 
2244 		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2245 			    sizeof(rdev->wiphy.ext_features),
2246 			    rdev->wiphy.ext_features))
2247 			goto nla_put_failure;
2248 
2249 		if (rdev->wiphy.bss_select_support) {
2250 			struct nlattr *nested;
2251 			u32 bss_select_support = rdev->wiphy.bss_select_support;
2252 
2253 			nested = nla_nest_start_noflag(msg,
2254 						       NL80211_ATTR_BSS_SELECT);
2255 			if (!nested)
2256 				goto nla_put_failure;
2257 
2258 			i = 0;
2259 			while (bss_select_support) {
2260 				if ((bss_select_support & 1) &&
2261 				    nla_put_flag(msg, i))
2262 					goto nla_put_failure;
2263 				i++;
2264 				bss_select_support >>= 1;
2265 			}
2266 			nla_nest_end(msg, nested);
2267 		}
2268 
2269 		state->split_start++;
2270 		break;
2271 	case 13:
2272 		if (rdev->wiphy.num_iftype_ext_capab &&
2273 		    rdev->wiphy.iftype_ext_capab) {
2274 			struct nlattr *nested_ext_capab, *nested;
2275 
2276 			nested = nla_nest_start_noflag(msg,
2277 						       NL80211_ATTR_IFTYPE_EXT_CAPA);
2278 			if (!nested)
2279 				goto nla_put_failure;
2280 
2281 			for (i = state->capa_start;
2282 			     i < rdev->wiphy.num_iftype_ext_capab; i++) {
2283 				const struct wiphy_iftype_ext_capab *capab;
2284 
2285 				capab = &rdev->wiphy.iftype_ext_capab[i];
2286 
2287 				nested_ext_capab = nla_nest_start_noflag(msg,
2288 									 i);
2289 				if (!nested_ext_capab ||
2290 				    nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2291 						capab->iftype) ||
2292 				    nla_put(msg, NL80211_ATTR_EXT_CAPA,
2293 					    capab->extended_capabilities_len,
2294 					    capab->extended_capabilities) ||
2295 				    nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2296 					    capab->extended_capabilities_len,
2297 					    capab->extended_capabilities_mask))
2298 					goto nla_put_failure;
2299 
2300 				nla_nest_end(msg, nested_ext_capab);
2301 				if (state->split)
2302 					break;
2303 			}
2304 			nla_nest_end(msg, nested);
2305 			if (i < rdev->wiphy.num_iftype_ext_capab) {
2306 				state->capa_start = i + 1;
2307 				break;
2308 			}
2309 		}
2310 
2311 		if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2312 				rdev->wiphy.nan_supported_bands))
2313 			goto nla_put_failure;
2314 
2315 		if (wiphy_ext_feature_isset(&rdev->wiphy,
2316 					    NL80211_EXT_FEATURE_TXQS)) {
2317 			struct cfg80211_txq_stats txqstats = {};
2318 			int res;
2319 
2320 			res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2321 			if (!res &&
2322 			    !nl80211_put_txq_stats(msg, &txqstats,
2323 						   NL80211_ATTR_TXQ_STATS))
2324 				goto nla_put_failure;
2325 
2326 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2327 					rdev->wiphy.txq_limit))
2328 				goto nla_put_failure;
2329 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2330 					rdev->wiphy.txq_memory_limit))
2331 				goto nla_put_failure;
2332 			if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2333 					rdev->wiphy.txq_quantum))
2334 				goto nla_put_failure;
2335 		}
2336 
2337 		state->split_start++;
2338 		break;
2339 	case 14:
2340 		if (nl80211_send_pmsr_capa(rdev, msg))
2341 			goto nla_put_failure;
2342 
2343 		state->split_start++;
2344 		break;
2345 	case 15:
2346 		if (rdev->wiphy.akm_suites &&
2347 		    nla_put(msg, NL80211_ATTR_AKM_SUITES,
2348 			    sizeof(u32) * rdev->wiphy.n_akm_suites,
2349 			    rdev->wiphy.akm_suites))
2350 			goto nla_put_failure;
2351 
2352 		/* done */
2353 		state->split_start = 0;
2354 		break;
2355 	}
2356  finish:
2357 	genlmsg_end(msg, hdr);
2358 	return 0;
2359 
2360  nla_put_failure:
2361 	genlmsg_cancel(msg, hdr);
2362 	return -EMSGSIZE;
2363 }
2364 
2365 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2366 				    struct netlink_callback *cb,
2367 				    struct nl80211_dump_wiphy_state *state)
2368 {
2369 	struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
2370 	int ret = nlmsg_parse_deprecated(cb->nlh,
2371 					 GENL_HDRLEN + nl80211_fam.hdrsize,
2372 					 tb, nl80211_fam.maxattr,
2373 					 nl80211_policy, NULL);
2374 	/* ignore parse errors for backward compatibility */
2375 	if (ret)
2376 		return 0;
2377 
2378 	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2379 	if (tb[NL80211_ATTR_WIPHY])
2380 		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2381 	if (tb[NL80211_ATTR_WDEV])
2382 		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2383 	if (tb[NL80211_ATTR_IFINDEX]) {
2384 		struct net_device *netdev;
2385 		struct cfg80211_registered_device *rdev;
2386 		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2387 
2388 		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2389 		if (!netdev)
2390 			return -ENODEV;
2391 		if (netdev->ieee80211_ptr) {
2392 			rdev = wiphy_to_rdev(
2393 				netdev->ieee80211_ptr->wiphy);
2394 			state->filter_wiphy = rdev->wiphy_idx;
2395 		}
2396 	}
2397 
2398 	return 0;
2399 }
2400 
2401 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2402 {
2403 	int idx = 0, ret;
2404 	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2405 	struct cfg80211_registered_device *rdev;
2406 
2407 	rtnl_lock();
2408 	if (!state) {
2409 		state = kzalloc(sizeof(*state), GFP_KERNEL);
2410 		if (!state) {
2411 			rtnl_unlock();
2412 			return -ENOMEM;
2413 		}
2414 		state->filter_wiphy = -1;
2415 		ret = nl80211_dump_wiphy_parse(skb, cb, state);
2416 		if (ret) {
2417 			kfree(state);
2418 			rtnl_unlock();
2419 			return ret;
2420 		}
2421 		cb->args[0] = (long)state;
2422 	}
2423 
2424 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2425 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2426 			continue;
2427 		if (++idx <= state->start)
2428 			continue;
2429 		if (state->filter_wiphy != -1 &&
2430 		    state->filter_wiphy != rdev->wiphy_idx)
2431 			continue;
2432 		/* attempt to fit multiple wiphy data chunks into the skb */
2433 		do {
2434 			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2435 						 skb,
2436 						 NETLINK_CB(cb->skb).portid,
2437 						 cb->nlh->nlmsg_seq,
2438 						 NLM_F_MULTI, state);
2439 			if (ret < 0) {
2440 				/*
2441 				 * If sending the wiphy data didn't fit (ENOBUFS
2442 				 * or EMSGSIZE returned), this SKB is still
2443 				 * empty (so it's not too big because another
2444 				 * wiphy dataset is already in the skb) and
2445 				 * we've not tried to adjust the dump allocation
2446 				 * yet ... then adjust the alloc size to be
2447 				 * bigger, and return 1 but with the empty skb.
2448 				 * This results in an empty message being RX'ed
2449 				 * in userspace, but that is ignored.
2450 				 *
2451 				 * We can then retry with the larger buffer.
2452 				 */
2453 				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2454 				    !skb->len && !state->split &&
2455 				    cb->min_dump_alloc < 4096) {
2456 					cb->min_dump_alloc = 4096;
2457 					state->split_start = 0;
2458 					rtnl_unlock();
2459 					return 1;
2460 				}
2461 				idx--;
2462 				break;
2463 			}
2464 		} while (state->split_start > 0);
2465 		break;
2466 	}
2467 	rtnl_unlock();
2468 
2469 	state->start = idx;
2470 
2471 	return skb->len;
2472 }
2473 
2474 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2475 {
2476 	kfree((void *)cb->args[0]);
2477 	return 0;
2478 }
2479 
2480 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2481 {
2482 	struct sk_buff *msg;
2483 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2484 	struct nl80211_dump_wiphy_state state = {};
2485 
2486 	msg = nlmsg_new(4096, GFP_KERNEL);
2487 	if (!msg)
2488 		return -ENOMEM;
2489 
2490 	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2491 			       info->snd_portid, info->snd_seq, 0,
2492 			       &state) < 0) {
2493 		nlmsg_free(msg);
2494 		return -ENOBUFS;
2495 	}
2496 
2497 	return genlmsg_reply(msg, info);
2498 }
2499 
2500 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2501 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
2502 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
2503 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
2504 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
2505 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
2506 };
2507 
2508 static int parse_txq_params(struct nlattr *tb[],
2509 			    struct ieee80211_txq_params *txq_params)
2510 {
2511 	u8 ac;
2512 
2513 	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2514 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2515 	    !tb[NL80211_TXQ_ATTR_AIFS])
2516 		return -EINVAL;
2517 
2518 	ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2519 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2520 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2521 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2522 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2523 
2524 	if (ac >= NL80211_NUM_ACS)
2525 		return -EINVAL;
2526 	txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2527 	return 0;
2528 }
2529 
2530 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2531 {
2532 	/*
2533 	 * You can only set the channel explicitly for WDS interfaces,
2534 	 * all others have their channel managed via their respective
2535 	 * "establish a connection" command (connect, join, ...)
2536 	 *
2537 	 * For AP/GO and mesh mode, the channel can be set with the
2538 	 * channel userspace API, but is only stored and passed to the
2539 	 * low-level driver when the AP starts or the mesh is joined.
2540 	 * This is for backward compatibility, userspace can also give
2541 	 * the channel in the start-ap or join-mesh commands instead.
2542 	 *
2543 	 * Monitors are special as they are normally slaved to
2544 	 * whatever else is going on, so they have their own special
2545 	 * operation to set the monitor channel if possible.
2546 	 */
2547 	return !wdev ||
2548 		wdev->iftype == NL80211_IFTYPE_AP ||
2549 		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2550 		wdev->iftype == NL80211_IFTYPE_MONITOR ||
2551 		wdev->iftype == NL80211_IFTYPE_P2P_GO;
2552 }
2553 
2554 int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2555 			  struct genl_info *info,
2556 			  struct cfg80211_chan_def *chandef)
2557 {
2558 	struct netlink_ext_ack *extack = info->extack;
2559 	struct nlattr **attrs = info->attrs;
2560 	u32 control_freq;
2561 
2562 	if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2563 		return -EINVAL;
2564 
2565 	control_freq = nla_get_u32(attrs[NL80211_ATTR_WIPHY_FREQ]);
2566 
2567 	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2568 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2569 	chandef->center_freq1 = control_freq;
2570 	chandef->center_freq2 = 0;
2571 
2572 	/* Primary channel not allowed */
2573 	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
2574 		NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
2575 				    "Channel is disabled");
2576 		return -EINVAL;
2577 	}
2578 
2579 	if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2580 		enum nl80211_channel_type chantype;
2581 
2582 		chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2583 
2584 		switch (chantype) {
2585 		case NL80211_CHAN_NO_HT:
2586 		case NL80211_CHAN_HT20:
2587 		case NL80211_CHAN_HT40PLUS:
2588 		case NL80211_CHAN_HT40MINUS:
2589 			cfg80211_chandef_create(chandef, chandef->chan,
2590 						chantype);
2591 			/* user input for center_freq is incorrect */
2592 			if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
2593 			    chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
2594 				NL_SET_ERR_MSG_ATTR(extack,
2595 						    attrs[NL80211_ATTR_CENTER_FREQ1],
2596 						    "bad center frequency 1");
2597 				return -EINVAL;
2598 			}
2599 			/* center_freq2 must be zero */
2600 			if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
2601 			    nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
2602 				NL_SET_ERR_MSG_ATTR(extack,
2603 						    attrs[NL80211_ATTR_CENTER_FREQ2],
2604 						    "center frequency 2 can't be used");
2605 				return -EINVAL;
2606 			}
2607 			break;
2608 		default:
2609 			NL_SET_ERR_MSG_ATTR(extack,
2610 					    attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
2611 					    "invalid channel type");
2612 			return -EINVAL;
2613 		}
2614 	} else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2615 		chandef->width =
2616 			nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2617 		if (attrs[NL80211_ATTR_CENTER_FREQ1])
2618 			chandef->center_freq1 =
2619 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
2620 		if (attrs[NL80211_ATTR_CENTER_FREQ2])
2621 			chandef->center_freq2 =
2622 				nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2623 	}
2624 
2625 	if (!cfg80211_chandef_valid(chandef)) {
2626 		NL_SET_ERR_MSG(extack, "invalid channel definition");
2627 		return -EINVAL;
2628 	}
2629 
2630 	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2631 				     IEEE80211_CHAN_DISABLED)) {
2632 		NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2633 		return -EINVAL;
2634 	}
2635 
2636 	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2637 	     chandef->width == NL80211_CHAN_WIDTH_10) &&
2638 	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
2639 		NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2640 		return -EINVAL;
2641 	}
2642 
2643 	return 0;
2644 }
2645 
2646 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2647 				 struct net_device *dev,
2648 				 struct genl_info *info)
2649 {
2650 	struct cfg80211_chan_def chandef;
2651 	int result;
2652 	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2653 	struct wireless_dev *wdev = NULL;
2654 
2655 	if (dev)
2656 		wdev = dev->ieee80211_ptr;
2657 	if (!nl80211_can_set_dev_channel(wdev))
2658 		return -EOPNOTSUPP;
2659 	if (wdev)
2660 		iftype = wdev->iftype;
2661 
2662 	result = nl80211_parse_chandef(rdev, info, &chandef);
2663 	if (result)
2664 		return result;
2665 
2666 	switch (iftype) {
2667 	case NL80211_IFTYPE_AP:
2668 	case NL80211_IFTYPE_P2P_GO:
2669 		if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2670 						   iftype)) {
2671 			result = -EINVAL;
2672 			break;
2673 		}
2674 		if (wdev->beacon_interval) {
2675 			if (!dev || !rdev->ops->set_ap_chanwidth ||
2676 			    !(rdev->wiphy.features &
2677 			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2678 				result = -EBUSY;
2679 				break;
2680 			}
2681 
2682 			/* Only allow dynamic channel width changes */
2683 			if (chandef.chan != wdev->preset_chandef.chan) {
2684 				result = -EBUSY;
2685 				break;
2686 			}
2687 			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2688 			if (result)
2689 				break;
2690 		}
2691 		wdev->preset_chandef = chandef;
2692 		result = 0;
2693 		break;
2694 	case NL80211_IFTYPE_MESH_POINT:
2695 		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2696 		break;
2697 	case NL80211_IFTYPE_MONITOR:
2698 		result = cfg80211_set_monitor_channel(rdev, &chandef);
2699 		break;
2700 	default:
2701 		result = -EINVAL;
2702 	}
2703 
2704 	return result;
2705 }
2706 
2707 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2708 {
2709 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2710 	struct net_device *netdev = info->user_ptr[1];
2711 
2712 	return __nl80211_set_channel(rdev, netdev, info);
2713 }
2714 
2715 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2716 {
2717 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2718 	struct net_device *dev = info->user_ptr[1];
2719 	struct wireless_dev *wdev = dev->ieee80211_ptr;
2720 	const u8 *bssid;
2721 
2722 	if (!info->attrs[NL80211_ATTR_MAC])
2723 		return -EINVAL;
2724 
2725 	if (netif_running(dev))
2726 		return -EBUSY;
2727 
2728 	if (!rdev->ops->set_wds_peer)
2729 		return -EOPNOTSUPP;
2730 
2731 	if (wdev->iftype != NL80211_IFTYPE_WDS)
2732 		return -EOPNOTSUPP;
2733 
2734 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2735 	return rdev_set_wds_peer(rdev, dev, bssid);
2736 }
2737 
2738 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2739 {
2740 	struct cfg80211_registered_device *rdev;
2741 	struct net_device *netdev = NULL;
2742 	struct wireless_dev *wdev;
2743 	int result = 0, rem_txq_params = 0;
2744 	struct nlattr *nl_txq_params;
2745 	u32 changed;
2746 	u8 retry_short = 0, retry_long = 0;
2747 	u32 frag_threshold = 0, rts_threshold = 0;
2748 	u8 coverage_class = 0;
2749 	u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2750 
2751 	ASSERT_RTNL();
2752 
2753 	/*
2754 	 * Try to find the wiphy and netdev. Normally this
2755 	 * function shouldn't need the netdev, but this is
2756 	 * done for backward compatibility -- previously
2757 	 * setting the channel was done per wiphy, but now
2758 	 * it is per netdev. Previous userland like hostapd
2759 	 * also passed a netdev to set_wiphy, so that it is
2760 	 * possible to let that go to the right netdev!
2761 	 */
2762 
2763 	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2764 		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2765 
2766 		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2767 		if (netdev && netdev->ieee80211_ptr)
2768 			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2769 		else
2770 			netdev = NULL;
2771 	}
2772 
2773 	if (!netdev) {
2774 		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2775 						  info->attrs);
2776 		if (IS_ERR(rdev))
2777 			return PTR_ERR(rdev);
2778 		wdev = NULL;
2779 		netdev = NULL;
2780 		result = 0;
2781 	} else
2782 		wdev = netdev->ieee80211_ptr;
2783 
2784 	/*
2785 	 * end workaround code, by now the rdev is available
2786 	 * and locked, and wdev may or may not be NULL.
2787 	 */
2788 
2789 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2790 		result = cfg80211_dev_rename(
2791 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2792 
2793 	if (result)
2794 		return result;
2795 
2796 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2797 		struct ieee80211_txq_params txq_params;
2798 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2799 
2800 		if (!rdev->ops->set_txq_params)
2801 			return -EOPNOTSUPP;
2802 
2803 		if (!netdev)
2804 			return -EINVAL;
2805 
2806 		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2807 		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2808 			return -EINVAL;
2809 
2810 		if (!netif_running(netdev))
2811 			return -ENETDOWN;
2812 
2813 		nla_for_each_nested(nl_txq_params,
2814 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2815 				    rem_txq_params) {
2816 			result = nla_parse_nested_deprecated(tb,
2817 							     NL80211_TXQ_ATTR_MAX,
2818 							     nl_txq_params,
2819 							     txq_params_policy,
2820 							     info->extack);
2821 			if (result)
2822 				return result;
2823 			result = parse_txq_params(tb, &txq_params);
2824 			if (result)
2825 				return result;
2826 
2827 			result = rdev_set_txq_params(rdev, netdev,
2828 						     &txq_params);
2829 			if (result)
2830 				return result;
2831 		}
2832 	}
2833 
2834 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2835 		result = __nl80211_set_channel(
2836 			rdev,
2837 			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2838 			info);
2839 		if (result)
2840 			return result;
2841 	}
2842 
2843 	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2844 		struct wireless_dev *txp_wdev = wdev;
2845 		enum nl80211_tx_power_setting type;
2846 		int idx, mbm = 0;
2847 
2848 		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2849 			txp_wdev = NULL;
2850 
2851 		if (!rdev->ops->set_tx_power)
2852 			return -EOPNOTSUPP;
2853 
2854 		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2855 		type = nla_get_u32(info->attrs[idx]);
2856 
2857 		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2858 		    (type != NL80211_TX_POWER_AUTOMATIC))
2859 			return -EINVAL;
2860 
2861 		if (type != NL80211_TX_POWER_AUTOMATIC) {
2862 			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2863 			mbm = nla_get_u32(info->attrs[idx]);
2864 		}
2865 
2866 		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2867 		if (result)
2868 			return result;
2869 	}
2870 
2871 	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2872 	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2873 		u32 tx_ant, rx_ant;
2874 
2875 		if ((!rdev->wiphy.available_antennas_tx &&
2876 		     !rdev->wiphy.available_antennas_rx) ||
2877 		    !rdev->ops->set_antenna)
2878 			return -EOPNOTSUPP;
2879 
2880 		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2881 		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2882 
2883 		/* reject antenna configurations which don't match the
2884 		 * available antenna masks, except for the "all" mask */
2885 		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2886 		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2887 			return -EINVAL;
2888 
2889 		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2890 		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2891 
2892 		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2893 		if (result)
2894 			return result;
2895 	}
2896 
2897 	changed = 0;
2898 
2899 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2900 		retry_short = nla_get_u8(
2901 			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2902 
2903 		changed |= WIPHY_PARAM_RETRY_SHORT;
2904 	}
2905 
2906 	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2907 		retry_long = nla_get_u8(
2908 			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2909 
2910 		changed |= WIPHY_PARAM_RETRY_LONG;
2911 	}
2912 
2913 	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2914 		frag_threshold = nla_get_u32(
2915 			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2916 		if (frag_threshold < 256)
2917 			return -EINVAL;
2918 
2919 		if (frag_threshold != (u32) -1) {
2920 			/*
2921 			 * Fragments (apart from the last one) are required to
2922 			 * have even length. Make the fragmentation code
2923 			 * simpler by stripping LSB should someone try to use
2924 			 * odd threshold value.
2925 			 */
2926 			frag_threshold &= ~0x1;
2927 		}
2928 		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2929 	}
2930 
2931 	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2932 		rts_threshold = nla_get_u32(
2933 			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2934 		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2935 	}
2936 
2937 	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2938 		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2939 			return -EINVAL;
2940 
2941 		coverage_class = nla_get_u8(
2942 			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2943 		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2944 	}
2945 
2946 	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2947 		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2948 			return -EOPNOTSUPP;
2949 
2950 		changed |= WIPHY_PARAM_DYN_ACK;
2951 	}
2952 
2953 	if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
2954 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
2955 					     NL80211_EXT_FEATURE_TXQS))
2956 			return -EOPNOTSUPP;
2957 		txq_limit = nla_get_u32(
2958 			info->attrs[NL80211_ATTR_TXQ_LIMIT]);
2959 		changed |= WIPHY_PARAM_TXQ_LIMIT;
2960 	}
2961 
2962 	if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
2963 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
2964 					     NL80211_EXT_FEATURE_TXQS))
2965 			return -EOPNOTSUPP;
2966 		txq_memory_limit = nla_get_u32(
2967 			info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
2968 		changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
2969 	}
2970 
2971 	if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
2972 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
2973 					     NL80211_EXT_FEATURE_TXQS))
2974 			return -EOPNOTSUPP;
2975 		txq_quantum = nla_get_u32(
2976 			info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
2977 		changed |= WIPHY_PARAM_TXQ_QUANTUM;
2978 	}
2979 
2980 	if (changed) {
2981 		u8 old_retry_short, old_retry_long;
2982 		u32 old_frag_threshold, old_rts_threshold;
2983 		u8 old_coverage_class;
2984 		u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
2985 
2986 		if (!rdev->ops->set_wiphy_params)
2987 			return -EOPNOTSUPP;
2988 
2989 		old_retry_short = rdev->wiphy.retry_short;
2990 		old_retry_long = rdev->wiphy.retry_long;
2991 		old_frag_threshold = rdev->wiphy.frag_threshold;
2992 		old_rts_threshold = rdev->wiphy.rts_threshold;
2993 		old_coverage_class = rdev->wiphy.coverage_class;
2994 		old_txq_limit = rdev->wiphy.txq_limit;
2995 		old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
2996 		old_txq_quantum = rdev->wiphy.txq_quantum;
2997 
2998 		if (changed & WIPHY_PARAM_RETRY_SHORT)
2999 			rdev->wiphy.retry_short = retry_short;
3000 		if (changed & WIPHY_PARAM_RETRY_LONG)
3001 			rdev->wiphy.retry_long = retry_long;
3002 		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
3003 			rdev->wiphy.frag_threshold = frag_threshold;
3004 		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
3005 			rdev->wiphy.rts_threshold = rts_threshold;
3006 		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
3007 			rdev->wiphy.coverage_class = coverage_class;
3008 		if (changed & WIPHY_PARAM_TXQ_LIMIT)
3009 			rdev->wiphy.txq_limit = txq_limit;
3010 		if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
3011 			rdev->wiphy.txq_memory_limit = txq_memory_limit;
3012 		if (changed & WIPHY_PARAM_TXQ_QUANTUM)
3013 			rdev->wiphy.txq_quantum = txq_quantum;
3014 
3015 		result = rdev_set_wiphy_params(rdev, changed);
3016 		if (result) {
3017 			rdev->wiphy.retry_short = old_retry_short;
3018 			rdev->wiphy.retry_long = old_retry_long;
3019 			rdev->wiphy.frag_threshold = old_frag_threshold;
3020 			rdev->wiphy.rts_threshold = old_rts_threshold;
3021 			rdev->wiphy.coverage_class = old_coverage_class;
3022 			rdev->wiphy.txq_limit = old_txq_limit;
3023 			rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
3024 			rdev->wiphy.txq_quantum = old_txq_quantum;
3025 			return result;
3026 		}
3027 	}
3028 	return 0;
3029 }
3030 
3031 static int nl80211_send_chandef(struct sk_buff *msg,
3032 				const struct cfg80211_chan_def *chandef)
3033 {
3034 	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
3035 		return -EINVAL;
3036 
3037 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
3038 			chandef->chan->center_freq))
3039 		return -ENOBUFS;
3040 	switch (chandef->width) {
3041 	case NL80211_CHAN_WIDTH_20_NOHT:
3042 	case NL80211_CHAN_WIDTH_20:
3043 	case NL80211_CHAN_WIDTH_40:
3044 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
3045 				cfg80211_get_chandef_type(chandef)))
3046 			return -ENOBUFS;
3047 		break;
3048 	default:
3049 		break;
3050 	}
3051 	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
3052 		return -ENOBUFS;
3053 	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
3054 		return -ENOBUFS;
3055 	if (chandef->center_freq2 &&
3056 	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
3057 		return -ENOBUFS;
3058 	return 0;
3059 }
3060 
3061 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
3062 			      struct cfg80211_registered_device *rdev,
3063 			      struct wireless_dev *wdev,
3064 			      enum nl80211_commands cmd)
3065 {
3066 	struct net_device *dev = wdev->netdev;
3067 	void *hdr;
3068 
3069 	WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
3070 		cmd != NL80211_CMD_DEL_INTERFACE &&
3071 		cmd != NL80211_CMD_SET_INTERFACE);
3072 
3073 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3074 	if (!hdr)
3075 		return -1;
3076 
3077 	if (dev &&
3078 	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3079 	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
3080 		goto nla_put_failure;
3081 
3082 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3083 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
3084 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3085 			      NL80211_ATTR_PAD) ||
3086 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
3087 	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
3088 			rdev->devlist_generation ^
3089 			(cfg80211_rdev_list_generation << 2)) ||
3090 	    nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
3091 		goto nla_put_failure;
3092 
3093 	if (rdev->ops->get_channel) {
3094 		int ret;
3095 		struct cfg80211_chan_def chandef;
3096 
3097 		ret = rdev_get_channel(rdev, wdev, &chandef);
3098 		if (ret == 0) {
3099 			if (nl80211_send_chandef(msg, &chandef))
3100 				goto nla_put_failure;
3101 		}
3102 	}
3103 
3104 	if (rdev->ops->get_tx_power) {
3105 		int dbm, ret;
3106 
3107 		ret = rdev_get_tx_power(rdev, wdev, &dbm);
3108 		if (ret == 0 &&
3109 		    nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
3110 				DBM_TO_MBM(dbm)))
3111 			goto nla_put_failure;
3112 	}
3113 
3114 	wdev_lock(wdev);
3115 	switch (wdev->iftype) {
3116 	case NL80211_IFTYPE_AP:
3117 		if (wdev->ssid_len &&
3118 		    nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
3119 			goto nla_put_failure_locked;
3120 		break;
3121 	case NL80211_IFTYPE_STATION:
3122 	case NL80211_IFTYPE_P2P_CLIENT:
3123 	case NL80211_IFTYPE_ADHOC: {
3124 		const u8 *ssid_ie;
3125 		if (!wdev->current_bss)
3126 			break;
3127 		rcu_read_lock();
3128 		ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
3129 					       WLAN_EID_SSID);
3130 		if (ssid_ie &&
3131 		    nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
3132 			goto nla_put_failure_rcu_locked;
3133 		rcu_read_unlock();
3134 		break;
3135 		}
3136 	default:
3137 		/* nothing */
3138 		break;
3139 	}
3140 	wdev_unlock(wdev);
3141 
3142 	if (rdev->ops->get_txq_stats) {
3143 		struct cfg80211_txq_stats txqstats = {};
3144 		int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
3145 
3146 		if (ret == 0 &&
3147 		    !nl80211_put_txq_stats(msg, &txqstats,
3148 					   NL80211_ATTR_TXQ_STATS))
3149 			goto nla_put_failure;
3150 	}
3151 
3152 	genlmsg_end(msg, hdr);
3153 	return 0;
3154 
3155  nla_put_failure_rcu_locked:
3156 	rcu_read_unlock();
3157  nla_put_failure_locked:
3158 	wdev_unlock(wdev);
3159  nla_put_failure:
3160 	genlmsg_cancel(msg, hdr);
3161 	return -EMSGSIZE;
3162 }
3163 
3164 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
3165 {
3166 	int wp_idx = 0;
3167 	int if_idx = 0;
3168 	int wp_start = cb->args[0];
3169 	int if_start = cb->args[1];
3170 	int filter_wiphy = -1;
3171 	struct cfg80211_registered_device *rdev;
3172 	struct wireless_dev *wdev;
3173 	int ret;
3174 
3175 	rtnl_lock();
3176 	if (!cb->args[2]) {
3177 		struct nl80211_dump_wiphy_state state = {
3178 			.filter_wiphy = -1,
3179 		};
3180 
3181 		ret = nl80211_dump_wiphy_parse(skb, cb, &state);
3182 		if (ret)
3183 			goto out_unlock;
3184 
3185 		filter_wiphy = state.filter_wiphy;
3186 
3187 		/*
3188 		 * if filtering, set cb->args[2] to +1 since 0 is the default
3189 		 * value needed to determine that parsing is necessary.
3190 		 */
3191 		if (filter_wiphy >= 0)
3192 			cb->args[2] = filter_wiphy + 1;
3193 		else
3194 			cb->args[2] = -1;
3195 	} else if (cb->args[2] > 0) {
3196 		filter_wiphy = cb->args[2] - 1;
3197 	}
3198 
3199 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
3200 		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
3201 			continue;
3202 		if (wp_idx < wp_start) {
3203 			wp_idx++;
3204 			continue;
3205 		}
3206 
3207 		if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
3208 			continue;
3209 
3210 		if_idx = 0;
3211 
3212 		list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
3213 			if (if_idx < if_start) {
3214 				if_idx++;
3215 				continue;
3216 			}
3217 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3218 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
3219 					       rdev, wdev,
3220 					       NL80211_CMD_NEW_INTERFACE) < 0) {
3221 				goto out;
3222 			}
3223 			if_idx++;
3224 		}
3225 
3226 		wp_idx++;
3227 	}
3228  out:
3229 	cb->args[0] = wp_idx;
3230 	cb->args[1] = if_idx;
3231 
3232 	ret = skb->len;
3233  out_unlock:
3234 	rtnl_unlock();
3235 
3236 	return ret;
3237 }
3238 
3239 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
3240 {
3241 	struct sk_buff *msg;
3242 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3243 	struct wireless_dev *wdev = info->user_ptr[1];
3244 
3245 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3246 	if (!msg)
3247 		return -ENOMEM;
3248 
3249 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3250 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3251 		nlmsg_free(msg);
3252 		return -ENOBUFS;
3253 	}
3254 
3255 	return genlmsg_reply(msg, info);
3256 }
3257 
3258 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
3259 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
3260 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
3261 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
3262 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
3263 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
3264 	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
3265 };
3266 
3267 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
3268 {
3269 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
3270 	int flag;
3271 
3272 	*mntrflags = 0;
3273 
3274 	if (!nla)
3275 		return -EINVAL;
3276 
3277 	if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3278 		return -EINVAL;
3279 
3280 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3281 		if (flags[flag])
3282 			*mntrflags |= (1<<flag);
3283 
3284 	*mntrflags |= MONITOR_FLAG_CHANGED;
3285 
3286 	return 0;
3287 }
3288 
3289 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3290 				     enum nl80211_iftype type,
3291 				     struct genl_info *info,
3292 				     struct vif_params *params)
3293 {
3294 	bool change = false;
3295 	int err;
3296 
3297 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3298 		if (type != NL80211_IFTYPE_MONITOR)
3299 			return -EINVAL;
3300 
3301 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3302 					  &params->flags);
3303 		if (err)
3304 			return err;
3305 
3306 		change = true;
3307 	}
3308 
3309 	if (params->flags & MONITOR_FLAG_ACTIVE &&
3310 	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3311 		return -EOPNOTSUPP;
3312 
3313 	if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3314 		const u8 *mumimo_groups;
3315 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3316 
3317 		if (type != NL80211_IFTYPE_MONITOR)
3318 			return -EINVAL;
3319 
3320 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3321 			return -EOPNOTSUPP;
3322 
3323 		mumimo_groups =
3324 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3325 
3326 		/* bits 0 and 63 are reserved and must be zero */
3327 		if ((mumimo_groups[0] & BIT(0)) ||
3328 		    (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3329 			return -EINVAL;
3330 
3331 		params->vht_mumimo_groups = mumimo_groups;
3332 		change = true;
3333 	}
3334 
3335 	if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3336 		u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3337 
3338 		if (type != NL80211_IFTYPE_MONITOR)
3339 			return -EINVAL;
3340 
3341 		if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3342 			return -EOPNOTSUPP;
3343 
3344 		params->vht_mumimo_follow_addr =
3345 			nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3346 		change = true;
3347 	}
3348 
3349 	return change ? 1 : 0;
3350 }
3351 
3352 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3353 			       struct net_device *netdev, u8 use_4addr,
3354 			       enum nl80211_iftype iftype)
3355 {
3356 	if (!use_4addr) {
3357 		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3358 			return -EBUSY;
3359 		return 0;
3360 	}
3361 
3362 	switch (iftype) {
3363 	case NL80211_IFTYPE_AP_VLAN:
3364 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3365 			return 0;
3366 		break;
3367 	case NL80211_IFTYPE_STATION:
3368 		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3369 			return 0;
3370 		break;
3371 	default:
3372 		break;
3373 	}
3374 
3375 	return -EOPNOTSUPP;
3376 }
3377 
3378 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3379 {
3380 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3381 	struct vif_params params;
3382 	int err;
3383 	enum nl80211_iftype otype, ntype;
3384 	struct net_device *dev = info->user_ptr[1];
3385 	bool change = false;
3386 
3387 	memset(&params, 0, sizeof(params));
3388 
3389 	otype = ntype = dev->ieee80211_ptr->iftype;
3390 
3391 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
3392 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3393 		if (otype != ntype)
3394 			change = true;
3395 	}
3396 
3397 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
3398 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3399 
3400 		if (ntype != NL80211_IFTYPE_MESH_POINT)
3401 			return -EINVAL;
3402 		if (netif_running(dev))
3403 			return -EBUSY;
3404 
3405 		wdev_lock(wdev);
3406 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3407 			     IEEE80211_MAX_MESH_ID_LEN);
3408 		wdev->mesh_id_up_len =
3409 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3410 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3411 		       wdev->mesh_id_up_len);
3412 		wdev_unlock(wdev);
3413 	}
3414 
3415 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3416 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3417 		change = true;
3418 		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3419 		if (err)
3420 			return err;
3421 	} else {
3422 		params.use_4addr = -1;
3423 	}
3424 
3425 	err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3426 	if (err < 0)
3427 		return err;
3428 	if (err > 0)
3429 		change = true;
3430 
3431 	if (change)
3432 		err = cfg80211_change_iface(rdev, dev, ntype, &params);
3433 	else
3434 		err = 0;
3435 
3436 	if (!err && params.use_4addr != -1)
3437 		dev->ieee80211_ptr->use_4addr = params.use_4addr;
3438 
3439 	if (change && !err) {
3440 		struct wireless_dev *wdev = dev->ieee80211_ptr;
3441 
3442 		nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
3443 	}
3444 
3445 	return err;
3446 }
3447 
3448 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3449 {
3450 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3451 	struct vif_params params;
3452 	struct wireless_dev *wdev;
3453 	struct sk_buff *msg;
3454 	int err;
3455 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3456 
3457 	/* to avoid failing a new interface creation due to pending removal */
3458 	cfg80211_destroy_ifaces(rdev);
3459 
3460 	memset(&params, 0, sizeof(params));
3461 
3462 	if (!info->attrs[NL80211_ATTR_IFNAME])
3463 		return -EINVAL;
3464 
3465 	if (info->attrs[NL80211_ATTR_IFTYPE])
3466 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3467 
3468 	if (!rdev->ops->add_virtual_intf)
3469 		return -EOPNOTSUPP;
3470 
3471 	if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3472 	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3473 	    info->attrs[NL80211_ATTR_MAC]) {
3474 		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3475 			   ETH_ALEN);
3476 		if (!is_valid_ether_addr(params.macaddr))
3477 			return -EADDRNOTAVAIL;
3478 	}
3479 
3480 	if (info->attrs[NL80211_ATTR_4ADDR]) {
3481 		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3482 		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3483 		if (err)
3484 			return err;
3485 	}
3486 
3487 	if (!cfg80211_iftype_allowed(&rdev->wiphy, type, params.use_4addr, 0))
3488 		return -EOPNOTSUPP;
3489 
3490 	err = nl80211_parse_mon_options(rdev, type, info, &params);
3491 	if (err < 0)
3492 		return err;
3493 
3494 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3495 	if (!msg)
3496 		return -ENOMEM;
3497 
3498 	wdev = rdev_add_virtual_intf(rdev,
3499 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3500 				NET_NAME_USER, type, &params);
3501 	if (WARN_ON(!wdev)) {
3502 		nlmsg_free(msg);
3503 		return -EPROTO;
3504 	} else if (IS_ERR(wdev)) {
3505 		nlmsg_free(msg);
3506 		return PTR_ERR(wdev);
3507 	}
3508 
3509 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3510 		wdev->owner_nlportid = info->snd_portid;
3511 
3512 	switch (type) {
3513 	case NL80211_IFTYPE_MESH_POINT:
3514 		if (!info->attrs[NL80211_ATTR_MESH_ID])
3515 			break;
3516 		wdev_lock(wdev);
3517 		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3518 			     IEEE80211_MAX_MESH_ID_LEN);
3519 		wdev->mesh_id_up_len =
3520 			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3521 		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3522 		       wdev->mesh_id_up_len);
3523 		wdev_unlock(wdev);
3524 		break;
3525 	case NL80211_IFTYPE_NAN:
3526 	case NL80211_IFTYPE_P2P_DEVICE:
3527 		/*
3528 		 * P2P Device and NAN do not have a netdev, so don't go
3529 		 * through the netdev notifier and must be added here
3530 		 */
3531 		cfg80211_init_wdev(rdev, wdev);
3532 		break;
3533 	default:
3534 		break;
3535 	}
3536 
3537 	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3538 			       rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3539 		nlmsg_free(msg);
3540 		return -ENOBUFS;
3541 	}
3542 
3543 	return genlmsg_reply(msg, info);
3544 }
3545 
3546 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3547 {
3548 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3549 	struct wireless_dev *wdev = info->user_ptr[1];
3550 
3551 	if (!rdev->ops->del_virtual_intf)
3552 		return -EOPNOTSUPP;
3553 
3554 	/*
3555 	 * If we remove a wireless device without a netdev then clear
3556 	 * user_ptr[1] so that nl80211_post_doit won't dereference it
3557 	 * to check if it needs to do dev_put(). Otherwise it crashes
3558 	 * since the wdev has been freed, unlike with a netdev where
3559 	 * we need the dev_put() for the netdev to really be freed.
3560 	 */
3561 	if (!wdev->netdev)
3562 		info->user_ptr[1] = NULL;
3563 
3564 	return rdev_del_virtual_intf(rdev, wdev);
3565 }
3566 
3567 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3568 {
3569 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3570 	struct net_device *dev = info->user_ptr[1];
3571 	u16 noack_map;
3572 
3573 	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3574 		return -EINVAL;
3575 
3576 	if (!rdev->ops->set_noack_map)
3577 		return -EOPNOTSUPP;
3578 
3579 	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3580 
3581 	return rdev_set_noack_map(rdev, dev, noack_map);
3582 }
3583 
3584 struct get_key_cookie {
3585 	struct sk_buff *msg;
3586 	int error;
3587 	int idx;
3588 };
3589 
3590 static void get_key_callback(void *c, struct key_params *params)
3591 {
3592 	struct nlattr *key;
3593 	struct get_key_cookie *cookie = c;
3594 
3595 	if ((params->key &&
3596 	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3597 		     params->key_len, params->key)) ||
3598 	    (params->seq &&
3599 	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3600 		     params->seq_len, params->seq)) ||
3601 	    (params->cipher &&
3602 	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3603 			 params->cipher)))
3604 		goto nla_put_failure;
3605 
3606 	key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3607 	if (!key)
3608 		goto nla_put_failure;
3609 
3610 	if ((params->key &&
3611 	     nla_put(cookie->msg, NL80211_KEY_DATA,
3612 		     params->key_len, params->key)) ||
3613 	    (params->seq &&
3614 	     nla_put(cookie->msg, NL80211_KEY_SEQ,
3615 		     params->seq_len, params->seq)) ||
3616 	    (params->cipher &&
3617 	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3618 			 params->cipher)))
3619 		goto nla_put_failure;
3620 
3621 	if (nla_put_u8(cookie->msg, NL80211_KEY_IDX, cookie->idx))
3622 		goto nla_put_failure;
3623 
3624 	nla_nest_end(cookie->msg, key);
3625 
3626 	return;
3627  nla_put_failure:
3628 	cookie->error = 1;
3629 }
3630 
3631 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3632 {
3633 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3634 	int err;
3635 	struct net_device *dev = info->user_ptr[1];
3636 	u8 key_idx = 0;
3637 	const u8 *mac_addr = NULL;
3638 	bool pairwise;
3639 	struct get_key_cookie cookie = {
3640 		.error = 0,
3641 	};
3642 	void *hdr;
3643 	struct sk_buff *msg;
3644 
3645 	if (info->attrs[NL80211_ATTR_KEY_IDX])
3646 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3647 
3648 	if (info->attrs[NL80211_ATTR_MAC])
3649 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3650 
3651 	pairwise = !!mac_addr;
3652 	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3653 		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3654 
3655 		if (kt != NL80211_KEYTYPE_GROUP &&
3656 		    kt != NL80211_KEYTYPE_PAIRWISE)
3657 			return -EINVAL;
3658 		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3659 	}
3660 
3661 	if (!rdev->ops->get_key)
3662 		return -EOPNOTSUPP;
3663 
3664 	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3665 		return -ENOENT;
3666 
3667 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3668 	if (!msg)
3669 		return -ENOMEM;
3670 
3671 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3672 			     NL80211_CMD_NEW_KEY);
3673 	if (!hdr)
3674 		goto nla_put_failure;
3675 
3676 	cookie.msg = msg;
3677 	cookie.idx = key_idx;
3678 
3679 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3680 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3681 		goto nla_put_failure;
3682 	if (mac_addr &&
3683 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3684 		goto nla_put_failure;
3685 
3686 	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3687 			   get_key_callback);
3688 
3689 	if (err)
3690 		goto free_msg;
3691 
3692 	if (cookie.error)
3693 		goto nla_put_failure;
3694 
3695 	genlmsg_end(msg, hdr);
3696 	return genlmsg_reply(msg, info);
3697 
3698  nla_put_failure:
3699 	err = -ENOBUFS;
3700  free_msg:
3701 	nlmsg_free(msg);
3702 	return err;
3703 }
3704 
3705 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3706 {
3707 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3708 	struct key_parse key;
3709 	int err;
3710 	struct net_device *dev = info->user_ptr[1];
3711 
3712 	err = nl80211_parse_key(info, &key);
3713 	if (err)
3714 		return err;
3715 
3716 	if (key.idx < 0)
3717 		return -EINVAL;
3718 
3719 	/* Only support setting default key and
3720 	 * Extended Key ID action NL80211_KEY_SET_TX.
3721 	 */
3722 	if (!key.def && !key.defmgmt &&
3723 	    !(key.p.mode == NL80211_KEY_SET_TX))
3724 		return -EINVAL;
3725 
3726 	wdev_lock(dev->ieee80211_ptr);
3727 
3728 	if (key.def) {
3729 		if (!rdev->ops->set_default_key) {
3730 			err = -EOPNOTSUPP;
3731 			goto out;
3732 		}
3733 
3734 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3735 		if (err)
3736 			goto out;
3737 
3738 		err = rdev_set_default_key(rdev, dev, key.idx,
3739 						 key.def_uni, key.def_multi);
3740 
3741 		if (err)
3742 			goto out;
3743 
3744 #ifdef CONFIG_CFG80211_WEXT
3745 		dev->ieee80211_ptr->wext.default_key = key.idx;
3746 #endif
3747 	} else if (key.defmgmt) {
3748 		if (key.def_uni || !key.def_multi) {
3749 			err = -EINVAL;
3750 			goto out;
3751 		}
3752 
3753 		if (!rdev->ops->set_default_mgmt_key) {
3754 			err = -EOPNOTSUPP;
3755 			goto out;
3756 		}
3757 
3758 		err = nl80211_key_allowed(dev->ieee80211_ptr);
3759 		if (err)
3760 			goto out;
3761 
3762 		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3763 		if (err)
3764 			goto out;
3765 
3766 #ifdef CONFIG_CFG80211_WEXT
3767 		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3768 #endif
3769 	} else if (key.p.mode == NL80211_KEY_SET_TX &&
3770 		   wiphy_ext_feature_isset(&rdev->wiphy,
3771 					   NL80211_EXT_FEATURE_EXT_KEY_ID)) {
3772 		u8 *mac_addr = NULL;
3773 
3774 		if (info->attrs[NL80211_ATTR_MAC])
3775 			mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3776 
3777 		if (!mac_addr || key.idx < 0 || key.idx > 1) {
3778 			err = -EINVAL;
3779 			goto out;
3780 		}
3781 
3782 		err = rdev_add_key(rdev, dev, key.idx,
3783 				   NL80211_KEYTYPE_PAIRWISE,
3784 				   mac_addr, &key.p);
3785 	} else {
3786 		err = -EINVAL;
3787 	}
3788  out:
3789 	wdev_unlock(dev->ieee80211_ptr);
3790 
3791 	return err;
3792 }
3793 
3794 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3795 {
3796 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3797 	int err;
3798 	struct net_device *dev = info->user_ptr[1];
3799 	struct key_parse key;
3800 	const u8 *mac_addr = NULL;
3801 
3802 	err = nl80211_parse_key(info, &key);
3803 	if (err)
3804 		return err;
3805 
3806 	if (!key.p.key)
3807 		return -EINVAL;
3808 
3809 	if (info->attrs[NL80211_ATTR_MAC])
3810 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3811 
3812 	if (key.type == -1) {
3813 		if (mac_addr)
3814 			key.type = NL80211_KEYTYPE_PAIRWISE;
3815 		else
3816 			key.type = NL80211_KEYTYPE_GROUP;
3817 	}
3818 
3819 	/* for now */
3820 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3821 	    key.type != NL80211_KEYTYPE_GROUP)
3822 		return -EINVAL;
3823 
3824 	if (!rdev->ops->add_key)
3825 		return -EOPNOTSUPP;
3826 
3827 	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3828 					   key.type == NL80211_KEYTYPE_PAIRWISE,
3829 					   mac_addr))
3830 		return -EINVAL;
3831 
3832 	wdev_lock(dev->ieee80211_ptr);
3833 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3834 	if (!err)
3835 		err = rdev_add_key(rdev, dev, key.idx,
3836 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3837 				    mac_addr, &key.p);
3838 	wdev_unlock(dev->ieee80211_ptr);
3839 
3840 	return err;
3841 }
3842 
3843 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3844 {
3845 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3846 	int err;
3847 	struct net_device *dev = info->user_ptr[1];
3848 	u8 *mac_addr = NULL;
3849 	struct key_parse key;
3850 
3851 	err = nl80211_parse_key(info, &key);
3852 	if (err)
3853 		return err;
3854 
3855 	if (info->attrs[NL80211_ATTR_MAC])
3856 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3857 
3858 	if (key.type == -1) {
3859 		if (mac_addr)
3860 			key.type = NL80211_KEYTYPE_PAIRWISE;
3861 		else
3862 			key.type = NL80211_KEYTYPE_GROUP;
3863 	}
3864 
3865 	/* for now */
3866 	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3867 	    key.type != NL80211_KEYTYPE_GROUP)
3868 		return -EINVAL;
3869 
3870 	if (!rdev->ops->del_key)
3871 		return -EOPNOTSUPP;
3872 
3873 	wdev_lock(dev->ieee80211_ptr);
3874 	err = nl80211_key_allowed(dev->ieee80211_ptr);
3875 
3876 	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3877 	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3878 		err = -ENOENT;
3879 
3880 	if (!err)
3881 		err = rdev_del_key(rdev, dev, key.idx,
3882 				   key.type == NL80211_KEYTYPE_PAIRWISE,
3883 				   mac_addr);
3884 
3885 #ifdef CONFIG_CFG80211_WEXT
3886 	if (!err) {
3887 		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3888 			dev->ieee80211_ptr->wext.default_key = -1;
3889 		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3890 			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3891 	}
3892 #endif
3893 	wdev_unlock(dev->ieee80211_ptr);
3894 
3895 	return err;
3896 }
3897 
3898 /* This function returns an error or the number of nested attributes */
3899 static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3900 {
3901 	struct nlattr *attr;
3902 	int n_entries = 0, tmp;
3903 
3904 	nla_for_each_nested(attr, nl_attr, tmp) {
3905 		if (nla_len(attr) != ETH_ALEN)
3906 			return -EINVAL;
3907 
3908 		n_entries++;
3909 	}
3910 
3911 	return n_entries;
3912 }
3913 
3914 /*
3915  * This function parses ACL information and allocates memory for ACL data.
3916  * On successful return, the calling function is responsible to free the
3917  * ACL buffer returned by this function.
3918  */
3919 static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3920 						struct genl_info *info)
3921 {
3922 	enum nl80211_acl_policy acl_policy;
3923 	struct nlattr *attr;
3924 	struct cfg80211_acl_data *acl;
3925 	int i = 0, n_entries, tmp;
3926 
3927 	if (!wiphy->max_acl_mac_addrs)
3928 		return ERR_PTR(-EOPNOTSUPP);
3929 
3930 	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3931 		return ERR_PTR(-EINVAL);
3932 
3933 	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3934 	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3935 	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3936 		return ERR_PTR(-EINVAL);
3937 
3938 	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3939 		return ERR_PTR(-EINVAL);
3940 
3941 	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3942 	if (n_entries < 0)
3943 		return ERR_PTR(n_entries);
3944 
3945 	if (n_entries > wiphy->max_acl_mac_addrs)
3946 		return ERR_PTR(-ENOTSUPP);
3947 
3948 	acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
3949 	if (!acl)
3950 		return ERR_PTR(-ENOMEM);
3951 
3952 	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3953 		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3954 		i++;
3955 	}
3956 
3957 	acl->n_acl_entries = n_entries;
3958 	acl->acl_policy = acl_policy;
3959 
3960 	return acl;
3961 }
3962 
3963 static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3964 {
3965 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3966 	struct net_device *dev = info->user_ptr[1];
3967 	struct cfg80211_acl_data *acl;
3968 	int err;
3969 
3970 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3971 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3972 		return -EOPNOTSUPP;
3973 
3974 	if (!dev->ieee80211_ptr->beacon_interval)
3975 		return -EINVAL;
3976 
3977 	acl = parse_acl_data(&rdev->wiphy, info);
3978 	if (IS_ERR(acl))
3979 		return PTR_ERR(acl);
3980 
3981 	err = rdev_set_mac_acl(rdev, dev, acl);
3982 
3983 	kfree(acl);
3984 
3985 	return err;
3986 }
3987 
3988 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
3989 			   u8 *rates, u8 rates_len)
3990 {
3991 	u8 i;
3992 	u32 mask = 0;
3993 
3994 	for (i = 0; i < rates_len; i++) {
3995 		int rate = (rates[i] & 0x7f) * 5;
3996 		int ridx;
3997 
3998 		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
3999 			struct ieee80211_rate *srate =
4000 				&sband->bitrates[ridx];
4001 			if (rate == srate->bitrate) {
4002 				mask |= 1 << ridx;
4003 				break;
4004 			}
4005 		}
4006 		if (ridx == sband->n_bitrates)
4007 			return 0; /* rate not found */
4008 	}
4009 
4010 	return mask;
4011 }
4012 
4013 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
4014 			       u8 *rates, u8 rates_len,
4015 			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
4016 {
4017 	u8 i;
4018 
4019 	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
4020 
4021 	for (i = 0; i < rates_len; i++) {
4022 		int ridx, rbit;
4023 
4024 		ridx = rates[i] / 8;
4025 		rbit = BIT(rates[i] % 8);
4026 
4027 		/* check validity */
4028 		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
4029 			return false;
4030 
4031 		/* check availability */
4032 		ridx = array_index_nospec(ridx, IEEE80211_HT_MCS_MASK_LEN);
4033 		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
4034 			mcs[ridx] |= rbit;
4035 		else
4036 			return false;
4037 	}
4038 
4039 	return true;
4040 }
4041 
4042 static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
4043 {
4044 	u16 mcs_mask = 0;
4045 
4046 	switch (vht_mcs_map) {
4047 	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
4048 		break;
4049 	case IEEE80211_VHT_MCS_SUPPORT_0_7:
4050 		mcs_mask = 0x00FF;
4051 		break;
4052 	case IEEE80211_VHT_MCS_SUPPORT_0_8:
4053 		mcs_mask = 0x01FF;
4054 		break;
4055 	case IEEE80211_VHT_MCS_SUPPORT_0_9:
4056 		mcs_mask = 0x03FF;
4057 		break;
4058 	default:
4059 		break;
4060 	}
4061 
4062 	return mcs_mask;
4063 }
4064 
4065 static void vht_build_mcs_mask(u16 vht_mcs_map,
4066 			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
4067 {
4068 	u8 nss;
4069 
4070 	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
4071 		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
4072 		vht_mcs_map >>= 2;
4073 	}
4074 }
4075 
4076 static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
4077 			     struct nl80211_txrate_vht *txrate,
4078 			     u16 mcs[NL80211_VHT_NSS_MAX])
4079 {
4080 	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4081 	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
4082 	u8 i;
4083 
4084 	if (!sband->vht_cap.vht_supported)
4085 		return false;
4086 
4087 	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
4088 
4089 	/* Build vht_mcs_mask from VHT capabilities */
4090 	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
4091 
4092 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4093 		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
4094 			mcs[i] = txrate->mcs[i];
4095 		else
4096 			return false;
4097 	}
4098 
4099 	return true;
4100 }
4101 
4102 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4103 	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4104 				    .len = NL80211_MAX_SUPP_RATES },
4105 	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
4106 				.len = NL80211_MAX_SUPP_HT_RATES },
4107 	[NL80211_TXRATE_VHT] = {
4108 		.type = NLA_EXACT_LEN_WARN,
4109 		.len = sizeof(struct nl80211_txrate_vht),
4110 	},
4111 	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
4112 };
4113 
4114 static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
4115 					 struct cfg80211_bitrate_mask *mask)
4116 {
4117 	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4118 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4119 	int rem, i;
4120 	struct nlattr *tx_rates;
4121 	struct ieee80211_supported_band *sband;
4122 	u16 vht_tx_mcs_map;
4123 
4124 	memset(mask, 0, sizeof(*mask));
4125 	/* Default to all rates enabled */
4126 	for (i = 0; i < NUM_NL80211_BANDS; i++) {
4127 		sband = rdev->wiphy.bands[i];
4128 
4129 		if (!sband)
4130 			continue;
4131 
4132 		mask->control[i].legacy = (1 << sband->n_bitrates) - 1;
4133 		memcpy(mask->control[i].ht_mcs,
4134 		       sband->ht_cap.mcs.rx_mask,
4135 		       sizeof(mask->control[i].ht_mcs));
4136 
4137 		if (!sband->vht_cap.vht_supported)
4138 			continue;
4139 
4140 		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4141 		vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
4142 	}
4143 
4144 	/* if no rates are given set it back to the defaults */
4145 	if (!info->attrs[NL80211_ATTR_TX_RATES])
4146 		goto out;
4147 
4148 	/* The nested attribute uses enum nl80211_band as the index. This maps
4149 	 * directly to the enum nl80211_band values used in cfg80211.
4150 	 */
4151 	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4152 	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
4153 		enum nl80211_band band = nla_type(tx_rates);
4154 		int err;
4155 
4156 		if (band < 0 || band >= NUM_NL80211_BANDS)
4157 			return -EINVAL;
4158 		sband = rdev->wiphy.bands[band];
4159 		if (sband == NULL)
4160 			return -EINVAL;
4161 		err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
4162 						  tx_rates,
4163 						  nl80211_txattr_policy,
4164 						  info->extack);
4165 		if (err)
4166 			return err;
4167 		if (tb[NL80211_TXRATE_LEGACY]) {
4168 			mask->control[band].legacy = rateset_to_mask(
4169 				sband,
4170 				nla_data(tb[NL80211_TXRATE_LEGACY]),
4171 				nla_len(tb[NL80211_TXRATE_LEGACY]));
4172 			if ((mask->control[band].legacy == 0) &&
4173 			    nla_len(tb[NL80211_TXRATE_LEGACY]))
4174 				return -EINVAL;
4175 		}
4176 		if (tb[NL80211_TXRATE_HT]) {
4177 			if (!ht_rateset_to_mask(
4178 					sband,
4179 					nla_data(tb[NL80211_TXRATE_HT]),
4180 					nla_len(tb[NL80211_TXRATE_HT]),
4181 					mask->control[band].ht_mcs))
4182 				return -EINVAL;
4183 		}
4184 		if (tb[NL80211_TXRATE_VHT]) {
4185 			if (!vht_set_mcs_mask(
4186 					sband,
4187 					nla_data(tb[NL80211_TXRATE_VHT]),
4188 					mask->control[band].vht_mcs))
4189 				return -EINVAL;
4190 		}
4191 		if (tb[NL80211_TXRATE_GI]) {
4192 			mask->control[band].gi =
4193 				nla_get_u8(tb[NL80211_TXRATE_GI]);
4194 			if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4195 				return -EINVAL;
4196 		}
4197 
4198 		if (mask->control[band].legacy == 0) {
4199 			/* don't allow empty legacy rates if HT or VHT
4200 			 * are not even supported.
4201 			 */
4202 			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
4203 			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
4204 				return -EINVAL;
4205 
4206 			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
4207 				if (mask->control[band].ht_mcs[i])
4208 					goto out;
4209 
4210 			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4211 				if (mask->control[band].vht_mcs[i])
4212 					goto out;
4213 
4214 			/* legacy and mcs rates may not be both empty */
4215 			return -EINVAL;
4216 		}
4217 	}
4218 
4219 out:
4220 	return 0;
4221 }
4222 
4223 static int validate_beacon_tx_rate(struct cfg80211_registered_device *rdev,
4224 				   enum nl80211_band band,
4225 				   struct cfg80211_bitrate_mask *beacon_rate)
4226 {
4227 	u32 count_ht, count_vht, i;
4228 	u32 rate = beacon_rate->control[band].legacy;
4229 
4230 	/* Allow only one rate */
4231 	if (hweight32(rate) > 1)
4232 		return -EINVAL;
4233 
4234 	count_ht = 0;
4235 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
4236 		if (hweight8(beacon_rate->control[band].ht_mcs[i]) > 1) {
4237 			return -EINVAL;
4238 		} else if (beacon_rate->control[band].ht_mcs[i]) {
4239 			count_ht++;
4240 			if (count_ht > 1)
4241 				return -EINVAL;
4242 		}
4243 		if (count_ht && rate)
4244 			return -EINVAL;
4245 	}
4246 
4247 	count_vht = 0;
4248 	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
4249 		if (hweight16(beacon_rate->control[band].vht_mcs[i]) > 1) {
4250 			return -EINVAL;
4251 		} else if (beacon_rate->control[band].vht_mcs[i]) {
4252 			count_vht++;
4253 			if (count_vht > 1)
4254 				return -EINVAL;
4255 		}
4256 		if (count_vht && rate)
4257 			return -EINVAL;
4258 	}
4259 
4260 	if ((count_ht && count_vht) || (!rate && !count_ht && !count_vht))
4261 		return -EINVAL;
4262 
4263 	if (rate &&
4264 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4265 				     NL80211_EXT_FEATURE_BEACON_RATE_LEGACY))
4266 		return -EINVAL;
4267 	if (count_ht &&
4268 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4269 				     NL80211_EXT_FEATURE_BEACON_RATE_HT))
4270 		return -EINVAL;
4271 	if (count_vht &&
4272 	    !wiphy_ext_feature_isset(&rdev->wiphy,
4273 				     NL80211_EXT_FEATURE_BEACON_RATE_VHT))
4274 		return -EINVAL;
4275 
4276 	return 0;
4277 }
4278 
4279 static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
4280 				struct nlattr *attrs[],
4281 				struct cfg80211_beacon_data *bcn)
4282 {
4283 	bool haveinfo = false;
4284 	int err;
4285 
4286 	memset(bcn, 0, sizeof(*bcn));
4287 
4288 	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4289 		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4290 		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4291 		if (!bcn->head_len)
4292 			return -EINVAL;
4293 		haveinfo = true;
4294 	}
4295 
4296 	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
4297 		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
4298 		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
4299 		haveinfo = true;
4300 	}
4301 
4302 	if (!haveinfo)
4303 		return -EINVAL;
4304 
4305 	if (attrs[NL80211_ATTR_IE]) {
4306 		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
4307 		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
4308 	}
4309 
4310 	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
4311 		bcn->proberesp_ies =
4312 			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4313 		bcn->proberesp_ies_len =
4314 			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
4315 	}
4316 
4317 	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
4318 		bcn->assocresp_ies =
4319 			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4320 		bcn->assocresp_ies_len =
4321 			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
4322 	}
4323 
4324 	if (attrs[NL80211_ATTR_PROBE_RESP]) {
4325 		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
4326 		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4327 	}
4328 
4329 	if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
4330 		struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
4331 
4332 		err = nla_parse_nested_deprecated(tb,
4333 						  NL80211_FTM_RESP_ATTR_MAX,
4334 						  attrs[NL80211_ATTR_FTM_RESPONDER],
4335 						  NULL, NULL);
4336 		if (err)
4337 			return err;
4338 
4339 		if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
4340 		    wiphy_ext_feature_isset(&rdev->wiphy,
4341 					    NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
4342 			bcn->ftm_responder = 1;
4343 		else
4344 			return -EOPNOTSUPP;
4345 
4346 		if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
4347 			bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
4348 			bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
4349 		}
4350 
4351 		if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
4352 			bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4353 			bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
4354 		}
4355 	} else {
4356 		bcn->ftm_responder = -1;
4357 	}
4358 
4359 	return 0;
4360 }
4361 
4362 static void nl80211_check_ap_rate_selectors(struct cfg80211_ap_settings *params,
4363 					    const u8 *rates)
4364 {
4365 	int i;
4366 
4367 	if (!rates)
4368 		return;
4369 
4370 	for (i = 0; i < rates[1]; i++) {
4371 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
4372 			params->ht_required = true;
4373 		if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4374 			params->vht_required = true;
4375 	}
4376 }
4377 
4378 /*
4379  * Since the nl80211 API didn't include, from the beginning, attributes about
4380  * HT/VHT requirements/capabilities, we parse them out of the IEs for the
4381  * benefit of drivers that rebuild IEs in the firmware.
4382  */
4383 static void nl80211_calculate_ap_params(struct cfg80211_ap_settings *params)
4384 {
4385 	const struct cfg80211_beacon_data *bcn = &params->beacon;
4386 	size_t ies_len = bcn->tail_len;
4387 	const u8 *ies = bcn->tail;
4388 	const u8 *rates;
4389 	const u8 *cap;
4390 
4391 	rates = cfg80211_find_ie(WLAN_EID_SUPP_RATES, ies, ies_len);
4392 	nl80211_check_ap_rate_selectors(params, rates);
4393 
4394 	rates = cfg80211_find_ie(WLAN_EID_EXT_SUPP_RATES, ies, ies_len);
4395 	nl80211_check_ap_rate_selectors(params, rates);
4396 
4397 	cap = cfg80211_find_ie(WLAN_EID_HT_CAPABILITY, ies, ies_len);
4398 	if (cap && cap[1] >= sizeof(*params->ht_cap))
4399 		params->ht_cap = (void *)(cap + 2);
4400 	cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4401 	if (cap && cap[1] >= sizeof(*params->vht_cap))
4402 		params->vht_cap = (void *)(cap + 2);
4403 	cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
4404 	if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
4405 		params->he_cap = (void *)(cap + 3);
4406 }
4407 
4408 static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
4409 				   struct cfg80211_ap_settings *params)
4410 {
4411 	struct wireless_dev *wdev;
4412 	bool ret = false;
4413 
4414 	list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
4415 		if (wdev->iftype != NL80211_IFTYPE_AP &&
4416 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
4417 			continue;
4418 
4419 		if (!wdev->preset_chandef.chan)
4420 			continue;
4421 
4422 		params->chandef = wdev->preset_chandef;
4423 		ret = true;
4424 		break;
4425 	}
4426 
4427 	return ret;
4428 }
4429 
4430 static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
4431 				    enum nl80211_auth_type auth_type,
4432 				    enum nl80211_commands cmd)
4433 {
4434 	if (auth_type > NL80211_AUTHTYPE_MAX)
4435 		return false;
4436 
4437 	switch (cmd) {
4438 	case NL80211_CMD_AUTHENTICATE:
4439 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4440 		    auth_type == NL80211_AUTHTYPE_SAE)
4441 			return false;
4442 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
4443 					     NL80211_EXT_FEATURE_FILS_STA) &&
4444 		    (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4445 		     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4446 		     auth_type == NL80211_AUTHTYPE_FILS_PK))
4447 			return false;
4448 		return true;
4449 	case NL80211_CMD_CONNECT:
4450 		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
4451 		    !wiphy_ext_feature_isset(&rdev->wiphy,
4452 					     NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4453 		    auth_type == NL80211_AUTHTYPE_SAE)
4454 			return false;
4455 
4456 		/* FILS with SK PFS or PK not supported yet */
4457 		if (auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4458 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4459 			return false;
4460 		if (!wiphy_ext_feature_isset(
4461 			    &rdev->wiphy,
4462 			    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
4463 		    auth_type == NL80211_AUTHTYPE_FILS_SK)
4464 			return false;
4465 		return true;
4466 	case NL80211_CMD_START_AP:
4467 		/* SAE not supported yet */
4468 		if (auth_type == NL80211_AUTHTYPE_SAE)
4469 			return false;
4470 		/* FILS not supported yet */
4471 		if (auth_type == NL80211_AUTHTYPE_FILS_SK ||
4472 		    auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
4473 		    auth_type == NL80211_AUTHTYPE_FILS_PK)
4474 			return false;
4475 		return true;
4476 	default:
4477 		return false;
4478 	}
4479 }
4480 
4481 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
4482 {
4483 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4484 	struct net_device *dev = info->user_ptr[1];
4485 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4486 	struct cfg80211_ap_settings params;
4487 	int err;
4488 
4489 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4490 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4491 		return -EOPNOTSUPP;
4492 
4493 	if (!rdev->ops->start_ap)
4494 		return -EOPNOTSUPP;
4495 
4496 	if (wdev->beacon_interval)
4497 		return -EALREADY;
4498 
4499 	memset(&params, 0, sizeof(params));
4500 
4501 	/* these are required for START_AP */
4502 	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
4503 	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
4504 	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
4505 		return -EINVAL;
4506 
4507 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
4508 	if (err)
4509 		return err;
4510 
4511 	params.beacon_interval =
4512 		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4513 	params.dtim_period =
4514 		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
4515 
4516 	err = cfg80211_validate_beacon_int(rdev, dev->ieee80211_ptr->iftype,
4517 					   params.beacon_interval);
4518 	if (err)
4519 		return err;
4520 
4521 	/*
4522 	 * In theory, some of these attributes should be required here
4523 	 * but since they were not used when the command was originally
4524 	 * added, keep them optional for old user space programs to let
4525 	 * them continue to work with drivers that do not need the
4526 	 * additional information -- drivers must check!
4527 	 */
4528 	if (info->attrs[NL80211_ATTR_SSID]) {
4529 		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4530 		params.ssid_len =
4531 			nla_len(info->attrs[NL80211_ATTR_SSID]);
4532 		if (params.ssid_len == 0 ||
4533 		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
4534 			return -EINVAL;
4535 	}
4536 
4537 	if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4538 		params.hidden_ssid = nla_get_u32(
4539 			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4540 
4541 	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4542 
4543 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4544 		params.auth_type = nla_get_u32(
4545 			info->attrs[NL80211_ATTR_AUTH_TYPE]);
4546 		if (!nl80211_valid_auth_type(rdev, params.auth_type,
4547 					     NL80211_CMD_START_AP))
4548 			return -EINVAL;
4549 	} else
4550 		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4551 
4552 	err = nl80211_crypto_settings(rdev, info, &params.crypto,
4553 				      NL80211_MAX_NR_CIPHER_SUITES);
4554 	if (err)
4555 		return err;
4556 
4557 	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
4558 		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
4559 			return -EOPNOTSUPP;
4560 		params.inactivity_timeout = nla_get_u16(
4561 			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
4562 	}
4563 
4564 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4565 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4566 			return -EINVAL;
4567 		params.p2p_ctwindow =
4568 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4569 		if (params.p2p_ctwindow != 0 &&
4570 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4571 			return -EINVAL;
4572 	}
4573 
4574 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4575 		u8 tmp;
4576 
4577 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4578 			return -EINVAL;
4579 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4580 		params.p2p_opp_ps = tmp;
4581 		if (params.p2p_opp_ps != 0 &&
4582 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4583 			return -EINVAL;
4584 	}
4585 
4586 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4587 		err = nl80211_parse_chandef(rdev, info, &params.chandef);
4588 		if (err)
4589 			return err;
4590 	} else if (wdev->preset_chandef.chan) {
4591 		params.chandef = wdev->preset_chandef;
4592 	} else if (!nl80211_get_ap_channel(rdev, &params))
4593 		return -EINVAL;
4594 
4595 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
4596 					   wdev->iftype))
4597 		return -EINVAL;
4598 
4599 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
4600 		err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
4601 		if (err)
4602 			return err;
4603 
4604 		err = validate_beacon_tx_rate(rdev, params.chandef.chan->band,
4605 					      &params.beacon_rate);
4606 		if (err)
4607 			return err;
4608 	}
4609 
4610 	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
4611 		params.smps_mode =
4612 			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
4613 		switch (params.smps_mode) {
4614 		case NL80211_SMPS_OFF:
4615 			break;
4616 		case NL80211_SMPS_STATIC:
4617 			if (!(rdev->wiphy.features &
4618 			      NL80211_FEATURE_STATIC_SMPS))
4619 				return -EINVAL;
4620 			break;
4621 		case NL80211_SMPS_DYNAMIC:
4622 			if (!(rdev->wiphy.features &
4623 			      NL80211_FEATURE_DYNAMIC_SMPS))
4624 				return -EINVAL;
4625 			break;
4626 		default:
4627 			return -EINVAL;
4628 		}
4629 	} else {
4630 		params.smps_mode = NL80211_SMPS_OFF;
4631 	}
4632 
4633 	params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
4634 	if (params.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ])
4635 		return -EOPNOTSUPP;
4636 
4637 	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
4638 		params.acl = parse_acl_data(&rdev->wiphy, info);
4639 		if (IS_ERR(params.acl))
4640 			return PTR_ERR(params.acl);
4641 	}
4642 
4643 	params.twt_responder =
4644 		    nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
4645 
4646 	nl80211_calculate_ap_params(&params);
4647 
4648 	if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
4649 		params.flags |= AP_SETTINGS_EXTERNAL_AUTH_SUPPORT;
4650 
4651 	wdev_lock(wdev);
4652 	err = rdev_start_ap(rdev, dev, &params);
4653 	if (!err) {
4654 		wdev->preset_chandef = params.chandef;
4655 		wdev->beacon_interval = params.beacon_interval;
4656 		wdev->chandef = params.chandef;
4657 		wdev->ssid_len = params.ssid_len;
4658 		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
4659 
4660 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
4661 			wdev->conn_owner_nlportid = info->snd_portid;
4662 	}
4663 	wdev_unlock(wdev);
4664 
4665 	kfree(params.acl);
4666 
4667 	return err;
4668 }
4669 
4670 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
4671 {
4672 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4673 	struct net_device *dev = info->user_ptr[1];
4674 	struct wireless_dev *wdev = dev->ieee80211_ptr;
4675 	struct cfg80211_beacon_data params;
4676 	int err;
4677 
4678 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4679 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4680 		return -EOPNOTSUPP;
4681 
4682 	if (!rdev->ops->change_beacon)
4683 		return -EOPNOTSUPP;
4684 
4685 	if (!wdev->beacon_interval)
4686 		return -EINVAL;
4687 
4688 	err = nl80211_parse_beacon(rdev, info->attrs, &params);
4689 	if (err)
4690 		return err;
4691 
4692 	wdev_lock(wdev);
4693 	err = rdev_change_beacon(rdev, dev, &params);
4694 	wdev_unlock(wdev);
4695 
4696 	return err;
4697 }
4698 
4699 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
4700 {
4701 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4702 	struct net_device *dev = info->user_ptr[1];
4703 
4704 	return cfg80211_stop_ap(rdev, dev, false);
4705 }
4706 
4707 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
4708 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
4709 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
4710 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
4711 	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
4712 	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
4713 	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
4714 };
4715 
4716 static int parse_station_flags(struct genl_info *info,
4717 			       enum nl80211_iftype iftype,
4718 			       struct station_parameters *params)
4719 {
4720 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
4721 	struct nlattr *nla;
4722 	int flag;
4723 
4724 	/*
4725 	 * Try parsing the new attribute first so userspace
4726 	 * can specify both for older kernels.
4727 	 */
4728 	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
4729 	if (nla) {
4730 		struct nl80211_sta_flag_update *sta_flags;
4731 
4732 		sta_flags = nla_data(nla);
4733 		params->sta_flags_mask = sta_flags->mask;
4734 		params->sta_flags_set = sta_flags->set;
4735 		params->sta_flags_set &= params->sta_flags_mask;
4736 		if ((params->sta_flags_mask |
4737 		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
4738 			return -EINVAL;
4739 		return 0;
4740 	}
4741 
4742 	/* if present, parse the old attribute */
4743 
4744 	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
4745 	if (!nla)
4746 		return 0;
4747 
4748 	if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
4749 		return -EINVAL;
4750 
4751 	/*
4752 	 * Only allow certain flags for interface types so that
4753 	 * other attributes are silently ignored. Remember that
4754 	 * this is backward compatibility code with old userspace
4755 	 * and shouldn't be hit in other cases anyway.
4756 	 */
4757 	switch (iftype) {
4758 	case NL80211_IFTYPE_AP:
4759 	case NL80211_IFTYPE_AP_VLAN:
4760 	case NL80211_IFTYPE_P2P_GO:
4761 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4762 					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4763 					 BIT(NL80211_STA_FLAG_WME) |
4764 					 BIT(NL80211_STA_FLAG_MFP);
4765 		break;
4766 	case NL80211_IFTYPE_P2P_CLIENT:
4767 	case NL80211_IFTYPE_STATION:
4768 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
4769 					 BIT(NL80211_STA_FLAG_TDLS_PEER);
4770 		break;
4771 	case NL80211_IFTYPE_MESH_POINT:
4772 		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4773 					 BIT(NL80211_STA_FLAG_MFP) |
4774 					 BIT(NL80211_STA_FLAG_AUTHORIZED);
4775 		break;
4776 	default:
4777 		return -EINVAL;
4778 	}
4779 
4780 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
4781 		if (flags[flag]) {
4782 			params->sta_flags_set |= (1<<flag);
4783 
4784 			/* no longer support new API additions in old API */
4785 			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
4786 				return -EINVAL;
4787 		}
4788 	}
4789 
4790 	return 0;
4791 }
4792 
4793 bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info, int attr)
4794 {
4795 	struct nlattr *rate;
4796 	u32 bitrate;
4797 	u16 bitrate_compat;
4798 	enum nl80211_rate_info rate_flg;
4799 
4800 	rate = nla_nest_start_noflag(msg, attr);
4801 	if (!rate)
4802 		return false;
4803 
4804 	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
4805 	bitrate = cfg80211_calculate_bitrate(info);
4806 	/* report 16-bit bitrate only if we can */
4807 	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
4808 	if (bitrate > 0 &&
4809 	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
4810 		return false;
4811 	if (bitrate_compat > 0 &&
4812 	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
4813 		return false;
4814 
4815 	switch (info->bw) {
4816 	case RATE_INFO_BW_5:
4817 		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
4818 		break;
4819 	case RATE_INFO_BW_10:
4820 		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
4821 		break;
4822 	default:
4823 		WARN_ON(1);
4824 		/* fall through */
4825 	case RATE_INFO_BW_20:
4826 		rate_flg = 0;
4827 		break;
4828 	case RATE_INFO_BW_40:
4829 		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
4830 		break;
4831 	case RATE_INFO_BW_80:
4832 		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
4833 		break;
4834 	case RATE_INFO_BW_160:
4835 		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
4836 		break;
4837 	case RATE_INFO_BW_HE_RU:
4838 		rate_flg = 0;
4839 		WARN_ON(!(info->flags & RATE_INFO_FLAGS_HE_MCS));
4840 	}
4841 
4842 	if (rate_flg && nla_put_flag(msg, rate_flg))
4843 		return false;
4844 
4845 	if (info->flags & RATE_INFO_FLAGS_MCS) {
4846 		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
4847 			return false;
4848 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4849 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4850 			return false;
4851 	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
4852 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
4853 			return false;
4854 		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
4855 			return false;
4856 		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
4857 		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
4858 			return false;
4859 	} else if (info->flags & RATE_INFO_FLAGS_HE_MCS) {
4860 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_MCS, info->mcs))
4861 			return false;
4862 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_NSS, info->nss))
4863 			return false;
4864 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_GI, info->he_gi))
4865 			return false;
4866 		if (nla_put_u8(msg, NL80211_RATE_INFO_HE_DCM, info->he_dcm))
4867 			return false;
4868 		if (info->bw == RATE_INFO_BW_HE_RU &&
4869 		    nla_put_u8(msg, NL80211_RATE_INFO_HE_RU_ALLOC,
4870 			       info->he_ru_alloc))
4871 			return false;
4872 	}
4873 
4874 	nla_nest_end(msg, rate);
4875 	return true;
4876 }
4877 
4878 static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
4879 			       int id)
4880 {
4881 	void *attr;
4882 	int i = 0;
4883 
4884 	if (!mask)
4885 		return true;
4886 
4887 	attr = nla_nest_start_noflag(msg, id);
4888 	if (!attr)
4889 		return false;
4890 
4891 	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
4892 		if (!(mask & BIT(i)))
4893 			continue;
4894 
4895 		if (nla_put_u8(msg, i, signal[i]))
4896 			return false;
4897 	}
4898 
4899 	nla_nest_end(msg, attr);
4900 
4901 	return true;
4902 }
4903 
4904 static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
4905 				u32 seq, int flags,
4906 				struct cfg80211_registered_device *rdev,
4907 				struct net_device *dev,
4908 				const u8 *mac_addr, struct station_info *sinfo)
4909 {
4910 	void *hdr;
4911 	struct nlattr *sinfoattr, *bss_param;
4912 
4913 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
4914 	if (!hdr) {
4915 		cfg80211_sinfo_release_content(sinfo);
4916 		return -1;
4917 	}
4918 
4919 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4920 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
4921 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4922 		goto nla_put_failure;
4923 
4924 	sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
4925 	if (!sinfoattr)
4926 		goto nla_put_failure;
4927 
4928 #define PUT_SINFO(attr, memb, type) do {				\
4929 	BUILD_BUG_ON(sizeof(type) == sizeof(u64));			\
4930 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
4931 	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
4932 			     sinfo->memb))				\
4933 		goto nla_put_failure;					\
4934 	} while (0)
4935 #define PUT_SINFO_U64(attr, memb) do {					\
4936 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_ ## attr) &&	\
4937 	    nla_put_u64_64bit(msg, NL80211_STA_INFO_ ## attr,		\
4938 			      sinfo->memb, NL80211_STA_INFO_PAD))	\
4939 		goto nla_put_failure;					\
4940 	} while (0)
4941 
4942 	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4943 	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
4944 
4945 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) |
4946 			     BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
4947 	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
4948 			(u32)sinfo->rx_bytes))
4949 		goto nla_put_failure;
4950 
4951 	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES) |
4952 			     BIT_ULL(NL80211_STA_INFO_TX_BYTES64)) &&
4953 	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
4954 			(u32)sinfo->tx_bytes))
4955 		goto nla_put_failure;
4956 
4957 	PUT_SINFO_U64(RX_BYTES64, rx_bytes);
4958 	PUT_SINFO_U64(TX_BYTES64, tx_bytes);
4959 	PUT_SINFO(LLID, llid, u16);
4960 	PUT_SINFO(PLID, plid, u16);
4961 	PUT_SINFO(PLINK_STATE, plink_state, u8);
4962 	PUT_SINFO_U64(RX_DURATION, rx_duration);
4963 	PUT_SINFO_U64(TX_DURATION, tx_duration);
4964 
4965 	if (wiphy_ext_feature_isset(&rdev->wiphy,
4966 				    NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
4967 		PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
4968 
4969 	switch (rdev->wiphy.signal_type) {
4970 	case CFG80211_SIGNAL_TYPE_MBM:
4971 		PUT_SINFO(SIGNAL, signal, u8);
4972 		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
4973 		break;
4974 	default:
4975 		break;
4976 	}
4977 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL)) {
4978 		if (!nl80211_put_signal(msg, sinfo->chains,
4979 					sinfo->chain_signal,
4980 					NL80211_STA_INFO_CHAIN_SIGNAL))
4981 			goto nla_put_failure;
4982 	}
4983 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
4984 		if (!nl80211_put_signal(msg, sinfo->chains,
4985 					sinfo->chain_signal_avg,
4986 					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
4987 			goto nla_put_failure;
4988 	}
4989 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) {
4990 		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
4991 					  NL80211_STA_INFO_TX_BITRATE))
4992 			goto nla_put_failure;
4993 	}
4994 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) {
4995 		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
4996 					  NL80211_STA_INFO_RX_BITRATE))
4997 			goto nla_put_failure;
4998 	}
4999 
5000 	PUT_SINFO(RX_PACKETS, rx_packets, u32);
5001 	PUT_SINFO(TX_PACKETS, tx_packets, u32);
5002 	PUT_SINFO(TX_RETRIES, tx_retries, u32);
5003 	PUT_SINFO(TX_FAILED, tx_failed, u32);
5004 	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
5005 	PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
5006 	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
5007 	PUT_SINFO(LOCAL_PM, local_pm, u32);
5008 	PUT_SINFO(PEER_PM, peer_pm, u32);
5009 	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
5010 	PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
5011 
5012 	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
5013 		bss_param = nla_nest_start_noflag(msg,
5014 						  NL80211_STA_INFO_BSS_PARAM);
5015 		if (!bss_param)
5016 			goto nla_put_failure;
5017 
5018 		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
5019 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
5020 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
5021 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
5022 		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
5023 		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
5024 		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
5025 			       sinfo->bss_param.dtim_period) ||
5026 		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
5027 				sinfo->bss_param.beacon_interval))
5028 			goto nla_put_failure;
5029 
5030 		nla_nest_end(msg, bss_param);
5031 	}
5032 	if ((sinfo->filled & BIT_ULL(NL80211_STA_INFO_STA_FLAGS)) &&
5033 	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
5034 		    sizeof(struct nl80211_sta_flag_update),
5035 		    &sinfo->sta_flags))
5036 		goto nla_put_failure;
5037 
5038 	PUT_SINFO_U64(T_OFFSET, t_offset);
5039 	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
5040 	PUT_SINFO_U64(BEACON_RX, rx_beacon);
5041 	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
5042 	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
5043 	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
5044 	if (wiphy_ext_feature_isset(&rdev->wiphy,
5045 				    NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
5046 		PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
5047 		PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
5048 	}
5049 
5050 #undef PUT_SINFO
5051 #undef PUT_SINFO_U64
5052 
5053 	if (sinfo->pertid) {
5054 		struct nlattr *tidsattr;
5055 		int tid;
5056 
5057 		tidsattr = nla_nest_start_noflag(msg,
5058 						 NL80211_STA_INFO_TID_STATS);
5059 		if (!tidsattr)
5060 			goto nla_put_failure;
5061 
5062 		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
5063 			struct cfg80211_tid_stats *tidstats;
5064 			struct nlattr *tidattr;
5065 
5066 			tidstats = &sinfo->pertid[tid];
5067 
5068 			if (!tidstats->filled)
5069 				continue;
5070 
5071 			tidattr = nla_nest_start_noflag(msg, tid + 1);
5072 			if (!tidattr)
5073 				goto nla_put_failure;
5074 
5075 #define PUT_TIDVAL_U64(attr, memb) do {					\
5076 	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
5077 	    nla_put_u64_64bit(msg, NL80211_TID_STATS_ ## attr,		\
5078 			      tidstats->memb, NL80211_TID_STATS_PAD))	\
5079 		goto nla_put_failure;					\
5080 	} while (0)
5081 
5082 			PUT_TIDVAL_U64(RX_MSDU, rx_msdu);
5083 			PUT_TIDVAL_U64(TX_MSDU, tx_msdu);
5084 			PUT_TIDVAL_U64(TX_MSDU_RETRIES, tx_msdu_retries);
5085 			PUT_TIDVAL_U64(TX_MSDU_FAILED, tx_msdu_failed);
5086 
5087 #undef PUT_TIDVAL_U64
5088 			if ((tidstats->filled &
5089 			     BIT(NL80211_TID_STATS_TXQ_STATS)) &&
5090 			    !nl80211_put_txq_stats(msg, &tidstats->txq_stats,
5091 						   NL80211_TID_STATS_TXQ_STATS))
5092 				goto nla_put_failure;
5093 
5094 			nla_nest_end(msg, tidattr);
5095 		}
5096 
5097 		nla_nest_end(msg, tidsattr);
5098 	}
5099 
5100 	nla_nest_end(msg, sinfoattr);
5101 
5102 	if (sinfo->assoc_req_ies_len &&
5103 	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
5104 		    sinfo->assoc_req_ies))
5105 		goto nla_put_failure;
5106 
5107 	cfg80211_sinfo_release_content(sinfo);
5108 	genlmsg_end(msg, hdr);
5109 	return 0;
5110 
5111  nla_put_failure:
5112 	cfg80211_sinfo_release_content(sinfo);
5113 	genlmsg_cancel(msg, hdr);
5114 	return -EMSGSIZE;
5115 }
5116 
5117 static int nl80211_dump_station(struct sk_buff *skb,
5118 				struct netlink_callback *cb)
5119 {
5120 	struct station_info sinfo;
5121 	struct cfg80211_registered_device *rdev;
5122 	struct wireless_dev *wdev;
5123 	u8 mac_addr[ETH_ALEN];
5124 	int sta_idx = cb->args[2];
5125 	int err;
5126 
5127 	rtnl_lock();
5128 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5129 	if (err)
5130 		goto out_err;
5131 
5132 	if (!wdev->netdev) {
5133 		err = -EINVAL;
5134 		goto out_err;
5135 	}
5136 
5137 	if (!rdev->ops->dump_station) {
5138 		err = -EOPNOTSUPP;
5139 		goto out_err;
5140 	}
5141 
5142 	while (1) {
5143 		memset(&sinfo, 0, sizeof(sinfo));
5144 		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
5145 					mac_addr, &sinfo);
5146 		if (err == -ENOENT)
5147 			break;
5148 		if (err)
5149 			goto out_err;
5150 
5151 		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
5152 				NETLINK_CB(cb->skb).portid,
5153 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
5154 				rdev, wdev->netdev, mac_addr,
5155 				&sinfo) < 0)
5156 			goto out;
5157 
5158 		sta_idx++;
5159 	}
5160 
5161  out:
5162 	cb->args[2] = sta_idx;
5163 	err = skb->len;
5164  out_err:
5165 	rtnl_unlock();
5166 
5167 	return err;
5168 }
5169 
5170 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
5171 {
5172 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5173 	struct net_device *dev = info->user_ptr[1];
5174 	struct station_info sinfo;
5175 	struct sk_buff *msg;
5176 	u8 *mac_addr = NULL;
5177 	int err;
5178 
5179 	memset(&sinfo, 0, sizeof(sinfo));
5180 
5181 	if (!info->attrs[NL80211_ATTR_MAC])
5182 		return -EINVAL;
5183 
5184 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5185 
5186 	if (!rdev->ops->get_station)
5187 		return -EOPNOTSUPP;
5188 
5189 	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
5190 	if (err)
5191 		return err;
5192 
5193 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5194 	if (!msg) {
5195 		cfg80211_sinfo_release_content(&sinfo);
5196 		return -ENOMEM;
5197 	}
5198 
5199 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
5200 				 info->snd_portid, info->snd_seq, 0,
5201 				 rdev, dev, mac_addr, &sinfo) < 0) {
5202 		nlmsg_free(msg);
5203 		return -ENOBUFS;
5204 	}
5205 
5206 	return genlmsg_reply(msg, info);
5207 }
5208 
5209 int cfg80211_check_station_change(struct wiphy *wiphy,
5210 				  struct station_parameters *params,
5211 				  enum cfg80211_station_type statype)
5212 {
5213 	if (params->listen_interval != -1 &&
5214 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5215 		return -EINVAL;
5216 
5217 	if (params->support_p2p_ps != -1 &&
5218 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5219 		return -EINVAL;
5220 
5221 	if (params->aid &&
5222 	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) &&
5223 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC)
5224 		return -EINVAL;
5225 
5226 	/* When you run into this, adjust the code below for the new flag */
5227 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5228 
5229 	switch (statype) {
5230 	case CFG80211_STA_MESH_PEER_KERNEL:
5231 	case CFG80211_STA_MESH_PEER_USER:
5232 		/*
5233 		 * No ignoring the TDLS flag here -- the userspace mesh
5234 		 * code doesn't have the bug of including TDLS in the
5235 		 * mask everywhere.
5236 		 */
5237 		if (params->sta_flags_mask &
5238 				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5239 				  BIT(NL80211_STA_FLAG_MFP) |
5240 				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
5241 			return -EINVAL;
5242 		break;
5243 	case CFG80211_STA_TDLS_PEER_SETUP:
5244 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5245 		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5246 			return -EINVAL;
5247 		/* ignore since it can't change */
5248 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5249 		break;
5250 	default:
5251 		/* disallow mesh-specific things */
5252 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
5253 			return -EINVAL;
5254 		if (params->local_pm)
5255 			return -EINVAL;
5256 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5257 			return -EINVAL;
5258 	}
5259 
5260 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5261 	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
5262 		/* TDLS can't be set, ... */
5263 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
5264 			return -EINVAL;
5265 		/*
5266 		 * ... but don't bother the driver with it. This works around
5267 		 * a hostapd/wpa_supplicant issue -- it always includes the
5268 		 * TLDS_PEER flag in the mask even for AP mode.
5269 		 */
5270 		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5271 	}
5272 
5273 	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
5274 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5275 		/* reject other things that can't change */
5276 		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
5277 			return -EINVAL;
5278 		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
5279 			return -EINVAL;
5280 		if (params->supported_rates)
5281 			return -EINVAL;
5282 		if (params->ext_capab || params->ht_capa || params->vht_capa ||
5283 		    params->he_capa)
5284 			return -EINVAL;
5285 	}
5286 
5287 	if (statype != CFG80211_STA_AP_CLIENT &&
5288 	    statype != CFG80211_STA_AP_CLIENT_UNASSOC) {
5289 		if (params->vlan)
5290 			return -EINVAL;
5291 	}
5292 
5293 	switch (statype) {
5294 	case CFG80211_STA_AP_MLME_CLIENT:
5295 		/* Use this only for authorizing/unauthorizing a station */
5296 		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5297 			return -EOPNOTSUPP;
5298 		break;
5299 	case CFG80211_STA_AP_CLIENT:
5300 	case CFG80211_STA_AP_CLIENT_UNASSOC:
5301 		/* accept only the listed bits */
5302 		if (params->sta_flags_mask &
5303 				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5304 				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5305 				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
5306 				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
5307 				  BIT(NL80211_STA_FLAG_WME) |
5308 				  BIT(NL80211_STA_FLAG_MFP)))
5309 			return -EINVAL;
5310 
5311 		/* but authenticated/associated only if driver handles it */
5312 		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5313 		    params->sta_flags_mask &
5314 				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5315 				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
5316 			return -EINVAL;
5317 		break;
5318 	case CFG80211_STA_IBSS:
5319 	case CFG80211_STA_AP_STA:
5320 		/* reject any changes other than AUTHORIZED */
5321 		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
5322 			return -EINVAL;
5323 		break;
5324 	case CFG80211_STA_TDLS_PEER_SETUP:
5325 		/* reject any changes other than AUTHORIZED or WME */
5326 		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
5327 					       BIT(NL80211_STA_FLAG_WME)))
5328 			return -EINVAL;
5329 		/* force (at least) rates when authorizing */
5330 		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
5331 		    !params->supported_rates)
5332 			return -EINVAL;
5333 		break;
5334 	case CFG80211_STA_TDLS_PEER_ACTIVE:
5335 		/* reject any changes */
5336 		return -EINVAL;
5337 	case CFG80211_STA_MESH_PEER_KERNEL:
5338 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
5339 			return -EINVAL;
5340 		break;
5341 	case CFG80211_STA_MESH_PEER_USER:
5342 		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION &&
5343 		    params->plink_action != NL80211_PLINK_ACTION_BLOCK)
5344 			return -EINVAL;
5345 		break;
5346 	}
5347 
5348 	/*
5349 	 * Older kernel versions ignored this attribute entirely, so don't
5350 	 * reject attempts to update it but mark it as unused instead so the
5351 	 * driver won't look at the data.
5352 	 */
5353 	if (statype != CFG80211_STA_AP_CLIENT_UNASSOC &&
5354 	    statype != CFG80211_STA_TDLS_PEER_SETUP)
5355 		params->opmode_notif_used = false;
5356 
5357 	return 0;
5358 }
5359 EXPORT_SYMBOL(cfg80211_check_station_change);
5360 
5361 /*
5362  * Get vlan interface making sure it is running and on the right wiphy.
5363  */
5364 static struct net_device *get_vlan(struct genl_info *info,
5365 				   struct cfg80211_registered_device *rdev)
5366 {
5367 	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
5368 	struct net_device *v;
5369 	int ret;
5370 
5371 	if (!vlanattr)
5372 		return NULL;
5373 
5374 	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
5375 	if (!v)
5376 		return ERR_PTR(-ENODEV);
5377 
5378 	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
5379 		ret = -EINVAL;
5380 		goto error;
5381 	}
5382 
5383 	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5384 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5385 	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
5386 		ret = -EINVAL;
5387 		goto error;
5388 	}
5389 
5390 	if (!netif_running(v)) {
5391 		ret = -ENETDOWN;
5392 		goto error;
5393 	}
5394 
5395 	return v;
5396  error:
5397 	dev_put(v);
5398 	return ERR_PTR(ret);
5399 }
5400 
5401 static const struct nla_policy
5402 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
5403 	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
5404 	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
5405 };
5406 
5407 static int nl80211_parse_sta_wme(struct genl_info *info,
5408 				 struct station_parameters *params)
5409 {
5410 	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
5411 	struct nlattr *nla;
5412 	int err;
5413 
5414 	/* parse WME attributes if present */
5415 	if (!info->attrs[NL80211_ATTR_STA_WME])
5416 		return 0;
5417 
5418 	nla = info->attrs[NL80211_ATTR_STA_WME];
5419 	err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
5420 					  nl80211_sta_wme_policy,
5421 					  info->extack);
5422 	if (err)
5423 		return err;
5424 
5425 	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
5426 		params->uapsd_queues = nla_get_u8(
5427 			tb[NL80211_STA_WME_UAPSD_QUEUES]);
5428 	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
5429 		return -EINVAL;
5430 
5431 	if (tb[NL80211_STA_WME_MAX_SP])
5432 		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
5433 
5434 	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
5435 		return -EINVAL;
5436 
5437 	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
5438 
5439 	return 0;
5440 }
5441 
5442 static int nl80211_parse_sta_channel_info(struct genl_info *info,
5443 				      struct station_parameters *params)
5444 {
5445 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
5446 		params->supported_channels =
5447 		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5448 		params->supported_channels_len =
5449 		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5450 		/*
5451 		 * Need to include at least one (first channel, number of
5452 		 * channels) tuple for each subband, and must have proper
5453 		 * tuples for the rest of the data as well.
5454 		 */
5455 		if (params->supported_channels_len < 2)
5456 			return -EINVAL;
5457 		if (params->supported_channels_len % 2)
5458 			return -EINVAL;
5459 	}
5460 
5461 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
5462 		params->supported_oper_classes =
5463 		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5464 		params->supported_oper_classes_len =
5465 		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5466 		/*
5467 		 * The value of the Length field of the Supported Operating
5468 		 * Classes element is between 2 and 253.
5469 		 */
5470 		if (params->supported_oper_classes_len < 2 ||
5471 		    params->supported_oper_classes_len > 253)
5472 			return -EINVAL;
5473 	}
5474 	return 0;
5475 }
5476 
5477 static int nl80211_set_station_tdls(struct genl_info *info,
5478 				    struct station_parameters *params)
5479 {
5480 	int err;
5481 	/* Dummy STA entry gets updated once the peer capabilities are known */
5482 	if (info->attrs[NL80211_ATTR_PEER_AID])
5483 		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5484 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5485 		params->ht_capa =
5486 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5487 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5488 		params->vht_capa =
5489 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5490 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5491 		params->he_capa =
5492 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5493 		params->he_capa_len =
5494 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5495 
5496 		if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5497 			return -EINVAL;
5498 	}
5499 
5500 	err = nl80211_parse_sta_channel_info(info, params);
5501 	if (err)
5502 		return err;
5503 
5504 	return nl80211_parse_sta_wme(info, params);
5505 }
5506 
5507 static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
5508 					     struct station_parameters *params)
5509 {
5510 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5511 	int idx;
5512 
5513 	if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
5514 		if (!rdev->ops->set_tx_power ||
5515 		    !wiphy_ext_feature_isset(&rdev->wiphy,
5516 					 NL80211_EXT_FEATURE_STA_TX_PWR))
5517 			return -EOPNOTSUPP;
5518 
5519 		idx = NL80211_ATTR_STA_TX_POWER_SETTING;
5520 		params->txpwr.type = nla_get_u8(info->attrs[idx]);
5521 
5522 		if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
5523 			idx = NL80211_ATTR_STA_TX_POWER;
5524 
5525 			if (info->attrs[idx])
5526 				params->txpwr.power =
5527 					nla_get_s16(info->attrs[idx]);
5528 			else
5529 				return -EINVAL;
5530 		}
5531 		params->sta_modify_mask |= STATION_PARAM_APPLY_STA_TXPOWER;
5532 	}
5533 
5534 	return 0;
5535 }
5536 
5537 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
5538 {
5539 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5540 	struct net_device *dev = info->user_ptr[1];
5541 	struct station_parameters params;
5542 	u8 *mac_addr;
5543 	int err;
5544 
5545 	memset(&params, 0, sizeof(params));
5546 
5547 	if (!rdev->ops->change_station)
5548 		return -EOPNOTSUPP;
5549 
5550 	/*
5551 	 * AID and listen_interval properties can be set only for unassociated
5552 	 * station. Include these parameters here and will check them in
5553 	 * cfg80211_check_station_change().
5554 	 */
5555 	if (info->attrs[NL80211_ATTR_STA_AID])
5556 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5557 
5558 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5559 		params.listen_interval =
5560 		     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5561 	else
5562 		params.listen_interval = -1;
5563 
5564 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
5565 		params.support_p2p_ps =
5566 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5567 	else
5568 		params.support_p2p_ps = -1;
5569 
5570 	if (!info->attrs[NL80211_ATTR_MAC])
5571 		return -EINVAL;
5572 
5573 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5574 
5575 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
5576 		params.supported_rates =
5577 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5578 		params.supported_rates_len =
5579 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5580 	}
5581 
5582 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5583 		params.capability =
5584 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5585 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5586 	}
5587 
5588 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5589 		params.ext_capab =
5590 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5591 		params.ext_capab_len =
5592 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5593 	}
5594 
5595 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5596 		return -EINVAL;
5597 
5598 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5599 		params.plink_action =
5600 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5601 
5602 	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5603 		params.plink_state =
5604 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5605 		if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5606 			params.peer_aid = nla_get_u16(
5607 				info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5608 		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
5609 	}
5610 
5611 	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
5612 		params.local_pm = nla_get_u32(
5613 			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5614 
5615 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5616 		params.opmode_notif_used = true;
5617 		params.opmode_notif =
5618 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5619 	}
5620 
5621 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5622 		params.airtime_weight =
5623 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5624 
5625 	if (params.airtime_weight &&
5626 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5627 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5628 		return -EOPNOTSUPP;
5629 
5630 	err = nl80211_parse_sta_txpower_setting(info, &params);
5631 	if (err)
5632 		return err;
5633 
5634 	/* Include parameters for TDLS peer (will check later) */
5635 	err = nl80211_set_station_tdls(info, &params);
5636 	if (err)
5637 		return err;
5638 
5639 	params.vlan = get_vlan(info, rdev);
5640 	if (IS_ERR(params.vlan))
5641 		return PTR_ERR(params.vlan);
5642 
5643 	switch (dev->ieee80211_ptr->iftype) {
5644 	case NL80211_IFTYPE_AP:
5645 	case NL80211_IFTYPE_AP_VLAN:
5646 	case NL80211_IFTYPE_P2P_GO:
5647 	case NL80211_IFTYPE_P2P_CLIENT:
5648 	case NL80211_IFTYPE_STATION:
5649 	case NL80211_IFTYPE_ADHOC:
5650 	case NL80211_IFTYPE_MESH_POINT:
5651 		break;
5652 	default:
5653 		err = -EOPNOTSUPP;
5654 		goto out_put_vlan;
5655 	}
5656 
5657 	/* driver will call cfg80211_check_station_change() */
5658 	err = rdev_change_station(rdev, dev, mac_addr, &params);
5659 
5660  out_put_vlan:
5661 	if (params.vlan)
5662 		dev_put(params.vlan);
5663 
5664 	return err;
5665 }
5666 
5667 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
5668 {
5669 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5670 	int err;
5671 	struct net_device *dev = info->user_ptr[1];
5672 	struct station_parameters params;
5673 	u8 *mac_addr = NULL;
5674 	u32 auth_assoc = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
5675 			 BIT(NL80211_STA_FLAG_ASSOCIATED);
5676 
5677 	memset(&params, 0, sizeof(params));
5678 
5679 	if (!rdev->ops->add_station)
5680 		return -EOPNOTSUPP;
5681 
5682 	if (!info->attrs[NL80211_ATTR_MAC])
5683 		return -EINVAL;
5684 
5685 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5686 		return -EINVAL;
5687 
5688 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
5689 		return -EINVAL;
5690 
5691 	if (!info->attrs[NL80211_ATTR_STA_AID] &&
5692 	    !info->attrs[NL80211_ATTR_PEER_AID])
5693 		return -EINVAL;
5694 
5695 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
5696 	params.supported_rates =
5697 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5698 	params.supported_rates_len =
5699 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
5700 	params.listen_interval =
5701 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5702 
5703 	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5704 		params.support_p2p_ps =
5705 			nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5706 	} else {
5707 		/*
5708 		 * if not specified, assume it's supported for P2P GO interface,
5709 		 * and is NOT supported for AP interface
5710 		 */
5711 		params.support_p2p_ps =
5712 			dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_GO;
5713 	}
5714 
5715 	if (info->attrs[NL80211_ATTR_PEER_AID])
5716 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5717 	else
5718 		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5719 
5720 	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5721 		params.capability =
5722 			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
5723 		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
5724 	}
5725 
5726 	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
5727 		params.ext_capab =
5728 			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5729 		params.ext_capab_len =
5730 			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
5731 	}
5732 
5733 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
5734 		params.ht_capa =
5735 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
5736 
5737 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
5738 		params.vht_capa =
5739 			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
5740 
5741 	if (info->attrs[NL80211_ATTR_HE_CAPABILITY]) {
5742 		params.he_capa =
5743 			nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5744 		params.he_capa_len =
5745 			nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5746 
5747 		/* max len is validated in nla policy */
5748 		if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5749 			return -EINVAL;
5750 	}
5751 
5752 	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5753 		params.opmode_notif_used = true;
5754 		params.opmode_notif =
5755 			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5756 	}
5757 
5758 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5759 		params.plink_action =
5760 			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5761 
5762 	if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
5763 		params.airtime_weight =
5764 			nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
5765 
5766 	if (params.airtime_weight &&
5767 	    !wiphy_ext_feature_isset(&rdev->wiphy,
5768 				     NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
5769 		return -EOPNOTSUPP;
5770 
5771 	err = nl80211_parse_sta_txpower_setting(info, &params);
5772 	if (err)
5773 		return err;
5774 
5775 	err = nl80211_parse_sta_channel_info(info, &params);
5776 	if (err)
5777 		return err;
5778 
5779 	err = nl80211_parse_sta_wme(info, &params);
5780 	if (err)
5781 		return err;
5782 
5783 	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5784 		return -EINVAL;
5785 
5786 	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
5787 	 * as userspace might just pass through the capabilities from the IEs
5788 	 * directly, rather than enforcing this restriction and returning an
5789 	 * error in this case.
5790 	 */
5791 	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
5792 		params.ht_capa = NULL;
5793 		params.vht_capa = NULL;
5794 
5795 		/* HE requires WME */
5796 		if (params.he_capa_len)
5797 			return -EINVAL;
5798 	}
5799 
5800 	/* When you run into this, adjust the code below for the new flag */
5801 	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
5802 
5803 	switch (dev->ieee80211_ptr->iftype) {
5804 	case NL80211_IFTYPE_AP:
5805 	case NL80211_IFTYPE_AP_VLAN:
5806 	case NL80211_IFTYPE_P2P_GO:
5807 		/* ignore WME attributes if iface/sta is not capable */
5808 		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
5809 		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
5810 			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5811 
5812 		/* TDLS peers cannot be added */
5813 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5814 		    info->attrs[NL80211_ATTR_PEER_AID])
5815 			return -EINVAL;
5816 		/* but don't bother the driver with it */
5817 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
5818 
5819 		/* allow authenticated/associated only if driver handles it */
5820 		if (!(rdev->wiphy.features &
5821 				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
5822 		    params.sta_flags_mask & auth_assoc)
5823 			return -EINVAL;
5824 
5825 		/* Older userspace, or userspace wanting to be compatible with
5826 		 * !NL80211_FEATURE_FULL_AP_CLIENT_STATE, will not set the auth
5827 		 * and assoc flags in the mask, but assumes the station will be
5828 		 * added as associated anyway since this was the required driver
5829 		 * behaviour before NL80211_FEATURE_FULL_AP_CLIENT_STATE was
5830 		 * introduced.
5831 		 * In order to not bother drivers with this quirk in the API
5832 		 * set the flags in both the mask and set for new stations in
5833 		 * this case.
5834 		 */
5835 		if (!(params.sta_flags_mask & auth_assoc)) {
5836 			params.sta_flags_mask |= auth_assoc;
5837 			params.sta_flags_set |= auth_assoc;
5838 		}
5839 
5840 		/* must be last in here for error handling */
5841 		params.vlan = get_vlan(info, rdev);
5842 		if (IS_ERR(params.vlan))
5843 			return PTR_ERR(params.vlan);
5844 		break;
5845 	case NL80211_IFTYPE_MESH_POINT:
5846 		/* ignore uAPSD data */
5847 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5848 
5849 		/* associated is disallowed */
5850 		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
5851 			return -EINVAL;
5852 		/* TDLS peers cannot be added */
5853 		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
5854 		    info->attrs[NL80211_ATTR_PEER_AID])
5855 			return -EINVAL;
5856 		break;
5857 	case NL80211_IFTYPE_STATION:
5858 	case NL80211_IFTYPE_P2P_CLIENT:
5859 		/* ignore uAPSD data */
5860 		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
5861 
5862 		/* these are disallowed */
5863 		if (params.sta_flags_mask &
5864 				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
5865 				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
5866 			return -EINVAL;
5867 		/* Only TDLS peers can be added */
5868 		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
5869 			return -EINVAL;
5870 		/* Can only add if TDLS ... */
5871 		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
5872 			return -EOPNOTSUPP;
5873 		/* ... with external setup is supported */
5874 		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
5875 			return -EOPNOTSUPP;
5876 		/*
5877 		 * Older wpa_supplicant versions always mark the TDLS peer
5878 		 * as authorized, but it shouldn't yet be.
5879 		 */
5880 		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
5881 		break;
5882 	default:
5883 		return -EOPNOTSUPP;
5884 	}
5885 
5886 	/* be aware of params.vlan when changing code here */
5887 
5888 	err = rdev_add_station(rdev, dev, mac_addr, &params);
5889 
5890 	if (params.vlan)
5891 		dev_put(params.vlan);
5892 	return err;
5893 }
5894 
5895 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
5896 {
5897 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5898 	struct net_device *dev = info->user_ptr[1];
5899 	struct station_del_parameters params;
5900 
5901 	memset(&params, 0, sizeof(params));
5902 
5903 	if (info->attrs[NL80211_ATTR_MAC])
5904 		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5905 
5906 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5907 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5908 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5909 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5910 		return -EINVAL;
5911 
5912 	if (!rdev->ops->del_station)
5913 		return -EOPNOTSUPP;
5914 
5915 	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
5916 		params.subtype =
5917 			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
5918 		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
5919 		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
5920 			return -EINVAL;
5921 	} else {
5922 		/* Default to Deauthentication frame */
5923 		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
5924 	}
5925 
5926 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
5927 		params.reason_code =
5928 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5929 		if (params.reason_code == 0)
5930 			return -EINVAL; /* 0 is reserved */
5931 	} else {
5932 		/* Default to reason code 2 */
5933 		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
5934 	}
5935 
5936 	return rdev_del_station(rdev, dev, &params);
5937 }
5938 
5939 static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
5940 				int flags, struct net_device *dev,
5941 				u8 *dst, u8 *next_hop,
5942 				struct mpath_info *pinfo)
5943 {
5944 	void *hdr;
5945 	struct nlattr *pinfoattr;
5946 
5947 	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
5948 	if (!hdr)
5949 		return -1;
5950 
5951 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5952 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
5953 	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
5954 	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5955 		goto nla_put_failure;
5956 
5957 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
5958 	if (!pinfoattr)
5959 		goto nla_put_failure;
5960 	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
5961 	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
5962 			pinfo->frame_qlen))
5963 		goto nla_put_failure;
5964 	if (((pinfo->filled & MPATH_INFO_SN) &&
5965 	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
5966 	    ((pinfo->filled & MPATH_INFO_METRIC) &&
5967 	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
5968 			 pinfo->metric)) ||
5969 	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
5970 	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
5971 			 pinfo->exptime)) ||
5972 	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
5973 	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
5974 			pinfo->flags)) ||
5975 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
5976 	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
5977 			 pinfo->discovery_timeout)) ||
5978 	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5979 	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5980 			pinfo->discovery_retries)) ||
5981 	    ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
5982 	     nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
5983 			pinfo->hop_count)) ||
5984 	    ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
5985 	     nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
5986 			 pinfo->path_change_count)))
5987 		goto nla_put_failure;
5988 
5989 	nla_nest_end(msg, pinfoattr);
5990 
5991 	genlmsg_end(msg, hdr);
5992 	return 0;
5993 
5994  nla_put_failure:
5995 	genlmsg_cancel(msg, hdr);
5996 	return -EMSGSIZE;
5997 }
5998 
5999 static int nl80211_dump_mpath(struct sk_buff *skb,
6000 			      struct netlink_callback *cb)
6001 {
6002 	struct mpath_info pinfo;
6003 	struct cfg80211_registered_device *rdev;
6004 	struct wireless_dev *wdev;
6005 	u8 dst[ETH_ALEN];
6006 	u8 next_hop[ETH_ALEN];
6007 	int path_idx = cb->args[2];
6008 	int err;
6009 
6010 	rtnl_lock();
6011 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6012 	if (err)
6013 		goto out_err;
6014 
6015 	if (!rdev->ops->dump_mpath) {
6016 		err = -EOPNOTSUPP;
6017 		goto out_err;
6018 	}
6019 
6020 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6021 		err = -EOPNOTSUPP;
6022 		goto out_err;
6023 	}
6024 
6025 	while (1) {
6026 		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
6027 				      next_hop, &pinfo);
6028 		if (err == -ENOENT)
6029 			break;
6030 		if (err)
6031 			goto out_err;
6032 
6033 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6034 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6035 				       wdev->netdev, dst, next_hop,
6036 				       &pinfo) < 0)
6037 			goto out;
6038 
6039 		path_idx++;
6040 	}
6041 
6042  out:
6043 	cb->args[2] = path_idx;
6044 	err = skb->len;
6045  out_err:
6046 	rtnl_unlock();
6047 	return err;
6048 }
6049 
6050 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
6051 {
6052 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6053 	int err;
6054 	struct net_device *dev = info->user_ptr[1];
6055 	struct mpath_info pinfo;
6056 	struct sk_buff *msg;
6057 	u8 *dst = NULL;
6058 	u8 next_hop[ETH_ALEN];
6059 
6060 	memset(&pinfo, 0, sizeof(pinfo));
6061 
6062 	if (!info->attrs[NL80211_ATTR_MAC])
6063 		return -EINVAL;
6064 
6065 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6066 
6067 	if (!rdev->ops->get_mpath)
6068 		return -EOPNOTSUPP;
6069 
6070 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6071 		return -EOPNOTSUPP;
6072 
6073 	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
6074 	if (err)
6075 		return err;
6076 
6077 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6078 	if (!msg)
6079 		return -ENOMEM;
6080 
6081 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6082 				 dev, dst, next_hop, &pinfo) < 0) {
6083 		nlmsg_free(msg);
6084 		return -ENOBUFS;
6085 	}
6086 
6087 	return genlmsg_reply(msg, info);
6088 }
6089 
6090 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
6091 {
6092 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6093 	struct net_device *dev = info->user_ptr[1];
6094 	u8 *dst = NULL;
6095 	u8 *next_hop = NULL;
6096 
6097 	if (!info->attrs[NL80211_ATTR_MAC])
6098 		return -EINVAL;
6099 
6100 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6101 		return -EINVAL;
6102 
6103 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6104 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6105 
6106 	if (!rdev->ops->change_mpath)
6107 		return -EOPNOTSUPP;
6108 
6109 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6110 		return -EOPNOTSUPP;
6111 
6112 	return rdev_change_mpath(rdev, dev, dst, next_hop);
6113 }
6114 
6115 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
6116 {
6117 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6118 	struct net_device *dev = info->user_ptr[1];
6119 	u8 *dst = NULL;
6120 	u8 *next_hop = NULL;
6121 
6122 	if (!info->attrs[NL80211_ATTR_MAC])
6123 		return -EINVAL;
6124 
6125 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
6126 		return -EINVAL;
6127 
6128 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6129 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
6130 
6131 	if (!rdev->ops->add_mpath)
6132 		return -EOPNOTSUPP;
6133 
6134 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6135 		return -EOPNOTSUPP;
6136 
6137 	return rdev_add_mpath(rdev, dev, dst, next_hop);
6138 }
6139 
6140 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
6141 {
6142 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6143 	struct net_device *dev = info->user_ptr[1];
6144 	u8 *dst = NULL;
6145 
6146 	if (info->attrs[NL80211_ATTR_MAC])
6147 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6148 
6149 	if (!rdev->ops->del_mpath)
6150 		return -EOPNOTSUPP;
6151 
6152 	return rdev_del_mpath(rdev, dev, dst);
6153 }
6154 
6155 static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
6156 {
6157 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6158 	int err;
6159 	struct net_device *dev = info->user_ptr[1];
6160 	struct mpath_info pinfo;
6161 	struct sk_buff *msg;
6162 	u8 *dst = NULL;
6163 	u8 mpp[ETH_ALEN];
6164 
6165 	memset(&pinfo, 0, sizeof(pinfo));
6166 
6167 	if (!info->attrs[NL80211_ATTR_MAC])
6168 		return -EINVAL;
6169 
6170 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
6171 
6172 	if (!rdev->ops->get_mpp)
6173 		return -EOPNOTSUPP;
6174 
6175 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
6176 		return -EOPNOTSUPP;
6177 
6178 	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
6179 	if (err)
6180 		return err;
6181 
6182 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6183 	if (!msg)
6184 		return -ENOMEM;
6185 
6186 	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
6187 			       dev, dst, mpp, &pinfo) < 0) {
6188 		nlmsg_free(msg);
6189 		return -ENOBUFS;
6190 	}
6191 
6192 	return genlmsg_reply(msg, info);
6193 }
6194 
6195 static int nl80211_dump_mpp(struct sk_buff *skb,
6196 			    struct netlink_callback *cb)
6197 {
6198 	struct mpath_info pinfo;
6199 	struct cfg80211_registered_device *rdev;
6200 	struct wireless_dev *wdev;
6201 	u8 dst[ETH_ALEN];
6202 	u8 mpp[ETH_ALEN];
6203 	int path_idx = cb->args[2];
6204 	int err;
6205 
6206 	rtnl_lock();
6207 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6208 	if (err)
6209 		goto out_err;
6210 
6211 	if (!rdev->ops->dump_mpp) {
6212 		err = -EOPNOTSUPP;
6213 		goto out_err;
6214 	}
6215 
6216 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
6217 		err = -EOPNOTSUPP;
6218 		goto out_err;
6219 	}
6220 
6221 	while (1) {
6222 		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
6223 				    mpp, &pinfo);
6224 		if (err == -ENOENT)
6225 			break;
6226 		if (err)
6227 			goto out_err;
6228 
6229 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
6230 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
6231 				       wdev->netdev, dst, mpp,
6232 				       &pinfo) < 0)
6233 			goto out;
6234 
6235 		path_idx++;
6236 	}
6237 
6238  out:
6239 	cb->args[2] = path_idx;
6240 	err = skb->len;
6241  out_err:
6242 	rtnl_unlock();
6243 	return err;
6244 }
6245 
6246 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
6247 {
6248 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6249 	struct net_device *dev = info->user_ptr[1];
6250 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6251 	struct bss_parameters params;
6252 	int err;
6253 
6254 	memset(&params, 0, sizeof(params));
6255 	/* default to not changing parameters */
6256 	params.use_cts_prot = -1;
6257 	params.use_short_preamble = -1;
6258 	params.use_short_slot_time = -1;
6259 	params.ap_isolate = -1;
6260 	params.ht_opmode = -1;
6261 	params.p2p_ctwindow = -1;
6262 	params.p2p_opp_ps = -1;
6263 
6264 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
6265 		params.use_cts_prot =
6266 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
6267 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
6268 		params.use_short_preamble =
6269 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
6270 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
6271 		params.use_short_slot_time =
6272 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
6273 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
6274 		params.basic_rates =
6275 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6276 		params.basic_rates_len =
6277 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
6278 	}
6279 	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
6280 		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
6281 	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
6282 		params.ht_opmode =
6283 			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
6284 
6285 	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
6286 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6287 			return -EINVAL;
6288 		params.p2p_ctwindow =
6289 			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6290 		if (params.p2p_ctwindow != 0 &&
6291 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6292 			return -EINVAL;
6293 	}
6294 
6295 	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
6296 		u8 tmp;
6297 
6298 		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6299 			return -EINVAL;
6300 		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6301 		params.p2p_opp_ps = tmp;
6302 		if (params.p2p_opp_ps &&
6303 		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
6304 			return -EINVAL;
6305 	}
6306 
6307 	if (!rdev->ops->change_bss)
6308 		return -EOPNOTSUPP;
6309 
6310 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
6311 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6312 		return -EOPNOTSUPP;
6313 
6314 	wdev_lock(wdev);
6315 	err = rdev_change_bss(rdev, dev, &params);
6316 	wdev_unlock(wdev);
6317 
6318 	return err;
6319 }
6320 
6321 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
6322 {
6323 	char *data = NULL;
6324 	bool is_indoor;
6325 	enum nl80211_user_reg_hint_type user_reg_hint_type;
6326 	u32 owner_nlportid;
6327 
6328 	/*
6329 	 * You should only get this when cfg80211 hasn't yet initialized
6330 	 * completely when built-in to the kernel right between the time
6331 	 * window between nl80211_init() and regulatory_init(), if that is
6332 	 * even possible.
6333 	 */
6334 	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
6335 		return -EINPROGRESS;
6336 
6337 	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
6338 		user_reg_hint_type =
6339 		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
6340 	else
6341 		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
6342 
6343 	switch (user_reg_hint_type) {
6344 	case NL80211_USER_REG_HINT_USER:
6345 	case NL80211_USER_REG_HINT_CELL_BASE:
6346 		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
6347 			return -EINVAL;
6348 
6349 		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
6350 		return regulatory_hint_user(data, user_reg_hint_type);
6351 	case NL80211_USER_REG_HINT_INDOOR:
6352 		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
6353 			owner_nlportid = info->snd_portid;
6354 			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
6355 		} else {
6356 			owner_nlportid = 0;
6357 			is_indoor = true;
6358 		}
6359 
6360 		return regulatory_hint_indoor(is_indoor, owner_nlportid);
6361 	default:
6362 		return -EINVAL;
6363 	}
6364 }
6365 
6366 static int nl80211_reload_regdb(struct sk_buff *skb, struct genl_info *info)
6367 {
6368 	return reg_reload_regdb();
6369 }
6370 
6371 static int nl80211_get_mesh_config(struct sk_buff *skb,
6372 				   struct genl_info *info)
6373 {
6374 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6375 	struct net_device *dev = info->user_ptr[1];
6376 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6377 	struct mesh_config cur_params;
6378 	int err = 0;
6379 	void *hdr;
6380 	struct nlattr *pinfoattr;
6381 	struct sk_buff *msg;
6382 
6383 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6384 		return -EOPNOTSUPP;
6385 
6386 	if (!rdev->ops->get_mesh_config)
6387 		return -EOPNOTSUPP;
6388 
6389 	wdev_lock(wdev);
6390 	/* If not connected, get default parameters */
6391 	if (!wdev->mesh_id_len)
6392 		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
6393 	else
6394 		err = rdev_get_mesh_config(rdev, dev, &cur_params);
6395 	wdev_unlock(wdev);
6396 
6397 	if (err)
6398 		return err;
6399 
6400 	/* Draw up a netlink message to send back */
6401 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6402 	if (!msg)
6403 		return -ENOMEM;
6404 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6405 			     NL80211_CMD_GET_MESH_CONFIG);
6406 	if (!hdr)
6407 		goto out;
6408 	pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6409 	if (!pinfoattr)
6410 		goto nla_put_failure;
6411 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
6412 	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
6413 			cur_params.dot11MeshRetryTimeout) ||
6414 	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6415 			cur_params.dot11MeshConfirmTimeout) ||
6416 	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
6417 			cur_params.dot11MeshHoldingTimeout) ||
6418 	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
6419 			cur_params.dot11MeshMaxPeerLinks) ||
6420 	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
6421 		       cur_params.dot11MeshMaxRetries) ||
6422 	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
6423 		       cur_params.dot11MeshTTL) ||
6424 	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
6425 		       cur_params.element_ttl) ||
6426 	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6427 		       cur_params.auto_open_plinks) ||
6428 	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6429 			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
6430 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6431 		       cur_params.dot11MeshHWMPmaxPREQretries) ||
6432 	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
6433 			cur_params.path_refresh_time) ||
6434 	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6435 			cur_params.min_discovery_timeout) ||
6436 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6437 			cur_params.dot11MeshHWMPactivePathTimeout) ||
6438 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6439 			cur_params.dot11MeshHWMPpreqMinInterval) ||
6440 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6441 			cur_params.dot11MeshHWMPperrMinInterval) ||
6442 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6443 			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
6444 	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
6445 		       cur_params.dot11MeshHWMPRootMode) ||
6446 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6447 			cur_params.dot11MeshHWMPRannInterval) ||
6448 	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6449 		       cur_params.dot11MeshGateAnnouncementProtocol) ||
6450 	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
6451 		       cur_params.dot11MeshForwarding) ||
6452 	    nla_put_s32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
6453 			cur_params.rssi_threshold) ||
6454 	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
6455 			cur_params.ht_opmode) ||
6456 	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6457 			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
6458 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6459 			cur_params.dot11MeshHWMProotInterval) ||
6460 	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6461 			cur_params.dot11MeshHWMPconfirmationInterval) ||
6462 	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
6463 			cur_params.power_mode) ||
6464 	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6465 			cur_params.dot11MeshAwakeWindowDuration) ||
6466 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6467 			cur_params.plink_timeout) ||
6468 	    nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
6469 		       cur_params.dot11MeshConnectedToMeshGate))
6470 		goto nla_put_failure;
6471 	nla_nest_end(msg, pinfoattr);
6472 	genlmsg_end(msg, hdr);
6473 	return genlmsg_reply(msg, info);
6474 
6475  nla_put_failure:
6476  out:
6477 	nlmsg_free(msg);
6478 	return -ENOBUFS;
6479 }
6480 
6481 static const struct nla_policy
6482 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6483 	[NL80211_MESHCONF_RETRY_TIMEOUT] =
6484 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6485 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] =
6486 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6487 	[NL80211_MESHCONF_HOLDING_TIMEOUT] =
6488 		NLA_POLICY_RANGE(NLA_U16, 1, 255),
6489 	[NL80211_MESHCONF_MAX_PEER_LINKS] =
6490 		NLA_POLICY_RANGE(NLA_U16, 0, 255),
6491 	[NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
6492 	[NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6493 	[NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
6494 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
6495 	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
6496 		NLA_POLICY_RANGE(NLA_U32, 1, 255),
6497 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6498 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6499 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6500 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6501 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
6502 		NLA_POLICY_MIN(NLA_U16, 1),
6503 	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
6504 		NLA_POLICY_MIN(NLA_U16, 1),
6505 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
6506 		NLA_POLICY_MIN(NLA_U16, 1),
6507 	[NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
6508 	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
6509 		NLA_POLICY_MIN(NLA_U16, 1),
6510 	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
6511 	[NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
6512 	[NL80211_MESHCONF_RSSI_THRESHOLD] =
6513 		NLA_POLICY_RANGE(NLA_S32, -255, 0),
6514 	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6515 	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6516 	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
6517 		NLA_POLICY_MIN(NLA_U16, 1),
6518 	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
6519 		NLA_POLICY_MIN(NLA_U16, 1),
6520 	[NL80211_MESHCONF_POWER_MODE] =
6521 		NLA_POLICY_RANGE(NLA_U32,
6522 				 NL80211_MESH_POWER_ACTIVE,
6523 				 NL80211_MESH_POWER_MAX),
6524 	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6525 	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
6526 	[NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6527 };
6528 
6529 static const struct nla_policy
6530 	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
6531 	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
6532 	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
6533 	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
6534 	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6535 	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6536 	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6537 	[NL80211_MESH_SETUP_IE] =
6538 		NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
6539 				       IEEE80211_MAX_DATA_LEN),
6540 	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6541 };
6542 
6543 static int nl80211_parse_mesh_config(struct genl_info *info,
6544 				     struct mesh_config *cfg,
6545 				     u32 *mask_out)
6546 {
6547 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
6548 	u32 mask = 0;
6549 	u16 ht_opmode;
6550 
6551 #define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn)	\
6552 do {									\
6553 	if (tb[attr]) {							\
6554 		cfg->param = fn(tb[attr]);				\
6555 		mask |= BIT((attr) - 1);				\
6556 	}								\
6557 } while (0)
6558 
6559 	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6560 		return -EINVAL;
6561 	if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6562 		return -EINVAL;
6563 
6564 	/* This makes sure that there aren't more than 32 mesh config
6565 	 * parameters (otherwise our bitfield scheme would not work.) */
6566 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6567 
6568 	/* Fill in the params struct */
6569 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
6570 				  NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
6571 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
6572 				  NL80211_MESHCONF_CONFIRM_TIMEOUT,
6573 				  nla_get_u16);
6574 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
6575 				  NL80211_MESHCONF_HOLDING_TIMEOUT,
6576 				  nla_get_u16);
6577 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
6578 				  NL80211_MESHCONF_MAX_PEER_LINKS,
6579 				  nla_get_u16);
6580 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
6581 				  NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
6582 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
6583 				  NL80211_MESHCONF_TTL, nla_get_u8);
6584 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
6585 				  NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
6586 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
6587 				  NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6588 				  nla_get_u8);
6589 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6590 				  mask,
6591 				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6592 				  nla_get_u32);
6593 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
6594 				  NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6595 				  nla_get_u8);
6596 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
6597 				  NL80211_MESHCONF_PATH_REFRESH_TIME,
6598 				  nla_get_u32);
6599 	if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
6600 	    (cfg->path_refresh_time < 1 || cfg->path_refresh_time > 65535))
6601 		return -EINVAL;
6602 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
6603 				  NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6604 				  nla_get_u16);
6605 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6606 				  mask,
6607 				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6608 				  nla_get_u32);
6609 	if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
6610 	    (cfg->dot11MeshHWMPactivePathTimeout < 1 ||
6611 	     cfg->dot11MeshHWMPactivePathTimeout > 65535))
6612 		return -EINVAL;
6613 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
6614 				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6615 				  nla_get_u16);
6616 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
6617 				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6618 				  nla_get_u16);
6619 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6620 				  dot11MeshHWMPnetDiameterTraversalTime, mask,
6621 				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6622 				  nla_get_u16);
6623 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
6624 				  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
6625 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
6626 				  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6627 				  nla_get_u16);
6628 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
6629 				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6630 				  nla_get_u8);
6631 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
6632 				  NL80211_MESHCONF_FORWARDING, nla_get_u8);
6633 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
6634 				  NL80211_MESHCONF_RSSI_THRESHOLD,
6635 				  nla_get_s32);
6636 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
6637 				  NL80211_MESHCONF_CONNECTED_TO_GATE,
6638 				  nla_get_u8);
6639 	/*
6640 	 * Check HT operation mode based on
6641 	 * IEEE 802.11-2016 9.4.2.57 HT Operation element.
6642 	 */
6643 	if (tb[NL80211_MESHCONF_HT_OPMODE]) {
6644 		ht_opmode = nla_get_u16(tb[NL80211_MESHCONF_HT_OPMODE]);
6645 
6646 		if (ht_opmode & ~(IEEE80211_HT_OP_MODE_PROTECTION |
6647 				  IEEE80211_HT_OP_MODE_NON_GF_STA_PRSNT |
6648 				  IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT))
6649 			return -EINVAL;
6650 
6651 		/* NON_HT_STA bit is reserved, but some programs set it */
6652 		ht_opmode &= ~IEEE80211_HT_OP_MODE_NON_HT_STA_PRSNT;
6653 
6654 		cfg->ht_opmode = ht_opmode;
6655 		mask |= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6656 	}
6657 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6658 				  dot11MeshHWMPactivePathToRootTimeout, mask,
6659 				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6660 				  nla_get_u32);
6661 	if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
6662 	    (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 ||
6663 	     cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
6664 		return -EINVAL;
6665 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
6666 				  NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6667 				  nla_get_u16);
6668 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
6669 				  mask,
6670 				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6671 				  nla_get_u16);
6672 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
6673 				  NL80211_MESHCONF_POWER_MODE, nla_get_u32);
6674 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
6675 				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
6676 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
6677 				  NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
6678 	if (mask_out)
6679 		*mask_out = mask;
6680 
6681 	return 0;
6682 
6683 #undef FILL_IN_MESH_PARAM_IF_SET
6684 }
6685 
6686 static int nl80211_parse_mesh_setup(struct genl_info *info,
6687 				     struct mesh_setup *setup)
6688 {
6689 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6690 	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
6691 
6692 	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6693 		return -EINVAL;
6694 	if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
6695 		return -EINVAL;
6696 
6697 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
6698 		setup->sync_method =
6699 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
6700 		 IEEE80211_SYNC_METHOD_VENDOR :
6701 		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
6702 
6703 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
6704 		setup->path_sel_proto =
6705 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
6706 		 IEEE80211_PATH_PROTOCOL_VENDOR :
6707 		 IEEE80211_PATH_PROTOCOL_HWMP;
6708 
6709 	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
6710 		setup->path_metric =
6711 		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
6712 		 IEEE80211_PATH_METRIC_VENDOR :
6713 		 IEEE80211_PATH_METRIC_AIRTIME;
6714 
6715 	if (tb[NL80211_MESH_SETUP_IE]) {
6716 		struct nlattr *ieattr =
6717 			tb[NL80211_MESH_SETUP_IE];
6718 		setup->ie = nla_data(ieattr);
6719 		setup->ie_len = nla_len(ieattr);
6720 	}
6721 	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
6722 	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
6723 		return -EINVAL;
6724 	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
6725 	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
6726 	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
6727 	if (setup->is_secure)
6728 		setup->user_mpm = true;
6729 
6730 	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
6731 		if (!setup->user_mpm)
6732 			return -EINVAL;
6733 		setup->auth_id =
6734 			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
6735 	}
6736 
6737 	return 0;
6738 }
6739 
6740 static int nl80211_update_mesh_config(struct sk_buff *skb,
6741 				      struct genl_info *info)
6742 {
6743 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6744 	struct net_device *dev = info->user_ptr[1];
6745 	struct wireless_dev *wdev = dev->ieee80211_ptr;
6746 	struct mesh_config cfg;
6747 	u32 mask;
6748 	int err;
6749 
6750 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
6751 		return -EOPNOTSUPP;
6752 
6753 	if (!rdev->ops->update_mesh_config)
6754 		return -EOPNOTSUPP;
6755 
6756 	err = nl80211_parse_mesh_config(info, &cfg, &mask);
6757 	if (err)
6758 		return err;
6759 
6760 	wdev_lock(wdev);
6761 	if (!wdev->mesh_id_len)
6762 		err = -ENOLINK;
6763 
6764 	if (!err)
6765 		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
6766 
6767 	wdev_unlock(wdev);
6768 
6769 	return err;
6770 }
6771 
6772 static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
6773 			      struct sk_buff *msg)
6774 {
6775 	struct nlattr *nl_reg_rules;
6776 	unsigned int i;
6777 
6778 	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
6779 	    (regdom->dfs_region &&
6780 	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6781 		goto nla_put_failure;
6782 
6783 	nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
6784 	if (!nl_reg_rules)
6785 		goto nla_put_failure;
6786 
6787 	for (i = 0; i < regdom->n_reg_rules; i++) {
6788 		struct nlattr *nl_reg_rule;
6789 		const struct ieee80211_reg_rule *reg_rule;
6790 		const struct ieee80211_freq_range *freq_range;
6791 		const struct ieee80211_power_rule *power_rule;
6792 		unsigned int max_bandwidth_khz;
6793 
6794 		reg_rule = &regdom->reg_rules[i];
6795 		freq_range = &reg_rule->freq_range;
6796 		power_rule = &reg_rule->power_rule;
6797 
6798 		nl_reg_rule = nla_nest_start_noflag(msg, i);
6799 		if (!nl_reg_rule)
6800 			goto nla_put_failure;
6801 
6802 		max_bandwidth_khz = freq_range->max_bandwidth_khz;
6803 		if (!max_bandwidth_khz)
6804 			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
6805 								  reg_rule);
6806 
6807 		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
6808 				reg_rule->flags) ||
6809 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
6810 				freq_range->start_freq_khz) ||
6811 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
6812 				freq_range->end_freq_khz) ||
6813 		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
6814 				max_bandwidth_khz) ||
6815 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
6816 				power_rule->max_antenna_gain) ||
6817 		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
6818 				power_rule->max_eirp) ||
6819 		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
6820 				reg_rule->dfs_cac_ms))
6821 			goto nla_put_failure;
6822 
6823 		nla_nest_end(msg, nl_reg_rule);
6824 	}
6825 
6826 	nla_nest_end(msg, nl_reg_rules);
6827 	return 0;
6828 
6829 nla_put_failure:
6830 	return -EMSGSIZE;
6831 }
6832 
6833 static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
6834 {
6835 	const struct ieee80211_regdomain *regdom = NULL;
6836 	struct cfg80211_registered_device *rdev;
6837 	struct wiphy *wiphy = NULL;
6838 	struct sk_buff *msg;
6839 	void *hdr;
6840 
6841 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
6842 	if (!msg)
6843 		return -ENOBUFS;
6844 
6845 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
6846 			     NL80211_CMD_GET_REG);
6847 	if (!hdr)
6848 		goto put_failure;
6849 
6850 	if (info->attrs[NL80211_ATTR_WIPHY]) {
6851 		bool self_managed;
6852 
6853 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
6854 		if (IS_ERR(rdev)) {
6855 			nlmsg_free(msg);
6856 			return PTR_ERR(rdev);
6857 		}
6858 
6859 		wiphy = &rdev->wiphy;
6860 		self_managed = wiphy->regulatory_flags &
6861 			       REGULATORY_WIPHY_SELF_MANAGED;
6862 		regdom = get_wiphy_regdom(wiphy);
6863 
6864 		/* a self-managed-reg device must have a private regdom */
6865 		if (WARN_ON(!regdom && self_managed)) {
6866 			nlmsg_free(msg);
6867 			return -EINVAL;
6868 		}
6869 
6870 		if (regdom &&
6871 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6872 			goto nla_put_failure;
6873 	}
6874 
6875 	if (!wiphy && reg_last_request_cell_base() &&
6876 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6877 			NL80211_USER_REG_HINT_CELL_BASE))
6878 		goto nla_put_failure;
6879 
6880 	rcu_read_lock();
6881 
6882 	if (!regdom)
6883 		regdom = rcu_dereference(cfg80211_regdomain);
6884 
6885 	if (nl80211_put_regdom(regdom, msg))
6886 		goto nla_put_failure_rcu;
6887 
6888 	rcu_read_unlock();
6889 
6890 	genlmsg_end(msg, hdr);
6891 	return genlmsg_reply(msg, info);
6892 
6893 nla_put_failure_rcu:
6894 	rcu_read_unlock();
6895 nla_put_failure:
6896 put_failure:
6897 	nlmsg_free(msg);
6898 	return -EMSGSIZE;
6899 }
6900 
6901 static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
6902 			       u32 seq, int flags, struct wiphy *wiphy,
6903 			       const struct ieee80211_regdomain *regdom)
6904 {
6905 	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6906 				   NL80211_CMD_GET_REG);
6907 
6908 	if (!hdr)
6909 		return -1;
6910 
6911 	genl_dump_check_consistent(cb, hdr);
6912 
6913 	if (nl80211_put_regdom(regdom, msg))
6914 		goto nla_put_failure;
6915 
6916 	if (!wiphy && reg_last_request_cell_base() &&
6917 	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
6918 			NL80211_USER_REG_HINT_CELL_BASE))
6919 		goto nla_put_failure;
6920 
6921 	if (wiphy &&
6922 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
6923 		goto nla_put_failure;
6924 
6925 	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
6926 	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
6927 		goto nla_put_failure;
6928 
6929 	genlmsg_end(msg, hdr);
6930 	return 0;
6931 
6932 nla_put_failure:
6933 	genlmsg_cancel(msg, hdr);
6934 	return -EMSGSIZE;
6935 }
6936 
6937 static int nl80211_get_reg_dump(struct sk_buff *skb,
6938 				struct netlink_callback *cb)
6939 {
6940 	const struct ieee80211_regdomain *regdom = NULL;
6941 	struct cfg80211_registered_device *rdev;
6942 	int err, reg_idx, start = cb->args[2];
6943 
6944 	rtnl_lock();
6945 
6946 	if (cfg80211_regdomain && start == 0) {
6947 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6948 					  NLM_F_MULTI, NULL,
6949 					  rtnl_dereference(cfg80211_regdomain));
6950 		if (err < 0)
6951 			goto out_err;
6952 	}
6953 
6954 	/* the global regdom is idx 0 */
6955 	reg_idx = 1;
6956 	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
6957 		regdom = get_wiphy_regdom(&rdev->wiphy);
6958 		if (!regdom)
6959 			continue;
6960 
6961 		if (++reg_idx <= start)
6962 			continue;
6963 
6964 		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
6965 					  NLM_F_MULTI, &rdev->wiphy, regdom);
6966 		if (err < 0) {
6967 			reg_idx--;
6968 			break;
6969 		}
6970 	}
6971 
6972 	cb->args[2] = reg_idx;
6973 	err = skb->len;
6974 out_err:
6975 	rtnl_unlock();
6976 	return err;
6977 }
6978 
6979 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
6980 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
6981 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
6982 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
6983 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
6984 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
6985 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
6986 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
6987 	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
6988 };
6989 
6990 static int parse_reg_rule(struct nlattr *tb[],
6991 	struct ieee80211_reg_rule *reg_rule)
6992 {
6993 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
6994 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
6995 
6996 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
6997 		return -EINVAL;
6998 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
6999 		return -EINVAL;
7000 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
7001 		return -EINVAL;
7002 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
7003 		return -EINVAL;
7004 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
7005 		return -EINVAL;
7006 
7007 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
7008 
7009 	freq_range->start_freq_khz =
7010 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
7011 	freq_range->end_freq_khz =
7012 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
7013 	freq_range->max_bandwidth_khz =
7014 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
7015 
7016 	power_rule->max_eirp =
7017 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
7018 
7019 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
7020 		power_rule->max_antenna_gain =
7021 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
7022 
7023 	if (tb[NL80211_ATTR_DFS_CAC_TIME])
7024 		reg_rule->dfs_cac_ms =
7025 			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
7026 
7027 	return 0;
7028 }
7029 
7030 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
7031 {
7032 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
7033 	struct nlattr *nl_reg_rule;
7034 	char *alpha2;
7035 	int rem_reg_rules, r;
7036 	u32 num_rules = 0, rule_idx = 0;
7037 	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
7038 	struct ieee80211_regdomain *rd;
7039 
7040 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
7041 		return -EINVAL;
7042 
7043 	if (!info->attrs[NL80211_ATTR_REG_RULES])
7044 		return -EINVAL;
7045 
7046 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
7047 
7048 	if (info->attrs[NL80211_ATTR_DFS_REGION])
7049 		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
7050 
7051 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7052 			    rem_reg_rules) {
7053 		num_rules++;
7054 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
7055 			return -EINVAL;
7056 	}
7057 
7058 	if (!reg_is_valid_request(alpha2))
7059 		return -EINVAL;
7060 
7061 	rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
7062 	if (!rd)
7063 		return -ENOMEM;
7064 
7065 	rd->n_reg_rules = num_rules;
7066 	rd->alpha2[0] = alpha2[0];
7067 	rd->alpha2[1] = alpha2[1];
7068 
7069 	/*
7070 	 * Disable DFS master mode if the DFS region was
7071 	 * not supported or known on this kernel.
7072 	 */
7073 	if (reg_supported_dfs_region(dfs_region))
7074 		rd->dfs_region = dfs_region;
7075 
7076 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
7077 			    rem_reg_rules) {
7078 		r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
7079 						nl_reg_rule, reg_rule_policy,
7080 						info->extack);
7081 		if (r)
7082 			goto bad_reg;
7083 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
7084 		if (r)
7085 			goto bad_reg;
7086 
7087 		rule_idx++;
7088 
7089 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
7090 			r = -EINVAL;
7091 			goto bad_reg;
7092 		}
7093 	}
7094 
7095 	/* set_regdom takes ownership of rd */
7096 	return set_regdom(rd, REGD_SOURCE_CRDA);
7097  bad_reg:
7098 	kfree(rd);
7099 	return r;
7100 }
7101 #endif /* CONFIG_CFG80211_CRDA_SUPPORT */
7102 
7103 static int validate_scan_freqs(struct nlattr *freqs)
7104 {
7105 	struct nlattr *attr1, *attr2;
7106 	int n_channels = 0, tmp1, tmp2;
7107 
7108 	nla_for_each_nested(attr1, freqs, tmp1)
7109 		if (nla_len(attr1) != sizeof(u32))
7110 			return 0;
7111 
7112 	nla_for_each_nested(attr1, freqs, tmp1) {
7113 		n_channels++;
7114 		/*
7115 		 * Some hardware has a limited channel list for
7116 		 * scanning, and it is pretty much nonsensical
7117 		 * to scan for a channel twice, so disallow that
7118 		 * and don't require drivers to check that the
7119 		 * channel list they get isn't longer than what
7120 		 * they can scan, as long as they can scan all
7121 		 * the channels they registered at once.
7122 		 */
7123 		nla_for_each_nested(attr2, freqs, tmp2)
7124 			if (attr1 != attr2 &&
7125 			    nla_get_u32(attr1) == nla_get_u32(attr2))
7126 				return 0;
7127 	}
7128 
7129 	return n_channels;
7130 }
7131 
7132 static bool is_band_valid(struct wiphy *wiphy, enum nl80211_band b)
7133 {
7134 	return b < NUM_NL80211_BANDS && wiphy->bands[b];
7135 }
7136 
7137 static int parse_bss_select(struct nlattr *nla, struct wiphy *wiphy,
7138 			    struct cfg80211_bss_selection *bss_select)
7139 {
7140 	struct nlattr *attr[NL80211_BSS_SELECT_ATTR_MAX + 1];
7141 	struct nlattr *nest;
7142 	int err;
7143 	bool found = false;
7144 	int i;
7145 
7146 	/* only process one nested attribute */
7147 	nest = nla_data(nla);
7148 	if (!nla_ok(nest, nla_len(nest)))
7149 		return -EINVAL;
7150 
7151 	err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
7152 					  nest, nl80211_bss_select_policy,
7153 					  NULL);
7154 	if (err)
7155 		return err;
7156 
7157 	/* only one attribute may be given */
7158 	for (i = 0; i <= NL80211_BSS_SELECT_ATTR_MAX; i++) {
7159 		if (attr[i]) {
7160 			if (found)
7161 				return -EINVAL;
7162 			found = true;
7163 		}
7164 	}
7165 
7166 	bss_select->behaviour = __NL80211_BSS_SELECT_ATTR_INVALID;
7167 
7168 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI])
7169 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI;
7170 
7171 	if (attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]) {
7172 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_BAND_PREF;
7173 		bss_select->param.band_pref =
7174 			nla_get_u32(attr[NL80211_BSS_SELECT_ATTR_BAND_PREF]);
7175 		if (!is_band_valid(wiphy, bss_select->param.band_pref))
7176 			return -EINVAL;
7177 	}
7178 
7179 	if (attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]) {
7180 		struct nl80211_bss_select_rssi_adjust *adj_param;
7181 
7182 		adj_param = nla_data(attr[NL80211_BSS_SELECT_ATTR_RSSI_ADJUST]);
7183 		bss_select->behaviour = NL80211_BSS_SELECT_ATTR_RSSI_ADJUST;
7184 		bss_select->param.adjust.band = adj_param->band;
7185 		bss_select->param.adjust.delta = adj_param->delta;
7186 		if (!is_band_valid(wiphy, bss_select->param.adjust.band))
7187 			return -EINVAL;
7188 	}
7189 
7190 	/* user-space did not provide behaviour attribute */
7191 	if (bss_select->behaviour == __NL80211_BSS_SELECT_ATTR_INVALID)
7192 		return -EINVAL;
7193 
7194 	if (!(wiphy->bss_select_support & BIT(bss_select->behaviour)))
7195 		return -EINVAL;
7196 
7197 	return 0;
7198 }
7199 
7200 int nl80211_parse_random_mac(struct nlattr **attrs,
7201 			     u8 *mac_addr, u8 *mac_addr_mask)
7202 {
7203 	int i;
7204 
7205 	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
7206 		eth_zero_addr(mac_addr);
7207 		eth_zero_addr(mac_addr_mask);
7208 		mac_addr[0] = 0x2;
7209 		mac_addr_mask[0] = 0x3;
7210 
7211 		return 0;
7212 	}
7213 
7214 	/* need both or none */
7215 	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
7216 		return -EINVAL;
7217 
7218 	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
7219 	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
7220 
7221 	/* don't allow or configure an mcast address */
7222 	if (!is_multicast_ether_addr(mac_addr_mask) ||
7223 	    is_multicast_ether_addr(mac_addr))
7224 		return -EINVAL;
7225 
7226 	/*
7227 	 * allow users to pass a MAC address that has bits set outside
7228 	 * of the mask, but don't bother drivers with having to deal
7229 	 * with such bits
7230 	 */
7231 	for (i = 0; i < ETH_ALEN; i++)
7232 		mac_addr[i] &= mac_addr_mask[i];
7233 
7234 	return 0;
7235 }
7236 
7237 static bool cfg80211_off_channel_oper_allowed(struct wireless_dev *wdev)
7238 {
7239 	ASSERT_WDEV_LOCK(wdev);
7240 
7241 	if (!cfg80211_beaconing_iface_active(wdev))
7242 		return true;
7243 
7244 	if (!(wdev->chandef.chan->flags & IEEE80211_CHAN_RADAR))
7245 		return true;
7246 
7247 	return regulatory_pre_cac_allowed(wdev->wiphy);
7248 }
7249 
7250 static bool nl80211_check_scan_feat(struct wiphy *wiphy, u32 flags, u32 flag,
7251 				    enum nl80211_ext_feature_index feat)
7252 {
7253 	if (!(flags & flag))
7254 		return true;
7255 	if (wiphy_ext_feature_isset(wiphy, feat))
7256 		return true;
7257 	return false;
7258 }
7259 
7260 static int
7261 nl80211_check_scan_flags(struct wiphy *wiphy, struct wireless_dev *wdev,
7262 			 void *request, struct nlattr **attrs,
7263 			 bool is_sched_scan)
7264 {
7265 	u8 *mac_addr, *mac_addr_mask;
7266 	u32 *flags;
7267 	enum nl80211_feature_flags randomness_flag;
7268 
7269 	if (!attrs[NL80211_ATTR_SCAN_FLAGS])
7270 		return 0;
7271 
7272 	if (is_sched_scan) {
7273 		struct cfg80211_sched_scan_request *req = request;
7274 
7275 		randomness_flag = wdev ?
7276 				  NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR :
7277 				  NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7278 		flags = &req->flags;
7279 		mac_addr = req->mac_addr;
7280 		mac_addr_mask = req->mac_addr_mask;
7281 	} else {
7282 		struct cfg80211_scan_request *req = request;
7283 
7284 		randomness_flag = NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
7285 		flags = &req->flags;
7286 		mac_addr = req->mac_addr;
7287 		mac_addr_mask = req->mac_addr_mask;
7288 	}
7289 
7290 	*flags = nla_get_u32(attrs[NL80211_ATTR_SCAN_FLAGS]);
7291 
7292 	if (((*flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
7293 	     !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) ||
7294 	    !nl80211_check_scan_feat(wiphy, *flags,
7295 				     NL80211_SCAN_FLAG_LOW_SPAN,
7296 				     NL80211_EXT_FEATURE_LOW_SPAN_SCAN) ||
7297 	    !nl80211_check_scan_feat(wiphy, *flags,
7298 				     NL80211_SCAN_FLAG_LOW_POWER,
7299 				     NL80211_EXT_FEATURE_LOW_POWER_SCAN) ||
7300 	    !nl80211_check_scan_feat(wiphy, *flags,
7301 				     NL80211_SCAN_FLAG_HIGH_ACCURACY,
7302 				     NL80211_EXT_FEATURE_HIGH_ACCURACY_SCAN) ||
7303 	    !nl80211_check_scan_feat(wiphy, *flags,
7304 				     NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME,
7305 				     NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME) ||
7306 	    !nl80211_check_scan_feat(wiphy, *flags,
7307 				     NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP,
7308 				     NL80211_EXT_FEATURE_ACCEPT_BCAST_PROBE_RESP) ||
7309 	    !nl80211_check_scan_feat(wiphy, *flags,
7310 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION,
7311 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION) ||
7312 	    !nl80211_check_scan_feat(wiphy, *flags,
7313 				     NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE,
7314 				     NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE) ||
7315 	    !nl80211_check_scan_feat(wiphy, *flags,
7316 				     NL80211_SCAN_FLAG_RANDOM_SN,
7317 				     NL80211_EXT_FEATURE_SCAN_RANDOM_SN) ||
7318 	    !nl80211_check_scan_feat(wiphy, *flags,
7319 				     NL80211_SCAN_FLAG_MIN_PREQ_CONTENT,
7320 				     NL80211_EXT_FEATURE_SCAN_MIN_PREQ_CONTENT))
7321 		return -EOPNOTSUPP;
7322 
7323 	if (*flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
7324 		int err;
7325 
7326 		if (!(wiphy->features & randomness_flag) ||
7327 		    (wdev && wdev->current_bss))
7328 			return -EOPNOTSUPP;
7329 
7330 		err = nl80211_parse_random_mac(attrs, mac_addr, mac_addr_mask);
7331 		if (err)
7332 			return err;
7333 	}
7334 
7335 	return 0;
7336 }
7337 
7338 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
7339 {
7340 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7341 	struct wireless_dev *wdev = info->user_ptr[1];
7342 	struct cfg80211_scan_request *request;
7343 	struct nlattr *attr;
7344 	struct wiphy *wiphy;
7345 	int err, tmp, n_ssids = 0, n_channels, i;
7346 	size_t ie_len;
7347 
7348 	wiphy = &rdev->wiphy;
7349 
7350 	if (wdev->iftype == NL80211_IFTYPE_NAN)
7351 		return -EOPNOTSUPP;
7352 
7353 	if (!rdev->ops->scan)
7354 		return -EOPNOTSUPP;
7355 
7356 	if (rdev->scan_req || rdev->scan_msg) {
7357 		err = -EBUSY;
7358 		goto unlock;
7359 	}
7360 
7361 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7362 		n_channels = validate_scan_freqs(
7363 				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7364 		if (!n_channels) {
7365 			err = -EINVAL;
7366 			goto unlock;
7367 		}
7368 	} else {
7369 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7370 	}
7371 
7372 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
7373 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7374 			n_ssids++;
7375 
7376 	if (n_ssids > wiphy->max_scan_ssids) {
7377 		err = -EINVAL;
7378 		goto unlock;
7379 	}
7380 
7381 	if (info->attrs[NL80211_ATTR_IE])
7382 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7383 	else
7384 		ie_len = 0;
7385 
7386 	if (ie_len > wiphy->max_scan_ie_len) {
7387 		err = -EINVAL;
7388 		goto unlock;
7389 	}
7390 
7391 	request = kzalloc(sizeof(*request)
7392 			+ sizeof(*request->ssids) * n_ssids
7393 			+ sizeof(*request->channels) * n_channels
7394 			+ ie_len, GFP_KERNEL);
7395 	if (!request) {
7396 		err = -ENOMEM;
7397 		goto unlock;
7398 	}
7399 
7400 	if (n_ssids)
7401 		request->ssids = (void *)&request->channels[n_channels];
7402 	request->n_ssids = n_ssids;
7403 	if (ie_len) {
7404 		if (n_ssids)
7405 			request->ie = (void *)(request->ssids + n_ssids);
7406 		else
7407 			request->ie = (void *)(request->channels + n_channels);
7408 	}
7409 
7410 	i = 0;
7411 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7412 		/* user specified, bail out if channel not found */
7413 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
7414 			struct ieee80211_channel *chan;
7415 
7416 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7417 
7418 			if (!chan) {
7419 				err = -EINVAL;
7420 				goto out_free;
7421 			}
7422 
7423 			/* ignore disabled channels */
7424 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7425 				continue;
7426 
7427 			request->channels[i] = chan;
7428 			i++;
7429 		}
7430 	} else {
7431 		enum nl80211_band band;
7432 
7433 		/* all channels */
7434 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7435 			int j;
7436 
7437 			if (!wiphy->bands[band])
7438 				continue;
7439 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7440 				struct ieee80211_channel *chan;
7441 
7442 				chan = &wiphy->bands[band]->channels[j];
7443 
7444 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7445 					continue;
7446 
7447 				request->channels[i] = chan;
7448 				i++;
7449 			}
7450 		}
7451 	}
7452 
7453 	if (!i) {
7454 		err = -EINVAL;
7455 		goto out_free;
7456 	}
7457 
7458 	request->n_channels = i;
7459 
7460 	wdev_lock(wdev);
7461 	if (!cfg80211_off_channel_oper_allowed(wdev)) {
7462 		struct ieee80211_channel *chan;
7463 
7464 		if (request->n_channels != 1) {
7465 			wdev_unlock(wdev);
7466 			err = -EBUSY;
7467 			goto out_free;
7468 		}
7469 
7470 		chan = request->channels[0];
7471 		if (chan->center_freq != wdev->chandef.chan->center_freq) {
7472 			wdev_unlock(wdev);
7473 			err = -EBUSY;
7474 			goto out_free;
7475 		}
7476 	}
7477 	wdev_unlock(wdev);
7478 
7479 	i = 0;
7480 	if (n_ssids) {
7481 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
7482 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7483 				err = -EINVAL;
7484 				goto out_free;
7485 			}
7486 			request->ssids[i].ssid_len = nla_len(attr);
7487 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
7488 			i++;
7489 		}
7490 	}
7491 
7492 	if (info->attrs[NL80211_ATTR_IE]) {
7493 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7494 		memcpy((void *)request->ie,
7495 		       nla_data(info->attrs[NL80211_ATTR_IE]),
7496 		       request->ie_len);
7497 	}
7498 
7499 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7500 		if (wiphy->bands[i])
7501 			request->rates[i] =
7502 				(1 << wiphy->bands[i]->n_bitrates) - 1;
7503 
7504 	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
7505 		nla_for_each_nested(attr,
7506 				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
7507 				    tmp) {
7508 			enum nl80211_band band = nla_type(attr);
7509 
7510 			if (band < 0 || band >= NUM_NL80211_BANDS) {
7511 				err = -EINVAL;
7512 				goto out_free;
7513 			}
7514 
7515 			if (!wiphy->bands[band])
7516 				continue;
7517 
7518 			err = ieee80211_get_ratemask(wiphy->bands[band],
7519 						     nla_data(attr),
7520 						     nla_len(attr),
7521 						     &request->rates[band]);
7522 			if (err)
7523 				goto out_free;
7524 		}
7525 	}
7526 
7527 	if (info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]) {
7528 		if (!wiphy_ext_feature_isset(wiphy,
7529 					NL80211_EXT_FEATURE_SET_SCAN_DWELL)) {
7530 			err = -EOPNOTSUPP;
7531 			goto out_free;
7532 		}
7533 
7534 		request->duration =
7535 			nla_get_u16(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION]);
7536 		request->duration_mandatory =
7537 			nla_get_flag(info->attrs[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY]);
7538 	}
7539 
7540 	err = nl80211_check_scan_flags(wiphy, wdev, request, info->attrs,
7541 				       false);
7542 	if (err)
7543 		goto out_free;
7544 
7545 	request->no_cck =
7546 		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
7547 
7548 	/* Initial implementation used NL80211_ATTR_MAC to set the specific
7549 	 * BSSID to scan for. This was problematic because that same attribute
7550 	 * was already used for another purpose (local random MAC address). The
7551 	 * NL80211_ATTR_BSSID attribute was added to fix this. For backwards
7552 	 * compatibility with older userspace components, also use the
7553 	 * NL80211_ATTR_MAC value here if it can be determined to be used for
7554 	 * the specific BSSID use case instead of the random MAC address
7555 	 * (NL80211_ATTR_SCAN_FLAGS is used to enable random MAC address use).
7556 	 */
7557 	if (info->attrs[NL80211_ATTR_BSSID])
7558 		memcpy(request->bssid,
7559 		       nla_data(info->attrs[NL80211_ATTR_BSSID]), ETH_ALEN);
7560 	else if (!(request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) &&
7561 		 info->attrs[NL80211_ATTR_MAC])
7562 		memcpy(request->bssid, nla_data(info->attrs[NL80211_ATTR_MAC]),
7563 		       ETH_ALEN);
7564 	else
7565 		eth_broadcast_addr(request->bssid);
7566 
7567 	request->wdev = wdev;
7568 	request->wiphy = &rdev->wiphy;
7569 	request->scan_start = jiffies;
7570 
7571 	rdev->scan_req = request;
7572 	err = rdev_scan(rdev, request);
7573 
7574 	if (!err) {
7575 		nl80211_send_scan_start(rdev, wdev);
7576 		if (wdev->netdev)
7577 			dev_hold(wdev->netdev);
7578 	} else {
7579  out_free:
7580 		rdev->scan_req = NULL;
7581 		kfree(request);
7582 	}
7583 
7584  unlock:
7585 	return err;
7586 }
7587 
7588 static int nl80211_abort_scan(struct sk_buff *skb, struct genl_info *info)
7589 {
7590 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7591 	struct wireless_dev *wdev = info->user_ptr[1];
7592 
7593 	if (!rdev->ops->abort_scan)
7594 		return -EOPNOTSUPP;
7595 
7596 	if (rdev->scan_msg)
7597 		return 0;
7598 
7599 	if (!rdev->scan_req)
7600 		return -ENOENT;
7601 
7602 	rdev_abort_scan(rdev, wdev);
7603 	return 0;
7604 }
7605 
7606 static int
7607 nl80211_parse_sched_scan_plans(struct wiphy *wiphy, int n_plans,
7608 			       struct cfg80211_sched_scan_request *request,
7609 			       struct nlattr **attrs)
7610 {
7611 	int tmp, err, i = 0;
7612 	struct nlattr *attr;
7613 
7614 	if (!attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7615 		u32 interval;
7616 
7617 		/*
7618 		 * If scan plans are not specified,
7619 		 * %NL80211_ATTR_SCHED_SCAN_INTERVAL will be specified. In this
7620 		 * case one scan plan will be set with the specified scan
7621 		 * interval and infinite number of iterations.
7622 		 */
7623 		interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
7624 		if (!interval)
7625 			return -EINVAL;
7626 
7627 		request->scan_plans[0].interval =
7628 			DIV_ROUND_UP(interval, MSEC_PER_SEC);
7629 		if (!request->scan_plans[0].interval)
7630 			return -EINVAL;
7631 
7632 		if (request->scan_plans[0].interval >
7633 		    wiphy->max_sched_scan_plan_interval)
7634 			request->scan_plans[0].interval =
7635 				wiphy->max_sched_scan_plan_interval;
7636 
7637 		return 0;
7638 	}
7639 
7640 	nla_for_each_nested(attr, attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp) {
7641 		struct nlattr *plan[NL80211_SCHED_SCAN_PLAN_MAX + 1];
7642 
7643 		if (WARN_ON(i >= n_plans))
7644 			return -EINVAL;
7645 
7646 		err = nla_parse_nested_deprecated(plan,
7647 						  NL80211_SCHED_SCAN_PLAN_MAX,
7648 						  attr, nl80211_plan_policy,
7649 						  NULL);
7650 		if (err)
7651 			return err;
7652 
7653 		if (!plan[NL80211_SCHED_SCAN_PLAN_INTERVAL])
7654 			return -EINVAL;
7655 
7656 		request->scan_plans[i].interval =
7657 			nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_INTERVAL]);
7658 		if (!request->scan_plans[i].interval ||
7659 		    request->scan_plans[i].interval >
7660 		    wiphy->max_sched_scan_plan_interval)
7661 			return -EINVAL;
7662 
7663 		if (plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]) {
7664 			request->scan_plans[i].iterations =
7665 				nla_get_u32(plan[NL80211_SCHED_SCAN_PLAN_ITERATIONS]);
7666 			if (!request->scan_plans[i].iterations ||
7667 			    (request->scan_plans[i].iterations >
7668 			     wiphy->max_sched_scan_plan_iterations))
7669 				return -EINVAL;
7670 		} else if (i < n_plans - 1) {
7671 			/*
7672 			 * All scan plans but the last one must specify
7673 			 * a finite number of iterations
7674 			 */
7675 			return -EINVAL;
7676 		}
7677 
7678 		i++;
7679 	}
7680 
7681 	/*
7682 	 * The last scan plan must not specify the number of
7683 	 * iterations, it is supposed to run infinitely
7684 	 */
7685 	if (request->scan_plans[n_plans - 1].iterations)
7686 		return  -EINVAL;
7687 
7688 	return 0;
7689 }
7690 
7691 static int
7692 nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
7693 				       struct cfg80211_match_set *match_sets,
7694 				       struct nlattr *tb_band_rssi,
7695 				       s32 rssi_thold)
7696 {
7697 	struct nlattr *attr;
7698 	int i, tmp, ret = 0;
7699 
7700 	if (!wiphy_ext_feature_isset(wiphy,
7701 		    NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
7702 		if (tb_band_rssi)
7703 			ret = -EOPNOTSUPP;
7704 		else
7705 			for (i = 0; i < NUM_NL80211_BANDS; i++)
7706 				match_sets->per_band_rssi_thold[i] =
7707 					NL80211_SCAN_RSSI_THOLD_OFF;
7708 		return ret;
7709 	}
7710 
7711 	for (i = 0; i < NUM_NL80211_BANDS; i++)
7712 		match_sets->per_band_rssi_thold[i] = rssi_thold;
7713 
7714 	nla_for_each_nested(attr, tb_band_rssi, tmp) {
7715 		enum nl80211_band band = nla_type(attr);
7716 
7717 		if (band < 0 || band >= NUM_NL80211_BANDS)
7718 			return -EINVAL;
7719 
7720 		match_sets->per_band_rssi_thold[band] =	nla_get_s32(attr);
7721 	}
7722 
7723 	return 0;
7724 }
7725 
7726 static struct cfg80211_sched_scan_request *
7727 nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
7728 			 struct nlattr **attrs, int max_match_sets)
7729 {
7730 	struct cfg80211_sched_scan_request *request;
7731 	struct nlattr *attr;
7732 	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i, n_plans = 0;
7733 	enum nl80211_band band;
7734 	size_t ie_len;
7735 	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7736 	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7737 
7738 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7739 		n_channels = validate_scan_freqs(
7740 				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7741 		if (!n_channels)
7742 			return ERR_PTR(-EINVAL);
7743 	} else {
7744 		n_channels = ieee80211_get_num_supported_channels(wiphy);
7745 	}
7746 
7747 	if (attrs[NL80211_ATTR_SCAN_SSIDS])
7748 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7749 				    tmp)
7750 			n_ssids++;
7751 
7752 	if (n_ssids > wiphy->max_sched_scan_ssids)
7753 		return ERR_PTR(-EINVAL);
7754 
7755 	/*
7756 	 * First, count the number of 'real' matchsets. Due to an issue with
7757 	 * the old implementation, matchsets containing only the RSSI attribute
7758 	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
7759 	 * RSSI for all matchsets, rather than their own matchset for reporting
7760 	 * all APs with a strong RSSI. This is needed to be compatible with
7761 	 * older userspace that treated a matchset with only the RSSI as the
7762 	 * global RSSI for all other matchsets - if there are other matchsets.
7763 	 */
7764 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7765 		nla_for_each_nested(attr,
7766 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7767 				    tmp) {
7768 			struct nlattr *rssi;
7769 
7770 			err = nla_parse_nested_deprecated(tb,
7771 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7772 							  attr,
7773 							  nl80211_match_policy,
7774 							  NULL);
7775 			if (err)
7776 				return ERR_PTR(err);
7777 
7778 			/* SSID and BSSID are mutually exclusive */
7779 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] &&
7780 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID])
7781 				return ERR_PTR(-EINVAL);
7782 
7783 			/* add other standalone attributes here */
7784 			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] ||
7785 			    tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID]) {
7786 				n_match_sets++;
7787 				continue;
7788 			}
7789 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7790 			if (rssi)
7791 				default_match_rssi = nla_get_s32(rssi);
7792 		}
7793 	}
7794 
7795 	/* However, if there's no other matchset, add the RSSI one */
7796 	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
7797 		n_match_sets = 1;
7798 
7799 	if (n_match_sets > max_match_sets)
7800 		return ERR_PTR(-EINVAL);
7801 
7802 	if (attrs[NL80211_ATTR_IE])
7803 		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
7804 	else
7805 		ie_len = 0;
7806 
7807 	if (ie_len > wiphy->max_sched_scan_ie_len)
7808 		return ERR_PTR(-EINVAL);
7809 
7810 	if (attrs[NL80211_ATTR_SCHED_SCAN_PLANS]) {
7811 		/*
7812 		 * NL80211_ATTR_SCHED_SCAN_INTERVAL must not be specified since
7813 		 * each scan plan already specifies its own interval
7814 		 */
7815 		if (attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7816 			return ERR_PTR(-EINVAL);
7817 
7818 		nla_for_each_nested(attr,
7819 				    attrs[NL80211_ATTR_SCHED_SCAN_PLANS], tmp)
7820 			n_plans++;
7821 	} else {
7822 		/*
7823 		 * The scan interval attribute is kept for backward
7824 		 * compatibility. If no scan plans are specified and sched scan
7825 		 * interval is specified, one scan plan will be set with this
7826 		 * scan interval and infinite number of iterations.
7827 		 */
7828 		if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
7829 			return ERR_PTR(-EINVAL);
7830 
7831 		n_plans = 1;
7832 	}
7833 
7834 	if (!n_plans || n_plans > wiphy->max_sched_scan_plans)
7835 		return ERR_PTR(-EINVAL);
7836 
7837 	if (!wiphy_ext_feature_isset(
7838 		    wiphy, NL80211_EXT_FEATURE_SCHED_SCAN_RELATIVE_RSSI) &&
7839 	    (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] ||
7840 	     attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]))
7841 		return ERR_PTR(-EINVAL);
7842 
7843 	request = kzalloc(sizeof(*request)
7844 			+ sizeof(*request->ssids) * n_ssids
7845 			+ sizeof(*request->match_sets) * n_match_sets
7846 			+ sizeof(*request->scan_plans) * n_plans
7847 			+ sizeof(*request->channels) * n_channels
7848 			+ ie_len, GFP_KERNEL);
7849 	if (!request)
7850 		return ERR_PTR(-ENOMEM);
7851 
7852 	if (n_ssids)
7853 		request->ssids = (void *)&request->channels[n_channels];
7854 	request->n_ssids = n_ssids;
7855 	if (ie_len) {
7856 		if (n_ssids)
7857 			request->ie = (void *)(request->ssids + n_ssids);
7858 		else
7859 			request->ie = (void *)(request->channels + n_channels);
7860 	}
7861 
7862 	if (n_match_sets) {
7863 		if (request->ie)
7864 			request->match_sets = (void *)(request->ie + ie_len);
7865 		else if (n_ssids)
7866 			request->match_sets =
7867 				(void *)(request->ssids + n_ssids);
7868 		else
7869 			request->match_sets =
7870 				(void *)(request->channels + n_channels);
7871 	}
7872 	request->n_match_sets = n_match_sets;
7873 
7874 	if (n_match_sets)
7875 		request->scan_plans = (void *)(request->match_sets +
7876 					       n_match_sets);
7877 	else if (request->ie)
7878 		request->scan_plans = (void *)(request->ie + ie_len);
7879 	else if (n_ssids)
7880 		request->scan_plans = (void *)(request->ssids + n_ssids);
7881 	else
7882 		request->scan_plans = (void *)(request->channels + n_channels);
7883 
7884 	request->n_scan_plans = n_plans;
7885 
7886 	i = 0;
7887 	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7888 		/* user specified, bail out if channel not found */
7889 		nla_for_each_nested(attr,
7890 				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
7891 				    tmp) {
7892 			struct ieee80211_channel *chan;
7893 
7894 			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
7895 
7896 			if (!chan) {
7897 				err = -EINVAL;
7898 				goto out_free;
7899 			}
7900 
7901 			/* ignore disabled channels */
7902 			if (chan->flags & IEEE80211_CHAN_DISABLED)
7903 				continue;
7904 
7905 			request->channels[i] = chan;
7906 			i++;
7907 		}
7908 	} else {
7909 		/* all channels */
7910 		for (band = 0; band < NUM_NL80211_BANDS; band++) {
7911 			int j;
7912 
7913 			if (!wiphy->bands[band])
7914 				continue;
7915 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
7916 				struct ieee80211_channel *chan;
7917 
7918 				chan = &wiphy->bands[band]->channels[j];
7919 
7920 				if (chan->flags & IEEE80211_CHAN_DISABLED)
7921 					continue;
7922 
7923 				request->channels[i] = chan;
7924 				i++;
7925 			}
7926 		}
7927 	}
7928 
7929 	if (!i) {
7930 		err = -EINVAL;
7931 		goto out_free;
7932 	}
7933 
7934 	request->n_channels = i;
7935 
7936 	i = 0;
7937 	if (n_ssids) {
7938 		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
7939 				    tmp) {
7940 			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
7941 				err = -EINVAL;
7942 				goto out_free;
7943 			}
7944 			request->ssids[i].ssid_len = nla_len(attr);
7945 			memcpy(request->ssids[i].ssid, nla_data(attr),
7946 			       nla_len(attr));
7947 			i++;
7948 		}
7949 	}
7950 
7951 	i = 0;
7952 	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
7953 		nla_for_each_nested(attr,
7954 				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
7955 				    tmp) {
7956 			struct nlattr *ssid, *bssid, *rssi;
7957 
7958 			err = nla_parse_nested_deprecated(tb,
7959 							  NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7960 							  attr,
7961 							  nl80211_match_policy,
7962 							  NULL);
7963 			if (err)
7964 				goto out_free;
7965 			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7966 			bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7967 
7968 			if (!ssid && !bssid) {
7969 				i++;
7970 				continue;
7971 			}
7972 
7973 			if (WARN_ON(i >= n_match_sets)) {
7974 				/* this indicates a programming error,
7975 				 * the loop above should have verified
7976 				 * things properly
7977 				 */
7978 				err = -EINVAL;
7979 				goto out_free;
7980 			}
7981 
7982 			if (ssid) {
7983 				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7984 					err = -EINVAL;
7985 					goto out_free;
7986 				}
7987 				memcpy(request->match_sets[i].ssid.ssid,
7988 				       nla_data(ssid), nla_len(ssid));
7989 				request->match_sets[i].ssid.ssid_len =
7990 					nla_len(ssid);
7991 			}
7992 			if (bssid) {
7993 				if (nla_len(bssid) != ETH_ALEN) {
7994 					err = -EINVAL;
7995 					goto out_free;
7996 				}
7997 				memcpy(request->match_sets[i].bssid,
7998 				       nla_data(bssid), ETH_ALEN);
7999 			}
8000 
8001 			/* special attribute - old implementation w/a */
8002 			request->match_sets[i].rssi_thold = default_match_rssi;
8003 			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
8004 			if (rssi)
8005 				request->match_sets[i].rssi_thold =
8006 					nla_get_s32(rssi);
8007 
8008 			/* Parse per band RSSI attribute */
8009 			err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
8010 				&request->match_sets[i],
8011 				tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
8012 				request->match_sets[i].rssi_thold);
8013 			if (err)
8014 				goto out_free;
8015 
8016 			i++;
8017 		}
8018 
8019 		/* there was no other matchset, so the RSSI one is alone */
8020 		if (i == 0 && n_match_sets)
8021 			request->match_sets[0].rssi_thold = default_match_rssi;
8022 
8023 		request->min_rssi_thold = INT_MAX;
8024 		for (i = 0; i < n_match_sets; i++)
8025 			request->min_rssi_thold =
8026 				min(request->match_sets[i].rssi_thold,
8027 				    request->min_rssi_thold);
8028 	} else {
8029 		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
8030 	}
8031 
8032 	if (ie_len) {
8033 		request->ie_len = ie_len;
8034 		memcpy((void *)request->ie,
8035 		       nla_data(attrs[NL80211_ATTR_IE]),
8036 		       request->ie_len);
8037 	}
8038 
8039 	err = nl80211_check_scan_flags(wiphy, wdev, request, attrs, true);
8040 	if (err)
8041 		goto out_free;
8042 
8043 	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
8044 		request->delay =
8045 			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
8046 
8047 	if (attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]) {
8048 		request->relative_rssi = nla_get_s8(
8049 			attrs[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI]);
8050 		request->relative_rssi_set = true;
8051 	}
8052 
8053 	if (request->relative_rssi_set &&
8054 	    attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]) {
8055 		struct nl80211_bss_select_rssi_adjust *rssi_adjust;
8056 
8057 		rssi_adjust = nla_data(
8058 			attrs[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST]);
8059 		request->rssi_adjust.band = rssi_adjust->band;
8060 		request->rssi_adjust.delta = rssi_adjust->delta;
8061 		if (!is_band_valid(wiphy, request->rssi_adjust.band)) {
8062 			err = -EINVAL;
8063 			goto out_free;
8064 		}
8065 	}
8066 
8067 	err = nl80211_parse_sched_scan_plans(wiphy, n_plans, request, attrs);
8068 	if (err)
8069 		goto out_free;
8070 
8071 	request->scan_start = jiffies;
8072 
8073 	return request;
8074 
8075 out_free:
8076 	kfree(request);
8077 	return ERR_PTR(err);
8078 }
8079 
8080 static int nl80211_start_sched_scan(struct sk_buff *skb,
8081 				    struct genl_info *info)
8082 {
8083 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8084 	struct net_device *dev = info->user_ptr[1];
8085 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8086 	struct cfg80211_sched_scan_request *sched_scan_req;
8087 	bool want_multi;
8088 	int err;
8089 
8090 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_start)
8091 		return -EOPNOTSUPP;
8092 
8093 	want_multi = info->attrs[NL80211_ATTR_SCHED_SCAN_MULTI];
8094 	err = cfg80211_sched_scan_req_possible(rdev, want_multi);
8095 	if (err)
8096 		return err;
8097 
8098 	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
8099 						  info->attrs,
8100 						  rdev->wiphy.max_match_sets);
8101 
8102 	err = PTR_ERR_OR_ZERO(sched_scan_req);
8103 	if (err)
8104 		goto out_err;
8105 
8106 	/* leave request id zero for legacy request
8107 	 * or if driver does not support multi-scheduled scan
8108 	 */
8109 	if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
8110 		while (!sched_scan_req->reqid)
8111 			sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
8112 	}
8113 
8114 	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
8115 	if (err)
8116 		goto out_free;
8117 
8118 	sched_scan_req->dev = dev;
8119 	sched_scan_req->wiphy = &rdev->wiphy;
8120 
8121 	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
8122 		sched_scan_req->owner_nlportid = info->snd_portid;
8123 
8124 	cfg80211_add_sched_scan_req(rdev, sched_scan_req);
8125 
8126 	nl80211_send_sched_scan(sched_scan_req, NL80211_CMD_START_SCHED_SCAN);
8127 	return 0;
8128 
8129 out_free:
8130 	kfree(sched_scan_req);
8131 out_err:
8132 	return err;
8133 }
8134 
8135 static int nl80211_stop_sched_scan(struct sk_buff *skb,
8136 				   struct genl_info *info)
8137 {
8138 	struct cfg80211_sched_scan_request *req;
8139 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8140 	u64 cookie;
8141 
8142 	if (!rdev->wiphy.max_sched_scan_reqs || !rdev->ops->sched_scan_stop)
8143 		return -EOPNOTSUPP;
8144 
8145 	if (info->attrs[NL80211_ATTR_COOKIE]) {
8146 		cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8147 		return __cfg80211_stop_sched_scan(rdev, cookie, false);
8148 	}
8149 
8150 	req = list_first_or_null_rcu(&rdev->sched_scan_req_list,
8151 				     struct cfg80211_sched_scan_request,
8152 				     list);
8153 	if (!req || req->reqid ||
8154 	    (req->owner_nlportid &&
8155 	     req->owner_nlportid != info->snd_portid))
8156 		return -ENOENT;
8157 
8158 	return cfg80211_stop_sched_scan_req(rdev, req, false);
8159 }
8160 
8161 static int nl80211_start_radar_detection(struct sk_buff *skb,
8162 					 struct genl_info *info)
8163 {
8164 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8165 	struct net_device *dev = info->user_ptr[1];
8166 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8167 	struct wiphy *wiphy = wdev->wiphy;
8168 	struct cfg80211_chan_def chandef;
8169 	enum nl80211_dfs_regions dfs_region;
8170 	unsigned int cac_time_ms;
8171 	int err;
8172 
8173 	dfs_region = reg_get_dfs_region(wiphy);
8174 	if (dfs_region == NL80211_DFS_UNSET)
8175 		return -EINVAL;
8176 
8177 	err = nl80211_parse_chandef(rdev, info, &chandef);
8178 	if (err)
8179 		return err;
8180 
8181 	if (netif_carrier_ok(dev))
8182 		return -EBUSY;
8183 
8184 	if (wdev->cac_started)
8185 		return -EBUSY;
8186 
8187 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8188 	if (err < 0)
8189 		return err;
8190 
8191 	if (err == 0)
8192 		return -EINVAL;
8193 
8194 	if (!cfg80211_chandef_dfs_usable(wiphy, &chandef))
8195 		return -EINVAL;
8196 
8197 	/* CAC start is offloaded to HW and can't be started manually */
8198 	if (wiphy_ext_feature_isset(wiphy, NL80211_EXT_FEATURE_DFS_OFFLOAD))
8199 		return -EOPNOTSUPP;
8200 
8201 	if (!rdev->ops->start_radar_detection)
8202 		return -EOPNOTSUPP;
8203 
8204 	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
8205 	if (WARN_ON(!cac_time_ms))
8206 		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
8207 
8208 	err = rdev_start_radar_detection(rdev, dev, &chandef, cac_time_ms);
8209 	if (!err) {
8210 		wdev->chandef = chandef;
8211 		wdev->cac_started = true;
8212 		wdev->cac_start_time = jiffies;
8213 		wdev->cac_time_ms = cac_time_ms;
8214 	}
8215 	return err;
8216 }
8217 
8218 static int nl80211_notify_radar_detection(struct sk_buff *skb,
8219 					  struct genl_info *info)
8220 {
8221 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8222 	struct net_device *dev = info->user_ptr[1];
8223 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8224 	struct wiphy *wiphy = wdev->wiphy;
8225 	struct cfg80211_chan_def chandef;
8226 	enum nl80211_dfs_regions dfs_region;
8227 	int err;
8228 
8229 	dfs_region = reg_get_dfs_region(wiphy);
8230 	if (dfs_region == NL80211_DFS_UNSET) {
8231 		GENL_SET_ERR_MSG(info,
8232 				 "DFS Region is not set. Unexpected Radar indication");
8233 		return -EINVAL;
8234 	}
8235 
8236 	err = nl80211_parse_chandef(rdev, info, &chandef);
8237 	if (err) {
8238 		GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
8239 		return err;
8240 	}
8241 
8242 	err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
8243 	if (err < 0) {
8244 		GENL_SET_ERR_MSG(info, "chandef is invalid");
8245 		return err;
8246 	}
8247 
8248 	if (err == 0) {
8249 		GENL_SET_ERR_MSG(info,
8250 				 "Unexpected Radar indication for chandef/iftype");
8251 		return -EINVAL;
8252 	}
8253 
8254 	/* Do not process this notification if radar is already detected
8255 	 * by kernel on this channel, and return success.
8256 	 */
8257 	if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
8258 		return 0;
8259 
8260 	cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
8261 
8262 	cfg80211_sched_dfs_chan_update(rdev);
8263 
8264 	rdev->radar_chandef = chandef;
8265 
8266 	/* Propagate this notification to other radios as well */
8267 	queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
8268 
8269 	return 0;
8270 }
8271 
8272 static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
8273 {
8274 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8275 	struct net_device *dev = info->user_ptr[1];
8276 	struct wireless_dev *wdev = dev->ieee80211_ptr;
8277 	struct cfg80211_csa_settings params;
8278 	/* csa_attrs is defined static to avoid waste of stack size - this
8279 	 * function is called under RTNL lock, so this should not be a problem.
8280 	 */
8281 	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
8282 	int err;
8283 	bool need_new_beacon = false;
8284 	bool need_handle_dfs_flag = true;
8285 	int len, i;
8286 	u32 cs_count;
8287 
8288 	if (!rdev->ops->channel_switch ||
8289 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
8290 		return -EOPNOTSUPP;
8291 
8292 	switch (dev->ieee80211_ptr->iftype) {
8293 	case NL80211_IFTYPE_AP:
8294 	case NL80211_IFTYPE_P2P_GO:
8295 		need_new_beacon = true;
8296 		/* For all modes except AP the handle_dfs flag needs to be
8297 		 * supplied to tell the kernel that userspace will handle radar
8298 		 * events when they happen. Otherwise a switch to a channel
8299 		 * requiring DFS will be rejected.
8300 		 */
8301 		need_handle_dfs_flag = false;
8302 
8303 		/* useless if AP is not running */
8304 		if (!wdev->beacon_interval)
8305 			return -ENOTCONN;
8306 		break;
8307 	case NL80211_IFTYPE_ADHOC:
8308 		if (!wdev->ssid_len)
8309 			return -ENOTCONN;
8310 		break;
8311 	case NL80211_IFTYPE_MESH_POINT:
8312 		if (!wdev->mesh_id_len)
8313 			return -ENOTCONN;
8314 		break;
8315 	default:
8316 		return -EOPNOTSUPP;
8317 	}
8318 
8319 	memset(&params, 0, sizeof(params));
8320 	params.beacon_csa.ftm_responder = -1;
8321 
8322 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
8323 	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
8324 		return -EINVAL;
8325 
8326 	/* only important for AP, IBSS and mesh create IEs internally */
8327 	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
8328 		return -EINVAL;
8329 
8330 	/* Even though the attribute is u32, the specification says
8331 	 * u8, so let's make sure we don't overflow.
8332 	 */
8333 	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
8334 	if (cs_count > 255)
8335 		return -EINVAL;
8336 
8337 	params.count = cs_count;
8338 
8339 	if (!need_new_beacon)
8340 		goto skip_beacons;
8341 
8342 	err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
8343 	if (err)
8344 		return err;
8345 
8346 	err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
8347 					  info->attrs[NL80211_ATTR_CSA_IES],
8348 					  nl80211_policy, info->extack);
8349 	if (err)
8350 		return err;
8351 
8352 	err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
8353 	if (err)
8354 		return err;
8355 
8356 	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
8357 		return -EINVAL;
8358 
8359 	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8360 	if (!len || (len % sizeof(u16)))
8361 		return -EINVAL;
8362 
8363 	params.n_counter_offsets_beacon = len / sizeof(u16);
8364 	if (rdev->wiphy.max_num_csa_counters &&
8365 	    (params.n_counter_offsets_beacon >
8366 	     rdev->wiphy.max_num_csa_counters))
8367 		return -EINVAL;
8368 
8369 	params.counter_offsets_beacon =
8370 		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
8371 
8372 	/* sanity checks - counters should fit and be the same */
8373 	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
8374 		u16 offset = params.counter_offsets_beacon[i];
8375 
8376 		if (offset >= params.beacon_csa.tail_len)
8377 			return -EINVAL;
8378 
8379 		if (params.beacon_csa.tail[offset] != params.count)
8380 			return -EINVAL;
8381 	}
8382 
8383 	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8384 		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8385 		if (!len || (len % sizeof(u16)))
8386 			return -EINVAL;
8387 
8388 		params.n_counter_offsets_presp = len / sizeof(u16);
8389 		if (rdev->wiphy.max_num_csa_counters &&
8390 		    (params.n_counter_offsets_presp >
8391 		     rdev->wiphy.max_num_csa_counters))
8392 			return -EINVAL;
8393 
8394 		params.counter_offsets_presp =
8395 			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
8396 
8397 		/* sanity checks - counters should fit and be the same */
8398 		for (i = 0; i < params.n_counter_offsets_presp; i++) {
8399 			u16 offset = params.counter_offsets_presp[i];
8400 
8401 			if (offset >= params.beacon_csa.probe_resp_len)
8402 				return -EINVAL;
8403 
8404 			if (params.beacon_csa.probe_resp[offset] !=
8405 			    params.count)
8406 				return -EINVAL;
8407 		}
8408 	}
8409 
8410 skip_beacons:
8411 	err = nl80211_parse_chandef(rdev, info, &params.chandef);
8412 	if (err)
8413 		return err;
8414 
8415 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &params.chandef,
8416 					   wdev->iftype))
8417 		return -EINVAL;
8418 
8419 	err = cfg80211_chandef_dfs_required(wdev->wiphy,
8420 					    &params.chandef,
8421 					    wdev->iftype);
8422 	if (err < 0)
8423 		return err;
8424 
8425 	if (err > 0) {
8426 		params.radar_required = true;
8427 		if (need_handle_dfs_flag &&
8428 		    !nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS])) {
8429 			return -EINVAL;
8430 		}
8431 	}
8432 
8433 	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
8434 		params.block_tx = true;
8435 
8436 	wdev_lock(wdev);
8437 	err = rdev_channel_switch(rdev, dev, &params);
8438 	wdev_unlock(wdev);
8439 
8440 	return err;
8441 }
8442 
8443 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
8444 			    u32 seq, int flags,
8445 			    struct cfg80211_registered_device *rdev,
8446 			    struct wireless_dev *wdev,
8447 			    struct cfg80211_internal_bss *intbss)
8448 {
8449 	struct cfg80211_bss *res = &intbss->pub;
8450 	const struct cfg80211_bss_ies *ies;
8451 	void *hdr;
8452 	struct nlattr *bss;
8453 
8454 	ASSERT_WDEV_LOCK(wdev);
8455 
8456 	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
8457 			     NL80211_CMD_NEW_SCAN_RESULTS);
8458 	if (!hdr)
8459 		return -1;
8460 
8461 	genl_dump_check_consistent(cb, hdr);
8462 
8463 	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
8464 		goto nla_put_failure;
8465 	if (wdev->netdev &&
8466 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
8467 		goto nla_put_failure;
8468 	if (nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
8469 			      NL80211_ATTR_PAD))
8470 		goto nla_put_failure;
8471 
8472 	bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8473 	if (!bss)
8474 		goto nla_put_failure;
8475 	if ((!is_zero_ether_addr(res->bssid) &&
8476 	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
8477 		goto nla_put_failure;
8478 
8479 	rcu_read_lock();
8480 	/* indicate whether we have probe response data or not */
8481 	if (rcu_access_pointer(res->proberesp_ies) &&
8482 	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
8483 		goto fail_unlock_rcu;
8484 
8485 	/* this pointer prefers to be pointed to probe response data
8486 	 * but is always valid
8487 	 */
8488 	ies = rcu_dereference(res->ies);
8489 	if (ies) {
8490 		if (nla_put_u64_64bit(msg, NL80211_BSS_TSF, ies->tsf,
8491 				      NL80211_BSS_PAD))
8492 			goto fail_unlock_rcu;
8493 		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
8494 					ies->len, ies->data))
8495 			goto fail_unlock_rcu;
8496 	}
8497 
8498 	/* and this pointer is always (unless driver didn't know) beacon data */
8499 	ies = rcu_dereference(res->beacon_ies);
8500 	if (ies && ies->from_beacon) {
8501 		if (nla_put_u64_64bit(msg, NL80211_BSS_BEACON_TSF, ies->tsf,
8502 				      NL80211_BSS_PAD))
8503 			goto fail_unlock_rcu;
8504 		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
8505 					ies->len, ies->data))
8506 			goto fail_unlock_rcu;
8507 	}
8508 	rcu_read_unlock();
8509 
8510 	if (res->beacon_interval &&
8511 	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
8512 		goto nla_put_failure;
8513 	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
8514 	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
8515 	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
8516 	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8517 			jiffies_to_msecs(jiffies - intbss->ts)))
8518 		goto nla_put_failure;
8519 
8520 	if (intbss->parent_tsf &&
8521 	    (nla_put_u64_64bit(msg, NL80211_BSS_PARENT_TSF,
8522 			       intbss->parent_tsf, NL80211_BSS_PAD) ||
8523 	     nla_put(msg, NL80211_BSS_PARENT_BSSID, ETH_ALEN,
8524 		     intbss->parent_bssid)))
8525 		goto nla_put_failure;
8526 
8527 	if (intbss->ts_boottime &&
8528 	    nla_put_u64_64bit(msg, NL80211_BSS_LAST_SEEN_BOOTTIME,
8529 			      intbss->ts_boottime, NL80211_BSS_PAD))
8530 		goto nla_put_failure;
8531 
8532 	if (!nl80211_put_signal(msg, intbss->pub.chains,
8533 				intbss->pub.chain_signal,
8534 				NL80211_BSS_CHAIN_SIGNAL))
8535 		goto nla_put_failure;
8536 
8537 	switch (rdev->wiphy.signal_type) {
8538 	case CFG80211_SIGNAL_TYPE_MBM:
8539 		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
8540 			goto nla_put_failure;
8541 		break;
8542 	case CFG80211_SIGNAL_TYPE_UNSPEC:
8543 		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
8544 			goto nla_put_failure;
8545 		break;
8546 	default:
8547 		break;
8548 	}
8549 
8550 	switch (wdev->iftype) {
8551 	case NL80211_IFTYPE_P2P_CLIENT:
8552 	case NL80211_IFTYPE_STATION:
8553 		if (intbss == wdev->current_bss &&
8554 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8555 				NL80211_BSS_STATUS_ASSOCIATED))
8556 			goto nla_put_failure;
8557 		break;
8558 	case NL80211_IFTYPE_ADHOC:
8559 		if (intbss == wdev->current_bss &&
8560 		    nla_put_u32(msg, NL80211_BSS_STATUS,
8561 				NL80211_BSS_STATUS_IBSS_JOINED))
8562 			goto nla_put_failure;
8563 		break;
8564 	default:
8565 		break;
8566 	}
8567 
8568 	nla_nest_end(msg, bss);
8569 
8570 	genlmsg_end(msg, hdr);
8571 	return 0;
8572 
8573  fail_unlock_rcu:
8574 	rcu_read_unlock();
8575  nla_put_failure:
8576 	genlmsg_cancel(msg, hdr);
8577 	return -EMSGSIZE;
8578 }
8579 
8580 static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
8581 {
8582 	struct cfg80211_registered_device *rdev;
8583 	struct cfg80211_internal_bss *scan;
8584 	struct wireless_dev *wdev;
8585 	int start = cb->args[2], idx = 0;
8586 	int err;
8587 
8588 	rtnl_lock();
8589 	err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8590 	if (err) {
8591 		rtnl_unlock();
8592 		return err;
8593 	}
8594 
8595 	wdev_lock(wdev);
8596 	spin_lock_bh(&rdev->bss_lock);
8597 
8598 	/*
8599 	 * dump_scan will be called multiple times to break up the scan results
8600 	 * into multiple messages.  It is unlikely that any more bss-es will be
8601 	 * expired after the first call, so only call only call this on the
8602 	 * first dump_scan invocation.
8603 	 */
8604 	if (start == 0)
8605 		cfg80211_bss_expire(rdev);
8606 
8607 	cb->seq = rdev->bss_generation;
8608 
8609 	list_for_each_entry(scan, &rdev->bss_list, list) {
8610 		if (++idx <= start)
8611 			continue;
8612 		if (nl80211_send_bss(skb, cb,
8613 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8614 				rdev, wdev, scan) < 0) {
8615 			idx--;
8616 			break;
8617 		}
8618 	}
8619 
8620 	spin_unlock_bh(&rdev->bss_lock);
8621 	wdev_unlock(wdev);
8622 
8623 	cb->args[2] = idx;
8624 	rtnl_unlock();
8625 
8626 	return skb->len;
8627 }
8628 
8629 static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
8630 			       int flags, struct net_device *dev,
8631 			       bool allow_radio_stats,
8632 			       struct survey_info *survey)
8633 {
8634 	void *hdr;
8635 	struct nlattr *infoattr;
8636 
8637 	/* skip radio stats if userspace didn't request them */
8638 	if (!survey->channel && !allow_radio_stats)
8639 		return 0;
8640 
8641 	hdr = nl80211hdr_put(msg, portid, seq, flags,
8642 			     NL80211_CMD_NEW_SURVEY_RESULTS);
8643 	if (!hdr)
8644 		return -ENOMEM;
8645 
8646 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
8647 		goto nla_put_failure;
8648 
8649 	infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
8650 	if (!infoattr)
8651 		goto nla_put_failure;
8652 
8653 	if (survey->channel &&
8654 	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
8655 			survey->channel->center_freq))
8656 		goto nla_put_failure;
8657 
8658 	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
8659 	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
8660 		goto nla_put_failure;
8661 	if ((survey->filled & SURVEY_INFO_IN_USE) &&
8662 	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
8663 		goto nla_put_failure;
8664 	if ((survey->filled & SURVEY_INFO_TIME) &&
8665 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME,
8666 			survey->time, NL80211_SURVEY_INFO_PAD))
8667 		goto nla_put_failure;
8668 	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
8669 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BUSY,
8670 			      survey->time_busy, NL80211_SURVEY_INFO_PAD))
8671 		goto nla_put_failure;
8672 	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
8673 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
8674 			      survey->time_ext_busy, NL80211_SURVEY_INFO_PAD))
8675 		goto nla_put_failure;
8676 	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
8677 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_RX,
8678 			      survey->time_rx, NL80211_SURVEY_INFO_PAD))
8679 		goto nla_put_failure;
8680 	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
8681 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_TX,
8682 			      survey->time_tx, NL80211_SURVEY_INFO_PAD))
8683 		goto nla_put_failure;
8684 	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
8685 	    nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8686 			      survey->time_scan, NL80211_SURVEY_INFO_PAD))
8687 		goto nla_put_failure;
8688 
8689 	nla_nest_end(msg, infoattr);
8690 
8691 	genlmsg_end(msg, hdr);
8692 	return 0;
8693 
8694  nla_put_failure:
8695 	genlmsg_cancel(msg, hdr);
8696 	return -EMSGSIZE;
8697 }
8698 
8699 static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
8700 {
8701 	struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
8702 	struct survey_info survey;
8703 	struct cfg80211_registered_device *rdev;
8704 	struct wireless_dev *wdev;
8705 	int survey_idx = cb->args[2];
8706 	int res;
8707 	bool radio_stats;
8708 
8709 	rtnl_lock();
8710 	res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8711 	if (res)
8712 		goto out_err;
8713 
8714 	/* prepare_wdev_dump parsed the attributes */
8715 	radio_stats = attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
8716 
8717 	if (!wdev->netdev) {
8718 		res = -EINVAL;
8719 		goto out_err;
8720 	}
8721 
8722 	if (!rdev->ops->dump_survey) {
8723 		res = -EOPNOTSUPP;
8724 		goto out_err;
8725 	}
8726 
8727 	while (1) {
8728 		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
8729 		if (res == -ENOENT)
8730 			break;
8731 		if (res)
8732 			goto out_err;
8733 
8734 		/* don't send disabled channels, but do send non-channel data */
8735 		if (survey.channel &&
8736 		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
8737 			survey_idx++;
8738 			continue;
8739 		}
8740 
8741 		if (nl80211_send_survey(skb,
8742 				NETLINK_CB(cb->skb).portid,
8743 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
8744 				wdev->netdev, radio_stats, &survey) < 0)
8745 			goto out;
8746 		survey_idx++;
8747 	}
8748 
8749  out:
8750 	cb->args[2] = survey_idx;
8751 	res = skb->len;
8752  out_err:
8753 	rtnl_unlock();
8754 	return res;
8755 }
8756 
8757 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8758 {
8759 	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
8760 				  NL80211_WPA_VERSION_2 |
8761 				  NL80211_WPA_VERSION_3));
8762 }
8763 
8764 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
8765 {
8766 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8767 	struct net_device *dev = info->user_ptr[1];
8768 	struct ieee80211_channel *chan;
8769 	const u8 *bssid, *ssid, *ie = NULL, *auth_data = NULL;
8770 	int err, ssid_len, ie_len = 0, auth_data_len = 0;
8771 	enum nl80211_auth_type auth_type;
8772 	struct key_parse key;
8773 	bool local_state_change;
8774 
8775 	if (!info->attrs[NL80211_ATTR_MAC])
8776 		return -EINVAL;
8777 
8778 	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
8779 		return -EINVAL;
8780 
8781 	if (!info->attrs[NL80211_ATTR_SSID])
8782 		return -EINVAL;
8783 
8784 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8785 		return -EINVAL;
8786 
8787 	err = nl80211_parse_key(info, &key);
8788 	if (err)
8789 		return err;
8790 
8791 	if (key.idx >= 0) {
8792 		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
8793 			return -EINVAL;
8794 		if (!key.p.key || !key.p.key_len)
8795 			return -EINVAL;
8796 		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
8797 		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
8798 		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
8799 		     key.p.key_len != WLAN_KEY_LEN_WEP104))
8800 			return -EINVAL;
8801 		if (key.idx > 3)
8802 			return -EINVAL;
8803 	} else {
8804 		key.p.key_len = 0;
8805 		key.p.key = NULL;
8806 	}
8807 
8808 	if (key.idx >= 0) {
8809 		int i;
8810 		bool ok = false;
8811 
8812 		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
8813 			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
8814 				ok = true;
8815 				break;
8816 			}
8817 		}
8818 		if (!ok)
8819 			return -EINVAL;
8820 	}
8821 
8822 	if (!rdev->ops->auth)
8823 		return -EOPNOTSUPP;
8824 
8825 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
8826 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
8827 		return -EOPNOTSUPP;
8828 
8829 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8830 	chan = nl80211_get_valid_chan(&rdev->wiphy,
8831 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
8832 	if (!chan)
8833 		return -EINVAL;
8834 
8835 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
8836 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
8837 
8838 	if (info->attrs[NL80211_ATTR_IE]) {
8839 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
8840 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
8841 	}
8842 
8843 	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
8844 	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
8845 		return -EINVAL;
8846 
8847 	if ((auth_type == NL80211_AUTHTYPE_SAE ||
8848 	     auth_type == NL80211_AUTHTYPE_FILS_SK ||
8849 	     auth_type == NL80211_AUTHTYPE_FILS_SK_PFS ||
8850 	     auth_type == NL80211_AUTHTYPE_FILS_PK) &&
8851 	    !info->attrs[NL80211_ATTR_AUTH_DATA])
8852 		return -EINVAL;
8853 
8854 	if (info->attrs[NL80211_ATTR_AUTH_DATA]) {
8855 		if (auth_type != NL80211_AUTHTYPE_SAE &&
8856 		    auth_type != NL80211_AUTHTYPE_FILS_SK &&
8857 		    auth_type != NL80211_AUTHTYPE_FILS_SK_PFS &&
8858 		    auth_type != NL80211_AUTHTYPE_FILS_PK)
8859 			return -EINVAL;
8860 		auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8861 		auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8862 		/* need to include at least Auth Transaction and Status Code */
8863 		if (auth_data_len < 4)
8864 			return -EINVAL;
8865 	}
8866 
8867 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
8868 
8869 	/*
8870 	 * Since we no longer track auth state, ignore
8871 	 * requests to only change local state.
8872 	 */
8873 	if (local_state_change)
8874 		return 0;
8875 
8876 	wdev_lock(dev->ieee80211_ptr);
8877 	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
8878 				 ssid, ssid_len, ie, ie_len,
8879 				 key.p.key, key.p.key_len, key.idx,
8880 				 auth_data, auth_data_len);
8881 	wdev_unlock(dev->ieee80211_ptr);
8882 	return err;
8883 }
8884 
8885 static int validate_pae_over_nl80211(struct cfg80211_registered_device *rdev,
8886 				     struct genl_info *info)
8887 {
8888 	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
8889 		GENL_SET_ERR_MSG(info, "SOCKET_OWNER not set");
8890 		return -EINVAL;
8891 	}
8892 
8893 	if (!rdev->ops->tx_control_port ||
8894 	    !wiphy_ext_feature_isset(&rdev->wiphy,
8895 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
8896 		return -EOPNOTSUPP;
8897 
8898 	return 0;
8899 }
8900 
8901 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
8902 				   struct genl_info *info,
8903 				   struct cfg80211_crypto_settings *settings,
8904 				   int cipher_limit)
8905 {
8906 	memset(settings, 0, sizeof(*settings));
8907 
8908 	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
8909 
8910 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
8911 		u16 proto;
8912 
8913 		proto = nla_get_u16(
8914 			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
8915 		settings->control_port_ethertype = cpu_to_be16(proto);
8916 		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
8917 		    proto != ETH_P_PAE)
8918 			return -EINVAL;
8919 		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
8920 			settings->control_port_no_encrypt = true;
8921 	} else
8922 		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
8923 
8924 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
8925 		int r = validate_pae_over_nl80211(rdev, info);
8926 
8927 		if (r < 0)
8928 			return r;
8929 
8930 		settings->control_port_over_nl80211 = true;
8931 	}
8932 
8933 	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
8934 		void *data;
8935 		int len, i;
8936 
8937 		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8938 		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
8939 		settings->n_ciphers_pairwise = len / sizeof(u32);
8940 
8941 		if (len % sizeof(u32))
8942 			return -EINVAL;
8943 
8944 		if (settings->n_ciphers_pairwise > cipher_limit)
8945 			return -EINVAL;
8946 
8947 		memcpy(settings->ciphers_pairwise, data, len);
8948 
8949 		for (i = 0; i < settings->n_ciphers_pairwise; i++)
8950 			if (!cfg80211_supported_cipher_suite(
8951 					&rdev->wiphy,
8952 					settings->ciphers_pairwise[i]))
8953 				return -EINVAL;
8954 	}
8955 
8956 	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
8957 		settings->cipher_group =
8958 			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
8959 		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
8960 						     settings->cipher_group))
8961 			return -EINVAL;
8962 	}
8963 
8964 	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
8965 		settings->wpa_versions =
8966 			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
8967 		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
8968 			return -EINVAL;
8969 	}
8970 
8971 	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
8972 		void *data;
8973 		int len;
8974 
8975 		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
8976 		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
8977 		settings->n_akm_suites = len / sizeof(u32);
8978 
8979 		if (len % sizeof(u32))
8980 			return -EINVAL;
8981 
8982 		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
8983 			return -EINVAL;
8984 
8985 		memcpy(settings->akm_suites, data, len);
8986 	}
8987 
8988 	if (info->attrs[NL80211_ATTR_PMK]) {
8989 		if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8990 			return -EINVAL;
8991 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
8992 					     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
8993 			return -EINVAL;
8994 		settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8995 	}
8996 
8997 	if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
8998 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
8999 					     NL80211_EXT_FEATURE_SAE_OFFLOAD))
9000 			return -EINVAL;
9001 		settings->sae_pwd =
9002 			nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9003 		settings->sae_pwd_len =
9004 			nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
9005 	}
9006 
9007 	return 0;
9008 }
9009 
9010 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
9011 {
9012 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9013 	struct net_device *dev = info->user_ptr[1];
9014 	struct ieee80211_channel *chan;
9015 	struct cfg80211_assoc_request req = {};
9016 	const u8 *bssid, *ssid;
9017 	int err, ssid_len = 0;
9018 
9019 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9020 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9021 		return -EPERM;
9022 
9023 	if (!info->attrs[NL80211_ATTR_MAC] ||
9024 	    !info->attrs[NL80211_ATTR_SSID] ||
9025 	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
9026 		return -EINVAL;
9027 
9028 	if (!rdev->ops->assoc)
9029 		return -EOPNOTSUPP;
9030 
9031 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9032 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9033 		return -EOPNOTSUPP;
9034 
9035 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9036 
9037 	chan = nl80211_get_valid_chan(&rdev->wiphy,
9038 				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9039 	if (!chan)
9040 		return -EINVAL;
9041 
9042 	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9043 	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9044 
9045 	if (info->attrs[NL80211_ATTR_IE]) {
9046 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9047 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9048 	}
9049 
9050 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9051 		enum nl80211_mfp mfp =
9052 			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9053 		if (mfp == NL80211_MFP_REQUIRED)
9054 			req.use_mfp = true;
9055 		else if (mfp != NL80211_MFP_NO)
9056 			return -EINVAL;
9057 	}
9058 
9059 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9060 		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9061 
9062 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9063 		req.flags |= ASSOC_REQ_DISABLE_HT;
9064 
9065 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9066 		memcpy(&req.ht_capa_mask,
9067 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9068 		       sizeof(req.ht_capa_mask));
9069 
9070 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9071 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9072 			return -EINVAL;
9073 		memcpy(&req.ht_capa,
9074 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9075 		       sizeof(req.ht_capa));
9076 	}
9077 
9078 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9079 		req.flags |= ASSOC_REQ_DISABLE_VHT;
9080 
9081 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9082 		memcpy(&req.vht_capa_mask,
9083 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9084 		       sizeof(req.vht_capa_mask));
9085 
9086 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9087 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9088 			return -EINVAL;
9089 		memcpy(&req.vht_capa,
9090 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9091 		       sizeof(req.vht_capa));
9092 	}
9093 
9094 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9095 		if (!((rdev->wiphy.features &
9096 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9097 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9098 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9099 					     NL80211_EXT_FEATURE_RRM))
9100 			return -EINVAL;
9101 		req.flags |= ASSOC_REQ_USE_RRM;
9102 	}
9103 
9104 	if (info->attrs[NL80211_ATTR_FILS_KEK]) {
9105 		req.fils_kek = nla_data(info->attrs[NL80211_ATTR_FILS_KEK]);
9106 		req.fils_kek_len = nla_len(info->attrs[NL80211_ATTR_FILS_KEK]);
9107 		if (!info->attrs[NL80211_ATTR_FILS_NONCES])
9108 			return -EINVAL;
9109 		req.fils_nonces =
9110 			nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
9111 	}
9112 
9113 	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
9114 	if (!err) {
9115 		wdev_lock(dev->ieee80211_ptr);
9116 
9117 		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
9118 					  ssid, ssid_len, &req);
9119 
9120 		if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9121 			dev->ieee80211_ptr->conn_owner_nlportid =
9122 				info->snd_portid;
9123 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
9124 			       bssid, ETH_ALEN);
9125 		}
9126 
9127 		wdev_unlock(dev->ieee80211_ptr);
9128 	}
9129 
9130 	return err;
9131 }
9132 
9133 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
9134 {
9135 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9136 	struct net_device *dev = info->user_ptr[1];
9137 	const u8 *ie = NULL, *bssid;
9138 	int ie_len = 0, err;
9139 	u16 reason_code;
9140 	bool local_state_change;
9141 
9142 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9143 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9144 		return -EPERM;
9145 
9146 	if (!info->attrs[NL80211_ATTR_MAC])
9147 		return -EINVAL;
9148 
9149 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9150 		return -EINVAL;
9151 
9152 	if (!rdev->ops->deauth)
9153 		return -EOPNOTSUPP;
9154 
9155 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9156 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9157 		return -EOPNOTSUPP;
9158 
9159 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9160 
9161 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9162 	if (reason_code == 0) {
9163 		/* Reason Code 0 is reserved */
9164 		return -EINVAL;
9165 	}
9166 
9167 	if (info->attrs[NL80211_ATTR_IE]) {
9168 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9169 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9170 	}
9171 
9172 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9173 
9174 	wdev_lock(dev->ieee80211_ptr);
9175 	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
9176 				   local_state_change);
9177 	wdev_unlock(dev->ieee80211_ptr);
9178 	return err;
9179 }
9180 
9181 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
9182 {
9183 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9184 	struct net_device *dev = info->user_ptr[1];
9185 	const u8 *ie = NULL, *bssid;
9186 	int ie_len = 0, err;
9187 	u16 reason_code;
9188 	bool local_state_change;
9189 
9190 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
9191 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
9192 		return -EPERM;
9193 
9194 	if (!info->attrs[NL80211_ATTR_MAC])
9195 		return -EINVAL;
9196 
9197 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
9198 		return -EINVAL;
9199 
9200 	if (!rdev->ops->disassoc)
9201 		return -EOPNOTSUPP;
9202 
9203 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9204 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9205 		return -EOPNOTSUPP;
9206 
9207 	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9208 
9209 	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
9210 	if (reason_code == 0) {
9211 		/* Reason Code 0 is reserved */
9212 		return -EINVAL;
9213 	}
9214 
9215 	if (info->attrs[NL80211_ATTR_IE]) {
9216 		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9217 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9218 	}
9219 
9220 	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
9221 
9222 	wdev_lock(dev->ieee80211_ptr);
9223 	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
9224 				     local_state_change);
9225 	wdev_unlock(dev->ieee80211_ptr);
9226 	return err;
9227 }
9228 
9229 static bool
9230 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
9231 			 int mcast_rate[NUM_NL80211_BANDS],
9232 			 int rateval)
9233 {
9234 	struct wiphy *wiphy = &rdev->wiphy;
9235 	bool found = false;
9236 	int band, i;
9237 
9238 	for (band = 0; band < NUM_NL80211_BANDS; band++) {
9239 		struct ieee80211_supported_band *sband;
9240 
9241 		sband = wiphy->bands[band];
9242 		if (!sband)
9243 			continue;
9244 
9245 		for (i = 0; i < sband->n_bitrates; i++) {
9246 			if (sband->bitrates[i].bitrate == rateval) {
9247 				mcast_rate[band] = i + 1;
9248 				found = true;
9249 				break;
9250 			}
9251 		}
9252 	}
9253 
9254 	return found;
9255 }
9256 
9257 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
9258 {
9259 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9260 	struct net_device *dev = info->user_ptr[1];
9261 	struct cfg80211_ibss_params ibss;
9262 	struct wiphy *wiphy;
9263 	struct cfg80211_cached_keys *connkeys = NULL;
9264 	int err;
9265 
9266 	memset(&ibss, 0, sizeof(ibss));
9267 
9268 	if (!info->attrs[NL80211_ATTR_SSID] ||
9269 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9270 		return -EINVAL;
9271 
9272 	ibss.beacon_interval = 100;
9273 
9274 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL])
9275 		ibss.beacon_interval =
9276 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
9277 
9278 	err = cfg80211_validate_beacon_int(rdev, NL80211_IFTYPE_ADHOC,
9279 					   ibss.beacon_interval);
9280 	if (err)
9281 		return err;
9282 
9283 	if (!rdev->ops->join_ibss)
9284 		return -EOPNOTSUPP;
9285 
9286 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9287 		return -EOPNOTSUPP;
9288 
9289 	wiphy = &rdev->wiphy;
9290 
9291 	if (info->attrs[NL80211_ATTR_MAC]) {
9292 		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9293 
9294 		if (!is_valid_ether_addr(ibss.bssid))
9295 			return -EINVAL;
9296 	}
9297 	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9298 	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9299 
9300 	if (info->attrs[NL80211_ATTR_IE]) {
9301 		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9302 		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9303 	}
9304 
9305 	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
9306 	if (err)
9307 		return err;
9308 
9309 	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
9310 				     NL80211_IFTYPE_ADHOC))
9311 		return -EINVAL;
9312 
9313 	switch (ibss.chandef.width) {
9314 	case NL80211_CHAN_WIDTH_5:
9315 	case NL80211_CHAN_WIDTH_10:
9316 	case NL80211_CHAN_WIDTH_20_NOHT:
9317 		break;
9318 	case NL80211_CHAN_WIDTH_20:
9319 	case NL80211_CHAN_WIDTH_40:
9320 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9321 			return -EINVAL;
9322 		break;
9323 	case NL80211_CHAN_WIDTH_80:
9324 	case NL80211_CHAN_WIDTH_80P80:
9325 	case NL80211_CHAN_WIDTH_160:
9326 		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
9327 			return -EINVAL;
9328 		if (!wiphy_ext_feature_isset(&rdev->wiphy,
9329 					     NL80211_EXT_FEATURE_VHT_IBSS))
9330 			return -EINVAL;
9331 		break;
9332 	default:
9333 		return -EINVAL;
9334 	}
9335 
9336 	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
9337 	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
9338 
9339 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
9340 		u8 *rates =
9341 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9342 		int n_rates =
9343 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
9344 		struct ieee80211_supported_band *sband =
9345 			wiphy->bands[ibss.chandef.chan->band];
9346 
9347 		err = ieee80211_get_ratemask(sband, rates, n_rates,
9348 					     &ibss.basic_rates);
9349 		if (err)
9350 			return err;
9351 	}
9352 
9353 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9354 		memcpy(&ibss.ht_capa_mask,
9355 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9356 		       sizeof(ibss.ht_capa_mask));
9357 
9358 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9359 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9360 			return -EINVAL;
9361 		memcpy(&ibss.ht_capa,
9362 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9363 		       sizeof(ibss.ht_capa));
9364 	}
9365 
9366 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
9367 	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
9368 			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
9369 		return -EINVAL;
9370 
9371 	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9372 		bool no_ht = false;
9373 
9374 		connkeys = nl80211_parse_connkeys(rdev, info, &no_ht);
9375 		if (IS_ERR(connkeys))
9376 			return PTR_ERR(connkeys);
9377 
9378 		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9379 		    no_ht) {
9380 			kzfree(connkeys);
9381 			return -EINVAL;
9382 		}
9383 	}
9384 
9385 	ibss.control_port =
9386 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
9387 
9388 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
9389 		int r = validate_pae_over_nl80211(rdev, info);
9390 
9391 		if (r < 0) {
9392 			kzfree(connkeys);
9393 			return r;
9394 		}
9395 
9396 		ibss.control_port_over_nl80211 = true;
9397 	}
9398 
9399 	ibss.userspace_handles_dfs =
9400 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
9401 
9402 	wdev_lock(dev->ieee80211_ptr);
9403 	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9404 	if (err)
9405 		kzfree(connkeys);
9406 	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9407 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9408 	wdev_unlock(dev->ieee80211_ptr);
9409 
9410 	return err;
9411 }
9412 
9413 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
9414 {
9415 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9416 	struct net_device *dev = info->user_ptr[1];
9417 
9418 	if (!rdev->ops->leave_ibss)
9419 		return -EOPNOTSUPP;
9420 
9421 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
9422 		return -EOPNOTSUPP;
9423 
9424 	return cfg80211_leave_ibss(rdev, dev, false);
9425 }
9426 
9427 static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
9428 {
9429 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9430 	struct net_device *dev = info->user_ptr[1];
9431 	int mcast_rate[NUM_NL80211_BANDS];
9432 	u32 nla_rate;
9433 	int err;
9434 
9435 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
9436 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
9437 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_OCB)
9438 		return -EOPNOTSUPP;
9439 
9440 	if (!rdev->ops->set_mcast_rate)
9441 		return -EOPNOTSUPP;
9442 
9443 	memset(mcast_rate, 0, sizeof(mcast_rate));
9444 
9445 	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
9446 		return -EINVAL;
9447 
9448 	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
9449 	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
9450 		return -EINVAL;
9451 
9452 	err = rdev_set_mcast_rate(rdev, dev, mcast_rate);
9453 
9454 	return err;
9455 }
9456 
9457 static struct sk_buff *
9458 __cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
9459 			    struct wireless_dev *wdev, int approxlen,
9460 			    u32 portid, u32 seq, enum nl80211_commands cmd,
9461 			    enum nl80211_attrs attr,
9462 			    const struct nl80211_vendor_cmd_info *info,
9463 			    gfp_t gfp)
9464 {
9465 	struct sk_buff *skb;
9466 	void *hdr;
9467 	struct nlattr *data;
9468 
9469 	skb = nlmsg_new(approxlen + 100, gfp);
9470 	if (!skb)
9471 		return NULL;
9472 
9473 	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
9474 	if (!hdr) {
9475 		kfree_skb(skb);
9476 		return NULL;
9477 	}
9478 
9479 	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
9480 		goto nla_put_failure;
9481 
9482 	if (info) {
9483 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
9484 				info->vendor_id))
9485 			goto nla_put_failure;
9486 		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
9487 				info->subcmd))
9488 			goto nla_put_failure;
9489 	}
9490 
9491 	if (wdev) {
9492 		if (nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
9493 				      wdev_id(wdev), NL80211_ATTR_PAD))
9494 			goto nla_put_failure;
9495 		if (wdev->netdev &&
9496 		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
9497 				wdev->netdev->ifindex))
9498 			goto nla_put_failure;
9499 	}
9500 
9501 	data = nla_nest_start_noflag(skb, attr);
9502 	if (!data)
9503 		goto nla_put_failure;
9504 
9505 	((void **)skb->cb)[0] = rdev;
9506 	((void **)skb->cb)[1] = hdr;
9507 	((void **)skb->cb)[2] = data;
9508 
9509 	return skb;
9510 
9511  nla_put_failure:
9512 	kfree_skb(skb);
9513 	return NULL;
9514 }
9515 
9516 struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
9517 					   struct wireless_dev *wdev,
9518 					   enum nl80211_commands cmd,
9519 					   enum nl80211_attrs attr,
9520 					   unsigned int portid,
9521 					   int vendor_event_idx,
9522 					   int approxlen, gfp_t gfp)
9523 {
9524 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9525 	const struct nl80211_vendor_cmd_info *info;
9526 
9527 	switch (cmd) {
9528 	case NL80211_CMD_TESTMODE:
9529 		if (WARN_ON(vendor_event_idx != -1))
9530 			return NULL;
9531 		info = NULL;
9532 		break;
9533 	case NL80211_CMD_VENDOR:
9534 		if (WARN_ON(vendor_event_idx < 0 ||
9535 			    vendor_event_idx >= wiphy->n_vendor_events))
9536 			return NULL;
9537 		info = &wiphy->vendor_events[vendor_event_idx];
9538 		break;
9539 	default:
9540 		WARN_ON(1);
9541 		return NULL;
9542 	}
9543 
9544 	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9545 					   cmd, attr, info, gfp);
9546 }
9547 EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
9548 
9549 void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
9550 {
9551 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9552 	void *hdr = ((void **)skb->cb)[1];
9553 	struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9554 	struct nlattr *data = ((void **)skb->cb)[2];
9555 	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9556 
9557 	/* clear CB data for netlink core to own from now on */
9558 	memset(skb->cb, 0, sizeof(skb->cb));
9559 
9560 	nla_nest_end(skb, data);
9561 	genlmsg_end(skb, hdr);
9562 
9563 	if (nlhdr->nlmsg_pid) {
9564 		genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
9565 				nlhdr->nlmsg_pid);
9566 	} else {
9567 		if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9568 			mcgrp = NL80211_MCGRP_VENDOR;
9569 
9570 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
9571 					skb, 0, mcgrp, gfp);
9572 	}
9573 }
9574 EXPORT_SYMBOL(__cfg80211_send_event_skb);
9575 
9576 #ifdef CONFIG_NL80211_TESTMODE
9577 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
9578 {
9579 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9580 	struct wireless_dev *wdev =
9581 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9582 	int err;
9583 
9584 	if (!rdev->ops->testmode_cmd)
9585 		return -EOPNOTSUPP;
9586 
9587 	if (IS_ERR(wdev)) {
9588 		err = PTR_ERR(wdev);
9589 		if (err != -EINVAL)
9590 			return err;
9591 		wdev = NULL;
9592 	} else if (wdev->wiphy != &rdev->wiphy) {
9593 		return -EINVAL;
9594 	}
9595 
9596 	if (!info->attrs[NL80211_ATTR_TESTDATA])
9597 		return -EINVAL;
9598 
9599 	rdev->cur_cmd_info = info;
9600 	err = rdev_testmode_cmd(rdev, wdev,
9601 				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
9602 				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
9603 	rdev->cur_cmd_info = NULL;
9604 
9605 	return err;
9606 }
9607 
9608 static int nl80211_testmode_dump(struct sk_buff *skb,
9609 				 struct netlink_callback *cb)
9610 {
9611 	struct cfg80211_registered_device *rdev;
9612 	int err;
9613 	long phy_idx;
9614 	void *data = NULL;
9615 	int data_len = 0;
9616 
9617 	rtnl_lock();
9618 
9619 	if (cb->args[0]) {
9620 		/*
9621 		 * 0 is a valid index, but not valid for args[0],
9622 		 * so we need to offset by 1.
9623 		 */
9624 		phy_idx = cb->args[0] - 1;
9625 
9626 		rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
9627 		if (!rdev) {
9628 			err = -ENOENT;
9629 			goto out_err;
9630 		}
9631 	} else {
9632 		struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
9633 
9634 		err = nlmsg_parse_deprecated(cb->nlh,
9635 					     GENL_HDRLEN + nl80211_fam.hdrsize,
9636 					     attrbuf, nl80211_fam.maxattr,
9637 					     nl80211_policy, NULL);
9638 		if (err)
9639 			goto out_err;
9640 
9641 		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
9642 		if (IS_ERR(rdev)) {
9643 			err = PTR_ERR(rdev);
9644 			goto out_err;
9645 		}
9646 		phy_idx = rdev->wiphy_idx;
9647 
9648 		if (attrbuf[NL80211_ATTR_TESTDATA])
9649 			cb->args[1] = (long)attrbuf[NL80211_ATTR_TESTDATA];
9650 	}
9651 
9652 	if (cb->args[1]) {
9653 		data = nla_data((void *)cb->args[1]);
9654 		data_len = nla_len((void *)cb->args[1]);
9655 	}
9656 
9657 	if (!rdev->ops->testmode_dump) {
9658 		err = -EOPNOTSUPP;
9659 		goto out_err;
9660 	}
9661 
9662 	while (1) {
9663 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
9664 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
9665 					   NL80211_CMD_TESTMODE);
9666 		struct nlattr *tmdata;
9667 
9668 		if (!hdr)
9669 			break;
9670 
9671 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
9672 			genlmsg_cancel(skb, hdr);
9673 			break;
9674 		}
9675 
9676 		tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
9677 		if (!tmdata) {
9678 			genlmsg_cancel(skb, hdr);
9679 			break;
9680 		}
9681 		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
9682 		nla_nest_end(skb, tmdata);
9683 
9684 		if (err == -ENOBUFS || err == -ENOENT) {
9685 			genlmsg_cancel(skb, hdr);
9686 			break;
9687 		} else if (err) {
9688 			genlmsg_cancel(skb, hdr);
9689 			goto out_err;
9690 		}
9691 
9692 		genlmsg_end(skb, hdr);
9693 	}
9694 
9695 	err = skb->len;
9696 	/* see above */
9697 	cb->args[0] = phy_idx + 1;
9698  out_err:
9699 	rtnl_unlock();
9700 	return err;
9701 }
9702 #endif
9703 
9704 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
9705 {
9706 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9707 	struct net_device *dev = info->user_ptr[1];
9708 	struct cfg80211_connect_params connect;
9709 	struct wiphy *wiphy;
9710 	struct cfg80211_cached_keys *connkeys = NULL;
9711 	int err;
9712 
9713 	memset(&connect, 0, sizeof(connect));
9714 
9715 	if (!info->attrs[NL80211_ATTR_SSID] ||
9716 	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
9717 		return -EINVAL;
9718 
9719 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9720 		connect.auth_type =
9721 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9722 		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
9723 					     NL80211_CMD_CONNECT))
9724 			return -EINVAL;
9725 	} else
9726 		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
9727 
9728 	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
9729 
9730 	if (info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS] &&
9731 	    !wiphy_ext_feature_isset(&rdev->wiphy,
9732 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
9733 		return -EINVAL;
9734 	connect.want_1x = info->attrs[NL80211_ATTR_WANT_1X_4WAY_HS];
9735 
9736 	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
9737 				      NL80211_MAX_NR_CIPHER_SUITES);
9738 	if (err)
9739 		return err;
9740 
9741 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9742 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
9743 		return -EOPNOTSUPP;
9744 
9745 	wiphy = &rdev->wiphy;
9746 
9747 	connect.bg_scan_period = -1;
9748 	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
9749 		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
9750 		connect.bg_scan_period =
9751 			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
9752 	}
9753 
9754 	if (info->attrs[NL80211_ATTR_MAC])
9755 		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
9756 	else if (info->attrs[NL80211_ATTR_MAC_HINT])
9757 		connect.bssid_hint =
9758 			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
9759 	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
9760 	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
9761 
9762 	if (info->attrs[NL80211_ATTR_IE]) {
9763 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9764 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9765 	}
9766 
9767 	if (info->attrs[NL80211_ATTR_USE_MFP]) {
9768 		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
9769 		if (connect.mfp == NL80211_MFP_OPTIONAL &&
9770 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9771 					     NL80211_EXT_FEATURE_MFP_OPTIONAL))
9772 			return -EOPNOTSUPP;
9773 	} else {
9774 		connect.mfp = NL80211_MFP_NO;
9775 	}
9776 
9777 	if (info->attrs[NL80211_ATTR_PREV_BSSID])
9778 		connect.prev_bssid =
9779 			nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9780 
9781 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9782 		connect.channel = nl80211_get_valid_chan(
9783 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
9784 		if (!connect.channel)
9785 			return -EINVAL;
9786 	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9787 		connect.channel_hint = nl80211_get_valid_chan(
9788 			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
9789 		if (!connect.channel_hint)
9790 			return -EINVAL;
9791 	}
9792 
9793 	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
9794 		connkeys = nl80211_parse_connkeys(rdev, info, NULL);
9795 		if (IS_ERR(connkeys))
9796 			return PTR_ERR(connkeys);
9797 	}
9798 
9799 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
9800 		connect.flags |= ASSOC_REQ_DISABLE_HT;
9801 
9802 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
9803 		memcpy(&connect.ht_capa_mask,
9804 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
9805 		       sizeof(connect.ht_capa_mask));
9806 
9807 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9808 		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9809 			kzfree(connkeys);
9810 			return -EINVAL;
9811 		}
9812 		memcpy(&connect.ht_capa,
9813 		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
9814 		       sizeof(connect.ht_capa));
9815 	}
9816 
9817 	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
9818 		connect.flags |= ASSOC_REQ_DISABLE_VHT;
9819 
9820 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
9821 		memcpy(&connect.vht_capa_mask,
9822 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
9823 		       sizeof(connect.vht_capa_mask));
9824 
9825 	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9826 		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9827 			kzfree(connkeys);
9828 			return -EINVAL;
9829 		}
9830 		memcpy(&connect.vht_capa,
9831 		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
9832 		       sizeof(connect.vht_capa));
9833 	}
9834 
9835 	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
9836 		if (!((rdev->wiphy.features &
9837 			NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) &&
9838 		       (rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9839 		    !wiphy_ext_feature_isset(&rdev->wiphy,
9840 					     NL80211_EXT_FEATURE_RRM)) {
9841 			kzfree(connkeys);
9842 			return -EINVAL;
9843 		}
9844 		connect.flags |= ASSOC_REQ_USE_RRM;
9845 	}
9846 
9847 	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9848 	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9849 		kzfree(connkeys);
9850 		return -EOPNOTSUPP;
9851 	}
9852 
9853 	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9854 		/* bss selection makes no sense if bssid is set */
9855 		if (connect.bssid) {
9856 			kzfree(connkeys);
9857 			return -EINVAL;
9858 		}
9859 
9860 		err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9861 				       wiphy, &connect.bss_select);
9862 		if (err) {
9863 			kzfree(connkeys);
9864 			return err;
9865 		}
9866 	}
9867 
9868 	if (wiphy_ext_feature_isset(&rdev->wiphy,
9869 				    NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
9870 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9871 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9872 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9873 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9874 		connect.fils_erp_username =
9875 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9876 		connect.fils_erp_username_len =
9877 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9878 		connect.fils_erp_realm =
9879 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9880 		connect.fils_erp_realm_len =
9881 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9882 		connect.fils_erp_next_seq_num =
9883 			nla_get_u16(
9884 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9885 		connect.fils_erp_rrk =
9886 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9887 		connect.fils_erp_rrk_len =
9888 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9889 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9890 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9891 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9892 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9893 		kzfree(connkeys);
9894 		return -EINVAL;
9895 	}
9896 
9897 	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
9898 		if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9899 			kzfree(connkeys);
9900 			GENL_SET_ERR_MSG(info,
9901 					 "external auth requires connection ownership");
9902 			return -EINVAL;
9903 		}
9904 		connect.flags |= CONNECT_REQ_EXTERNAL_AUTH_SUPPORT;
9905 	}
9906 
9907 	wdev_lock(dev->ieee80211_ptr);
9908 
9909 	err = cfg80211_connect(rdev, dev, &connect, connkeys,
9910 			       connect.prev_bssid);
9911 	if (err)
9912 		kzfree(connkeys);
9913 
9914 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9915 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9916 		if (connect.bssid)
9917 			memcpy(dev->ieee80211_ptr->disconnect_bssid,
9918 			       connect.bssid, ETH_ALEN);
9919 		else
9920 			memset(dev->ieee80211_ptr->disconnect_bssid,
9921 			       0, ETH_ALEN);
9922 	}
9923 
9924 	wdev_unlock(dev->ieee80211_ptr);
9925 
9926 	return err;
9927 }
9928 
9929 static int nl80211_update_connect_params(struct sk_buff *skb,
9930 					 struct genl_info *info)
9931 {
9932 	struct cfg80211_connect_params connect = {};
9933 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9934 	struct net_device *dev = info->user_ptr[1];
9935 	struct wireless_dev *wdev = dev->ieee80211_ptr;
9936 	bool fils_sk_offload;
9937 	u32 auth_type;
9938 	u32 changed = 0;
9939 	int ret;
9940 
9941 	if (!rdev->ops->update_connect_params)
9942 		return -EOPNOTSUPP;
9943 
9944 	if (info->attrs[NL80211_ATTR_IE]) {
9945 		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9946 		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9947 		changed |= UPDATE_ASSOC_IES;
9948 	}
9949 
9950 	fils_sk_offload = wiphy_ext_feature_isset(&rdev->wiphy,
9951 						  NL80211_EXT_FEATURE_FILS_SK_OFFLOAD);
9952 
9953 	/*
9954 	 * when driver supports fils-sk offload all attributes must be
9955 	 * provided. So the else covers "fils-sk-not-all" and
9956 	 * "no-fils-sk-any".
9957 	 */
9958 	if (fils_sk_offload &&
9959 	    info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] &&
9960 	    info->attrs[NL80211_ATTR_FILS_ERP_REALM] &&
9961 	    info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] &&
9962 	    info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9963 		connect.fils_erp_username =
9964 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9965 		connect.fils_erp_username_len =
9966 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_USERNAME]);
9967 		connect.fils_erp_realm =
9968 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9969 		connect.fils_erp_realm_len =
9970 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_REALM]);
9971 		connect.fils_erp_next_seq_num =
9972 			nla_get_u16(
9973 			   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM]);
9974 		connect.fils_erp_rrk =
9975 			nla_data(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9976 		connect.fils_erp_rrk_len =
9977 			nla_len(info->attrs[NL80211_ATTR_FILS_ERP_RRK]);
9978 		changed |= UPDATE_FILS_ERP_INFO;
9979 	} else if (info->attrs[NL80211_ATTR_FILS_ERP_USERNAME] ||
9980 		   info->attrs[NL80211_ATTR_FILS_ERP_REALM] ||
9981 		   info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] ||
9982 		   info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9983 		return -EINVAL;
9984 	}
9985 
9986 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
9987 		auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
9988 		if (!nl80211_valid_auth_type(rdev, auth_type,
9989 					     NL80211_CMD_CONNECT))
9990 			return -EINVAL;
9991 
9992 		if (auth_type == NL80211_AUTHTYPE_FILS_SK &&
9993 		    fils_sk_offload && !(changed & UPDATE_FILS_ERP_INFO))
9994 			return -EINVAL;
9995 
9996 		connect.auth_type = auth_type;
9997 		changed |= UPDATE_AUTH_TYPE;
9998 	}
9999 
10000 	wdev_lock(dev->ieee80211_ptr);
10001 	if (!wdev->current_bss)
10002 		ret = -ENOLINK;
10003 	else
10004 		ret = rdev_update_connect_params(rdev, dev, &connect, changed);
10005 	wdev_unlock(dev->ieee80211_ptr);
10006 
10007 	return ret;
10008 }
10009 
10010 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
10011 {
10012 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10013 	struct net_device *dev = info->user_ptr[1];
10014 	u16 reason;
10015 	int ret;
10016 
10017 	if (dev->ieee80211_ptr->conn_owner_nlportid &&
10018 	    dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
10019 		return -EPERM;
10020 
10021 	if (!info->attrs[NL80211_ATTR_REASON_CODE])
10022 		reason = WLAN_REASON_DEAUTH_LEAVING;
10023 	else
10024 		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
10025 
10026 	if (reason == 0)
10027 		return -EINVAL;
10028 
10029 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10030 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10031 		return -EOPNOTSUPP;
10032 
10033 	wdev_lock(dev->ieee80211_ptr);
10034 	ret = cfg80211_disconnect(rdev, dev, reason, true);
10035 	wdev_unlock(dev->ieee80211_ptr);
10036 	return ret;
10037 }
10038 
10039 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
10040 {
10041 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10042 	struct net *net;
10043 	int err;
10044 
10045 	if (info->attrs[NL80211_ATTR_PID]) {
10046 		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
10047 
10048 		net = get_net_ns_by_pid(pid);
10049 	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
10050 		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
10051 
10052 		net = get_net_ns_by_fd(fd);
10053 	} else {
10054 		return -EINVAL;
10055 	}
10056 
10057 	if (IS_ERR(net))
10058 		return PTR_ERR(net);
10059 
10060 	err = 0;
10061 
10062 	/* check if anything to do */
10063 	if (!net_eq(wiphy_net(&rdev->wiphy), net))
10064 		err = cfg80211_switch_netns(rdev, net);
10065 
10066 	put_net(net);
10067 	return err;
10068 }
10069 
10070 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
10071 {
10072 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10073 	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
10074 			struct cfg80211_pmksa *pmksa) = NULL;
10075 	struct net_device *dev = info->user_ptr[1];
10076 	struct cfg80211_pmksa pmksa;
10077 
10078 	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
10079 
10080 	if (!info->attrs[NL80211_ATTR_PMKID])
10081 		return -EINVAL;
10082 
10083 	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
10084 
10085 	if (info->attrs[NL80211_ATTR_MAC]) {
10086 		pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
10087 	} else if (info->attrs[NL80211_ATTR_SSID] &&
10088 		   info->attrs[NL80211_ATTR_FILS_CACHE_ID] &&
10089 		   (info->genlhdr->cmd == NL80211_CMD_DEL_PMKSA ||
10090 		    info->attrs[NL80211_ATTR_PMK])) {
10091 		pmksa.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
10092 		pmksa.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
10093 		pmksa.cache_id =
10094 			nla_data(info->attrs[NL80211_ATTR_FILS_CACHE_ID]);
10095 	} else {
10096 		return -EINVAL;
10097 	}
10098 	if (info->attrs[NL80211_ATTR_PMK]) {
10099 		pmksa.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
10100 		pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
10101 	}
10102 
10103 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10104 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
10105 	    !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
10106 	      wiphy_ext_feature_isset(&rdev->wiphy,
10107 				      NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
10108 		return -EOPNOTSUPP;
10109 
10110 	switch (info->genlhdr->cmd) {
10111 	case NL80211_CMD_SET_PMKSA:
10112 		rdev_ops = rdev->ops->set_pmksa;
10113 		break;
10114 	case NL80211_CMD_DEL_PMKSA:
10115 		rdev_ops = rdev->ops->del_pmksa;
10116 		break;
10117 	default:
10118 		WARN_ON(1);
10119 		break;
10120 	}
10121 
10122 	if (!rdev_ops)
10123 		return -EOPNOTSUPP;
10124 
10125 	return rdev_ops(&rdev->wiphy, dev, &pmksa);
10126 }
10127 
10128 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
10129 {
10130 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10131 	struct net_device *dev = info->user_ptr[1];
10132 
10133 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
10134 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
10135 		return -EOPNOTSUPP;
10136 
10137 	if (!rdev->ops->flush_pmksa)
10138 		return -EOPNOTSUPP;
10139 
10140 	return rdev_flush_pmksa(rdev, dev);
10141 }
10142 
10143 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
10144 {
10145 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10146 	struct net_device *dev = info->user_ptr[1];
10147 	u8 action_code, dialog_token;
10148 	u32 peer_capability = 0;
10149 	u16 status_code;
10150 	u8 *peer;
10151 	bool initiator;
10152 
10153 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10154 	    !rdev->ops->tdls_mgmt)
10155 		return -EOPNOTSUPP;
10156 
10157 	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
10158 	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
10159 	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
10160 	    !info->attrs[NL80211_ATTR_IE] ||
10161 	    !info->attrs[NL80211_ATTR_MAC])
10162 		return -EINVAL;
10163 
10164 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10165 	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
10166 	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
10167 	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
10168 	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
10169 	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
10170 		peer_capability =
10171 			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
10172 
10173 	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
10174 			      dialog_token, status_code, peer_capability,
10175 			      initiator,
10176 			      nla_data(info->attrs[NL80211_ATTR_IE]),
10177 			      nla_len(info->attrs[NL80211_ATTR_IE]));
10178 }
10179 
10180 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
10181 {
10182 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10183 	struct net_device *dev = info->user_ptr[1];
10184 	enum nl80211_tdls_operation operation;
10185 	u8 *peer;
10186 
10187 	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
10188 	    !rdev->ops->tdls_oper)
10189 		return -EOPNOTSUPP;
10190 
10191 	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
10192 	    !info->attrs[NL80211_ATTR_MAC])
10193 		return -EINVAL;
10194 
10195 	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
10196 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10197 
10198 	return rdev_tdls_oper(rdev, dev, peer, operation);
10199 }
10200 
10201 static int nl80211_remain_on_channel(struct sk_buff *skb,
10202 				     struct genl_info *info)
10203 {
10204 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10205 	struct wireless_dev *wdev = info->user_ptr[1];
10206 	struct cfg80211_chan_def chandef;
10207 	const struct cfg80211_chan_def *compat_chandef;
10208 	struct sk_buff *msg;
10209 	void *hdr;
10210 	u64 cookie;
10211 	u32 duration;
10212 	int err;
10213 
10214 	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
10215 	    !info->attrs[NL80211_ATTR_DURATION])
10216 		return -EINVAL;
10217 
10218 	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10219 
10220 	if (!rdev->ops->remain_on_channel ||
10221 	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
10222 		return -EOPNOTSUPP;
10223 
10224 	/*
10225 	 * We should be on that channel for at least a minimum amount of
10226 	 * time (10ms) but no longer than the driver supports.
10227 	 */
10228 	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10229 	    duration > rdev->wiphy.max_remain_on_channel_duration)
10230 		return -EINVAL;
10231 
10232 	err = nl80211_parse_chandef(rdev, info, &chandef);
10233 	if (err)
10234 		return err;
10235 
10236 	wdev_lock(wdev);
10237 	if (!cfg80211_off_channel_oper_allowed(wdev) &&
10238 	    !cfg80211_chandef_identical(&wdev->chandef, &chandef)) {
10239 		compat_chandef = cfg80211_chandef_compatible(&wdev->chandef,
10240 							     &chandef);
10241 		if (compat_chandef != &chandef) {
10242 			wdev_unlock(wdev);
10243 			return -EBUSY;
10244 		}
10245 	}
10246 	wdev_unlock(wdev);
10247 
10248 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10249 	if (!msg)
10250 		return -ENOMEM;
10251 
10252 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10253 			     NL80211_CMD_REMAIN_ON_CHANNEL);
10254 	if (!hdr) {
10255 		err = -ENOBUFS;
10256 		goto free_msg;
10257 	}
10258 
10259 	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
10260 				     duration, &cookie);
10261 
10262 	if (err)
10263 		goto free_msg;
10264 
10265 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10266 			      NL80211_ATTR_PAD))
10267 		goto nla_put_failure;
10268 
10269 	genlmsg_end(msg, hdr);
10270 
10271 	return genlmsg_reply(msg, info);
10272 
10273  nla_put_failure:
10274 	err = -ENOBUFS;
10275  free_msg:
10276 	nlmsg_free(msg);
10277 	return err;
10278 }
10279 
10280 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
10281 					    struct genl_info *info)
10282 {
10283 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10284 	struct wireless_dev *wdev = info->user_ptr[1];
10285 	u64 cookie;
10286 
10287 	if (!info->attrs[NL80211_ATTR_COOKIE])
10288 		return -EINVAL;
10289 
10290 	if (!rdev->ops->cancel_remain_on_channel)
10291 		return -EOPNOTSUPP;
10292 
10293 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10294 
10295 	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
10296 }
10297 
10298 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
10299 				       struct genl_info *info)
10300 {
10301 	struct cfg80211_bitrate_mask mask;
10302 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10303 	struct net_device *dev = info->user_ptr[1];
10304 	int err;
10305 
10306 	if (!rdev->ops->set_bitrate_mask)
10307 		return -EOPNOTSUPP;
10308 
10309 	err = nl80211_parse_tx_bitrate_mask(info, &mask);
10310 	if (err)
10311 		return err;
10312 
10313 	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
10314 }
10315 
10316 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
10317 {
10318 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10319 	struct wireless_dev *wdev = info->user_ptr[1];
10320 	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
10321 
10322 	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
10323 		return -EINVAL;
10324 
10325 	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
10326 		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
10327 
10328 	switch (wdev->iftype) {
10329 	case NL80211_IFTYPE_STATION:
10330 	case NL80211_IFTYPE_ADHOC:
10331 	case NL80211_IFTYPE_P2P_CLIENT:
10332 	case NL80211_IFTYPE_AP:
10333 	case NL80211_IFTYPE_AP_VLAN:
10334 	case NL80211_IFTYPE_MESH_POINT:
10335 	case NL80211_IFTYPE_P2P_GO:
10336 	case NL80211_IFTYPE_P2P_DEVICE:
10337 		break;
10338 	case NL80211_IFTYPE_NAN:
10339 	default:
10340 		return -EOPNOTSUPP;
10341 	}
10342 
10343 	/* not much point in registering if we can't reply */
10344 	if (!rdev->ops->mgmt_tx)
10345 		return -EOPNOTSUPP;
10346 
10347 	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10348 			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10349 			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
10350 }
10351 
10352 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
10353 {
10354 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10355 	struct wireless_dev *wdev = info->user_ptr[1];
10356 	struct cfg80211_chan_def chandef;
10357 	int err;
10358 	void *hdr = NULL;
10359 	u64 cookie;
10360 	struct sk_buff *msg = NULL;
10361 	struct cfg80211_mgmt_tx_params params = {
10362 		.dont_wait_for_ack =
10363 			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
10364 	};
10365 
10366 	if (!info->attrs[NL80211_ATTR_FRAME])
10367 		return -EINVAL;
10368 
10369 	if (!rdev->ops->mgmt_tx)
10370 		return -EOPNOTSUPP;
10371 
10372 	switch (wdev->iftype) {
10373 	case NL80211_IFTYPE_P2P_DEVICE:
10374 		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
10375 			return -EINVAL;
10376 	case NL80211_IFTYPE_STATION:
10377 	case NL80211_IFTYPE_ADHOC:
10378 	case NL80211_IFTYPE_P2P_CLIENT:
10379 	case NL80211_IFTYPE_AP:
10380 	case NL80211_IFTYPE_AP_VLAN:
10381 	case NL80211_IFTYPE_MESH_POINT:
10382 	case NL80211_IFTYPE_P2P_GO:
10383 		break;
10384 	case NL80211_IFTYPE_NAN:
10385 	default:
10386 		return -EOPNOTSUPP;
10387 	}
10388 
10389 	if (info->attrs[NL80211_ATTR_DURATION]) {
10390 		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10391 			return -EINVAL;
10392 		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
10393 
10394 		/*
10395 		 * We should wait on the channel for at least a minimum amount
10396 		 * of time (10ms) but no longer than the driver supports.
10397 		 */
10398 		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
10399 		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
10400 			return -EINVAL;
10401 	}
10402 
10403 	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
10404 
10405 	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
10406 		return -EINVAL;
10407 
10408 	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
10409 
10410 	/* get the channel if any has been specified, otherwise pass NULL to
10411 	 * the driver. The latter will use the current one
10412 	 */
10413 	chandef.chan = NULL;
10414 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10415 		err = nl80211_parse_chandef(rdev, info, &chandef);
10416 		if (err)
10417 			return err;
10418 	}
10419 
10420 	if (!chandef.chan && params.offchan)
10421 		return -EINVAL;
10422 
10423 	wdev_lock(wdev);
10424 	if (params.offchan && !cfg80211_off_channel_oper_allowed(wdev)) {
10425 		wdev_unlock(wdev);
10426 		return -EBUSY;
10427 	}
10428 	wdev_unlock(wdev);
10429 
10430 	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
10431 	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
10432 
10433 	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
10434 		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10435 		int i;
10436 
10437 		if (len % sizeof(u16))
10438 			return -EINVAL;
10439 
10440 		params.n_csa_offsets = len / sizeof(u16);
10441 		params.csa_offsets =
10442 			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
10443 
10444 		/* check that all the offsets fit the frame */
10445 		for (i = 0; i < params.n_csa_offsets; i++) {
10446 			if (params.csa_offsets[i] >= params.len)
10447 				return -EINVAL;
10448 		}
10449 	}
10450 
10451 	if (!params.dont_wait_for_ack) {
10452 		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10453 		if (!msg)
10454 			return -ENOMEM;
10455 
10456 		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10457 				     NL80211_CMD_FRAME);
10458 		if (!hdr) {
10459 			err = -ENOBUFS;
10460 			goto free_msg;
10461 		}
10462 	}
10463 
10464 	params.chan = chandef.chan;
10465 	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
10466 	if (err)
10467 		goto free_msg;
10468 
10469 	if (msg) {
10470 		if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
10471 				      NL80211_ATTR_PAD))
10472 			goto nla_put_failure;
10473 
10474 		genlmsg_end(msg, hdr);
10475 		return genlmsg_reply(msg, info);
10476 	}
10477 
10478 	return 0;
10479 
10480  nla_put_failure:
10481 	err = -ENOBUFS;
10482  free_msg:
10483 	nlmsg_free(msg);
10484 	return err;
10485 }
10486 
10487 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
10488 {
10489 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10490 	struct wireless_dev *wdev = info->user_ptr[1];
10491 	u64 cookie;
10492 
10493 	if (!info->attrs[NL80211_ATTR_COOKIE])
10494 		return -EINVAL;
10495 
10496 	if (!rdev->ops->mgmt_tx_cancel_wait)
10497 		return -EOPNOTSUPP;
10498 
10499 	switch (wdev->iftype) {
10500 	case NL80211_IFTYPE_STATION:
10501 	case NL80211_IFTYPE_ADHOC:
10502 	case NL80211_IFTYPE_P2P_CLIENT:
10503 	case NL80211_IFTYPE_AP:
10504 	case NL80211_IFTYPE_AP_VLAN:
10505 	case NL80211_IFTYPE_P2P_GO:
10506 	case NL80211_IFTYPE_P2P_DEVICE:
10507 		break;
10508 	case NL80211_IFTYPE_NAN:
10509 	default:
10510 		return -EOPNOTSUPP;
10511 	}
10512 
10513 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
10514 
10515 	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
10516 }
10517 
10518 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
10519 {
10520 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10521 	struct wireless_dev *wdev;
10522 	struct net_device *dev = info->user_ptr[1];
10523 	u8 ps_state;
10524 	bool state;
10525 	int err;
10526 
10527 	if (!info->attrs[NL80211_ATTR_PS_STATE])
10528 		return -EINVAL;
10529 
10530 	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10531 
10532 	wdev = dev->ieee80211_ptr;
10533 
10534 	if (!rdev->ops->set_power_mgmt)
10535 		return -EOPNOTSUPP;
10536 
10537 	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
10538 
10539 	if (state == wdev->ps)
10540 		return 0;
10541 
10542 	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
10543 	if (!err)
10544 		wdev->ps = state;
10545 	return err;
10546 }
10547 
10548 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
10549 {
10550 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10551 	enum nl80211_ps_state ps_state;
10552 	struct wireless_dev *wdev;
10553 	struct net_device *dev = info->user_ptr[1];
10554 	struct sk_buff *msg;
10555 	void *hdr;
10556 	int err;
10557 
10558 	wdev = dev->ieee80211_ptr;
10559 
10560 	if (!rdev->ops->set_power_mgmt)
10561 		return -EOPNOTSUPP;
10562 
10563 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
10564 	if (!msg)
10565 		return -ENOMEM;
10566 
10567 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
10568 			     NL80211_CMD_GET_POWER_SAVE);
10569 	if (!hdr) {
10570 		err = -ENOBUFS;
10571 		goto free_msg;
10572 	}
10573 
10574 	if (wdev->ps)
10575 		ps_state = NL80211_PS_ENABLED;
10576 	else
10577 		ps_state = NL80211_PS_DISABLED;
10578 
10579 	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
10580 		goto nla_put_failure;
10581 
10582 	genlmsg_end(msg, hdr);
10583 	return genlmsg_reply(msg, info);
10584 
10585  nla_put_failure:
10586 	err = -ENOBUFS;
10587  free_msg:
10588 	nlmsg_free(msg);
10589 	return err;
10590 }
10591 
10592 static const struct nla_policy
10593 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
10594 	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_BINARY },
10595 	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
10596 	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
10597 	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
10598 	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
10599 	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
10600 	[NL80211_ATTR_CQM_RSSI_LEVEL] = { .type = NLA_S32 },
10601 };
10602 
10603 static int nl80211_set_cqm_txe(struct genl_info *info,
10604 			       u32 rate, u32 pkts, u32 intvl)
10605 {
10606 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10607 	struct net_device *dev = info->user_ptr[1];
10608 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10609 
10610 	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
10611 		return -EINVAL;
10612 
10613 	if (!rdev->ops->set_cqm_txe_config)
10614 		return -EOPNOTSUPP;
10615 
10616 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10617 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10618 		return -EOPNOTSUPP;
10619 
10620 	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
10621 }
10622 
10623 static int cfg80211_cqm_rssi_update(struct cfg80211_registered_device *rdev,
10624 				    struct net_device *dev)
10625 {
10626 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10627 	s32 last, low, high;
10628 	u32 hyst;
10629 	int i, n, low_index;
10630 	int err;
10631 
10632 	/* RSSI reporting disabled? */
10633 	if (!wdev->cqm_config)
10634 		return rdev_set_cqm_rssi_range_config(rdev, dev, 0, 0);
10635 
10636 	/*
10637 	 * Obtain current RSSI value if possible, if not and no RSSI threshold
10638 	 * event has been received yet, we should receive an event after a
10639 	 * connection is established and enough beacons received to calculate
10640 	 * the average.
10641 	 */
10642 	if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss &&
10643 	    rdev->ops->get_station) {
10644 		struct station_info sinfo = {};
10645 		u8 *mac_addr;
10646 
10647 		mac_addr = wdev->current_bss->pub.bssid;
10648 
10649 		err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
10650 		if (err)
10651 			return err;
10652 
10653 		if (sinfo.filled & BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG))
10654 			wdev->cqm_config->last_rssi_event_value =
10655 				(s8) sinfo.rx_beacon_signal_avg;
10656 	}
10657 
10658 	last = wdev->cqm_config->last_rssi_event_value;
10659 	hyst = wdev->cqm_config->rssi_hyst;
10660 	n = wdev->cqm_config->n_rssi_thresholds;
10661 
10662 	for (i = 0; i < n; i++)
10663 		if (last < wdev->cqm_config->rssi_thresholds[i])
10664 			break;
10665 
10666 	low_index = i - 1;
10667 	if (low_index >= 0) {
10668 		low_index = array_index_nospec(low_index, n);
10669 		low = wdev->cqm_config->rssi_thresholds[low_index] - hyst;
10670 	} else {
10671 		low = S32_MIN;
10672 	}
10673 	if (i < n) {
10674 		i = array_index_nospec(i, n);
10675 		high = wdev->cqm_config->rssi_thresholds[i] + hyst - 1;
10676 	} else {
10677 		high = S32_MAX;
10678 	}
10679 
10680 	return rdev_set_cqm_rssi_range_config(rdev, dev, low, high);
10681 }
10682 
10683 static int nl80211_set_cqm_rssi(struct genl_info *info,
10684 				const s32 *thresholds, int n_thresholds,
10685 				u32 hysteresis)
10686 {
10687 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10688 	struct net_device *dev = info->user_ptr[1];
10689 	struct wireless_dev *wdev = dev->ieee80211_ptr;
10690 	int i, err;
10691 	s32 prev = S32_MIN;
10692 
10693 	/* Check all values negative and sorted */
10694 	for (i = 0; i < n_thresholds; i++) {
10695 		if (thresholds[i] > 0 || thresholds[i] <= prev)
10696 			return -EINVAL;
10697 
10698 		prev = thresholds[i];
10699 	}
10700 
10701 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
10702 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
10703 		return -EOPNOTSUPP;
10704 
10705 	wdev_lock(wdev);
10706 	cfg80211_cqm_config_free(wdev);
10707 	wdev_unlock(wdev);
10708 
10709 	if (n_thresholds <= 1 && rdev->ops->set_cqm_rssi_config) {
10710 		if (n_thresholds == 0 || thresholds[0] == 0) /* Disabling */
10711 			return rdev_set_cqm_rssi_config(rdev, dev, 0, 0);
10712 
10713 		return rdev_set_cqm_rssi_config(rdev, dev,
10714 						thresholds[0], hysteresis);
10715 	}
10716 
10717 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
10718 				     NL80211_EXT_FEATURE_CQM_RSSI_LIST))
10719 		return -EOPNOTSUPP;
10720 
10721 	if (n_thresholds == 1 && thresholds[0] == 0) /* Disabling */
10722 		n_thresholds = 0;
10723 
10724 	wdev_lock(wdev);
10725 	if (n_thresholds) {
10726 		struct cfg80211_cqm_config *cqm_config;
10727 
10728 		cqm_config = kzalloc(sizeof(struct cfg80211_cqm_config) +
10729 				     n_thresholds * sizeof(s32), GFP_KERNEL);
10730 		if (!cqm_config) {
10731 			err = -ENOMEM;
10732 			goto unlock;
10733 		}
10734 
10735 		cqm_config->rssi_hyst = hysteresis;
10736 		cqm_config->n_rssi_thresholds = n_thresholds;
10737 		memcpy(cqm_config->rssi_thresholds, thresholds,
10738 		       n_thresholds * sizeof(s32));
10739 
10740 		wdev->cqm_config = cqm_config;
10741 	}
10742 
10743 	err = cfg80211_cqm_rssi_update(rdev, dev);
10744 
10745 unlock:
10746 	wdev_unlock(wdev);
10747 
10748 	return err;
10749 }
10750 
10751 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
10752 {
10753 	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
10754 	struct nlattr *cqm;
10755 	int err;
10756 
10757 	cqm = info->attrs[NL80211_ATTR_CQM];
10758 	if (!cqm)
10759 		return -EINVAL;
10760 
10761 	err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
10762 					  nl80211_attr_cqm_policy,
10763 					  info->extack);
10764 	if (err)
10765 		return err;
10766 
10767 	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
10768 	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
10769 		const s32 *thresholds =
10770 			nla_data(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10771 		int len = nla_len(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
10772 		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
10773 
10774 		if (len % 4)
10775 			return -EINVAL;
10776 
10777 		return nl80211_set_cqm_rssi(info, thresholds, len / 4,
10778 					    hysteresis);
10779 	}
10780 
10781 	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
10782 	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
10783 	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
10784 		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
10785 		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
10786 		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
10787 
10788 		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
10789 	}
10790 
10791 	return -EINVAL;
10792 }
10793 
10794 static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
10795 {
10796 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10797 	struct net_device *dev = info->user_ptr[1];
10798 	struct ocb_setup setup = {};
10799 	int err;
10800 
10801 	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10802 	if (err)
10803 		return err;
10804 
10805 	return cfg80211_join_ocb(rdev, dev, &setup);
10806 }
10807 
10808 static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
10809 {
10810 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10811 	struct net_device *dev = info->user_ptr[1];
10812 
10813 	return cfg80211_leave_ocb(rdev, dev);
10814 }
10815 
10816 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
10817 {
10818 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10819 	struct net_device *dev = info->user_ptr[1];
10820 	struct mesh_config cfg;
10821 	struct mesh_setup setup;
10822 	int err;
10823 
10824 	/* start with default */
10825 	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
10826 	memcpy(&setup, &default_mesh_setup, sizeof(setup));
10827 
10828 	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
10829 		/* and parse parameters if given */
10830 		err = nl80211_parse_mesh_config(info, &cfg, NULL);
10831 		if (err)
10832 			return err;
10833 	}
10834 
10835 	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
10836 	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
10837 		return -EINVAL;
10838 
10839 	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
10840 	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
10841 
10842 	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
10843 	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
10844 			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
10845 			return -EINVAL;
10846 
10847 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
10848 		setup.beacon_interval =
10849 			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
10850 
10851 		err = cfg80211_validate_beacon_int(rdev,
10852 						   NL80211_IFTYPE_MESH_POINT,
10853 						   setup.beacon_interval);
10854 		if (err)
10855 			return err;
10856 	}
10857 
10858 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
10859 		setup.dtim_period =
10860 			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
10861 		if (setup.dtim_period < 1 || setup.dtim_period > 100)
10862 			return -EINVAL;
10863 	}
10864 
10865 	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
10866 		/* parse additional setup parameters if given */
10867 		err = nl80211_parse_mesh_setup(info, &setup);
10868 		if (err)
10869 			return err;
10870 	}
10871 
10872 	if (setup.user_mpm)
10873 		cfg.auto_open_plinks = false;
10874 
10875 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
10876 		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
10877 		if (err)
10878 			return err;
10879 	} else {
10880 		/* __cfg80211_join_mesh() will sort it out */
10881 		setup.chandef.chan = NULL;
10882 	}
10883 
10884 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
10885 		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10886 		int n_rates =
10887 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
10888 		struct ieee80211_supported_band *sband;
10889 
10890 		if (!setup.chandef.chan)
10891 			return -EINVAL;
10892 
10893 		sband = rdev->wiphy.bands[setup.chandef.chan->band];
10894 
10895 		err = ieee80211_get_ratemask(sband, rates, n_rates,
10896 					     &setup.basic_rates);
10897 		if (err)
10898 			return err;
10899 	}
10900 
10901 	if (info->attrs[NL80211_ATTR_TX_RATES]) {
10902 		err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
10903 		if (err)
10904 			return err;
10905 
10906 		if (!setup.chandef.chan)
10907 			return -EINVAL;
10908 
10909 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
10910 					      &setup.beacon_rate);
10911 		if (err)
10912 			return err;
10913 	}
10914 
10915 	setup.userspace_handles_dfs =
10916 		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
10917 
10918 	if (info->attrs[NL80211_ATTR_CONTROL_PORT_OVER_NL80211]) {
10919 		int r = validate_pae_over_nl80211(rdev, info);
10920 
10921 		if (r < 0)
10922 			return r;
10923 
10924 		setup.control_port_over_nl80211 = true;
10925 	}
10926 
10927 	wdev_lock(dev->ieee80211_ptr);
10928 	err = __cfg80211_join_mesh(rdev, dev, &setup, &cfg);
10929 	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER])
10930 		dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
10931 	wdev_unlock(dev->ieee80211_ptr);
10932 
10933 	return err;
10934 }
10935 
10936 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
10937 {
10938 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10939 	struct net_device *dev = info->user_ptr[1];
10940 
10941 	return cfg80211_leave_mesh(rdev, dev);
10942 }
10943 
10944 #ifdef CONFIG_PM
10945 static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
10946 					struct cfg80211_registered_device *rdev)
10947 {
10948 	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
10949 	struct nlattr *nl_pats, *nl_pat;
10950 	int i, pat_len;
10951 
10952 	if (!wowlan->n_patterns)
10953 		return 0;
10954 
10955 	nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10956 	if (!nl_pats)
10957 		return -ENOBUFS;
10958 
10959 	for (i = 0; i < wowlan->n_patterns; i++) {
10960 		nl_pat = nla_nest_start_noflag(msg, i + 1);
10961 		if (!nl_pat)
10962 			return -ENOBUFS;
10963 		pat_len = wowlan->patterns[i].pattern_len;
10964 		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
10965 			    wowlan->patterns[i].mask) ||
10966 		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
10967 			    wowlan->patterns[i].pattern) ||
10968 		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
10969 				wowlan->patterns[i].pkt_offset))
10970 			return -ENOBUFS;
10971 		nla_nest_end(msg, nl_pat);
10972 	}
10973 	nla_nest_end(msg, nl_pats);
10974 
10975 	return 0;
10976 }
10977 
10978 static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
10979 				   struct cfg80211_wowlan_tcp *tcp)
10980 {
10981 	struct nlattr *nl_tcp;
10982 
10983 	if (!tcp)
10984 		return 0;
10985 
10986 	nl_tcp = nla_nest_start_noflag(msg,
10987 				       NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10988 	if (!nl_tcp)
10989 		return -ENOBUFS;
10990 
10991 	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
10992 	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
10993 	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
10994 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
10995 	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
10996 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
10997 		    tcp->payload_len, tcp->payload) ||
10998 	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
10999 			tcp->data_interval) ||
11000 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
11001 		    tcp->wake_len, tcp->wake_data) ||
11002 	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
11003 		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
11004 		return -ENOBUFS;
11005 
11006 	if (tcp->payload_seq.len &&
11007 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
11008 		    sizeof(tcp->payload_seq), &tcp->payload_seq))
11009 		return -ENOBUFS;
11010 
11011 	if (tcp->payload_tok.len &&
11012 	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
11013 		    sizeof(tcp->payload_tok) + tcp->tokens_size,
11014 		    &tcp->payload_tok))
11015 		return -ENOBUFS;
11016 
11017 	nla_nest_end(msg, nl_tcp);
11018 
11019 	return 0;
11020 }
11021 
11022 static int nl80211_send_wowlan_nd(struct sk_buff *msg,
11023 				  struct cfg80211_sched_scan_request *req)
11024 {
11025 	struct nlattr *nd, *freqs, *matches, *match, *scan_plans, *scan_plan;
11026 	int i;
11027 
11028 	if (!req)
11029 		return 0;
11030 
11031 	nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
11032 	if (!nd)
11033 		return -ENOBUFS;
11034 
11035 	if (req->n_scan_plans == 1 &&
11036 	    nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
11037 			req->scan_plans[0].interval * 1000))
11038 		return -ENOBUFS;
11039 
11040 	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
11041 		return -ENOBUFS;
11042 
11043 	if (req->relative_rssi_set) {
11044 		struct nl80211_bss_select_rssi_adjust rssi_adjust;
11045 
11046 		if (nla_put_s8(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
11047 			       req->relative_rssi))
11048 			return -ENOBUFS;
11049 
11050 		rssi_adjust.band = req->rssi_adjust.band;
11051 		rssi_adjust.delta = req->rssi_adjust.delta;
11052 		if (nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
11053 			    sizeof(rssi_adjust), &rssi_adjust))
11054 			return -ENOBUFS;
11055 	}
11056 
11057 	freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11058 	if (!freqs)
11059 		return -ENOBUFS;
11060 
11061 	for (i = 0; i < req->n_channels; i++) {
11062 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11063 			return -ENOBUFS;
11064 	}
11065 
11066 	nla_nest_end(msg, freqs);
11067 
11068 	if (req->n_match_sets) {
11069 		matches = nla_nest_start_noflag(msg,
11070 						NL80211_ATTR_SCHED_SCAN_MATCH);
11071 		if (!matches)
11072 			return -ENOBUFS;
11073 
11074 		for (i = 0; i < req->n_match_sets; i++) {
11075 			match = nla_nest_start_noflag(msg, i);
11076 			if (!match)
11077 				return -ENOBUFS;
11078 
11079 			if (nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
11080 				    req->match_sets[i].ssid.ssid_len,
11081 				    req->match_sets[i].ssid.ssid))
11082 				return -ENOBUFS;
11083 			nla_nest_end(msg, match);
11084 		}
11085 		nla_nest_end(msg, matches);
11086 	}
11087 
11088 	scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
11089 	if (!scan_plans)
11090 		return -ENOBUFS;
11091 
11092 	for (i = 0; i < req->n_scan_plans; i++) {
11093 		scan_plan = nla_nest_start_noflag(msg, i + 1);
11094 		if (!scan_plan)
11095 			return -ENOBUFS;
11096 
11097 		if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
11098 				req->scan_plans[i].interval) ||
11099 		    (req->scan_plans[i].iterations &&
11100 		     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
11101 				 req->scan_plans[i].iterations)))
11102 			return -ENOBUFS;
11103 		nla_nest_end(msg, scan_plan);
11104 	}
11105 	nla_nest_end(msg, scan_plans);
11106 
11107 	nla_nest_end(msg, nd);
11108 
11109 	return 0;
11110 }
11111 
11112 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
11113 {
11114 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11115 	struct sk_buff *msg;
11116 	void *hdr;
11117 	u32 size = NLMSG_DEFAULT_SIZE;
11118 
11119 	if (!rdev->wiphy.wowlan)
11120 		return -EOPNOTSUPP;
11121 
11122 	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
11123 		/* adjust size to have room for all the data */
11124 		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
11125 			rdev->wiphy.wowlan_config->tcp->payload_len +
11126 			rdev->wiphy.wowlan_config->tcp->wake_len +
11127 			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
11128 	}
11129 
11130 	msg = nlmsg_new(size, GFP_KERNEL);
11131 	if (!msg)
11132 		return -ENOMEM;
11133 
11134 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11135 			     NL80211_CMD_GET_WOWLAN);
11136 	if (!hdr)
11137 		goto nla_put_failure;
11138 
11139 	if (rdev->wiphy.wowlan_config) {
11140 		struct nlattr *nl_wowlan;
11141 
11142 		nl_wowlan = nla_nest_start_noflag(msg,
11143 						  NL80211_ATTR_WOWLAN_TRIGGERS);
11144 		if (!nl_wowlan)
11145 			goto nla_put_failure;
11146 
11147 		if ((rdev->wiphy.wowlan_config->any &&
11148 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
11149 		    (rdev->wiphy.wowlan_config->disconnect &&
11150 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
11151 		    (rdev->wiphy.wowlan_config->magic_pkt &&
11152 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
11153 		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
11154 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
11155 		    (rdev->wiphy.wowlan_config->eap_identity_req &&
11156 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
11157 		    (rdev->wiphy.wowlan_config->four_way_handshake &&
11158 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
11159 		    (rdev->wiphy.wowlan_config->rfkill_release &&
11160 		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
11161 			goto nla_put_failure;
11162 
11163 		if (nl80211_send_wowlan_patterns(msg, rdev))
11164 			goto nla_put_failure;
11165 
11166 		if (nl80211_send_wowlan_tcp(msg,
11167 					    rdev->wiphy.wowlan_config->tcp))
11168 			goto nla_put_failure;
11169 
11170 		if (nl80211_send_wowlan_nd(
11171 			    msg,
11172 			    rdev->wiphy.wowlan_config->nd_config))
11173 			goto nla_put_failure;
11174 
11175 		nla_nest_end(msg, nl_wowlan);
11176 	}
11177 
11178 	genlmsg_end(msg, hdr);
11179 	return genlmsg_reply(msg, info);
11180 
11181 nla_put_failure:
11182 	nlmsg_free(msg);
11183 	return -ENOBUFS;
11184 }
11185 
11186 static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
11187 				    struct nlattr *attr,
11188 				    struct cfg80211_wowlan *trig)
11189 {
11190 	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
11191 	struct cfg80211_wowlan_tcp *cfg;
11192 	struct nl80211_wowlan_tcp_data_token *tok = NULL;
11193 	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
11194 	u32 size;
11195 	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
11196 	int err, port;
11197 
11198 	if (!rdev->wiphy.wowlan->tcp)
11199 		return -EINVAL;
11200 
11201 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
11202 					  nl80211_wowlan_tcp_policy, NULL);
11203 	if (err)
11204 		return err;
11205 
11206 	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
11207 	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
11208 	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
11209 	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
11210 	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
11211 	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
11212 	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
11213 	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
11214 		return -EINVAL;
11215 
11216 	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
11217 	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
11218 		return -EINVAL;
11219 
11220 	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
11221 			rdev->wiphy.wowlan->tcp->data_interval_max ||
11222 	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
11223 		return -EINVAL;
11224 
11225 	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
11226 	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
11227 		return -EINVAL;
11228 
11229 	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
11230 	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
11231 		return -EINVAL;
11232 
11233 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
11234 		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11235 
11236 		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
11237 		tokens_size = tokln - sizeof(*tok);
11238 
11239 		if (!tok->len || tokens_size % tok->len)
11240 			return -EINVAL;
11241 		if (!rdev->wiphy.wowlan->tcp->tok)
11242 			return -EINVAL;
11243 		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
11244 			return -EINVAL;
11245 		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
11246 			return -EINVAL;
11247 		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
11248 			return -EINVAL;
11249 		if (tok->offset + tok->len > data_size)
11250 			return -EINVAL;
11251 	}
11252 
11253 	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
11254 		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
11255 		if (!rdev->wiphy.wowlan->tcp->seq)
11256 			return -EINVAL;
11257 		if (seq->len == 0 || seq->len > 4)
11258 			return -EINVAL;
11259 		if (seq->len + seq->offset > data_size)
11260 			return -EINVAL;
11261 	}
11262 
11263 	size = sizeof(*cfg);
11264 	size += data_size;
11265 	size += wake_size + wake_mask_size;
11266 	size += tokens_size;
11267 
11268 	cfg = kzalloc(size, GFP_KERNEL);
11269 	if (!cfg)
11270 		return -ENOMEM;
11271 	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
11272 	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
11273 	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
11274 	       ETH_ALEN);
11275 	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
11276 		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
11277 	else
11278 		port = 0;
11279 #ifdef CONFIG_INET
11280 	/* allocate a socket and port for it and use it */
11281 	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
11282 			    IPPROTO_TCP, &cfg->sock, 1);
11283 	if (err) {
11284 		kfree(cfg);
11285 		return err;
11286 	}
11287 	if (inet_csk_get_port(cfg->sock->sk, port)) {
11288 		sock_release(cfg->sock);
11289 		kfree(cfg);
11290 		return -EADDRINUSE;
11291 	}
11292 	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
11293 #else
11294 	if (!port) {
11295 		kfree(cfg);
11296 		return -EINVAL;
11297 	}
11298 	cfg->src_port = port;
11299 #endif
11300 
11301 	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
11302 	cfg->payload_len = data_size;
11303 	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
11304 	memcpy((void *)cfg->payload,
11305 	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
11306 	       data_size);
11307 	if (seq)
11308 		cfg->payload_seq = *seq;
11309 	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
11310 	cfg->wake_len = wake_size;
11311 	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
11312 	memcpy((void *)cfg->wake_data,
11313 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
11314 	       wake_size);
11315 	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
11316 			 data_size + wake_size;
11317 	memcpy((void *)cfg->wake_mask,
11318 	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
11319 	       wake_mask_size);
11320 	if (tok) {
11321 		cfg->tokens_size = tokens_size;
11322 		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
11323 	}
11324 
11325 	trig->tcp = cfg;
11326 
11327 	return 0;
11328 }
11329 
11330 static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
11331 				   const struct wiphy_wowlan_support *wowlan,
11332 				   struct nlattr *attr,
11333 				   struct cfg80211_wowlan *trig)
11334 {
11335 	struct nlattr **tb;
11336 	int err;
11337 
11338 	tb = kcalloc(NUM_NL80211_ATTR, sizeof(*tb), GFP_KERNEL);
11339 	if (!tb)
11340 		return -ENOMEM;
11341 
11342 	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
11343 		err = -EOPNOTSUPP;
11344 		goto out;
11345 	}
11346 
11347 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
11348 					  nl80211_policy, NULL);
11349 	if (err)
11350 		goto out;
11351 
11352 	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb,
11353 						   wowlan->max_nd_match_sets);
11354 	err = PTR_ERR_OR_ZERO(trig->nd_config);
11355 	if (err)
11356 		trig->nd_config = NULL;
11357 
11358 out:
11359 	kfree(tb);
11360 	return err;
11361 }
11362 
11363 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
11364 {
11365 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11366 	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
11367 	struct cfg80211_wowlan new_triggers = {};
11368 	struct cfg80211_wowlan *ntrig;
11369 	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
11370 	int err, i;
11371 	bool prev_enabled = rdev->wiphy.wowlan_config;
11372 	bool regular = false;
11373 
11374 	if (!wowlan)
11375 		return -EOPNOTSUPP;
11376 
11377 	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
11378 		cfg80211_rdev_free_wowlan(rdev);
11379 		rdev->wiphy.wowlan_config = NULL;
11380 		goto set_wakeup;
11381 	}
11382 
11383 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
11384 					  info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11385 					  nl80211_wowlan_policy, info->extack);
11386 	if (err)
11387 		return err;
11388 
11389 	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
11390 		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
11391 			return -EINVAL;
11392 		new_triggers.any = true;
11393 	}
11394 
11395 	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
11396 		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
11397 			return -EINVAL;
11398 		new_triggers.disconnect = true;
11399 		regular = true;
11400 	}
11401 
11402 	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
11403 		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
11404 			return -EINVAL;
11405 		new_triggers.magic_pkt = true;
11406 		regular = true;
11407 	}
11408 
11409 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
11410 		return -EINVAL;
11411 
11412 	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
11413 		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
11414 			return -EINVAL;
11415 		new_triggers.gtk_rekey_failure = true;
11416 		regular = true;
11417 	}
11418 
11419 	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
11420 		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
11421 			return -EINVAL;
11422 		new_triggers.eap_identity_req = true;
11423 		regular = true;
11424 	}
11425 
11426 	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
11427 		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
11428 			return -EINVAL;
11429 		new_triggers.four_way_handshake = true;
11430 		regular = true;
11431 	}
11432 
11433 	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
11434 		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
11435 			return -EINVAL;
11436 		new_triggers.rfkill_release = true;
11437 		regular = true;
11438 	}
11439 
11440 	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
11441 		struct nlattr *pat;
11442 		int n_patterns = 0;
11443 		int rem, pat_len, mask_len, pkt_offset;
11444 		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11445 
11446 		regular = true;
11447 
11448 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11449 				    rem)
11450 			n_patterns++;
11451 		if (n_patterns > wowlan->n_patterns)
11452 			return -EINVAL;
11453 
11454 		new_triggers.patterns = kcalloc(n_patterns,
11455 						sizeof(new_triggers.patterns[0]),
11456 						GFP_KERNEL);
11457 		if (!new_triggers.patterns)
11458 			return -ENOMEM;
11459 
11460 		new_triggers.n_patterns = n_patterns;
11461 		i = 0;
11462 
11463 		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
11464 				    rem) {
11465 			u8 *mask_pat;
11466 
11467 			err = nla_parse_nested_deprecated(pat_tb,
11468 							  MAX_NL80211_PKTPAT,
11469 							  pat,
11470 							  nl80211_packet_pattern_policy,
11471 							  info->extack);
11472 			if (err)
11473 				goto error;
11474 
11475 			err = -EINVAL;
11476 			if (!pat_tb[NL80211_PKTPAT_MASK] ||
11477 			    !pat_tb[NL80211_PKTPAT_PATTERN])
11478 				goto error;
11479 			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11480 			mask_len = DIV_ROUND_UP(pat_len, 8);
11481 			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11482 				goto error;
11483 			if (pat_len > wowlan->pattern_max_len ||
11484 			    pat_len < wowlan->pattern_min_len)
11485 				goto error;
11486 
11487 			if (!pat_tb[NL80211_PKTPAT_OFFSET])
11488 				pkt_offset = 0;
11489 			else
11490 				pkt_offset = nla_get_u32(
11491 					pat_tb[NL80211_PKTPAT_OFFSET]);
11492 			if (pkt_offset > wowlan->max_pkt_offset)
11493 				goto error;
11494 			new_triggers.patterns[i].pkt_offset = pkt_offset;
11495 
11496 			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11497 			if (!mask_pat) {
11498 				err = -ENOMEM;
11499 				goto error;
11500 			}
11501 			new_triggers.patterns[i].mask = mask_pat;
11502 			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11503 			       mask_len);
11504 			mask_pat += mask_len;
11505 			new_triggers.patterns[i].pattern = mask_pat;
11506 			new_triggers.patterns[i].pattern_len = pat_len;
11507 			memcpy(mask_pat,
11508 			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11509 			       pat_len);
11510 			i++;
11511 		}
11512 	}
11513 
11514 	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
11515 		regular = true;
11516 		err = nl80211_parse_wowlan_tcp(
11517 			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
11518 			&new_triggers);
11519 		if (err)
11520 			goto error;
11521 	}
11522 
11523 	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
11524 		regular = true;
11525 		err = nl80211_parse_wowlan_nd(
11526 			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
11527 			&new_triggers);
11528 		if (err)
11529 			goto error;
11530 	}
11531 
11532 	/* The 'any' trigger means the device continues operating more or less
11533 	 * as in its normal operation mode and wakes up the host on most of the
11534 	 * normal interrupts (like packet RX, ...)
11535 	 * It therefore makes little sense to combine with the more constrained
11536 	 * wakeup trigger modes.
11537 	 */
11538 	if (new_triggers.any && regular) {
11539 		err = -EINVAL;
11540 		goto error;
11541 	}
11542 
11543 	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
11544 	if (!ntrig) {
11545 		err = -ENOMEM;
11546 		goto error;
11547 	}
11548 	cfg80211_rdev_free_wowlan(rdev);
11549 	rdev->wiphy.wowlan_config = ntrig;
11550 
11551  set_wakeup:
11552 	if (rdev->ops->set_wakeup &&
11553 	    prev_enabled != !!rdev->wiphy.wowlan_config)
11554 		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
11555 
11556 	return 0;
11557  error:
11558 	for (i = 0; i < new_triggers.n_patterns; i++)
11559 		kfree(new_triggers.patterns[i].mask);
11560 	kfree(new_triggers.patterns);
11561 	if (new_triggers.tcp && new_triggers.tcp->sock)
11562 		sock_release(new_triggers.tcp->sock);
11563 	kfree(new_triggers.tcp);
11564 	kfree(new_triggers.nd_config);
11565 	return err;
11566 }
11567 #endif
11568 
11569 static int nl80211_send_coalesce_rules(struct sk_buff *msg,
11570 				       struct cfg80211_registered_device *rdev)
11571 {
11572 	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
11573 	int i, j, pat_len;
11574 	struct cfg80211_coalesce_rules *rule;
11575 
11576 	if (!rdev->coalesce->n_rules)
11577 		return 0;
11578 
11579 	nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
11580 	if (!nl_rules)
11581 		return -ENOBUFS;
11582 
11583 	for (i = 0; i < rdev->coalesce->n_rules; i++) {
11584 		nl_rule = nla_nest_start_noflag(msg, i + 1);
11585 		if (!nl_rule)
11586 			return -ENOBUFS;
11587 
11588 		rule = &rdev->coalesce->rules[i];
11589 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
11590 				rule->delay))
11591 			return -ENOBUFS;
11592 
11593 		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
11594 				rule->condition))
11595 			return -ENOBUFS;
11596 
11597 		nl_pats = nla_nest_start_noflag(msg,
11598 						NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11599 		if (!nl_pats)
11600 			return -ENOBUFS;
11601 
11602 		for (j = 0; j < rule->n_patterns; j++) {
11603 			nl_pat = nla_nest_start_noflag(msg, j + 1);
11604 			if (!nl_pat)
11605 				return -ENOBUFS;
11606 			pat_len = rule->patterns[j].pattern_len;
11607 			if (nla_put(msg, NL80211_PKTPAT_MASK,
11608 				    DIV_ROUND_UP(pat_len, 8),
11609 				    rule->patterns[j].mask) ||
11610 			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
11611 				    rule->patterns[j].pattern) ||
11612 			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
11613 					rule->patterns[j].pkt_offset))
11614 				return -ENOBUFS;
11615 			nla_nest_end(msg, nl_pat);
11616 		}
11617 		nla_nest_end(msg, nl_pats);
11618 		nla_nest_end(msg, nl_rule);
11619 	}
11620 	nla_nest_end(msg, nl_rules);
11621 
11622 	return 0;
11623 }
11624 
11625 static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
11626 {
11627 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11628 	struct sk_buff *msg;
11629 	void *hdr;
11630 
11631 	if (!rdev->wiphy.coalesce)
11632 		return -EOPNOTSUPP;
11633 
11634 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11635 	if (!msg)
11636 		return -ENOMEM;
11637 
11638 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11639 			     NL80211_CMD_GET_COALESCE);
11640 	if (!hdr)
11641 		goto nla_put_failure;
11642 
11643 	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
11644 		goto nla_put_failure;
11645 
11646 	genlmsg_end(msg, hdr);
11647 	return genlmsg_reply(msg, info);
11648 
11649 nla_put_failure:
11650 	nlmsg_free(msg);
11651 	return -ENOBUFS;
11652 }
11653 
11654 void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
11655 {
11656 	struct cfg80211_coalesce *coalesce = rdev->coalesce;
11657 	int i, j;
11658 	struct cfg80211_coalesce_rules *rule;
11659 
11660 	if (!coalesce)
11661 		return;
11662 
11663 	for (i = 0; i < coalesce->n_rules; i++) {
11664 		rule = &coalesce->rules[i];
11665 		for (j = 0; j < rule->n_patterns; j++)
11666 			kfree(rule->patterns[j].mask);
11667 		kfree(rule->patterns);
11668 	}
11669 	kfree(coalesce->rules);
11670 	kfree(coalesce);
11671 	rdev->coalesce = NULL;
11672 }
11673 
11674 static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
11675 				       struct nlattr *rule,
11676 				       struct cfg80211_coalesce_rules *new_rule)
11677 {
11678 	int err, i;
11679 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11680 	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
11681 	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
11682 	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11683 
11684 	err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
11685 					  rule, nl80211_coalesce_policy, NULL);
11686 	if (err)
11687 		return err;
11688 
11689 	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
11690 		new_rule->delay =
11691 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
11692 	if (new_rule->delay > coalesce->max_delay)
11693 		return -EINVAL;
11694 
11695 	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
11696 		new_rule->condition =
11697 			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
11698 
11699 	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
11700 		return -EINVAL;
11701 
11702 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11703 			    rem)
11704 		n_patterns++;
11705 	if (n_patterns > coalesce->n_patterns)
11706 		return -EINVAL;
11707 
11708 	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
11709 				     GFP_KERNEL);
11710 	if (!new_rule->patterns)
11711 		return -ENOMEM;
11712 
11713 	new_rule->n_patterns = n_patterns;
11714 	i = 0;
11715 
11716 	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
11717 			    rem) {
11718 		u8 *mask_pat;
11719 
11720 		err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
11721 						  pat,
11722 						  nl80211_packet_pattern_policy,
11723 						  NULL);
11724 		if (err)
11725 			return err;
11726 
11727 		if (!pat_tb[NL80211_PKTPAT_MASK] ||
11728 		    !pat_tb[NL80211_PKTPAT_PATTERN])
11729 			return -EINVAL;
11730 		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
11731 		mask_len = DIV_ROUND_UP(pat_len, 8);
11732 		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
11733 			return -EINVAL;
11734 		if (pat_len > coalesce->pattern_max_len ||
11735 		    pat_len < coalesce->pattern_min_len)
11736 			return -EINVAL;
11737 
11738 		if (!pat_tb[NL80211_PKTPAT_OFFSET])
11739 			pkt_offset = 0;
11740 		else
11741 			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
11742 		if (pkt_offset > coalesce->max_pkt_offset)
11743 			return -EINVAL;
11744 		new_rule->patterns[i].pkt_offset = pkt_offset;
11745 
11746 		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
11747 		if (!mask_pat)
11748 			return -ENOMEM;
11749 
11750 		new_rule->patterns[i].mask = mask_pat;
11751 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
11752 		       mask_len);
11753 
11754 		mask_pat += mask_len;
11755 		new_rule->patterns[i].pattern = mask_pat;
11756 		new_rule->patterns[i].pattern_len = pat_len;
11757 		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
11758 		       pat_len);
11759 		i++;
11760 	}
11761 
11762 	return 0;
11763 }
11764 
11765 static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
11766 {
11767 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11768 	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
11769 	struct cfg80211_coalesce new_coalesce = {};
11770 	struct cfg80211_coalesce *n_coalesce;
11771 	int err, rem_rule, n_rules = 0, i, j;
11772 	struct nlattr *rule;
11773 	struct cfg80211_coalesce_rules *tmp_rule;
11774 
11775 	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
11776 		return -EOPNOTSUPP;
11777 
11778 	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
11779 		cfg80211_rdev_free_coalesce(rdev);
11780 		rdev_set_coalesce(rdev, NULL);
11781 		return 0;
11782 	}
11783 
11784 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11785 			    rem_rule)
11786 		n_rules++;
11787 	if (n_rules > coalesce->n_rules)
11788 		return -EINVAL;
11789 
11790 	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
11791 				     GFP_KERNEL);
11792 	if (!new_coalesce.rules)
11793 		return -ENOMEM;
11794 
11795 	new_coalesce.n_rules = n_rules;
11796 	i = 0;
11797 
11798 	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
11799 			    rem_rule) {
11800 		err = nl80211_parse_coalesce_rule(rdev, rule,
11801 						  &new_coalesce.rules[i]);
11802 		if (err)
11803 			goto error;
11804 
11805 		i++;
11806 	}
11807 
11808 	err = rdev_set_coalesce(rdev, &new_coalesce);
11809 	if (err)
11810 		goto error;
11811 
11812 	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
11813 	if (!n_coalesce) {
11814 		err = -ENOMEM;
11815 		goto error;
11816 	}
11817 	cfg80211_rdev_free_coalesce(rdev);
11818 	rdev->coalesce = n_coalesce;
11819 
11820 	return 0;
11821 error:
11822 	for (i = 0; i < new_coalesce.n_rules; i++) {
11823 		tmp_rule = &new_coalesce.rules[i];
11824 		for (j = 0; j < tmp_rule->n_patterns; j++)
11825 			kfree(tmp_rule->patterns[j].mask);
11826 		kfree(tmp_rule->patterns);
11827 	}
11828 	kfree(new_coalesce.rules);
11829 
11830 	return err;
11831 }
11832 
11833 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
11834 {
11835 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11836 	struct net_device *dev = info->user_ptr[1];
11837 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11838 	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
11839 	struct cfg80211_gtk_rekey_data rekey_data;
11840 	int err;
11841 
11842 	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
11843 		return -EINVAL;
11844 
11845 	err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
11846 					  info->attrs[NL80211_ATTR_REKEY_DATA],
11847 					  nl80211_rekey_policy, info->extack);
11848 	if (err)
11849 		return err;
11850 
11851 	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||
11852 	    !tb[NL80211_REKEY_DATA_KCK])
11853 		return -EINVAL;
11854 	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
11855 		return -ERANGE;
11856 	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
11857 		return -ERANGE;
11858 	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
11859 		return -ERANGE;
11860 
11861 	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
11862 	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
11863 	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
11864 
11865 	wdev_lock(wdev);
11866 	if (!wdev->current_bss) {
11867 		err = -ENOTCONN;
11868 		goto out;
11869 	}
11870 
11871 	if (!rdev->ops->set_rekey_data) {
11872 		err = -EOPNOTSUPP;
11873 		goto out;
11874 	}
11875 
11876 	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
11877  out:
11878 	wdev_unlock(wdev);
11879 	return err;
11880 }
11881 
11882 static int nl80211_register_unexpected_frame(struct sk_buff *skb,
11883 					     struct genl_info *info)
11884 {
11885 	struct net_device *dev = info->user_ptr[1];
11886 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11887 
11888 	if (wdev->iftype != NL80211_IFTYPE_AP &&
11889 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
11890 		return -EINVAL;
11891 
11892 	if (wdev->ap_unexpected_nlportid)
11893 		return -EBUSY;
11894 
11895 	wdev->ap_unexpected_nlportid = info->snd_portid;
11896 	return 0;
11897 }
11898 
11899 static int nl80211_probe_client(struct sk_buff *skb,
11900 				struct genl_info *info)
11901 {
11902 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11903 	struct net_device *dev = info->user_ptr[1];
11904 	struct wireless_dev *wdev = dev->ieee80211_ptr;
11905 	struct sk_buff *msg;
11906 	void *hdr;
11907 	const u8 *addr;
11908 	u64 cookie;
11909 	int err;
11910 
11911 	if (wdev->iftype != NL80211_IFTYPE_AP &&
11912 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
11913 		return -EOPNOTSUPP;
11914 
11915 	if (!info->attrs[NL80211_ATTR_MAC])
11916 		return -EINVAL;
11917 
11918 	if (!rdev->ops->probe_client)
11919 		return -EOPNOTSUPP;
11920 
11921 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11922 	if (!msg)
11923 		return -ENOMEM;
11924 
11925 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
11926 			     NL80211_CMD_PROBE_CLIENT);
11927 	if (!hdr) {
11928 		err = -ENOBUFS;
11929 		goto free_msg;
11930 	}
11931 
11932 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
11933 
11934 	err = rdev_probe_client(rdev, dev, addr, &cookie);
11935 	if (err)
11936 		goto free_msg;
11937 
11938 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
11939 			      NL80211_ATTR_PAD))
11940 		goto nla_put_failure;
11941 
11942 	genlmsg_end(msg, hdr);
11943 
11944 	return genlmsg_reply(msg, info);
11945 
11946  nla_put_failure:
11947 	err = -ENOBUFS;
11948  free_msg:
11949 	nlmsg_free(msg);
11950 	return err;
11951 }
11952 
11953 static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
11954 {
11955 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11956 	struct cfg80211_beacon_registration *reg, *nreg;
11957 	int rv;
11958 
11959 	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
11960 		return -EOPNOTSUPP;
11961 
11962 	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
11963 	if (!nreg)
11964 		return -ENOMEM;
11965 
11966 	/* First, check if already registered. */
11967 	spin_lock_bh(&rdev->beacon_registrations_lock);
11968 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
11969 		if (reg->nlportid == info->snd_portid) {
11970 			rv = -EALREADY;
11971 			goto out_err;
11972 		}
11973 	}
11974 	/* Add it to the list */
11975 	nreg->nlportid = info->snd_portid;
11976 	list_add(&nreg->list, &rdev->beacon_registrations);
11977 
11978 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11979 
11980 	return 0;
11981 out_err:
11982 	spin_unlock_bh(&rdev->beacon_registrations_lock);
11983 	kfree(nreg);
11984 	return rv;
11985 }
11986 
11987 static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
11988 {
11989 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
11990 	struct wireless_dev *wdev = info->user_ptr[1];
11991 	int err;
11992 
11993 	if (!rdev->ops->start_p2p_device)
11994 		return -EOPNOTSUPP;
11995 
11996 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
11997 		return -EOPNOTSUPP;
11998 
11999 	if (wdev_running(wdev))
12000 		return 0;
12001 
12002 	if (rfkill_blocked(rdev->rfkill))
12003 		return -ERFKILL;
12004 
12005 	err = rdev_start_p2p_device(rdev, wdev);
12006 	if (err)
12007 		return err;
12008 
12009 	wdev->is_running = true;
12010 	rdev->opencount++;
12011 
12012 	return 0;
12013 }
12014 
12015 static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
12016 {
12017 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12018 	struct wireless_dev *wdev = info->user_ptr[1];
12019 
12020 	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
12021 		return -EOPNOTSUPP;
12022 
12023 	if (!rdev->ops->stop_p2p_device)
12024 		return -EOPNOTSUPP;
12025 
12026 	cfg80211_stop_p2p_device(rdev, wdev);
12027 
12028 	return 0;
12029 }
12030 
12031 static int nl80211_start_nan(struct sk_buff *skb, struct genl_info *info)
12032 {
12033 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12034 	struct wireless_dev *wdev = info->user_ptr[1];
12035 	struct cfg80211_nan_conf conf = {};
12036 	int err;
12037 
12038 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12039 		return -EOPNOTSUPP;
12040 
12041 	if (wdev_running(wdev))
12042 		return -EEXIST;
12043 
12044 	if (rfkill_blocked(rdev->rfkill))
12045 		return -ERFKILL;
12046 
12047 	if (!info->attrs[NL80211_ATTR_NAN_MASTER_PREF])
12048 		return -EINVAL;
12049 
12050 	conf.master_pref =
12051 		nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12052 
12053 	if (info->attrs[NL80211_ATTR_BANDS]) {
12054 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12055 
12056 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12057 			return -EOPNOTSUPP;
12058 
12059 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12060 			return -EINVAL;
12061 
12062 		conf.bands = bands;
12063 	}
12064 
12065 	err = rdev_start_nan(rdev, wdev, &conf);
12066 	if (err)
12067 		return err;
12068 
12069 	wdev->is_running = true;
12070 	rdev->opencount++;
12071 
12072 	return 0;
12073 }
12074 
12075 static int nl80211_stop_nan(struct sk_buff *skb, struct genl_info *info)
12076 {
12077 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12078 	struct wireless_dev *wdev = info->user_ptr[1];
12079 
12080 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12081 		return -EOPNOTSUPP;
12082 
12083 	cfg80211_stop_nan(rdev, wdev);
12084 
12085 	return 0;
12086 }
12087 
12088 static int validate_nan_filter(struct nlattr *filter_attr)
12089 {
12090 	struct nlattr *attr;
12091 	int len = 0, n_entries = 0, rem;
12092 
12093 	nla_for_each_nested(attr, filter_attr, rem) {
12094 		len += nla_len(attr);
12095 		n_entries++;
12096 	}
12097 
12098 	if (len >= U8_MAX)
12099 		return -EINVAL;
12100 
12101 	return n_entries;
12102 }
12103 
12104 static int handle_nan_filter(struct nlattr *attr_filter,
12105 			     struct cfg80211_nan_func *func,
12106 			     bool tx)
12107 {
12108 	struct nlattr *attr;
12109 	int n_entries, rem, i;
12110 	struct cfg80211_nan_func_filter *filter;
12111 
12112 	n_entries = validate_nan_filter(attr_filter);
12113 	if (n_entries < 0)
12114 		return n_entries;
12115 
12116 	BUILD_BUG_ON(sizeof(*func->rx_filters) != sizeof(*func->tx_filters));
12117 
12118 	filter = kcalloc(n_entries, sizeof(*func->rx_filters), GFP_KERNEL);
12119 	if (!filter)
12120 		return -ENOMEM;
12121 
12122 	i = 0;
12123 	nla_for_each_nested(attr, attr_filter, rem) {
12124 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
12125 		filter[i].len = nla_len(attr);
12126 		i++;
12127 	}
12128 	if (tx) {
12129 		func->num_tx_filters = n_entries;
12130 		func->tx_filters = filter;
12131 	} else {
12132 		func->num_rx_filters = n_entries;
12133 		func->rx_filters = filter;
12134 	}
12135 
12136 	return 0;
12137 }
12138 
12139 static int nl80211_nan_add_func(struct sk_buff *skb,
12140 				struct genl_info *info)
12141 {
12142 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12143 	struct wireless_dev *wdev = info->user_ptr[1];
12144 	struct nlattr *tb[NUM_NL80211_NAN_FUNC_ATTR], *func_attr;
12145 	struct cfg80211_nan_func *func;
12146 	struct sk_buff *msg = NULL;
12147 	void *hdr = NULL;
12148 	int err = 0;
12149 
12150 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12151 		return -EOPNOTSUPP;
12152 
12153 	if (!wdev_running(wdev))
12154 		return -ENOTCONN;
12155 
12156 	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
12157 		return -EINVAL;
12158 
12159 	err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
12160 					  info->attrs[NL80211_ATTR_NAN_FUNC],
12161 					  nl80211_nan_func_policy,
12162 					  info->extack);
12163 	if (err)
12164 		return err;
12165 
12166 	func = kzalloc(sizeof(*func), GFP_KERNEL);
12167 	if (!func)
12168 		return -ENOMEM;
12169 
12170 	func->cookie = cfg80211_assign_cookie(rdev);
12171 
12172 	if (!tb[NL80211_NAN_FUNC_TYPE] ||
12173 	    nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
12174 		err = -EINVAL;
12175 		goto out;
12176 	}
12177 
12178 
12179 	func->type = nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]);
12180 
12181 	if (!tb[NL80211_NAN_FUNC_SERVICE_ID]) {
12182 		err = -EINVAL;
12183 		goto out;
12184 	}
12185 
12186 	memcpy(func->service_id, nla_data(tb[NL80211_NAN_FUNC_SERVICE_ID]),
12187 	       sizeof(func->service_id));
12188 
12189 	func->close_range =
12190 		nla_get_flag(tb[NL80211_NAN_FUNC_CLOSE_RANGE]);
12191 
12192 	if (tb[NL80211_NAN_FUNC_SERVICE_INFO]) {
12193 		func->serv_spec_info_len =
12194 			nla_len(tb[NL80211_NAN_FUNC_SERVICE_INFO]);
12195 		func->serv_spec_info =
12196 			kmemdup(nla_data(tb[NL80211_NAN_FUNC_SERVICE_INFO]),
12197 				func->serv_spec_info_len,
12198 				GFP_KERNEL);
12199 		if (!func->serv_spec_info) {
12200 			err = -ENOMEM;
12201 			goto out;
12202 		}
12203 	}
12204 
12205 	if (tb[NL80211_NAN_FUNC_TTL])
12206 		func->ttl = nla_get_u32(tb[NL80211_NAN_FUNC_TTL]);
12207 
12208 	switch (func->type) {
12209 	case NL80211_NAN_FUNC_PUBLISH:
12210 		if (!tb[NL80211_NAN_FUNC_PUBLISH_TYPE]) {
12211 			err = -EINVAL;
12212 			goto out;
12213 		}
12214 
12215 		func->publish_type =
12216 			nla_get_u8(tb[NL80211_NAN_FUNC_PUBLISH_TYPE]);
12217 		func->publish_bcast =
12218 			nla_get_flag(tb[NL80211_NAN_FUNC_PUBLISH_BCAST]);
12219 
12220 		if ((!(func->publish_type & NL80211_NAN_SOLICITED_PUBLISH)) &&
12221 			func->publish_bcast) {
12222 			err = -EINVAL;
12223 			goto out;
12224 		}
12225 		break;
12226 	case NL80211_NAN_FUNC_SUBSCRIBE:
12227 		func->subscribe_active =
12228 			nla_get_flag(tb[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE]);
12229 		break;
12230 	case NL80211_NAN_FUNC_FOLLOW_UP:
12231 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
12232 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
12233 		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
12234 			err = -EINVAL;
12235 			goto out;
12236 		}
12237 
12238 		func->followup_id =
12239 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_ID]);
12240 		func->followup_reqid =
12241 			nla_get_u8(tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]);
12242 		memcpy(func->followup_dest.addr,
12243 		       nla_data(tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]),
12244 		       sizeof(func->followup_dest.addr));
12245 		if (func->ttl) {
12246 			err = -EINVAL;
12247 			goto out;
12248 		}
12249 		break;
12250 	default:
12251 		err = -EINVAL;
12252 		goto out;
12253 	}
12254 
12255 	if (tb[NL80211_NAN_FUNC_SRF]) {
12256 		struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12257 
12258 		err = nla_parse_nested_deprecated(srf_tb,
12259 						  NL80211_NAN_SRF_ATTR_MAX,
12260 						  tb[NL80211_NAN_FUNC_SRF],
12261 						  nl80211_nan_srf_policy,
12262 						  info->extack);
12263 		if (err)
12264 			goto out;
12265 
12266 		func->srf_include =
12267 			nla_get_flag(srf_tb[NL80211_NAN_SRF_INCLUDE]);
12268 
12269 		if (srf_tb[NL80211_NAN_SRF_BF]) {
12270 			if (srf_tb[NL80211_NAN_SRF_MAC_ADDRS] ||
12271 			    !srf_tb[NL80211_NAN_SRF_BF_IDX]) {
12272 				err = -EINVAL;
12273 				goto out;
12274 			}
12275 
12276 			func->srf_bf_len =
12277 				nla_len(srf_tb[NL80211_NAN_SRF_BF]);
12278 			func->srf_bf =
12279 				kmemdup(nla_data(srf_tb[NL80211_NAN_SRF_BF]),
12280 					func->srf_bf_len, GFP_KERNEL);
12281 			if (!func->srf_bf) {
12282 				err = -ENOMEM;
12283 				goto out;
12284 			}
12285 
12286 			func->srf_bf_idx =
12287 				nla_get_u8(srf_tb[NL80211_NAN_SRF_BF_IDX]);
12288 		} else {
12289 			struct nlattr *attr, *mac_attr =
12290 				srf_tb[NL80211_NAN_SRF_MAC_ADDRS];
12291 			int n_entries, rem, i = 0;
12292 
12293 			if (!mac_attr) {
12294 				err = -EINVAL;
12295 				goto out;
12296 			}
12297 
12298 			n_entries = validate_acl_mac_addrs(mac_attr);
12299 			if (n_entries <= 0) {
12300 				err = -EINVAL;
12301 				goto out;
12302 			}
12303 
12304 			func->srf_num_macs = n_entries;
12305 			func->srf_macs =
12306 				kcalloc(n_entries, sizeof(*func->srf_macs),
12307 					GFP_KERNEL);
12308 			if (!func->srf_macs) {
12309 				err = -ENOMEM;
12310 				goto out;
12311 			}
12312 
12313 			nla_for_each_nested(attr, mac_attr, rem)
12314 				memcpy(func->srf_macs[i++].addr, nla_data(attr),
12315 				       sizeof(*func->srf_macs));
12316 		}
12317 	}
12318 
12319 	if (tb[NL80211_NAN_FUNC_TX_MATCH_FILTER]) {
12320 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_TX_MATCH_FILTER],
12321 					func, true);
12322 		if (err)
12323 			goto out;
12324 	}
12325 
12326 	if (tb[NL80211_NAN_FUNC_RX_MATCH_FILTER]) {
12327 		err = handle_nan_filter(tb[NL80211_NAN_FUNC_RX_MATCH_FILTER],
12328 					func, false);
12329 		if (err)
12330 			goto out;
12331 	}
12332 
12333 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12334 	if (!msg) {
12335 		err = -ENOMEM;
12336 		goto out;
12337 	}
12338 
12339 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12340 			     NL80211_CMD_ADD_NAN_FUNCTION);
12341 	/* This can't really happen - we just allocated 4KB */
12342 	if (WARN_ON(!hdr)) {
12343 		err = -ENOMEM;
12344 		goto out;
12345 	}
12346 
12347 	err = rdev_add_nan_func(rdev, wdev, func);
12348 out:
12349 	if (err < 0) {
12350 		cfg80211_free_nan_func(func);
12351 		nlmsg_free(msg);
12352 		return err;
12353 	}
12354 
12355 	/* propagate the instance id and cookie to userspace  */
12356 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, func->cookie,
12357 			      NL80211_ATTR_PAD))
12358 		goto nla_put_failure;
12359 
12360 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12361 	if (!func_attr)
12362 		goto nla_put_failure;
12363 
12364 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID,
12365 		       func->instance_id))
12366 		goto nla_put_failure;
12367 
12368 	nla_nest_end(msg, func_attr);
12369 
12370 	genlmsg_end(msg, hdr);
12371 	return genlmsg_reply(msg, info);
12372 
12373 nla_put_failure:
12374 	nlmsg_free(msg);
12375 	return -ENOBUFS;
12376 }
12377 
12378 static int nl80211_nan_del_func(struct sk_buff *skb,
12379 			       struct genl_info *info)
12380 {
12381 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12382 	struct wireless_dev *wdev = info->user_ptr[1];
12383 	u64 cookie;
12384 
12385 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12386 		return -EOPNOTSUPP;
12387 
12388 	if (!wdev_running(wdev))
12389 		return -ENOTCONN;
12390 
12391 	if (!info->attrs[NL80211_ATTR_COOKIE])
12392 		return -EINVAL;
12393 
12394 	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
12395 
12396 	rdev_del_nan_func(rdev, wdev, cookie);
12397 
12398 	return 0;
12399 }
12400 
12401 static int nl80211_nan_change_config(struct sk_buff *skb,
12402 				     struct genl_info *info)
12403 {
12404 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12405 	struct wireless_dev *wdev = info->user_ptr[1];
12406 	struct cfg80211_nan_conf conf = {};
12407 	u32 changed = 0;
12408 
12409 	if (wdev->iftype != NL80211_IFTYPE_NAN)
12410 		return -EOPNOTSUPP;
12411 
12412 	if (!wdev_running(wdev))
12413 		return -ENOTCONN;
12414 
12415 	if (info->attrs[NL80211_ATTR_NAN_MASTER_PREF]) {
12416 		conf.master_pref =
12417 			nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
12418 		if (conf.master_pref <= 1 || conf.master_pref == 255)
12419 			return -EINVAL;
12420 
12421 		changed |= CFG80211_NAN_CONF_CHANGED_PREF;
12422 	}
12423 
12424 	if (info->attrs[NL80211_ATTR_BANDS]) {
12425 		u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
12426 
12427 		if (bands & ~(u32)wdev->wiphy->nan_supported_bands)
12428 			return -EOPNOTSUPP;
12429 
12430 		if (bands && !(bands & BIT(NL80211_BAND_2GHZ)))
12431 			return -EINVAL;
12432 
12433 		conf.bands = bands;
12434 		changed |= CFG80211_NAN_CONF_CHANGED_BANDS;
12435 	}
12436 
12437 	if (!changed)
12438 		return -EINVAL;
12439 
12440 	return rdev_nan_change_conf(rdev, wdev, &conf, changed);
12441 }
12442 
12443 void cfg80211_nan_match(struct wireless_dev *wdev,
12444 			struct cfg80211_nan_match_params *match, gfp_t gfp)
12445 {
12446 	struct wiphy *wiphy = wdev->wiphy;
12447 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12448 	struct nlattr *match_attr, *local_func_attr, *peer_func_attr;
12449 	struct sk_buff *msg;
12450 	void *hdr;
12451 
12452 	if (WARN_ON(!match->inst_id || !match->peer_inst_id || !match->addr))
12453 		return;
12454 
12455 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12456 	if (!msg)
12457 		return;
12458 
12459 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NAN_MATCH);
12460 	if (!hdr) {
12461 		nlmsg_free(msg);
12462 		return;
12463 	}
12464 
12465 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12466 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12467 					 wdev->netdev->ifindex)) ||
12468 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12469 			      NL80211_ATTR_PAD))
12470 		goto nla_put_failure;
12471 
12472 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, match->cookie,
12473 			      NL80211_ATTR_PAD) ||
12474 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12475 		goto nla_put_failure;
12476 
12477 	match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12478 	if (!match_attr)
12479 		goto nla_put_failure;
12480 
12481 	local_func_attr = nla_nest_start_noflag(msg,
12482 						NL80211_NAN_MATCH_FUNC_LOCAL);
12483 	if (!local_func_attr)
12484 		goto nla_put_failure;
12485 
12486 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->inst_id))
12487 		goto nla_put_failure;
12488 
12489 	nla_nest_end(msg, local_func_attr);
12490 
12491 	peer_func_attr = nla_nest_start_noflag(msg,
12492 					       NL80211_NAN_MATCH_FUNC_PEER);
12493 	if (!peer_func_attr)
12494 		goto nla_put_failure;
12495 
12496 	if (nla_put_u8(msg, NL80211_NAN_FUNC_TYPE, match->type) ||
12497 	    nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, match->peer_inst_id))
12498 		goto nla_put_failure;
12499 
12500 	if (match->info && match->info_len &&
12501 	    nla_put(msg, NL80211_NAN_FUNC_SERVICE_INFO, match->info_len,
12502 		    match->info))
12503 		goto nla_put_failure;
12504 
12505 	nla_nest_end(msg, peer_func_attr);
12506 	nla_nest_end(msg, match_attr);
12507 	genlmsg_end(msg, hdr);
12508 
12509 	if (!wdev->owner_nlportid)
12510 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12511 					msg, 0, NL80211_MCGRP_NAN, gfp);
12512 	else
12513 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12514 				wdev->owner_nlportid);
12515 
12516 	return;
12517 
12518 nla_put_failure:
12519 	nlmsg_free(msg);
12520 }
12521 EXPORT_SYMBOL(cfg80211_nan_match);
12522 
12523 void cfg80211_nan_func_terminated(struct wireless_dev *wdev,
12524 				  u8 inst_id,
12525 				  enum nl80211_nan_func_term_reason reason,
12526 				  u64 cookie, gfp_t gfp)
12527 {
12528 	struct wiphy *wiphy = wdev->wiphy;
12529 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12530 	struct sk_buff *msg;
12531 	struct nlattr *func_attr;
12532 	void *hdr;
12533 
12534 	if (WARN_ON(!inst_id))
12535 		return;
12536 
12537 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12538 	if (!msg)
12539 		return;
12540 
12541 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DEL_NAN_FUNCTION);
12542 	if (!hdr) {
12543 		nlmsg_free(msg);
12544 		return;
12545 	}
12546 
12547 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12548 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12549 					 wdev->netdev->ifindex)) ||
12550 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
12551 			      NL80211_ATTR_PAD))
12552 		goto nla_put_failure;
12553 
12554 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
12555 			      NL80211_ATTR_PAD))
12556 		goto nla_put_failure;
12557 
12558 	func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12559 	if (!func_attr)
12560 		goto nla_put_failure;
12561 
12562 	if (nla_put_u8(msg, NL80211_NAN_FUNC_INSTANCE_ID, inst_id) ||
12563 	    nla_put_u8(msg, NL80211_NAN_FUNC_TERM_REASON, reason))
12564 		goto nla_put_failure;
12565 
12566 	nla_nest_end(msg, func_attr);
12567 	genlmsg_end(msg, hdr);
12568 
12569 	if (!wdev->owner_nlportid)
12570 		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
12571 					msg, 0, NL80211_MCGRP_NAN, gfp);
12572 	else
12573 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
12574 				wdev->owner_nlportid);
12575 
12576 	return;
12577 
12578 nla_put_failure:
12579 	nlmsg_free(msg);
12580 }
12581 EXPORT_SYMBOL(cfg80211_nan_func_terminated);
12582 
12583 static int nl80211_get_protocol_features(struct sk_buff *skb,
12584 					 struct genl_info *info)
12585 {
12586 	void *hdr;
12587 	struct sk_buff *msg;
12588 
12589 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12590 	if (!msg)
12591 		return -ENOMEM;
12592 
12593 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
12594 			     NL80211_CMD_GET_PROTOCOL_FEATURES);
12595 	if (!hdr)
12596 		goto nla_put_failure;
12597 
12598 	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
12599 			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
12600 		goto nla_put_failure;
12601 
12602 	genlmsg_end(msg, hdr);
12603 	return genlmsg_reply(msg, info);
12604 
12605  nla_put_failure:
12606 	kfree_skb(msg);
12607 	return -ENOBUFS;
12608 }
12609 
12610 static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
12611 {
12612 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12613 	struct cfg80211_update_ft_ies_params ft_params;
12614 	struct net_device *dev = info->user_ptr[1];
12615 
12616 	if (!rdev->ops->update_ft_ies)
12617 		return -EOPNOTSUPP;
12618 
12619 	if (!info->attrs[NL80211_ATTR_MDID] ||
12620 	    !info->attrs[NL80211_ATTR_IE])
12621 		return -EINVAL;
12622 
12623 	memset(&ft_params, 0, sizeof(ft_params));
12624 	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
12625 	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
12626 	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
12627 
12628 	return rdev_update_ft_ies(rdev, dev, &ft_params);
12629 }
12630 
12631 static int nl80211_crit_protocol_start(struct sk_buff *skb,
12632 				       struct genl_info *info)
12633 {
12634 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12635 	struct wireless_dev *wdev = info->user_ptr[1];
12636 	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
12637 	u16 duration;
12638 	int ret;
12639 
12640 	if (!rdev->ops->crit_proto_start)
12641 		return -EOPNOTSUPP;
12642 
12643 	if (WARN_ON(!rdev->ops->crit_proto_stop))
12644 		return -EINVAL;
12645 
12646 	if (rdev->crit_proto_nlportid)
12647 		return -EBUSY;
12648 
12649 	/* determine protocol if provided */
12650 	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
12651 		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
12652 
12653 	if (proto >= NUM_NL80211_CRIT_PROTO)
12654 		return -EINVAL;
12655 
12656 	/* timeout must be provided */
12657 	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
12658 		return -EINVAL;
12659 
12660 	duration =
12661 		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
12662 
12663 	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
12664 		return -ERANGE;
12665 
12666 	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
12667 	if (!ret)
12668 		rdev->crit_proto_nlportid = info->snd_portid;
12669 
12670 	return ret;
12671 }
12672 
12673 static int nl80211_crit_protocol_stop(struct sk_buff *skb,
12674 				      struct genl_info *info)
12675 {
12676 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12677 	struct wireless_dev *wdev = info->user_ptr[1];
12678 
12679 	if (!rdev->ops->crit_proto_stop)
12680 		return -EOPNOTSUPP;
12681 
12682 	if (rdev->crit_proto_nlportid) {
12683 		rdev->crit_proto_nlportid = 0;
12684 		rdev_crit_proto_stop(rdev, wdev);
12685 	}
12686 	return 0;
12687 }
12688 
12689 static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
12690 				       struct nlattr *attr,
12691 				       struct netlink_ext_ack *extack)
12692 {
12693 	if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
12694 		if (attr->nla_type & NLA_F_NESTED) {
12695 			NL_SET_ERR_MSG_ATTR(extack, attr,
12696 					    "unexpected nested data");
12697 			return -EINVAL;
12698 		}
12699 
12700 		return 0;
12701 	}
12702 
12703 	if (!(attr->nla_type & NLA_F_NESTED)) {
12704 		NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
12705 		return -EINVAL;
12706 	}
12707 
12708 	return nl80211_validate_nested(attr, vcmd->maxattr, vcmd->policy,
12709 				       extack);
12710 }
12711 
12712 static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
12713 {
12714 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
12715 	struct wireless_dev *wdev =
12716 		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
12717 	int i, err;
12718 	u32 vid, subcmd;
12719 
12720 	if (!rdev->wiphy.vendor_commands)
12721 		return -EOPNOTSUPP;
12722 
12723 	if (IS_ERR(wdev)) {
12724 		err = PTR_ERR(wdev);
12725 		if (err != -EINVAL)
12726 			return err;
12727 		wdev = NULL;
12728 	} else if (wdev->wiphy != &rdev->wiphy) {
12729 		return -EINVAL;
12730 	}
12731 
12732 	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
12733 	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
12734 		return -EINVAL;
12735 
12736 	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
12737 	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
12738 	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
12739 		const struct wiphy_vendor_command *vcmd;
12740 		void *data = NULL;
12741 		int len = 0;
12742 
12743 		vcmd = &rdev->wiphy.vendor_commands[i];
12744 
12745 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12746 			continue;
12747 
12748 		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12749 				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12750 			if (!wdev)
12751 				return -EINVAL;
12752 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12753 			    !wdev->netdev)
12754 				return -EINVAL;
12755 
12756 			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12757 				if (!wdev_running(wdev))
12758 					return -ENETDOWN;
12759 			}
12760 
12761 			if (!vcmd->doit)
12762 				return -EOPNOTSUPP;
12763 		} else {
12764 			wdev = NULL;
12765 		}
12766 
12767 		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
12768 			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12769 			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12770 
12771 			err = nl80211_vendor_check_policy(vcmd,
12772 					info->attrs[NL80211_ATTR_VENDOR_DATA],
12773 					info->extack);
12774 			if (err)
12775 				return err;
12776 		}
12777 
12778 		rdev->cur_cmd_info = info;
12779 		err = vcmd->doit(&rdev->wiphy, wdev, data, len);
12780 		rdev->cur_cmd_info = NULL;
12781 		return err;
12782 	}
12783 
12784 	return -EOPNOTSUPP;
12785 }
12786 
12787 static int nl80211_prepare_vendor_dump(struct sk_buff *skb,
12788 				       struct netlink_callback *cb,
12789 				       struct cfg80211_registered_device **rdev,
12790 				       struct wireless_dev **wdev)
12791 {
12792 	struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
12793 	u32 vid, subcmd;
12794 	unsigned int i;
12795 	int vcmd_idx = -1;
12796 	int err;
12797 	void *data = NULL;
12798 	unsigned int data_len = 0;
12799 
12800 	if (cb->args[0]) {
12801 		/* subtract the 1 again here */
12802 		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
12803 		struct wireless_dev *tmp;
12804 
12805 		if (!wiphy)
12806 			return -ENODEV;
12807 		*rdev = wiphy_to_rdev(wiphy);
12808 		*wdev = NULL;
12809 
12810 		if (cb->args[1]) {
12811 			list_for_each_entry(tmp, &wiphy->wdev_list, list) {
12812 				if (tmp->identifier == cb->args[1] - 1) {
12813 					*wdev = tmp;
12814 					break;
12815 				}
12816 			}
12817 		}
12818 
12819 		/* keep rtnl locked in successful case */
12820 		return 0;
12821 	}
12822 
12823 	err = nlmsg_parse_deprecated(cb->nlh,
12824 				     GENL_HDRLEN + nl80211_fam.hdrsize,
12825 				     attrbuf, nl80211_fam.maxattr,
12826 				     nl80211_policy, NULL);
12827 	if (err)
12828 		return err;
12829 
12830 	if (!attrbuf[NL80211_ATTR_VENDOR_ID] ||
12831 	    !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
12832 		return -EINVAL;
12833 
12834 	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
12835 	if (IS_ERR(*wdev))
12836 		*wdev = NULL;
12837 
12838 	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
12839 	if (IS_ERR(*rdev))
12840 		return PTR_ERR(*rdev);
12841 
12842 	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
12843 	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
12844 
12845 	for (i = 0; i < (*rdev)->wiphy.n_vendor_commands; i++) {
12846 		const struct wiphy_vendor_command *vcmd;
12847 
12848 		vcmd = &(*rdev)->wiphy.vendor_commands[i];
12849 
12850 		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
12851 			continue;
12852 
12853 		if (!vcmd->dumpit)
12854 			return -EOPNOTSUPP;
12855 
12856 		vcmd_idx = i;
12857 		break;
12858 	}
12859 
12860 	if (vcmd_idx < 0)
12861 		return -EOPNOTSUPP;
12862 
12863 	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
12864 		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12865 		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12866 
12867 		err = nl80211_vendor_check_policy(
12868 				&(*rdev)->wiphy.vendor_commands[vcmd_idx],
12869 				attrbuf[NL80211_ATTR_VENDOR_DATA],
12870 				cb->extack);
12871 		if (err)
12872 			return err;
12873 	}
12874 
12875 	/* 0 is the first index - add 1 to parse only once */
12876 	cb->args[0] = (*rdev)->wiphy_idx + 1;
12877 	/* add 1 to know if it was NULL */
12878 	cb->args[1] = *wdev ? (*wdev)->identifier + 1 : 0;
12879 	cb->args[2] = vcmd_idx;
12880 	cb->args[3] = (unsigned long)data;
12881 	cb->args[4] = data_len;
12882 
12883 	/* keep rtnl locked in successful case */
12884 	return 0;
12885 }
12886 
12887 static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
12888 				   struct netlink_callback *cb)
12889 {
12890 	struct cfg80211_registered_device *rdev;
12891 	struct wireless_dev *wdev;
12892 	unsigned int vcmd_idx;
12893 	const struct wiphy_vendor_command *vcmd;
12894 	void *data;
12895 	int data_len;
12896 	int err;
12897 	struct nlattr *vendor_data;
12898 
12899 	rtnl_lock();
12900 	err = nl80211_prepare_vendor_dump(skb, cb, &rdev, &wdev);
12901 	if (err)
12902 		goto out;
12903 
12904 	vcmd_idx = cb->args[2];
12905 	data = (void *)cb->args[3];
12906 	data_len = cb->args[4];
12907 	vcmd = &rdev->wiphy.vendor_commands[vcmd_idx];
12908 
12909 	if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
12910 			   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
12911 		if (!wdev) {
12912 			err = -EINVAL;
12913 			goto out;
12914 		}
12915 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
12916 		    !wdev->netdev) {
12917 			err = -EINVAL;
12918 			goto out;
12919 		}
12920 
12921 		if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
12922 			if (!wdev_running(wdev)) {
12923 				err = -ENETDOWN;
12924 				goto out;
12925 			}
12926 		}
12927 	}
12928 
12929 	while (1) {
12930 		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
12931 					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
12932 					   NL80211_CMD_VENDOR);
12933 		if (!hdr)
12934 			break;
12935 
12936 		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12937 		    (wdev && nla_put_u64_64bit(skb, NL80211_ATTR_WDEV,
12938 					       wdev_id(wdev),
12939 					       NL80211_ATTR_PAD))) {
12940 			genlmsg_cancel(skb, hdr);
12941 			break;
12942 		}
12943 
12944 		vendor_data = nla_nest_start_noflag(skb,
12945 						    NL80211_ATTR_VENDOR_DATA);
12946 		if (!vendor_data) {
12947 			genlmsg_cancel(skb, hdr);
12948 			break;
12949 		}
12950 
12951 		err = vcmd->dumpit(&rdev->wiphy, wdev, skb, data, data_len,
12952 				   (unsigned long *)&cb->args[5]);
12953 		nla_nest_end(skb, vendor_data);
12954 
12955 		if (err == -ENOBUFS || err == -ENOENT) {
12956 			genlmsg_cancel(skb, hdr);
12957 			break;
12958 		} else if (err) {
12959 			genlmsg_cancel(skb, hdr);
12960 			goto out;
12961 		}
12962 
12963 		genlmsg_end(skb, hdr);
12964 	}
12965 
12966 	err = skb->len;
12967  out:
12968 	rtnl_unlock();
12969 	return err;
12970 }
12971 
12972 struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
12973 					   enum nl80211_commands cmd,
12974 					   enum nl80211_attrs attr,
12975 					   int approxlen)
12976 {
12977 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12978 
12979 	if (WARN_ON(!rdev->cur_cmd_info))
12980 		return NULL;
12981 
12982 	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
12983 					   rdev->cur_cmd_info->snd_portid,
12984 					   rdev->cur_cmd_info->snd_seq,
12985 					   cmd, attr, NULL, GFP_KERNEL);
12986 }
12987 EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
12988 
12989 int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
12990 {
12991 	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
12992 	void *hdr = ((void **)skb->cb)[1];
12993 	struct nlattr *data = ((void **)skb->cb)[2];
12994 
12995 	/* clear CB data for netlink core to own from now on */
12996 	memset(skb->cb, 0, sizeof(skb->cb));
12997 
12998 	if (WARN_ON(!rdev->cur_cmd_info)) {
12999 		kfree_skb(skb);
13000 		return -EINVAL;
13001 	}
13002 
13003 	nla_nest_end(skb, data);
13004 	genlmsg_end(skb, hdr);
13005 	return genlmsg_reply(skb, rdev->cur_cmd_info);
13006 }
13007 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
13008 
13009 unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
13010 {
13011 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
13012 
13013 	if (WARN_ON(!rdev->cur_cmd_info))
13014 		return 0;
13015 
13016 	return rdev->cur_cmd_info->snd_portid;
13017 }
13018 EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
13019 
13020 static int nl80211_set_qos_map(struct sk_buff *skb,
13021 			       struct genl_info *info)
13022 {
13023 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13024 	struct cfg80211_qos_map *qos_map = NULL;
13025 	struct net_device *dev = info->user_ptr[1];
13026 	u8 *pos, len, num_des, des_len, des;
13027 	int ret;
13028 
13029 	if (!rdev->ops->set_qos_map)
13030 		return -EOPNOTSUPP;
13031 
13032 	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
13033 		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
13034 		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
13035 
13036 		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
13037 		    len > IEEE80211_QOS_MAP_LEN_MAX)
13038 			return -EINVAL;
13039 
13040 		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
13041 		if (!qos_map)
13042 			return -ENOMEM;
13043 
13044 		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
13045 		if (num_des) {
13046 			des_len = num_des *
13047 				sizeof(struct cfg80211_dscp_exception);
13048 			memcpy(qos_map->dscp_exception, pos, des_len);
13049 			qos_map->num_des = num_des;
13050 			for (des = 0; des < num_des; des++) {
13051 				if (qos_map->dscp_exception[des].up > 7) {
13052 					kfree(qos_map);
13053 					return -EINVAL;
13054 				}
13055 			}
13056 			pos += des_len;
13057 		}
13058 		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
13059 	}
13060 
13061 	wdev_lock(dev->ieee80211_ptr);
13062 	ret = nl80211_key_allowed(dev->ieee80211_ptr);
13063 	if (!ret)
13064 		ret = rdev_set_qos_map(rdev, dev, qos_map);
13065 	wdev_unlock(dev->ieee80211_ptr);
13066 
13067 	kfree(qos_map);
13068 	return ret;
13069 }
13070 
13071 static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
13072 {
13073 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13074 	struct net_device *dev = info->user_ptr[1];
13075 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13076 	const u8 *peer;
13077 	u8 tsid, up;
13078 	u16 admitted_time = 0;
13079 	int err;
13080 
13081 	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
13082 		return -EOPNOTSUPP;
13083 
13084 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
13085 	    !info->attrs[NL80211_ATTR_USER_PRIO])
13086 		return -EINVAL;
13087 
13088 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13089 	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
13090 
13091 	/* WMM uses TIDs 0-7 even for TSPEC */
13092 	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
13093 		/* TODO: handle 802.11 TSPEC/admission control
13094 		 * need more attributes for that (e.g. BA session requirement);
13095 		 * change the WMM adminssion test above to allow both then
13096 		 */
13097 		return -EINVAL;
13098 	}
13099 
13100 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13101 
13102 	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
13103 		admitted_time =
13104 			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
13105 		if (!admitted_time)
13106 			return -EINVAL;
13107 	}
13108 
13109 	wdev_lock(wdev);
13110 	switch (wdev->iftype) {
13111 	case NL80211_IFTYPE_STATION:
13112 	case NL80211_IFTYPE_P2P_CLIENT:
13113 		if (wdev->current_bss)
13114 			break;
13115 		err = -ENOTCONN;
13116 		goto out;
13117 	default:
13118 		err = -EOPNOTSUPP;
13119 		goto out;
13120 	}
13121 
13122 	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
13123 
13124  out:
13125 	wdev_unlock(wdev);
13126 	return err;
13127 }
13128 
13129 static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
13130 {
13131 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13132 	struct net_device *dev = info->user_ptr[1];
13133 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13134 	const u8 *peer;
13135 	u8 tsid;
13136 	int err;
13137 
13138 	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
13139 		return -EINVAL;
13140 
13141 	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
13142 	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
13143 
13144 	wdev_lock(wdev);
13145 	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
13146 	wdev_unlock(wdev);
13147 
13148 	return err;
13149 }
13150 
13151 static int nl80211_tdls_channel_switch(struct sk_buff *skb,
13152 				       struct genl_info *info)
13153 {
13154 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13155 	struct net_device *dev = info->user_ptr[1];
13156 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13157 	struct cfg80211_chan_def chandef = {};
13158 	const u8 *addr;
13159 	u8 oper_class;
13160 	int err;
13161 
13162 	if (!rdev->ops->tdls_channel_switch ||
13163 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13164 		return -EOPNOTSUPP;
13165 
13166 	switch (dev->ieee80211_ptr->iftype) {
13167 	case NL80211_IFTYPE_STATION:
13168 	case NL80211_IFTYPE_P2P_CLIENT:
13169 		break;
13170 	default:
13171 		return -EOPNOTSUPP;
13172 	}
13173 
13174 	if (!info->attrs[NL80211_ATTR_MAC] ||
13175 	    !info->attrs[NL80211_ATTR_OPER_CLASS])
13176 		return -EINVAL;
13177 
13178 	err = nl80211_parse_chandef(rdev, info, &chandef);
13179 	if (err)
13180 		return err;
13181 
13182 	/*
13183 	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
13184 	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
13185 	 * specification is not defined for them.
13186 	 */
13187 	if (chandef.chan->band == NL80211_BAND_2GHZ &&
13188 	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
13189 	    chandef.width != NL80211_CHAN_WIDTH_20)
13190 		return -EINVAL;
13191 
13192 	/* we will be active on the TDLS link */
13193 	if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
13194 					   wdev->iftype))
13195 		return -EINVAL;
13196 
13197 	/* don't allow switching to DFS channels */
13198 	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
13199 		return -EINVAL;
13200 
13201 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13202 	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
13203 
13204 	wdev_lock(wdev);
13205 	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
13206 	wdev_unlock(wdev);
13207 
13208 	return err;
13209 }
13210 
13211 static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
13212 					      struct genl_info *info)
13213 {
13214 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13215 	struct net_device *dev = info->user_ptr[1];
13216 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13217 	const u8 *addr;
13218 
13219 	if (!rdev->ops->tdls_channel_switch ||
13220 	    !rdev->ops->tdls_cancel_channel_switch ||
13221 	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
13222 		return -EOPNOTSUPP;
13223 
13224 	switch (dev->ieee80211_ptr->iftype) {
13225 	case NL80211_IFTYPE_STATION:
13226 	case NL80211_IFTYPE_P2P_CLIENT:
13227 		break;
13228 	default:
13229 		return -EOPNOTSUPP;
13230 	}
13231 
13232 	if (!info->attrs[NL80211_ATTR_MAC])
13233 		return -EINVAL;
13234 
13235 	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
13236 
13237 	wdev_lock(wdev);
13238 	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
13239 	wdev_unlock(wdev);
13240 
13241 	return 0;
13242 }
13243 
13244 static int nl80211_set_multicast_to_unicast(struct sk_buff *skb,
13245 					    struct genl_info *info)
13246 {
13247 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13248 	struct net_device *dev = info->user_ptr[1];
13249 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13250 	const struct nlattr *nla;
13251 	bool enabled;
13252 
13253 	if (!rdev->ops->set_multicast_to_unicast)
13254 		return -EOPNOTSUPP;
13255 
13256 	if (wdev->iftype != NL80211_IFTYPE_AP &&
13257 	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
13258 		return -EOPNOTSUPP;
13259 
13260 	nla = info->attrs[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED];
13261 	enabled = nla_get_flag(nla);
13262 
13263 	return rdev_set_multicast_to_unicast(rdev, dev, enabled);
13264 }
13265 
13266 static int nl80211_set_pmk(struct sk_buff *skb, struct genl_info *info)
13267 {
13268 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13269 	struct net_device *dev = info->user_ptr[1];
13270 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13271 	struct cfg80211_pmk_conf pmk_conf = {};
13272 	int ret;
13273 
13274 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13275 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13276 		return -EOPNOTSUPP;
13277 
13278 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13279 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13280 		return -EOPNOTSUPP;
13281 
13282 	if (!info->attrs[NL80211_ATTR_MAC] || !info->attrs[NL80211_ATTR_PMK])
13283 		return -EINVAL;
13284 
13285 	wdev_lock(wdev);
13286 	if (!wdev->current_bss) {
13287 		ret = -ENOTCONN;
13288 		goto out;
13289 	}
13290 
13291 	pmk_conf.aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13292 	if (memcmp(pmk_conf.aa, wdev->current_bss->pub.bssid, ETH_ALEN)) {
13293 		ret = -EINVAL;
13294 		goto out;
13295 	}
13296 
13297 	pmk_conf.pmk = nla_data(info->attrs[NL80211_ATTR_PMK]);
13298 	pmk_conf.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
13299 	if (pmk_conf.pmk_len != WLAN_PMK_LEN &&
13300 	    pmk_conf.pmk_len != WLAN_PMK_LEN_SUITE_B_192) {
13301 		ret = -EINVAL;
13302 		goto out;
13303 	}
13304 
13305 	if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13306 		int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13307 
13308 		if (r0_name_len != WLAN_PMK_NAME_LEN) {
13309 			ret = -EINVAL;
13310 			goto out;
13311 		}
13312 
13313 		pmk_conf.pmk_r0_name =
13314 			nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13315 	}
13316 
13317 	ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13318 out:
13319 	wdev_unlock(wdev);
13320 	return ret;
13321 }
13322 
13323 static int nl80211_del_pmk(struct sk_buff *skb, struct genl_info *info)
13324 {
13325 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13326 	struct net_device *dev = info->user_ptr[1];
13327 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13328 	const u8 *aa;
13329 	int ret;
13330 
13331 	if (wdev->iftype != NL80211_IFTYPE_STATION &&
13332 	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
13333 		return -EOPNOTSUPP;
13334 
13335 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13336 				     NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X))
13337 		return -EOPNOTSUPP;
13338 
13339 	if (!info->attrs[NL80211_ATTR_MAC])
13340 		return -EINVAL;
13341 
13342 	wdev_lock(wdev);
13343 	aa = nla_data(info->attrs[NL80211_ATTR_MAC]);
13344 	ret = rdev_del_pmk(rdev, dev, aa);
13345 	wdev_unlock(wdev);
13346 
13347 	return ret;
13348 }
13349 
13350 static int nl80211_external_auth(struct sk_buff *skb, struct genl_info *info)
13351 {
13352 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13353 	struct net_device *dev = info->user_ptr[1];
13354 	struct cfg80211_external_auth_params params;
13355 
13356 	if (!rdev->ops->external_auth)
13357 		return -EOPNOTSUPP;
13358 
13359 	if (!info->attrs[NL80211_ATTR_SSID] &&
13360 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
13361 	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
13362 		return -EINVAL;
13363 
13364 	if (!info->attrs[NL80211_ATTR_BSSID])
13365 		return -EINVAL;
13366 
13367 	if (!info->attrs[NL80211_ATTR_STATUS_CODE])
13368 		return -EINVAL;
13369 
13370 	memset(&params, 0, sizeof(params));
13371 
13372 	if (info->attrs[NL80211_ATTR_SSID]) {
13373 		params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13374 		if (params.ssid.ssid_len == 0 ||
13375 		    params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
13376 			return -EINVAL;
13377 		memcpy(params.ssid.ssid,
13378 		       nla_data(info->attrs[NL80211_ATTR_SSID]),
13379 		       params.ssid.ssid_len);
13380 	}
13381 
13382 	memcpy(params.bssid, nla_data(info->attrs[NL80211_ATTR_BSSID]),
13383 	       ETH_ALEN);
13384 
13385 	params.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13386 
13387 	if (info->attrs[NL80211_ATTR_PMKID])
13388 		params.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
13389 
13390 	return rdev_external_auth(rdev, dev, &params);
13391 }
13392 
13393 static int nl80211_tx_control_port(struct sk_buff *skb, struct genl_info *info)
13394 {
13395 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13396 	struct net_device *dev = info->user_ptr[1];
13397 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13398 	const u8 *buf;
13399 	size_t len;
13400 	u8 *dest;
13401 	u16 proto;
13402 	bool noencrypt;
13403 	int err;
13404 
13405 	if (!wiphy_ext_feature_isset(&rdev->wiphy,
13406 				     NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211))
13407 		return -EOPNOTSUPP;
13408 
13409 	if (!rdev->ops->tx_control_port)
13410 		return -EOPNOTSUPP;
13411 
13412 	if (!info->attrs[NL80211_ATTR_FRAME] ||
13413 	    !info->attrs[NL80211_ATTR_MAC] ||
13414 	    !info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
13415 		GENL_SET_ERR_MSG(info, "Frame, MAC or ethertype missing");
13416 		return -EINVAL;
13417 	}
13418 
13419 	wdev_lock(wdev);
13420 
13421 	switch (wdev->iftype) {
13422 	case NL80211_IFTYPE_AP:
13423 	case NL80211_IFTYPE_P2P_GO:
13424 	case NL80211_IFTYPE_MESH_POINT:
13425 		break;
13426 	case NL80211_IFTYPE_ADHOC:
13427 	case NL80211_IFTYPE_STATION:
13428 	case NL80211_IFTYPE_P2P_CLIENT:
13429 		if (wdev->current_bss)
13430 			break;
13431 		err = -ENOTCONN;
13432 		goto out;
13433 	default:
13434 		err = -EOPNOTSUPP;
13435 		goto out;
13436 	}
13437 
13438 	wdev_unlock(wdev);
13439 
13440 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13441 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13442 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13443 	proto = nla_get_u16(info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
13444 	noencrypt =
13445 		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13446 
13447 	return rdev_tx_control_port(rdev, dev, buf, len,
13448 				    dest, cpu_to_be16(proto), noencrypt);
13449 
13450  out:
13451 	wdev_unlock(wdev);
13452 	return err;
13453 }
13454 
13455 static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
13456 					   struct genl_info *info)
13457 {
13458 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13459 	struct net_device *dev = info->user_ptr[1];
13460 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13461 	struct cfg80211_ftm_responder_stats ftm_stats = {};
13462 	struct sk_buff *msg;
13463 	void *hdr;
13464 	struct nlattr *ftm_stats_attr;
13465 	int err;
13466 
13467 	if (wdev->iftype != NL80211_IFTYPE_AP || !wdev->beacon_interval)
13468 		return -EOPNOTSUPP;
13469 
13470 	err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
13471 	if (err)
13472 		return err;
13473 
13474 	if (!ftm_stats.filled)
13475 		return -ENODATA;
13476 
13477 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
13478 	if (!msg)
13479 		return -ENOMEM;
13480 
13481 	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
13482 			     NL80211_CMD_GET_FTM_RESPONDER_STATS);
13483 	if (!hdr)
13484 		return -ENOBUFS;
13485 
13486 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
13487 		goto nla_put_failure;
13488 
13489 	ftm_stats_attr = nla_nest_start_noflag(msg,
13490 					       NL80211_ATTR_FTM_RESPONDER_STATS);
13491 	if (!ftm_stats_attr)
13492 		goto nla_put_failure;
13493 
13494 #define SET_FTM(field, name, type)					 \
13495 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13496 	    nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name,		 \
13497 			     ftm_stats.field))				 \
13498 		goto nla_put_failure; } while (0)
13499 #define SET_FTM_U64(field, name)					 \
13500 	do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
13501 	    nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name,		 \
13502 			      ftm_stats.field, NL80211_FTM_STATS_PAD))	 \
13503 		goto nla_put_failure; } while (0)
13504 
13505 	SET_FTM(success_num, SUCCESS_NUM, u32);
13506 	SET_FTM(partial_num, PARTIAL_NUM, u32);
13507 	SET_FTM(failed_num, FAILED_NUM, u32);
13508 	SET_FTM(asap_num, ASAP_NUM, u32);
13509 	SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
13510 	SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
13511 	SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
13512 	SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
13513 	SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
13514 #undef SET_FTM
13515 
13516 	nla_nest_end(msg, ftm_stats_attr);
13517 
13518 	genlmsg_end(msg, hdr);
13519 	return genlmsg_reply(msg, info);
13520 
13521 nla_put_failure:
13522 	nlmsg_free(msg);
13523 	return -ENOBUFS;
13524 }
13525 
13526 static int nl80211_update_owe_info(struct sk_buff *skb, struct genl_info *info)
13527 {
13528 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13529 	struct cfg80211_update_owe_info owe_info;
13530 	struct net_device *dev = info->user_ptr[1];
13531 
13532 	if (!rdev->ops->update_owe_info)
13533 		return -EOPNOTSUPP;
13534 
13535 	if (!info->attrs[NL80211_ATTR_STATUS_CODE] ||
13536 	    !info->attrs[NL80211_ATTR_MAC])
13537 		return -EINVAL;
13538 
13539 	memset(&owe_info, 0, sizeof(owe_info));
13540 	owe_info.status = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
13541 	nla_memcpy(owe_info.peer, info->attrs[NL80211_ATTR_MAC], ETH_ALEN);
13542 
13543 	if (info->attrs[NL80211_ATTR_IE]) {
13544 		owe_info.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
13545 		owe_info.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
13546 	}
13547 
13548 	return rdev_update_owe_info(rdev, dev, &owe_info);
13549 }
13550 
13551 static int nl80211_probe_mesh_link(struct sk_buff *skb, struct genl_info *info)
13552 {
13553 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13554 	struct net_device *dev = info->user_ptr[1];
13555 	struct wireless_dev *wdev = dev->ieee80211_ptr;
13556 	struct station_info sinfo = {};
13557 	const u8 *buf;
13558 	size_t len;
13559 	u8 *dest;
13560 	int err;
13561 
13562 	if (!rdev->ops->probe_mesh_link || !rdev->ops->get_station)
13563 		return -EOPNOTSUPP;
13564 
13565 	if (!info->attrs[NL80211_ATTR_MAC] ||
13566 	    !info->attrs[NL80211_ATTR_FRAME]) {
13567 		GENL_SET_ERR_MSG(info, "Frame or MAC missing");
13568 		return -EINVAL;
13569 	}
13570 
13571 	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
13572 		return -EOPNOTSUPP;
13573 
13574 	dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
13575 	buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
13576 	len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
13577 
13578 	if (len < sizeof(struct ethhdr))
13579 		return -EINVAL;
13580 
13581 	if (!ether_addr_equal(buf, dest) || is_multicast_ether_addr(buf) ||
13582 	    !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
13583 		return -EINVAL;
13584 
13585 	err = rdev_get_station(rdev, dev, dest, &sinfo);
13586 	if (err)
13587 		return err;
13588 
13589 	return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
13590 }
13591 
13592 #define NL80211_FLAG_NEED_WIPHY		0x01
13593 #define NL80211_FLAG_NEED_NETDEV	0x02
13594 #define NL80211_FLAG_NEED_RTNL		0x04
13595 #define NL80211_FLAG_CHECK_NETDEV_UP	0x08
13596 #define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
13597 					 NL80211_FLAG_CHECK_NETDEV_UP)
13598 #define NL80211_FLAG_NEED_WDEV		0x10
13599 /* If a netdev is associated, it must be UP, P2P must be started */
13600 #define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
13601 					 NL80211_FLAG_CHECK_NETDEV_UP)
13602 #define NL80211_FLAG_CLEAR_SKB		0x20
13603 
13604 static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
13605 			    struct genl_info *info)
13606 {
13607 	struct cfg80211_registered_device *rdev;
13608 	struct wireless_dev *wdev;
13609 	struct net_device *dev;
13610 	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
13611 
13612 	if (rtnl)
13613 		rtnl_lock();
13614 
13615 	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
13616 		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
13617 		if (IS_ERR(rdev)) {
13618 			if (rtnl)
13619 				rtnl_unlock();
13620 			return PTR_ERR(rdev);
13621 		}
13622 		info->user_ptr[0] = rdev;
13623 	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
13624 		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13625 		ASSERT_RTNL();
13626 
13627 		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
13628 						  info->attrs);
13629 		if (IS_ERR(wdev)) {
13630 			if (rtnl)
13631 				rtnl_unlock();
13632 			return PTR_ERR(wdev);
13633 		}
13634 
13635 		dev = wdev->netdev;
13636 		rdev = wiphy_to_rdev(wdev->wiphy);
13637 
13638 		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
13639 			if (!dev) {
13640 				if (rtnl)
13641 					rtnl_unlock();
13642 				return -EINVAL;
13643 			}
13644 
13645 			info->user_ptr[1] = dev;
13646 		} else {
13647 			info->user_ptr[1] = wdev;
13648 		}
13649 
13650 		if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
13651 		    !wdev_running(wdev)) {
13652 			if (rtnl)
13653 				rtnl_unlock();
13654 			return -ENETDOWN;
13655 		}
13656 
13657 		if (dev)
13658 			dev_hold(dev);
13659 
13660 		info->user_ptr[0] = rdev;
13661 	}
13662 
13663 	return 0;
13664 }
13665 
13666 static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
13667 			      struct genl_info *info)
13668 {
13669 	if (info->user_ptr[1]) {
13670 		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
13671 			struct wireless_dev *wdev = info->user_ptr[1];
13672 
13673 			if (wdev->netdev)
13674 				dev_put(wdev->netdev);
13675 		} else {
13676 			dev_put(info->user_ptr[1]);
13677 		}
13678 	}
13679 
13680 	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
13681 		rtnl_unlock();
13682 
13683 	/* If needed, clear the netlink message payload from the SKB
13684 	 * as it might contain key data that shouldn't stick around on
13685 	 * the heap after the SKB is freed. The netlink message header
13686 	 * is still needed for further processing, so leave it intact.
13687 	 */
13688 	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
13689 		struct nlmsghdr *nlh = nlmsg_hdr(skb);
13690 
13691 		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
13692 	}
13693 }
13694 
13695 static const struct genl_ops nl80211_ops[] = {
13696 	{
13697 		.cmd = NL80211_CMD_GET_WIPHY,
13698 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13699 		.doit = nl80211_get_wiphy,
13700 		.dumpit = nl80211_dump_wiphy,
13701 		.done = nl80211_dump_wiphy_done,
13702 		/* can be retrieved by unprivileged users */
13703 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13704 				  NL80211_FLAG_NEED_RTNL,
13705 	},
13706 	{
13707 		.cmd = NL80211_CMD_SET_WIPHY,
13708 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13709 		.doit = nl80211_set_wiphy,
13710 		.flags = GENL_UNS_ADMIN_PERM,
13711 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13712 	},
13713 	{
13714 		.cmd = NL80211_CMD_GET_INTERFACE,
13715 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13716 		.doit = nl80211_get_interface,
13717 		.dumpit = nl80211_dump_interface,
13718 		/* can be retrieved by unprivileged users */
13719 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13720 				  NL80211_FLAG_NEED_RTNL,
13721 	},
13722 	{
13723 		.cmd = NL80211_CMD_SET_INTERFACE,
13724 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13725 		.doit = nl80211_set_interface,
13726 		.flags = GENL_UNS_ADMIN_PERM,
13727 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13728 				  NL80211_FLAG_NEED_RTNL,
13729 	},
13730 	{
13731 		.cmd = NL80211_CMD_NEW_INTERFACE,
13732 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13733 		.doit = nl80211_new_interface,
13734 		.flags = GENL_UNS_ADMIN_PERM,
13735 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
13736 				  NL80211_FLAG_NEED_RTNL,
13737 	},
13738 	{
13739 		.cmd = NL80211_CMD_DEL_INTERFACE,
13740 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13741 		.doit = nl80211_del_interface,
13742 		.flags = GENL_UNS_ADMIN_PERM,
13743 		.internal_flags = NL80211_FLAG_NEED_WDEV |
13744 				  NL80211_FLAG_NEED_RTNL,
13745 	},
13746 	{
13747 		.cmd = NL80211_CMD_GET_KEY,
13748 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13749 		.doit = nl80211_get_key,
13750 		.flags = GENL_UNS_ADMIN_PERM,
13751 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13752 				  NL80211_FLAG_NEED_RTNL,
13753 	},
13754 	{
13755 		.cmd = NL80211_CMD_SET_KEY,
13756 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13757 		.doit = nl80211_set_key,
13758 		.flags = GENL_UNS_ADMIN_PERM,
13759 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13760 				  NL80211_FLAG_NEED_RTNL |
13761 				  NL80211_FLAG_CLEAR_SKB,
13762 	},
13763 	{
13764 		.cmd = NL80211_CMD_NEW_KEY,
13765 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13766 		.doit = nl80211_new_key,
13767 		.flags = GENL_UNS_ADMIN_PERM,
13768 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13769 				  NL80211_FLAG_NEED_RTNL |
13770 				  NL80211_FLAG_CLEAR_SKB,
13771 	},
13772 	{
13773 		.cmd = NL80211_CMD_DEL_KEY,
13774 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13775 		.doit = nl80211_del_key,
13776 		.flags = GENL_UNS_ADMIN_PERM,
13777 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13778 				  NL80211_FLAG_NEED_RTNL,
13779 	},
13780 	{
13781 		.cmd = NL80211_CMD_SET_BEACON,
13782 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13783 		.flags = GENL_UNS_ADMIN_PERM,
13784 		.doit = nl80211_set_beacon,
13785 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13786 				  NL80211_FLAG_NEED_RTNL,
13787 	},
13788 	{
13789 		.cmd = NL80211_CMD_START_AP,
13790 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13791 		.flags = GENL_UNS_ADMIN_PERM,
13792 		.doit = nl80211_start_ap,
13793 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13794 				  NL80211_FLAG_NEED_RTNL,
13795 	},
13796 	{
13797 		.cmd = NL80211_CMD_STOP_AP,
13798 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13799 		.flags = GENL_UNS_ADMIN_PERM,
13800 		.doit = nl80211_stop_ap,
13801 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13802 				  NL80211_FLAG_NEED_RTNL,
13803 	},
13804 	{
13805 		.cmd = NL80211_CMD_GET_STATION,
13806 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13807 		.doit = nl80211_get_station,
13808 		.dumpit = nl80211_dump_station,
13809 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
13810 				  NL80211_FLAG_NEED_RTNL,
13811 	},
13812 	{
13813 		.cmd = NL80211_CMD_SET_STATION,
13814 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13815 		.doit = nl80211_set_station,
13816 		.flags = GENL_UNS_ADMIN_PERM,
13817 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13818 				  NL80211_FLAG_NEED_RTNL,
13819 	},
13820 	{
13821 		.cmd = NL80211_CMD_NEW_STATION,
13822 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13823 		.doit = nl80211_new_station,
13824 		.flags = GENL_UNS_ADMIN_PERM,
13825 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13826 				  NL80211_FLAG_NEED_RTNL,
13827 	},
13828 	{
13829 		.cmd = NL80211_CMD_DEL_STATION,
13830 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13831 		.doit = nl80211_del_station,
13832 		.flags = GENL_UNS_ADMIN_PERM,
13833 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13834 				  NL80211_FLAG_NEED_RTNL,
13835 	},
13836 	{
13837 		.cmd = NL80211_CMD_GET_MPATH,
13838 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13839 		.doit = nl80211_get_mpath,
13840 		.dumpit = nl80211_dump_mpath,
13841 		.flags = GENL_UNS_ADMIN_PERM,
13842 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13843 				  NL80211_FLAG_NEED_RTNL,
13844 	},
13845 	{
13846 		.cmd = NL80211_CMD_GET_MPP,
13847 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13848 		.doit = nl80211_get_mpp,
13849 		.dumpit = nl80211_dump_mpp,
13850 		.flags = GENL_UNS_ADMIN_PERM,
13851 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13852 				  NL80211_FLAG_NEED_RTNL,
13853 	},
13854 	{
13855 		.cmd = NL80211_CMD_SET_MPATH,
13856 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13857 		.doit = nl80211_set_mpath,
13858 		.flags = GENL_UNS_ADMIN_PERM,
13859 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13860 				  NL80211_FLAG_NEED_RTNL,
13861 	},
13862 	{
13863 		.cmd = NL80211_CMD_NEW_MPATH,
13864 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13865 		.doit = nl80211_new_mpath,
13866 		.flags = GENL_UNS_ADMIN_PERM,
13867 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13868 				  NL80211_FLAG_NEED_RTNL,
13869 	},
13870 	{
13871 		.cmd = NL80211_CMD_DEL_MPATH,
13872 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13873 		.doit = nl80211_del_mpath,
13874 		.flags = GENL_UNS_ADMIN_PERM,
13875 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13876 				  NL80211_FLAG_NEED_RTNL,
13877 	},
13878 	{
13879 		.cmd = NL80211_CMD_SET_BSS,
13880 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13881 		.doit = nl80211_set_bss,
13882 		.flags = GENL_UNS_ADMIN_PERM,
13883 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13884 				  NL80211_FLAG_NEED_RTNL,
13885 	},
13886 	{
13887 		.cmd = NL80211_CMD_GET_REG,
13888 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13889 		.doit = nl80211_get_reg_do,
13890 		.dumpit = nl80211_get_reg_dump,
13891 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13892 		/* can be retrieved by unprivileged users */
13893 	},
13894 #ifdef CONFIG_CFG80211_CRDA_SUPPORT
13895 	{
13896 		.cmd = NL80211_CMD_SET_REG,
13897 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13898 		.doit = nl80211_set_reg,
13899 		.flags = GENL_ADMIN_PERM,
13900 		.internal_flags = NL80211_FLAG_NEED_RTNL,
13901 	},
13902 #endif
13903 	{
13904 		.cmd = NL80211_CMD_REQ_SET_REG,
13905 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13906 		.doit = nl80211_req_set_reg,
13907 		.flags = GENL_ADMIN_PERM,
13908 	},
13909 	{
13910 		.cmd = NL80211_CMD_RELOAD_REGDB,
13911 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13912 		.doit = nl80211_reload_regdb,
13913 		.flags = GENL_ADMIN_PERM,
13914 	},
13915 	{
13916 		.cmd = NL80211_CMD_GET_MESH_CONFIG,
13917 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13918 		.doit = nl80211_get_mesh_config,
13919 		/* can be retrieved by unprivileged users */
13920 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13921 				  NL80211_FLAG_NEED_RTNL,
13922 	},
13923 	{
13924 		.cmd = NL80211_CMD_SET_MESH_CONFIG,
13925 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13926 		.doit = nl80211_update_mesh_config,
13927 		.flags = GENL_UNS_ADMIN_PERM,
13928 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13929 				  NL80211_FLAG_NEED_RTNL,
13930 	},
13931 	{
13932 		.cmd = NL80211_CMD_TRIGGER_SCAN,
13933 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13934 		.doit = nl80211_trigger_scan,
13935 		.flags = GENL_UNS_ADMIN_PERM,
13936 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13937 				  NL80211_FLAG_NEED_RTNL,
13938 	},
13939 	{
13940 		.cmd = NL80211_CMD_ABORT_SCAN,
13941 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13942 		.doit = nl80211_abort_scan,
13943 		.flags = GENL_UNS_ADMIN_PERM,
13944 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
13945 				  NL80211_FLAG_NEED_RTNL,
13946 	},
13947 	{
13948 		.cmd = NL80211_CMD_GET_SCAN,
13949 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13950 		.dumpit = nl80211_dump_scan,
13951 	},
13952 	{
13953 		.cmd = NL80211_CMD_START_SCHED_SCAN,
13954 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13955 		.doit = nl80211_start_sched_scan,
13956 		.flags = GENL_UNS_ADMIN_PERM,
13957 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13958 				  NL80211_FLAG_NEED_RTNL,
13959 	},
13960 	{
13961 		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
13962 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13963 		.doit = nl80211_stop_sched_scan,
13964 		.flags = GENL_UNS_ADMIN_PERM,
13965 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13966 				  NL80211_FLAG_NEED_RTNL,
13967 	},
13968 	{
13969 		.cmd = NL80211_CMD_AUTHENTICATE,
13970 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13971 		.doit = nl80211_authenticate,
13972 		.flags = GENL_UNS_ADMIN_PERM,
13973 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13974 				  NL80211_FLAG_NEED_RTNL |
13975 				  NL80211_FLAG_CLEAR_SKB,
13976 	},
13977 	{
13978 		.cmd = NL80211_CMD_ASSOCIATE,
13979 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13980 		.doit = nl80211_associate,
13981 		.flags = GENL_UNS_ADMIN_PERM,
13982 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13983 				  NL80211_FLAG_NEED_RTNL |
13984 				  NL80211_FLAG_CLEAR_SKB,
13985 	},
13986 	{
13987 		.cmd = NL80211_CMD_DEAUTHENTICATE,
13988 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13989 		.doit = nl80211_deauthenticate,
13990 		.flags = GENL_UNS_ADMIN_PERM,
13991 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
13992 				  NL80211_FLAG_NEED_RTNL,
13993 	},
13994 	{
13995 		.cmd = NL80211_CMD_DISASSOCIATE,
13996 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
13997 		.doit = nl80211_disassociate,
13998 		.flags = GENL_UNS_ADMIN_PERM,
13999 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14000 				  NL80211_FLAG_NEED_RTNL,
14001 	},
14002 	{
14003 		.cmd = NL80211_CMD_JOIN_IBSS,
14004 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14005 		.doit = nl80211_join_ibss,
14006 		.flags = GENL_UNS_ADMIN_PERM,
14007 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14008 				  NL80211_FLAG_NEED_RTNL,
14009 	},
14010 	{
14011 		.cmd = NL80211_CMD_LEAVE_IBSS,
14012 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14013 		.doit = nl80211_leave_ibss,
14014 		.flags = GENL_UNS_ADMIN_PERM,
14015 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14016 				  NL80211_FLAG_NEED_RTNL,
14017 	},
14018 #ifdef CONFIG_NL80211_TESTMODE
14019 	{
14020 		.cmd = NL80211_CMD_TESTMODE,
14021 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14022 		.doit = nl80211_testmode_do,
14023 		.dumpit = nl80211_testmode_dump,
14024 		.flags = GENL_UNS_ADMIN_PERM,
14025 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14026 				  NL80211_FLAG_NEED_RTNL,
14027 	},
14028 #endif
14029 	{
14030 		.cmd = NL80211_CMD_CONNECT,
14031 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14032 		.doit = nl80211_connect,
14033 		.flags = GENL_UNS_ADMIN_PERM,
14034 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14035 				  NL80211_FLAG_NEED_RTNL |
14036 				  NL80211_FLAG_CLEAR_SKB,
14037 	},
14038 	{
14039 		.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
14040 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14041 		.doit = nl80211_update_connect_params,
14042 		.flags = GENL_ADMIN_PERM,
14043 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14044 				  NL80211_FLAG_NEED_RTNL |
14045 				  NL80211_FLAG_CLEAR_SKB,
14046 	},
14047 	{
14048 		.cmd = NL80211_CMD_DISCONNECT,
14049 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14050 		.doit = nl80211_disconnect,
14051 		.flags = GENL_UNS_ADMIN_PERM,
14052 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14053 				  NL80211_FLAG_NEED_RTNL,
14054 	},
14055 	{
14056 		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
14057 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14058 		.doit = nl80211_wiphy_netns,
14059 		.flags = GENL_UNS_ADMIN_PERM,
14060 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14061 				  NL80211_FLAG_NEED_RTNL,
14062 	},
14063 	{
14064 		.cmd = NL80211_CMD_GET_SURVEY,
14065 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14066 		.dumpit = nl80211_dump_survey,
14067 	},
14068 	{
14069 		.cmd = NL80211_CMD_SET_PMKSA,
14070 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14071 		.doit = nl80211_setdel_pmksa,
14072 		.flags = GENL_UNS_ADMIN_PERM,
14073 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14074 				  NL80211_FLAG_NEED_RTNL |
14075 				  NL80211_FLAG_CLEAR_SKB,
14076 	},
14077 	{
14078 		.cmd = NL80211_CMD_DEL_PMKSA,
14079 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14080 		.doit = nl80211_setdel_pmksa,
14081 		.flags = GENL_UNS_ADMIN_PERM,
14082 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14083 				  NL80211_FLAG_NEED_RTNL,
14084 	},
14085 	{
14086 		.cmd = NL80211_CMD_FLUSH_PMKSA,
14087 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14088 		.doit = nl80211_flush_pmksa,
14089 		.flags = GENL_UNS_ADMIN_PERM,
14090 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14091 				  NL80211_FLAG_NEED_RTNL,
14092 	},
14093 	{
14094 		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
14095 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14096 		.doit = nl80211_remain_on_channel,
14097 		.flags = GENL_UNS_ADMIN_PERM,
14098 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14099 				  NL80211_FLAG_NEED_RTNL,
14100 	},
14101 	{
14102 		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
14103 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14104 		.doit = nl80211_cancel_remain_on_channel,
14105 		.flags = GENL_UNS_ADMIN_PERM,
14106 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14107 				  NL80211_FLAG_NEED_RTNL,
14108 	},
14109 	{
14110 		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
14111 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14112 		.doit = nl80211_set_tx_bitrate_mask,
14113 		.flags = GENL_UNS_ADMIN_PERM,
14114 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14115 				  NL80211_FLAG_NEED_RTNL,
14116 	},
14117 	{
14118 		.cmd = NL80211_CMD_REGISTER_FRAME,
14119 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14120 		.doit = nl80211_register_mgmt,
14121 		.flags = GENL_UNS_ADMIN_PERM,
14122 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14123 				  NL80211_FLAG_NEED_RTNL,
14124 	},
14125 	{
14126 		.cmd = NL80211_CMD_FRAME,
14127 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14128 		.doit = nl80211_tx_mgmt,
14129 		.flags = GENL_UNS_ADMIN_PERM,
14130 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14131 				  NL80211_FLAG_NEED_RTNL,
14132 	},
14133 	{
14134 		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
14135 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14136 		.doit = nl80211_tx_mgmt_cancel_wait,
14137 		.flags = GENL_UNS_ADMIN_PERM,
14138 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14139 				  NL80211_FLAG_NEED_RTNL,
14140 	},
14141 	{
14142 		.cmd = NL80211_CMD_SET_POWER_SAVE,
14143 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14144 		.doit = nl80211_set_power_save,
14145 		.flags = GENL_UNS_ADMIN_PERM,
14146 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14147 				  NL80211_FLAG_NEED_RTNL,
14148 	},
14149 	{
14150 		.cmd = NL80211_CMD_GET_POWER_SAVE,
14151 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14152 		.doit = nl80211_get_power_save,
14153 		/* can be retrieved by unprivileged users */
14154 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14155 				  NL80211_FLAG_NEED_RTNL,
14156 	},
14157 	{
14158 		.cmd = NL80211_CMD_SET_CQM,
14159 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14160 		.doit = nl80211_set_cqm,
14161 		.flags = GENL_UNS_ADMIN_PERM,
14162 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14163 				  NL80211_FLAG_NEED_RTNL,
14164 	},
14165 	{
14166 		.cmd = NL80211_CMD_SET_CHANNEL,
14167 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14168 		.doit = nl80211_set_channel,
14169 		.flags = GENL_UNS_ADMIN_PERM,
14170 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14171 				  NL80211_FLAG_NEED_RTNL,
14172 	},
14173 	{
14174 		.cmd = NL80211_CMD_SET_WDS_PEER,
14175 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14176 		.doit = nl80211_set_wds_peer,
14177 		.flags = GENL_UNS_ADMIN_PERM,
14178 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14179 				  NL80211_FLAG_NEED_RTNL,
14180 	},
14181 	{
14182 		.cmd = NL80211_CMD_JOIN_MESH,
14183 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14184 		.doit = nl80211_join_mesh,
14185 		.flags = GENL_UNS_ADMIN_PERM,
14186 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14187 				  NL80211_FLAG_NEED_RTNL,
14188 	},
14189 	{
14190 		.cmd = NL80211_CMD_LEAVE_MESH,
14191 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14192 		.doit = nl80211_leave_mesh,
14193 		.flags = GENL_UNS_ADMIN_PERM,
14194 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14195 				  NL80211_FLAG_NEED_RTNL,
14196 	},
14197 	{
14198 		.cmd = NL80211_CMD_JOIN_OCB,
14199 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14200 		.doit = nl80211_join_ocb,
14201 		.flags = GENL_UNS_ADMIN_PERM,
14202 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14203 				  NL80211_FLAG_NEED_RTNL,
14204 	},
14205 	{
14206 		.cmd = NL80211_CMD_LEAVE_OCB,
14207 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14208 		.doit = nl80211_leave_ocb,
14209 		.flags = GENL_UNS_ADMIN_PERM,
14210 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14211 				  NL80211_FLAG_NEED_RTNL,
14212 	},
14213 #ifdef CONFIG_PM
14214 	{
14215 		.cmd = NL80211_CMD_GET_WOWLAN,
14216 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14217 		.doit = nl80211_get_wowlan,
14218 		/* can be retrieved by unprivileged users */
14219 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14220 				  NL80211_FLAG_NEED_RTNL,
14221 	},
14222 	{
14223 		.cmd = NL80211_CMD_SET_WOWLAN,
14224 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14225 		.doit = nl80211_set_wowlan,
14226 		.flags = GENL_UNS_ADMIN_PERM,
14227 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14228 				  NL80211_FLAG_NEED_RTNL,
14229 	},
14230 #endif
14231 	{
14232 		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
14233 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14234 		.doit = nl80211_set_rekey_data,
14235 		.flags = GENL_UNS_ADMIN_PERM,
14236 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14237 				  NL80211_FLAG_NEED_RTNL |
14238 				  NL80211_FLAG_CLEAR_SKB,
14239 	},
14240 	{
14241 		.cmd = NL80211_CMD_TDLS_MGMT,
14242 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14243 		.doit = nl80211_tdls_mgmt,
14244 		.flags = GENL_UNS_ADMIN_PERM,
14245 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14246 				  NL80211_FLAG_NEED_RTNL,
14247 	},
14248 	{
14249 		.cmd = NL80211_CMD_TDLS_OPER,
14250 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14251 		.doit = nl80211_tdls_oper,
14252 		.flags = GENL_UNS_ADMIN_PERM,
14253 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14254 				  NL80211_FLAG_NEED_RTNL,
14255 	},
14256 	{
14257 		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
14258 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14259 		.doit = nl80211_register_unexpected_frame,
14260 		.flags = GENL_UNS_ADMIN_PERM,
14261 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14262 				  NL80211_FLAG_NEED_RTNL,
14263 	},
14264 	{
14265 		.cmd = NL80211_CMD_PROBE_CLIENT,
14266 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14267 		.doit = nl80211_probe_client,
14268 		.flags = GENL_UNS_ADMIN_PERM,
14269 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14270 				  NL80211_FLAG_NEED_RTNL,
14271 	},
14272 	{
14273 		.cmd = NL80211_CMD_REGISTER_BEACONS,
14274 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14275 		.doit = nl80211_register_beacons,
14276 		.flags = GENL_UNS_ADMIN_PERM,
14277 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14278 				  NL80211_FLAG_NEED_RTNL,
14279 	},
14280 	{
14281 		.cmd = NL80211_CMD_SET_NOACK_MAP,
14282 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14283 		.doit = nl80211_set_noack_map,
14284 		.flags = GENL_UNS_ADMIN_PERM,
14285 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14286 				  NL80211_FLAG_NEED_RTNL,
14287 	},
14288 	{
14289 		.cmd = NL80211_CMD_START_P2P_DEVICE,
14290 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14291 		.doit = nl80211_start_p2p_device,
14292 		.flags = GENL_UNS_ADMIN_PERM,
14293 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14294 				  NL80211_FLAG_NEED_RTNL,
14295 	},
14296 	{
14297 		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
14298 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14299 		.doit = nl80211_stop_p2p_device,
14300 		.flags = GENL_UNS_ADMIN_PERM,
14301 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14302 				  NL80211_FLAG_NEED_RTNL,
14303 	},
14304 	{
14305 		.cmd = NL80211_CMD_START_NAN,
14306 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14307 		.doit = nl80211_start_nan,
14308 		.flags = GENL_ADMIN_PERM,
14309 		.internal_flags = NL80211_FLAG_NEED_WDEV |
14310 				  NL80211_FLAG_NEED_RTNL,
14311 	},
14312 	{
14313 		.cmd = NL80211_CMD_STOP_NAN,
14314 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14315 		.doit = nl80211_stop_nan,
14316 		.flags = GENL_ADMIN_PERM,
14317 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14318 				  NL80211_FLAG_NEED_RTNL,
14319 	},
14320 	{
14321 		.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
14322 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14323 		.doit = nl80211_nan_add_func,
14324 		.flags = GENL_ADMIN_PERM,
14325 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14326 				  NL80211_FLAG_NEED_RTNL,
14327 	},
14328 	{
14329 		.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
14330 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14331 		.doit = nl80211_nan_del_func,
14332 		.flags = GENL_ADMIN_PERM,
14333 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14334 				  NL80211_FLAG_NEED_RTNL,
14335 	},
14336 	{
14337 		.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
14338 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14339 		.doit = nl80211_nan_change_config,
14340 		.flags = GENL_ADMIN_PERM,
14341 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14342 				  NL80211_FLAG_NEED_RTNL,
14343 	},
14344 	{
14345 		.cmd = NL80211_CMD_SET_MCAST_RATE,
14346 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14347 		.doit = nl80211_set_mcast_rate,
14348 		.flags = GENL_UNS_ADMIN_PERM,
14349 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14350 				  NL80211_FLAG_NEED_RTNL,
14351 	},
14352 	{
14353 		.cmd = NL80211_CMD_SET_MAC_ACL,
14354 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14355 		.doit = nl80211_set_mac_acl,
14356 		.flags = GENL_UNS_ADMIN_PERM,
14357 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14358 				  NL80211_FLAG_NEED_RTNL,
14359 	},
14360 	{
14361 		.cmd = NL80211_CMD_RADAR_DETECT,
14362 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14363 		.doit = nl80211_start_radar_detection,
14364 		.flags = GENL_UNS_ADMIN_PERM,
14365 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14366 				  NL80211_FLAG_NEED_RTNL,
14367 	},
14368 	{
14369 		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
14370 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14371 		.doit = nl80211_get_protocol_features,
14372 	},
14373 	{
14374 		.cmd = NL80211_CMD_UPDATE_FT_IES,
14375 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14376 		.doit = nl80211_update_ft_ies,
14377 		.flags = GENL_UNS_ADMIN_PERM,
14378 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14379 				  NL80211_FLAG_NEED_RTNL,
14380 	},
14381 	{
14382 		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
14383 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14384 		.doit = nl80211_crit_protocol_start,
14385 		.flags = GENL_UNS_ADMIN_PERM,
14386 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14387 				  NL80211_FLAG_NEED_RTNL,
14388 	},
14389 	{
14390 		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
14391 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14392 		.doit = nl80211_crit_protocol_stop,
14393 		.flags = GENL_UNS_ADMIN_PERM,
14394 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14395 				  NL80211_FLAG_NEED_RTNL,
14396 	},
14397 	{
14398 		.cmd = NL80211_CMD_GET_COALESCE,
14399 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14400 		.doit = nl80211_get_coalesce,
14401 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14402 				  NL80211_FLAG_NEED_RTNL,
14403 	},
14404 	{
14405 		.cmd = NL80211_CMD_SET_COALESCE,
14406 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14407 		.doit = nl80211_set_coalesce,
14408 		.flags = GENL_UNS_ADMIN_PERM,
14409 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14410 				  NL80211_FLAG_NEED_RTNL,
14411 	},
14412 	{
14413 		.cmd = NL80211_CMD_CHANNEL_SWITCH,
14414 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14415 		.doit = nl80211_channel_switch,
14416 		.flags = GENL_UNS_ADMIN_PERM,
14417 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14418 				  NL80211_FLAG_NEED_RTNL,
14419 	},
14420 	{
14421 		.cmd = NL80211_CMD_VENDOR,
14422 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14423 		.doit = nl80211_vendor_cmd,
14424 		.dumpit = nl80211_vendor_cmd_dump,
14425 		.flags = GENL_UNS_ADMIN_PERM,
14426 		.internal_flags = NL80211_FLAG_NEED_WIPHY |
14427 				  NL80211_FLAG_NEED_RTNL |
14428 				  NL80211_FLAG_CLEAR_SKB,
14429 	},
14430 	{
14431 		.cmd = NL80211_CMD_SET_QOS_MAP,
14432 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14433 		.doit = nl80211_set_qos_map,
14434 		.flags = GENL_UNS_ADMIN_PERM,
14435 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14436 				  NL80211_FLAG_NEED_RTNL,
14437 	},
14438 	{
14439 		.cmd = NL80211_CMD_ADD_TX_TS,
14440 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14441 		.doit = nl80211_add_tx_ts,
14442 		.flags = GENL_UNS_ADMIN_PERM,
14443 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14444 				  NL80211_FLAG_NEED_RTNL,
14445 	},
14446 	{
14447 		.cmd = NL80211_CMD_DEL_TX_TS,
14448 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14449 		.doit = nl80211_del_tx_ts,
14450 		.flags = GENL_UNS_ADMIN_PERM,
14451 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14452 				  NL80211_FLAG_NEED_RTNL,
14453 	},
14454 	{
14455 		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
14456 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14457 		.doit = nl80211_tdls_channel_switch,
14458 		.flags = GENL_UNS_ADMIN_PERM,
14459 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14460 				  NL80211_FLAG_NEED_RTNL,
14461 	},
14462 	{
14463 		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
14464 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14465 		.doit = nl80211_tdls_cancel_channel_switch,
14466 		.flags = GENL_UNS_ADMIN_PERM,
14467 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14468 				  NL80211_FLAG_NEED_RTNL,
14469 	},
14470 	{
14471 		.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
14472 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14473 		.doit = nl80211_set_multicast_to_unicast,
14474 		.flags = GENL_UNS_ADMIN_PERM,
14475 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14476 				  NL80211_FLAG_NEED_RTNL,
14477 	},
14478 	{
14479 		.cmd = NL80211_CMD_SET_PMK,
14480 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14481 		.doit = nl80211_set_pmk,
14482 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14483 				  NL80211_FLAG_NEED_RTNL |
14484 				  NL80211_FLAG_CLEAR_SKB,
14485 	},
14486 	{
14487 		.cmd = NL80211_CMD_DEL_PMK,
14488 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14489 		.doit = nl80211_del_pmk,
14490 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14491 				  NL80211_FLAG_NEED_RTNL,
14492 	},
14493 	{
14494 		.cmd = NL80211_CMD_EXTERNAL_AUTH,
14495 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14496 		.doit = nl80211_external_auth,
14497 		.flags = GENL_ADMIN_PERM,
14498 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14499 				  NL80211_FLAG_NEED_RTNL,
14500 	},
14501 	{
14502 		.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
14503 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14504 		.doit = nl80211_tx_control_port,
14505 		.flags = GENL_UNS_ADMIN_PERM,
14506 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14507 				  NL80211_FLAG_NEED_RTNL,
14508 	},
14509 	{
14510 		.cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
14511 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14512 		.doit = nl80211_get_ftm_responder_stats,
14513 		.internal_flags = NL80211_FLAG_NEED_NETDEV |
14514 				  NL80211_FLAG_NEED_RTNL,
14515 	},
14516 	{
14517 		.cmd = NL80211_CMD_PEER_MEASUREMENT_START,
14518 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14519 		.doit = nl80211_pmsr_start,
14520 		.flags = GENL_UNS_ADMIN_PERM,
14521 		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
14522 				  NL80211_FLAG_NEED_RTNL,
14523 	},
14524 	{
14525 		.cmd = NL80211_CMD_NOTIFY_RADAR,
14526 		.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
14527 		.doit = nl80211_notify_radar_detection,
14528 		.flags = GENL_UNS_ADMIN_PERM,
14529 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14530 				  NL80211_FLAG_NEED_RTNL,
14531 	},
14532 	{
14533 		.cmd = NL80211_CMD_UPDATE_OWE_INFO,
14534 		.doit = nl80211_update_owe_info,
14535 		.flags = GENL_ADMIN_PERM,
14536 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14537 				  NL80211_FLAG_NEED_RTNL,
14538 	},
14539 	{
14540 		.cmd = NL80211_CMD_PROBE_MESH_LINK,
14541 		.doit = nl80211_probe_mesh_link,
14542 		.flags = GENL_UNS_ADMIN_PERM,
14543 		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
14544 				  NL80211_FLAG_NEED_RTNL,
14545 	},
14546 };
14547 
14548 static struct genl_family nl80211_fam __ro_after_init = {
14549 	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
14550 	.hdrsize = 0,			/* no private header */
14551 	.version = 1,			/* no particular meaning now */
14552 	.maxattr = NL80211_ATTR_MAX,
14553 	.policy = nl80211_policy,
14554 	.netnsok = true,
14555 	.pre_doit = nl80211_pre_doit,
14556 	.post_doit = nl80211_post_doit,
14557 	.module = THIS_MODULE,
14558 	.ops = nl80211_ops,
14559 	.n_ops = ARRAY_SIZE(nl80211_ops),
14560 	.mcgrps = nl80211_mcgrps,
14561 	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
14562 };
14563 
14564 /* notification functions */
14565 
14566 void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
14567 			  enum nl80211_commands cmd)
14568 {
14569 	struct sk_buff *msg;
14570 	struct nl80211_dump_wiphy_state state = {};
14571 
14572 	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
14573 		cmd != NL80211_CMD_DEL_WIPHY);
14574 
14575 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14576 	if (!msg)
14577 		return;
14578 
14579 	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
14580 		nlmsg_free(msg);
14581 		return;
14582 	}
14583 
14584 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14585 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14586 }
14587 
14588 void nl80211_notify_iface(struct cfg80211_registered_device *rdev,
14589 				struct wireless_dev *wdev,
14590 				enum nl80211_commands cmd)
14591 {
14592 	struct sk_buff *msg;
14593 
14594 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14595 	if (!msg)
14596 		return;
14597 
14598 	if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
14599 		nlmsg_free(msg);
14600 		return;
14601 	}
14602 
14603 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14604 				NL80211_MCGRP_CONFIG, GFP_KERNEL);
14605 }
14606 
14607 static int nl80211_add_scan_req(struct sk_buff *msg,
14608 				struct cfg80211_registered_device *rdev)
14609 {
14610 	struct cfg80211_scan_request *req = rdev->scan_req;
14611 	struct nlattr *nest;
14612 	int i;
14613 
14614 	if (WARN_ON(!req))
14615 		return 0;
14616 
14617 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
14618 	if (!nest)
14619 		goto nla_put_failure;
14620 	for (i = 0; i < req->n_ssids; i++) {
14621 		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
14622 			goto nla_put_failure;
14623 	}
14624 	nla_nest_end(msg, nest);
14625 
14626 	nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14627 	if (!nest)
14628 		goto nla_put_failure;
14629 	for (i = 0; i < req->n_channels; i++) {
14630 		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
14631 			goto nla_put_failure;
14632 	}
14633 	nla_nest_end(msg, nest);
14634 
14635 	if (req->ie &&
14636 	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
14637 		goto nla_put_failure;
14638 
14639 	if (req->flags &&
14640 	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
14641 		goto nla_put_failure;
14642 
14643 	if (req->info.scan_start_tsf &&
14644 	    (nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
14645 			       req->info.scan_start_tsf, NL80211_BSS_PAD) ||
14646 	     nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
14647 		     req->info.tsf_bssid)))
14648 		goto nla_put_failure;
14649 
14650 	return 0;
14651  nla_put_failure:
14652 	return -ENOBUFS;
14653 }
14654 
14655 static int nl80211_prep_scan_msg(struct sk_buff *msg,
14656 				 struct cfg80211_registered_device *rdev,
14657 				 struct wireless_dev *wdev,
14658 				 u32 portid, u32 seq, int flags,
14659 				 u32 cmd)
14660 {
14661 	void *hdr;
14662 
14663 	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
14664 	if (!hdr)
14665 		return -1;
14666 
14667 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14668 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
14669 					 wdev->netdev->ifindex)) ||
14670 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
14671 			      NL80211_ATTR_PAD))
14672 		goto nla_put_failure;
14673 
14674 	/* ignore errors and send incomplete event anyway */
14675 	nl80211_add_scan_req(msg, rdev);
14676 
14677 	genlmsg_end(msg, hdr);
14678 	return 0;
14679 
14680  nla_put_failure:
14681 	genlmsg_cancel(msg, hdr);
14682 	return -EMSGSIZE;
14683 }
14684 
14685 static int
14686 nl80211_prep_sched_scan_msg(struct sk_buff *msg,
14687 			    struct cfg80211_sched_scan_request *req, u32 cmd)
14688 {
14689 	void *hdr;
14690 
14691 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14692 	if (!hdr)
14693 		return -1;
14694 
14695 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY,
14696 			wiphy_to_rdev(req->wiphy)->wiphy_idx) ||
14697 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, req->dev->ifindex) ||
14698 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->reqid,
14699 			      NL80211_ATTR_PAD))
14700 		goto nla_put_failure;
14701 
14702 	genlmsg_end(msg, hdr);
14703 	return 0;
14704 
14705  nla_put_failure:
14706 	genlmsg_cancel(msg, hdr);
14707 	return -EMSGSIZE;
14708 }
14709 
14710 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
14711 			     struct wireless_dev *wdev)
14712 {
14713 	struct sk_buff *msg;
14714 
14715 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14716 	if (!msg)
14717 		return;
14718 
14719 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14720 				  NL80211_CMD_TRIGGER_SCAN) < 0) {
14721 		nlmsg_free(msg);
14722 		return;
14723 	}
14724 
14725 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14726 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14727 }
14728 
14729 struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
14730 				       struct wireless_dev *wdev, bool aborted)
14731 {
14732 	struct sk_buff *msg;
14733 
14734 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14735 	if (!msg)
14736 		return NULL;
14737 
14738 	if (nl80211_prep_scan_msg(msg, rdev, wdev, 0, 0, 0,
14739 				  aborted ? NL80211_CMD_SCAN_ABORTED :
14740 					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
14741 		nlmsg_free(msg);
14742 		return NULL;
14743 	}
14744 
14745 	return msg;
14746 }
14747 
14748 /* send message created by nl80211_build_scan_msg() */
14749 void nl80211_send_scan_msg(struct cfg80211_registered_device *rdev,
14750 			   struct sk_buff *msg)
14751 {
14752 	if (!msg)
14753 		return;
14754 
14755 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14756 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14757 }
14758 
14759 void nl80211_send_sched_scan(struct cfg80211_sched_scan_request *req, u32 cmd)
14760 {
14761 	struct sk_buff *msg;
14762 
14763 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14764 	if (!msg)
14765 		return;
14766 
14767 	if (nl80211_prep_sched_scan_msg(msg, req, cmd) < 0) {
14768 		nlmsg_free(msg);
14769 		return;
14770 	}
14771 
14772 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(req->wiphy), msg, 0,
14773 				NL80211_MCGRP_SCAN, GFP_KERNEL);
14774 }
14775 
14776 static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
14777 					  struct regulatory_request *request)
14778 {
14779 	/* Userspace can always count this one always being set */
14780 	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
14781 		goto nla_put_failure;
14782 
14783 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
14784 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14785 			       NL80211_REGDOM_TYPE_WORLD))
14786 			goto nla_put_failure;
14787 	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
14788 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14789 			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
14790 			goto nla_put_failure;
14791 	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
14792 		   request->intersect) {
14793 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14794 			       NL80211_REGDOM_TYPE_INTERSECTION))
14795 			goto nla_put_failure;
14796 	} else {
14797 		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
14798 			       NL80211_REGDOM_TYPE_COUNTRY) ||
14799 		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
14800 				   request->alpha2))
14801 			goto nla_put_failure;
14802 	}
14803 
14804 	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
14805 		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
14806 
14807 		if (wiphy &&
14808 		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
14809 			goto nla_put_failure;
14810 
14811 		if (wiphy &&
14812 		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
14813 		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
14814 			goto nla_put_failure;
14815 	}
14816 
14817 	return true;
14818 
14819 nla_put_failure:
14820 	return false;
14821 }
14822 
14823 /*
14824  * This can happen on global regulatory changes or device specific settings
14825  * based on custom regulatory domains.
14826  */
14827 void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
14828 				     struct regulatory_request *request)
14829 {
14830 	struct sk_buff *msg;
14831 	void *hdr;
14832 
14833 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14834 	if (!msg)
14835 		return;
14836 
14837 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
14838 	if (!hdr) {
14839 		nlmsg_free(msg);
14840 		return;
14841 	}
14842 
14843 	if (nl80211_reg_change_event_fill(msg, request) == false)
14844 		goto nla_put_failure;
14845 
14846 	genlmsg_end(msg, hdr);
14847 
14848 	rcu_read_lock();
14849 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
14850 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
14851 	rcu_read_unlock();
14852 
14853 	return;
14854 
14855 nla_put_failure:
14856 	nlmsg_free(msg);
14857 }
14858 
14859 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
14860 				    struct net_device *netdev,
14861 				    const u8 *buf, size_t len,
14862 				    enum nl80211_commands cmd, gfp_t gfp,
14863 				    int uapsd_queues, const u8 *req_ies,
14864 				    size_t req_ies_len)
14865 {
14866 	struct sk_buff *msg;
14867 	void *hdr;
14868 
14869 	msg = nlmsg_new(100 + len + req_ies_len, gfp);
14870 	if (!msg)
14871 		return;
14872 
14873 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14874 	if (!hdr) {
14875 		nlmsg_free(msg);
14876 		return;
14877 	}
14878 
14879 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14880 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14881 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
14882 	    (req_ies &&
14883 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
14884 		goto nla_put_failure;
14885 
14886 	if (uapsd_queues >= 0) {
14887 		struct nlattr *nla_wmm =
14888 			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
14889 		if (!nla_wmm)
14890 			goto nla_put_failure;
14891 
14892 		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
14893 			       uapsd_queues))
14894 			goto nla_put_failure;
14895 
14896 		nla_nest_end(msg, nla_wmm);
14897 	}
14898 
14899 	genlmsg_end(msg, hdr);
14900 
14901 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14902 				NL80211_MCGRP_MLME, gfp);
14903 	return;
14904 
14905  nla_put_failure:
14906 	nlmsg_free(msg);
14907 }
14908 
14909 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
14910 			  struct net_device *netdev, const u8 *buf,
14911 			  size_t len, gfp_t gfp)
14912 {
14913 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14914 				NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
14915 }
14916 
14917 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
14918 			   struct net_device *netdev, const u8 *buf,
14919 			   size_t len, gfp_t gfp, int uapsd_queues,
14920 			   const u8 *req_ies, size_t req_ies_len)
14921 {
14922 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14923 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
14924 				req_ies, req_ies_len);
14925 }
14926 
14927 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
14928 			 struct net_device *netdev, const u8 *buf,
14929 			 size_t len, gfp_t gfp)
14930 {
14931 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14932 				NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
14933 }
14934 
14935 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
14936 			   struct net_device *netdev, const u8 *buf,
14937 			   size_t len, gfp_t gfp)
14938 {
14939 	nl80211_send_mlme_event(rdev, netdev, buf, len,
14940 				NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
14941 }
14942 
14943 void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
14944 				  size_t len)
14945 {
14946 	struct wireless_dev *wdev = dev->ieee80211_ptr;
14947 	struct wiphy *wiphy = wdev->wiphy;
14948 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
14949 	const struct ieee80211_mgmt *mgmt = (void *)buf;
14950 	u32 cmd;
14951 
14952 	if (WARN_ON(len < 2))
14953 		return;
14954 
14955 	if (ieee80211_is_deauth(mgmt->frame_control))
14956 		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
14957 	else
14958 		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
14959 
14960 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
14961 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
14962 				NULL, 0);
14963 }
14964 EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
14965 
14966 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
14967 				      struct net_device *netdev, int cmd,
14968 				      const u8 *addr, gfp_t gfp)
14969 {
14970 	struct sk_buff *msg;
14971 	void *hdr;
14972 
14973 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
14974 	if (!msg)
14975 		return;
14976 
14977 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
14978 	if (!hdr) {
14979 		nlmsg_free(msg);
14980 		return;
14981 	}
14982 
14983 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
14984 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
14985 	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
14986 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
14987 		goto nla_put_failure;
14988 
14989 	genlmsg_end(msg, hdr);
14990 
14991 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
14992 				NL80211_MCGRP_MLME, gfp);
14993 	return;
14994 
14995  nla_put_failure:
14996 	nlmsg_free(msg);
14997 }
14998 
14999 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
15000 			       struct net_device *netdev, const u8 *addr,
15001 			       gfp_t gfp)
15002 {
15003 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
15004 				  addr, gfp);
15005 }
15006 
15007 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
15008 				struct net_device *netdev, const u8 *addr,
15009 				gfp_t gfp)
15010 {
15011 	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
15012 				  addr, gfp);
15013 }
15014 
15015 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
15016 				 struct net_device *netdev,
15017 				 struct cfg80211_connect_resp_params *cr,
15018 				 gfp_t gfp)
15019 {
15020 	struct sk_buff *msg;
15021 	void *hdr;
15022 
15023 	msg = nlmsg_new(100 + cr->req_ie_len + cr->resp_ie_len +
15024 			cr->fils.kek_len + cr->fils.pmk_len +
15025 			(cr->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15026 	if (!msg)
15027 		return;
15028 
15029 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
15030 	if (!hdr) {
15031 		nlmsg_free(msg);
15032 		return;
15033 	}
15034 
15035 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15036 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15037 	    (cr->bssid &&
15038 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, cr->bssid)) ||
15039 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE,
15040 			cr->status < 0 ? WLAN_STATUS_UNSPECIFIED_FAILURE :
15041 			cr->status) ||
15042 	    (cr->status < 0 &&
15043 	     (nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
15044 	      nla_put_u32(msg, NL80211_ATTR_TIMEOUT_REASON,
15045 			  cr->timeout_reason))) ||
15046 	    (cr->req_ie &&
15047 	     nla_put(msg, NL80211_ATTR_REQ_IE, cr->req_ie_len, cr->req_ie)) ||
15048 	    (cr->resp_ie &&
15049 	     nla_put(msg, NL80211_ATTR_RESP_IE, cr->resp_ie_len,
15050 		     cr->resp_ie)) ||
15051 	    (cr->fils.update_erp_next_seq_num &&
15052 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15053 			 cr->fils.erp_next_seq_num)) ||
15054 	    (cr->status == WLAN_STATUS_SUCCESS &&
15055 	     ((cr->fils.kek &&
15056 	       nla_put(msg, NL80211_ATTR_FILS_KEK, cr->fils.kek_len,
15057 		       cr->fils.kek)) ||
15058 	      (cr->fils.pmk &&
15059 	       nla_put(msg, NL80211_ATTR_PMK, cr->fils.pmk_len, cr->fils.pmk)) ||
15060 	      (cr->fils.pmkid &&
15061 	       nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, cr->fils.pmkid)))))
15062 		goto nla_put_failure;
15063 
15064 	genlmsg_end(msg, hdr);
15065 
15066 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15067 				NL80211_MCGRP_MLME, gfp);
15068 	return;
15069 
15070  nla_put_failure:
15071 	nlmsg_free(msg);
15072 }
15073 
15074 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
15075 			 struct net_device *netdev,
15076 			 struct cfg80211_roam_info *info, gfp_t gfp)
15077 {
15078 	struct sk_buff *msg;
15079 	void *hdr;
15080 	const u8 *bssid = info->bss ? info->bss->bssid : info->bssid;
15081 
15082 	msg = nlmsg_new(100 + info->req_ie_len + info->resp_ie_len +
15083 			info->fils.kek_len + info->fils.pmk_len +
15084 			(info->fils.pmkid ? WLAN_PMKID_LEN : 0), gfp);
15085 	if (!msg)
15086 		return;
15087 
15088 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
15089 	if (!hdr) {
15090 		nlmsg_free(msg);
15091 		return;
15092 	}
15093 
15094 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15095 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15096 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
15097 	    (info->req_ie &&
15098 	     nla_put(msg, NL80211_ATTR_REQ_IE, info->req_ie_len,
15099 		     info->req_ie)) ||
15100 	    (info->resp_ie &&
15101 	     nla_put(msg, NL80211_ATTR_RESP_IE, info->resp_ie_len,
15102 		     info->resp_ie)) ||
15103 	    (info->fils.update_erp_next_seq_num &&
15104 	     nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
15105 			 info->fils.erp_next_seq_num)) ||
15106 	    (info->fils.kek &&
15107 	     nla_put(msg, NL80211_ATTR_FILS_KEK, info->fils.kek_len,
15108 		     info->fils.kek)) ||
15109 	    (info->fils.pmk &&
15110 	     nla_put(msg, NL80211_ATTR_PMK, info->fils.pmk_len, info->fils.pmk)) ||
15111 	    (info->fils.pmkid &&
15112 	     nla_put(msg, NL80211_ATTR_PMKID, WLAN_PMKID_LEN, info->fils.pmkid)))
15113 		goto nla_put_failure;
15114 
15115 	genlmsg_end(msg, hdr);
15116 
15117 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15118 				NL80211_MCGRP_MLME, gfp);
15119 	return;
15120 
15121  nla_put_failure:
15122 	nlmsg_free(msg);
15123 }
15124 
15125 void nl80211_send_port_authorized(struct cfg80211_registered_device *rdev,
15126 				  struct net_device *netdev, const u8 *bssid)
15127 {
15128 	struct sk_buff *msg;
15129 	void *hdr;
15130 
15131 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
15132 	if (!msg)
15133 		return;
15134 
15135 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PORT_AUTHORIZED);
15136 	if (!hdr) {
15137 		nlmsg_free(msg);
15138 		return;
15139 	}
15140 
15141 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15142 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15143 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15144 		goto nla_put_failure;
15145 
15146 	genlmsg_end(msg, hdr);
15147 
15148 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15149 				NL80211_MCGRP_MLME, GFP_KERNEL);
15150 	return;
15151 
15152  nla_put_failure:
15153 	nlmsg_free(msg);
15154 }
15155 
15156 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
15157 			       struct net_device *netdev, u16 reason,
15158 			       const u8 *ie, size_t ie_len, bool from_ap)
15159 {
15160 	struct sk_buff *msg;
15161 	void *hdr;
15162 
15163 	msg = nlmsg_new(100 + ie_len, GFP_KERNEL);
15164 	if (!msg)
15165 		return;
15166 
15167 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
15168 	if (!hdr) {
15169 		nlmsg_free(msg);
15170 		return;
15171 	}
15172 
15173 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15174 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15175 	    (reason &&
15176 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
15177 	    (from_ap &&
15178 	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
15179 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
15180 		goto nla_put_failure;
15181 
15182 	genlmsg_end(msg, hdr);
15183 
15184 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15185 				NL80211_MCGRP_MLME, GFP_KERNEL);
15186 	return;
15187 
15188  nla_put_failure:
15189 	nlmsg_free(msg);
15190 }
15191 
15192 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
15193 			     struct net_device *netdev, const u8 *bssid,
15194 			     gfp_t gfp)
15195 {
15196 	struct sk_buff *msg;
15197 	void *hdr;
15198 
15199 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15200 	if (!msg)
15201 		return;
15202 
15203 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
15204 	if (!hdr) {
15205 		nlmsg_free(msg);
15206 		return;
15207 	}
15208 
15209 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15210 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15211 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15212 		goto nla_put_failure;
15213 
15214 	genlmsg_end(msg, hdr);
15215 
15216 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15217 				NL80211_MCGRP_MLME, gfp);
15218 	return;
15219 
15220  nla_put_failure:
15221 	nlmsg_free(msg);
15222 }
15223 
15224 void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
15225 					const u8 *ie, u8 ie_len,
15226 					int sig_dbm, gfp_t gfp)
15227 {
15228 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15229 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15230 	struct sk_buff *msg;
15231 	void *hdr;
15232 
15233 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
15234 		return;
15235 
15236 	trace_cfg80211_notify_new_peer_candidate(dev, addr);
15237 
15238 	msg = nlmsg_new(100 + ie_len, gfp);
15239 	if (!msg)
15240 		return;
15241 
15242 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
15243 	if (!hdr) {
15244 		nlmsg_free(msg);
15245 		return;
15246 	}
15247 
15248 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15249 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15250 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15251 	    (ie_len && ie &&
15252 	     nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) ||
15253 	    (sig_dbm &&
15254 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
15255 		goto nla_put_failure;
15256 
15257 	genlmsg_end(msg, hdr);
15258 
15259 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15260 				NL80211_MCGRP_MLME, gfp);
15261 	return;
15262 
15263  nla_put_failure:
15264 	nlmsg_free(msg);
15265 }
15266 EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
15267 
15268 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
15269 				 struct net_device *netdev, const u8 *addr,
15270 				 enum nl80211_key_type key_type, int key_id,
15271 				 const u8 *tsc, gfp_t gfp)
15272 {
15273 	struct sk_buff *msg;
15274 	void *hdr;
15275 
15276 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15277 	if (!msg)
15278 		return;
15279 
15280 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
15281 	if (!hdr) {
15282 		nlmsg_free(msg);
15283 		return;
15284 	}
15285 
15286 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15287 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15288 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
15289 	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
15290 	    (key_id != -1 &&
15291 	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
15292 	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
15293 		goto nla_put_failure;
15294 
15295 	genlmsg_end(msg, hdr);
15296 
15297 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15298 				NL80211_MCGRP_MLME, gfp);
15299 	return;
15300 
15301  nla_put_failure:
15302 	nlmsg_free(msg);
15303 }
15304 
15305 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
15306 				    struct ieee80211_channel *channel_before,
15307 				    struct ieee80211_channel *channel_after)
15308 {
15309 	struct sk_buff *msg;
15310 	void *hdr;
15311 	struct nlattr *nl_freq;
15312 
15313 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
15314 	if (!msg)
15315 		return;
15316 
15317 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
15318 	if (!hdr) {
15319 		nlmsg_free(msg);
15320 		return;
15321 	}
15322 
15323 	/*
15324 	 * Since we are applying the beacon hint to a wiphy we know its
15325 	 * wiphy_idx is valid
15326 	 */
15327 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
15328 		goto nla_put_failure;
15329 
15330 	/* Before */
15331 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
15332 	if (!nl_freq)
15333 		goto nla_put_failure;
15334 
15335 	if (nl80211_msg_put_channel(msg, wiphy, channel_before, false))
15336 		goto nla_put_failure;
15337 	nla_nest_end(msg, nl_freq);
15338 
15339 	/* After */
15340 	nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
15341 	if (!nl_freq)
15342 		goto nla_put_failure;
15343 
15344 	if (nl80211_msg_put_channel(msg, wiphy, channel_after, false))
15345 		goto nla_put_failure;
15346 	nla_nest_end(msg, nl_freq);
15347 
15348 	genlmsg_end(msg, hdr);
15349 
15350 	rcu_read_lock();
15351 	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
15352 				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
15353 	rcu_read_unlock();
15354 
15355 	return;
15356 
15357 nla_put_failure:
15358 	nlmsg_free(msg);
15359 }
15360 
15361 static void nl80211_send_remain_on_chan_event(
15362 	int cmd, struct cfg80211_registered_device *rdev,
15363 	struct wireless_dev *wdev, u64 cookie,
15364 	struct ieee80211_channel *chan,
15365 	unsigned int duration, gfp_t gfp)
15366 {
15367 	struct sk_buff *msg;
15368 	void *hdr;
15369 
15370 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15371 	if (!msg)
15372 		return;
15373 
15374 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15375 	if (!hdr) {
15376 		nlmsg_free(msg);
15377 		return;
15378 	}
15379 
15380 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15381 	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15382 					 wdev->netdev->ifindex)) ||
15383 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15384 			      NL80211_ATTR_PAD) ||
15385 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
15386 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
15387 			NL80211_CHAN_NO_HT) ||
15388 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15389 			      NL80211_ATTR_PAD))
15390 		goto nla_put_failure;
15391 
15392 	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
15393 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
15394 		goto nla_put_failure;
15395 
15396 	genlmsg_end(msg, hdr);
15397 
15398 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15399 				NL80211_MCGRP_MLME, gfp);
15400 	return;
15401 
15402  nla_put_failure:
15403 	nlmsg_free(msg);
15404 }
15405 
15406 void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
15407 			       struct ieee80211_channel *chan,
15408 			       unsigned int duration, gfp_t gfp)
15409 {
15410 	struct wiphy *wiphy = wdev->wiphy;
15411 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15412 
15413 	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
15414 	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
15415 					  rdev, wdev, cookie, chan,
15416 					  duration, gfp);
15417 }
15418 EXPORT_SYMBOL(cfg80211_ready_on_channel);
15419 
15420 void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
15421 					struct ieee80211_channel *chan,
15422 					gfp_t gfp)
15423 {
15424 	struct wiphy *wiphy = wdev->wiphy;
15425 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15426 
15427 	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
15428 	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
15429 					  rdev, wdev, cookie, chan, 0, gfp);
15430 }
15431 EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
15432 
15433 void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
15434 					struct ieee80211_channel *chan,
15435 					gfp_t gfp)
15436 {
15437 	struct wiphy *wiphy = wdev->wiphy;
15438 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15439 
15440 	trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
15441 	nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
15442 					  rdev, wdev, cookie, chan, 0, gfp);
15443 }
15444 EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
15445 
15446 void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
15447 		      struct station_info *sinfo, gfp_t gfp)
15448 {
15449 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15450 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15451 	struct sk_buff *msg;
15452 
15453 	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
15454 
15455 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15456 	if (!msg)
15457 		return;
15458 
15459 	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
15460 				 rdev, dev, mac_addr, sinfo) < 0) {
15461 		nlmsg_free(msg);
15462 		return;
15463 	}
15464 
15465 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15466 				NL80211_MCGRP_MLME, gfp);
15467 }
15468 EXPORT_SYMBOL(cfg80211_new_sta);
15469 
15470 void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
15471 			    struct station_info *sinfo, gfp_t gfp)
15472 {
15473 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15474 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15475 	struct sk_buff *msg;
15476 	struct station_info empty_sinfo = {};
15477 
15478 	if (!sinfo)
15479 		sinfo = &empty_sinfo;
15480 
15481 	trace_cfg80211_del_sta(dev, mac_addr);
15482 
15483 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15484 	if (!msg) {
15485 		cfg80211_sinfo_release_content(sinfo);
15486 		return;
15487 	}
15488 
15489 	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
15490 				 rdev, dev, mac_addr, sinfo) < 0) {
15491 		nlmsg_free(msg);
15492 		return;
15493 	}
15494 
15495 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15496 				NL80211_MCGRP_MLME, gfp);
15497 }
15498 EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
15499 
15500 void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
15501 			  enum nl80211_connect_failed_reason reason,
15502 			  gfp_t gfp)
15503 {
15504 	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
15505 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15506 	struct sk_buff *msg;
15507 	void *hdr;
15508 
15509 	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
15510 	if (!msg)
15511 		return;
15512 
15513 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
15514 	if (!hdr) {
15515 		nlmsg_free(msg);
15516 		return;
15517 	}
15518 
15519 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15520 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
15521 	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
15522 		goto nla_put_failure;
15523 
15524 	genlmsg_end(msg, hdr);
15525 
15526 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15527 				NL80211_MCGRP_MLME, gfp);
15528 	return;
15529 
15530  nla_put_failure:
15531 	nlmsg_free(msg);
15532 }
15533 EXPORT_SYMBOL(cfg80211_conn_failed);
15534 
15535 static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
15536 				       const u8 *addr, gfp_t gfp)
15537 {
15538 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15539 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15540 	struct sk_buff *msg;
15541 	void *hdr;
15542 	u32 nlportid = READ_ONCE(wdev->ap_unexpected_nlportid);
15543 
15544 	if (!nlportid)
15545 		return false;
15546 
15547 	msg = nlmsg_new(100, gfp);
15548 	if (!msg)
15549 		return true;
15550 
15551 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
15552 	if (!hdr) {
15553 		nlmsg_free(msg);
15554 		return true;
15555 	}
15556 
15557 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15558 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15559 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
15560 		goto nla_put_failure;
15561 
15562 	genlmsg_end(msg, hdr);
15563 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15564 	return true;
15565 
15566  nla_put_failure:
15567 	nlmsg_free(msg);
15568 	return true;
15569 }
15570 
15571 bool cfg80211_rx_spurious_frame(struct net_device *dev,
15572 				const u8 *addr, gfp_t gfp)
15573 {
15574 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15575 	bool ret;
15576 
15577 	trace_cfg80211_rx_spurious_frame(dev, addr);
15578 
15579 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15580 		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
15581 		trace_cfg80211_return_bool(false);
15582 		return false;
15583 	}
15584 	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
15585 					 addr, gfp);
15586 	trace_cfg80211_return_bool(ret);
15587 	return ret;
15588 }
15589 EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
15590 
15591 bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
15592 					const u8 *addr, gfp_t gfp)
15593 {
15594 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15595 	bool ret;
15596 
15597 	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
15598 
15599 	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
15600 		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
15601 		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
15602 		trace_cfg80211_return_bool(false);
15603 		return false;
15604 	}
15605 	ret = __nl80211_unexpected_frame(dev,
15606 					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
15607 					 addr, gfp);
15608 	trace_cfg80211_return_bool(ret);
15609 	return ret;
15610 }
15611 EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
15612 
15613 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
15614 		      struct wireless_dev *wdev, u32 nlportid,
15615 		      int freq, int sig_dbm,
15616 		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
15617 {
15618 	struct net_device *netdev = wdev->netdev;
15619 	struct sk_buff *msg;
15620 	void *hdr;
15621 
15622 	msg = nlmsg_new(100 + len, gfp);
15623 	if (!msg)
15624 		return -ENOMEM;
15625 
15626 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
15627 	if (!hdr) {
15628 		nlmsg_free(msg);
15629 		return -ENOMEM;
15630 	}
15631 
15632 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15633 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15634 					netdev->ifindex)) ||
15635 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15636 			      NL80211_ATTR_PAD) ||
15637 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
15638 	    (sig_dbm &&
15639 	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
15640 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15641 	    (flags &&
15642 	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
15643 		goto nla_put_failure;
15644 
15645 	genlmsg_end(msg, hdr);
15646 
15647 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15648 
15649  nla_put_failure:
15650 	nlmsg_free(msg);
15651 	return -ENOBUFS;
15652 }
15653 
15654 void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
15655 			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
15656 {
15657 	struct wiphy *wiphy = wdev->wiphy;
15658 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15659 	struct net_device *netdev = wdev->netdev;
15660 	struct sk_buff *msg;
15661 	void *hdr;
15662 
15663 	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
15664 
15665 	msg = nlmsg_new(100 + len, gfp);
15666 	if (!msg)
15667 		return;
15668 
15669 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
15670 	if (!hdr) {
15671 		nlmsg_free(msg);
15672 		return;
15673 	}
15674 
15675 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15676 	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
15677 				   netdev->ifindex)) ||
15678 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15679 			      NL80211_ATTR_PAD) ||
15680 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
15681 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
15682 			      NL80211_ATTR_PAD) ||
15683 	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
15684 		goto nla_put_failure;
15685 
15686 	genlmsg_end(msg, hdr);
15687 
15688 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15689 				NL80211_MCGRP_MLME, gfp);
15690 	return;
15691 
15692  nla_put_failure:
15693 	nlmsg_free(msg);
15694 }
15695 EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
15696 
15697 static int __nl80211_rx_control_port(struct net_device *dev,
15698 				     struct sk_buff *skb,
15699 				     bool unencrypted, gfp_t gfp)
15700 {
15701 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15702 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15703 	struct ethhdr *ehdr = eth_hdr(skb);
15704 	const u8 *addr = ehdr->h_source;
15705 	u16 proto = be16_to_cpu(skb->protocol);
15706 	struct sk_buff *msg;
15707 	void *hdr;
15708 	struct nlattr *frame;
15709 
15710 	u32 nlportid = READ_ONCE(wdev->conn_owner_nlportid);
15711 
15712 	if (!nlportid)
15713 		return -ENOENT;
15714 
15715 	msg = nlmsg_new(100 + skb->len, gfp);
15716 	if (!msg)
15717 		return -ENOMEM;
15718 
15719 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONTROL_PORT_FRAME);
15720 	if (!hdr) {
15721 		nlmsg_free(msg);
15722 		return -ENOBUFS;
15723 	}
15724 
15725 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15726 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
15727 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15728 			      NL80211_ATTR_PAD) ||
15729 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
15730 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
15731 	    (unencrypted && nla_put_flag(msg,
15732 					 NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
15733 		goto nla_put_failure;
15734 
15735 	frame = nla_reserve(msg, NL80211_ATTR_FRAME, skb->len);
15736 	if (!frame)
15737 		goto nla_put_failure;
15738 
15739 	skb_copy_bits(skb, 0, nla_data(frame), skb->len);
15740 	genlmsg_end(msg, hdr);
15741 
15742 	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
15743 
15744  nla_put_failure:
15745 	nlmsg_free(msg);
15746 	return -ENOBUFS;
15747 }
15748 
15749 bool cfg80211_rx_control_port(struct net_device *dev,
15750 			      struct sk_buff *skb, bool unencrypted)
15751 {
15752 	int ret;
15753 
15754 	trace_cfg80211_rx_control_port(dev, skb, unencrypted);
15755 	ret = __nl80211_rx_control_port(dev, skb, unencrypted, GFP_ATOMIC);
15756 	trace_cfg80211_return_bool(ret == 0);
15757 	return ret == 0;
15758 }
15759 EXPORT_SYMBOL(cfg80211_rx_control_port);
15760 
15761 static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
15762 					    const char *mac, gfp_t gfp)
15763 {
15764 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15765 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15766 	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15767 	void **cb;
15768 
15769 	if (!msg)
15770 		return NULL;
15771 
15772 	cb = (void **)msg->cb;
15773 
15774 	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
15775 	if (!cb[0]) {
15776 		nlmsg_free(msg);
15777 		return NULL;
15778 	}
15779 
15780 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15781 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
15782 		goto nla_put_failure;
15783 
15784 	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15785 		goto nla_put_failure;
15786 
15787 	cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
15788 	if (!cb[1])
15789 		goto nla_put_failure;
15790 
15791 	cb[2] = rdev;
15792 
15793 	return msg;
15794  nla_put_failure:
15795 	nlmsg_free(msg);
15796 	return NULL;
15797 }
15798 
15799 static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
15800 {
15801 	void **cb = (void **)msg->cb;
15802 	struct cfg80211_registered_device *rdev = cb[2];
15803 
15804 	nla_nest_end(msg, cb[1]);
15805 	genlmsg_end(msg, cb[0]);
15806 
15807 	memset(msg->cb, 0, sizeof(msg->cb));
15808 
15809 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15810 				NL80211_MCGRP_MLME, gfp);
15811 }
15812 
15813 void cfg80211_cqm_rssi_notify(struct net_device *dev,
15814 			      enum nl80211_cqm_rssi_threshold_event rssi_event,
15815 			      s32 rssi_level, gfp_t gfp)
15816 {
15817 	struct sk_buff *msg;
15818 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15819 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
15820 
15821 	trace_cfg80211_cqm_rssi_notify(dev, rssi_event, rssi_level);
15822 
15823 	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
15824 		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
15825 		return;
15826 
15827 	if (wdev->cqm_config) {
15828 		wdev->cqm_config->last_rssi_event_value = rssi_level;
15829 
15830 		cfg80211_cqm_rssi_update(rdev, dev);
15831 
15832 		if (rssi_level == 0)
15833 			rssi_level = wdev->cqm_config->last_rssi_event_value;
15834 	}
15835 
15836 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15837 	if (!msg)
15838 		return;
15839 
15840 	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
15841 			rssi_event))
15842 		goto nla_put_failure;
15843 
15844 	if (rssi_level && nla_put_s32(msg, NL80211_ATTR_CQM_RSSI_LEVEL,
15845 				      rssi_level))
15846 		goto nla_put_failure;
15847 
15848 	cfg80211_send_cqm(msg, gfp);
15849 
15850 	return;
15851 
15852  nla_put_failure:
15853 	nlmsg_free(msg);
15854 }
15855 EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
15856 
15857 void cfg80211_cqm_txe_notify(struct net_device *dev,
15858 			     const u8 *peer, u32 num_packets,
15859 			     u32 rate, u32 intvl, gfp_t gfp)
15860 {
15861 	struct sk_buff *msg;
15862 
15863 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
15864 	if (!msg)
15865 		return;
15866 
15867 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
15868 		goto nla_put_failure;
15869 
15870 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
15871 		goto nla_put_failure;
15872 
15873 	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
15874 		goto nla_put_failure;
15875 
15876 	cfg80211_send_cqm(msg, gfp);
15877 	return;
15878 
15879  nla_put_failure:
15880 	nlmsg_free(msg);
15881 }
15882 EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
15883 
15884 void cfg80211_cqm_pktloss_notify(struct net_device *dev,
15885 				 const u8 *peer, u32 num_packets, gfp_t gfp)
15886 {
15887 	struct sk_buff *msg;
15888 
15889 	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
15890 
15891 	msg = cfg80211_prepare_cqm(dev, peer, gfp);
15892 	if (!msg)
15893 		return;
15894 
15895 	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
15896 		goto nla_put_failure;
15897 
15898 	cfg80211_send_cqm(msg, gfp);
15899 	return;
15900 
15901  nla_put_failure:
15902 	nlmsg_free(msg);
15903 }
15904 EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
15905 
15906 void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
15907 {
15908 	struct sk_buff *msg;
15909 
15910 	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
15911 	if (!msg)
15912 		return;
15913 
15914 	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
15915 		goto nla_put_failure;
15916 
15917 	cfg80211_send_cqm(msg, gfp);
15918 	return;
15919 
15920  nla_put_failure:
15921 	nlmsg_free(msg);
15922 }
15923 EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
15924 
15925 static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
15926 				     struct net_device *netdev, const u8 *bssid,
15927 				     const u8 *replay_ctr, gfp_t gfp)
15928 {
15929 	struct sk_buff *msg;
15930 	struct nlattr *rekey_attr;
15931 	void *hdr;
15932 
15933 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15934 	if (!msg)
15935 		return;
15936 
15937 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
15938 	if (!hdr) {
15939 		nlmsg_free(msg);
15940 		return;
15941 	}
15942 
15943 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
15944 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
15945 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15946 		goto nla_put_failure;
15947 
15948 	rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
15949 	if (!rekey_attr)
15950 		goto nla_put_failure;
15951 
15952 	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
15953 		    NL80211_REPLAY_CTR_LEN, replay_ctr))
15954 		goto nla_put_failure;
15955 
15956 	nla_nest_end(msg, rekey_attr);
15957 
15958 	genlmsg_end(msg, hdr);
15959 
15960 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
15961 				NL80211_MCGRP_MLME, gfp);
15962 	return;
15963 
15964  nla_put_failure:
15965 	nlmsg_free(msg);
15966 }
15967 
15968 void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
15969 			       const u8 *replay_ctr, gfp_t gfp)
15970 {
15971 	struct wireless_dev *wdev = dev->ieee80211_ptr;
15972 	struct wiphy *wiphy = wdev->wiphy;
15973 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15974 
15975 	trace_cfg80211_gtk_rekey_notify(dev, bssid);
15976 	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
15977 }
15978 EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
15979 
15980 static void
15981 nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
15982 			       struct net_device *netdev, int index,
15983 			       const u8 *bssid, bool preauth, gfp_t gfp)
15984 {
15985 	struct sk_buff *msg;
15986 	struct nlattr *attr;
15987 	void *hdr;
15988 
15989 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
15990 	if (!msg)
15991 		return;
15992 
15993 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
15994 	if (!hdr) {
15995 		nlmsg_free(msg);
15996 		return;
15997 	}
15998 
15999 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16000 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16001 		goto nla_put_failure;
16002 
16003 	attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
16004 	if (!attr)
16005 		goto nla_put_failure;
16006 
16007 	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
16008 	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
16009 	    (preauth &&
16010 	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
16011 		goto nla_put_failure;
16012 
16013 	nla_nest_end(msg, attr);
16014 
16015 	genlmsg_end(msg, hdr);
16016 
16017 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16018 				NL80211_MCGRP_MLME, gfp);
16019 	return;
16020 
16021  nla_put_failure:
16022 	nlmsg_free(msg);
16023 }
16024 
16025 void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
16026 				     const u8 *bssid, bool preauth, gfp_t gfp)
16027 {
16028 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16029 	struct wiphy *wiphy = wdev->wiphy;
16030 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16031 
16032 	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
16033 	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
16034 }
16035 EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
16036 
16037 static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
16038 				     struct net_device *netdev,
16039 				     struct cfg80211_chan_def *chandef,
16040 				     gfp_t gfp,
16041 				     enum nl80211_commands notif,
16042 				     u8 count)
16043 {
16044 	struct sk_buff *msg;
16045 	void *hdr;
16046 
16047 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16048 	if (!msg)
16049 		return;
16050 
16051 	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
16052 	if (!hdr) {
16053 		nlmsg_free(msg);
16054 		return;
16055 	}
16056 
16057 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
16058 		goto nla_put_failure;
16059 
16060 	if (nl80211_send_chandef(msg, chandef))
16061 		goto nla_put_failure;
16062 
16063 	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
16064 	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
16065 			goto nla_put_failure;
16066 
16067 	genlmsg_end(msg, hdr);
16068 
16069 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16070 				NL80211_MCGRP_MLME, gfp);
16071 	return;
16072 
16073  nla_put_failure:
16074 	nlmsg_free(msg);
16075 }
16076 
16077 void cfg80211_ch_switch_notify(struct net_device *dev,
16078 			       struct cfg80211_chan_def *chandef)
16079 {
16080 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16081 	struct wiphy *wiphy = wdev->wiphy;
16082 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16083 
16084 	ASSERT_WDEV_LOCK(wdev);
16085 
16086 	trace_cfg80211_ch_switch_notify(dev, chandef);
16087 
16088 	wdev->chandef = *chandef;
16089 	wdev->preset_chandef = *chandef;
16090 
16091 	if (wdev->iftype == NL80211_IFTYPE_STATION &&
16092 	    !WARN_ON(!wdev->current_bss))
16093 		wdev->current_bss->pub.channel = chandef->chan;
16094 
16095 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16096 				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
16097 }
16098 EXPORT_SYMBOL(cfg80211_ch_switch_notify);
16099 
16100 void cfg80211_ch_switch_started_notify(struct net_device *dev,
16101 				       struct cfg80211_chan_def *chandef,
16102 				       u8 count)
16103 {
16104 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16105 	struct wiphy *wiphy = wdev->wiphy;
16106 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16107 
16108 	trace_cfg80211_ch_switch_started_notify(dev, chandef);
16109 
16110 	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
16111 				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
16112 }
16113 EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
16114 
16115 void
16116 nl80211_radar_notify(struct cfg80211_registered_device *rdev,
16117 		     const struct cfg80211_chan_def *chandef,
16118 		     enum nl80211_radar_event event,
16119 		     struct net_device *netdev, gfp_t gfp)
16120 {
16121 	struct sk_buff *msg;
16122 	void *hdr;
16123 
16124 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16125 	if (!msg)
16126 		return;
16127 
16128 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
16129 	if (!hdr) {
16130 		nlmsg_free(msg);
16131 		return;
16132 	}
16133 
16134 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16135 		goto nla_put_failure;
16136 
16137 	/* NOP and radar events don't need a netdev parameter */
16138 	if (netdev) {
16139 		struct wireless_dev *wdev = netdev->ieee80211_ptr;
16140 
16141 		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16142 		    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16143 				      NL80211_ATTR_PAD))
16144 			goto nla_put_failure;
16145 	}
16146 
16147 	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
16148 		goto nla_put_failure;
16149 
16150 	if (nl80211_send_chandef(msg, chandef))
16151 		goto nla_put_failure;
16152 
16153 	genlmsg_end(msg, hdr);
16154 
16155 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16156 				NL80211_MCGRP_MLME, gfp);
16157 	return;
16158 
16159  nla_put_failure:
16160 	nlmsg_free(msg);
16161 }
16162 
16163 void cfg80211_sta_opmode_change_notify(struct net_device *dev, const u8 *mac,
16164 				       struct sta_opmode_info *sta_opmode,
16165 				       gfp_t gfp)
16166 {
16167 	struct sk_buff *msg;
16168 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16169 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16170 	void *hdr;
16171 
16172 	if (WARN_ON(!mac))
16173 		return;
16174 
16175 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16176 	if (!msg)
16177 		return;
16178 
16179 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STA_OPMODE_CHANGED);
16180 	if (!hdr) {
16181 		nlmsg_free(msg);
16182 		return;
16183 	}
16184 
16185 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
16186 		goto nla_put_failure;
16187 
16188 	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
16189 		goto nla_put_failure;
16190 
16191 	if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
16192 		goto nla_put_failure;
16193 
16194 	if ((sta_opmode->changed & STA_OPMODE_SMPS_MODE_CHANGED) &&
16195 	    nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, sta_opmode->smps_mode))
16196 		goto nla_put_failure;
16197 
16198 	if ((sta_opmode->changed & STA_OPMODE_MAX_BW_CHANGED) &&
16199 	    nla_put_u8(msg, NL80211_ATTR_CHANNEL_WIDTH, sta_opmode->bw))
16200 		goto nla_put_failure;
16201 
16202 	if ((sta_opmode->changed & STA_OPMODE_N_SS_CHANGED) &&
16203 	    nla_put_u8(msg, NL80211_ATTR_NSS, sta_opmode->rx_nss))
16204 		goto nla_put_failure;
16205 
16206 	genlmsg_end(msg, hdr);
16207 
16208 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16209 				NL80211_MCGRP_MLME, gfp);
16210 
16211 	return;
16212 
16213 nla_put_failure:
16214 	nlmsg_free(msg);
16215 }
16216 EXPORT_SYMBOL(cfg80211_sta_opmode_change_notify);
16217 
16218 void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
16219 			   u64 cookie, bool acked, s32 ack_signal,
16220 			   bool is_valid_ack_signal, gfp_t gfp)
16221 {
16222 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16223 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16224 	struct sk_buff *msg;
16225 	void *hdr;
16226 
16227 	trace_cfg80211_probe_status(dev, addr, cookie, acked);
16228 
16229 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16230 
16231 	if (!msg)
16232 		return;
16233 
16234 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
16235 	if (!hdr) {
16236 		nlmsg_free(msg);
16237 		return;
16238 	}
16239 
16240 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16241 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16242 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
16243 	    nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, cookie,
16244 			      NL80211_ATTR_PAD) ||
16245 	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)) ||
16246 	    (is_valid_ack_signal && nla_put_s32(msg, NL80211_ATTR_ACK_SIGNAL,
16247 						ack_signal)))
16248 		goto nla_put_failure;
16249 
16250 	genlmsg_end(msg, hdr);
16251 
16252 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16253 				NL80211_MCGRP_MLME, gfp);
16254 	return;
16255 
16256  nla_put_failure:
16257 	nlmsg_free(msg);
16258 }
16259 EXPORT_SYMBOL(cfg80211_probe_status);
16260 
16261 void cfg80211_report_obss_beacon(struct wiphy *wiphy,
16262 				 const u8 *frame, size_t len,
16263 				 int freq, int sig_dbm)
16264 {
16265 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16266 	struct sk_buff *msg;
16267 	void *hdr;
16268 	struct cfg80211_beacon_registration *reg;
16269 
16270 	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
16271 
16272 	spin_lock_bh(&rdev->beacon_registrations_lock);
16273 	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
16274 		msg = nlmsg_new(len + 100, GFP_ATOMIC);
16275 		if (!msg) {
16276 			spin_unlock_bh(&rdev->beacon_registrations_lock);
16277 			return;
16278 		}
16279 
16280 		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
16281 		if (!hdr)
16282 			goto nla_put_failure;
16283 
16284 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16285 		    (freq &&
16286 		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
16287 		    (sig_dbm &&
16288 		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
16289 		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
16290 			goto nla_put_failure;
16291 
16292 		genlmsg_end(msg, hdr);
16293 
16294 		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
16295 	}
16296 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16297 	return;
16298 
16299  nla_put_failure:
16300 	spin_unlock_bh(&rdev->beacon_registrations_lock);
16301 	nlmsg_free(msg);
16302 }
16303 EXPORT_SYMBOL(cfg80211_report_obss_beacon);
16304 
16305 #ifdef CONFIG_PM
16306 static int cfg80211_net_detect_results(struct sk_buff *msg,
16307 				       struct cfg80211_wowlan_wakeup *wakeup)
16308 {
16309 	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
16310 	struct nlattr *nl_results, *nl_match, *nl_freqs;
16311 	int i, j;
16312 
16313 	nl_results = nla_nest_start_noflag(msg,
16314 					   NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
16315 	if (!nl_results)
16316 		return -EMSGSIZE;
16317 
16318 	for (i = 0; i < nd->n_matches; i++) {
16319 		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
16320 
16321 		nl_match = nla_nest_start_noflag(msg, i);
16322 		if (!nl_match)
16323 			break;
16324 
16325 		/* The SSID attribute is optional in nl80211, but for
16326 		 * simplicity reasons it's always present in the
16327 		 * cfg80211 structure.  If a driver can't pass the
16328 		 * SSID, that needs to be changed.  A zero length SSID
16329 		 * is still a valid SSID (wildcard), so it cannot be
16330 		 * used for this purpose.
16331 		 */
16332 		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
16333 			    match->ssid.ssid)) {
16334 			nla_nest_cancel(msg, nl_match);
16335 			goto out;
16336 		}
16337 
16338 		if (match->n_channels) {
16339 			nl_freqs = nla_nest_start_noflag(msg,
16340 							 NL80211_ATTR_SCAN_FREQUENCIES);
16341 			if (!nl_freqs) {
16342 				nla_nest_cancel(msg, nl_match);
16343 				goto out;
16344 			}
16345 
16346 			for (j = 0; j < match->n_channels; j++) {
16347 				if (nla_put_u32(msg, j, match->channels[j])) {
16348 					nla_nest_cancel(msg, nl_freqs);
16349 					nla_nest_cancel(msg, nl_match);
16350 					goto out;
16351 				}
16352 			}
16353 
16354 			nla_nest_end(msg, nl_freqs);
16355 		}
16356 
16357 		nla_nest_end(msg, nl_match);
16358 	}
16359 
16360 out:
16361 	nla_nest_end(msg, nl_results);
16362 	return 0;
16363 }
16364 
16365 void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
16366 				   struct cfg80211_wowlan_wakeup *wakeup,
16367 				   gfp_t gfp)
16368 {
16369 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16370 	struct sk_buff *msg;
16371 	void *hdr;
16372 	int size = 200;
16373 
16374 	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
16375 
16376 	if (wakeup)
16377 		size += wakeup->packet_present_len;
16378 
16379 	msg = nlmsg_new(size, gfp);
16380 	if (!msg)
16381 		return;
16382 
16383 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
16384 	if (!hdr)
16385 		goto free_msg;
16386 
16387 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16388 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16389 			      NL80211_ATTR_PAD))
16390 		goto free_msg;
16391 
16392 	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
16393 					wdev->netdev->ifindex))
16394 		goto free_msg;
16395 
16396 	if (wakeup) {
16397 		struct nlattr *reasons;
16398 
16399 		reasons = nla_nest_start_noflag(msg,
16400 						NL80211_ATTR_WOWLAN_TRIGGERS);
16401 		if (!reasons)
16402 			goto free_msg;
16403 
16404 		if (wakeup->disconnect &&
16405 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
16406 			goto free_msg;
16407 		if (wakeup->magic_pkt &&
16408 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
16409 			goto free_msg;
16410 		if (wakeup->gtk_rekey_failure &&
16411 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
16412 			goto free_msg;
16413 		if (wakeup->eap_identity_req &&
16414 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
16415 			goto free_msg;
16416 		if (wakeup->four_way_handshake &&
16417 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
16418 			goto free_msg;
16419 		if (wakeup->rfkill_release &&
16420 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
16421 			goto free_msg;
16422 
16423 		if (wakeup->pattern_idx >= 0 &&
16424 		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
16425 				wakeup->pattern_idx))
16426 			goto free_msg;
16427 
16428 		if (wakeup->tcp_match &&
16429 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
16430 			goto free_msg;
16431 
16432 		if (wakeup->tcp_connlost &&
16433 		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
16434 			goto free_msg;
16435 
16436 		if (wakeup->tcp_nomoretokens &&
16437 		    nla_put_flag(msg,
16438 				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
16439 			goto free_msg;
16440 
16441 		if (wakeup->packet) {
16442 			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
16443 			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
16444 
16445 			if (!wakeup->packet_80211) {
16446 				pkt_attr =
16447 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
16448 				len_attr =
16449 					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
16450 			}
16451 
16452 			if (wakeup->packet_len &&
16453 			    nla_put_u32(msg, len_attr, wakeup->packet_len))
16454 				goto free_msg;
16455 
16456 			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
16457 				    wakeup->packet))
16458 				goto free_msg;
16459 		}
16460 
16461 		if (wakeup->net_detect &&
16462 		    cfg80211_net_detect_results(msg, wakeup))
16463 				goto free_msg;
16464 
16465 		nla_nest_end(msg, reasons);
16466 	}
16467 
16468 	genlmsg_end(msg, hdr);
16469 
16470 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16471 				NL80211_MCGRP_MLME, gfp);
16472 	return;
16473 
16474  free_msg:
16475 	nlmsg_free(msg);
16476 }
16477 EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
16478 #endif
16479 
16480 void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
16481 				enum nl80211_tdls_operation oper,
16482 				u16 reason_code, gfp_t gfp)
16483 {
16484 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16485 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16486 	struct sk_buff *msg;
16487 	void *hdr;
16488 
16489 	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
16490 					 reason_code);
16491 
16492 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16493 	if (!msg)
16494 		return;
16495 
16496 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
16497 	if (!hdr) {
16498 		nlmsg_free(msg);
16499 		return;
16500 	}
16501 
16502 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16503 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16504 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
16505 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
16506 	    (reason_code > 0 &&
16507 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
16508 		goto nla_put_failure;
16509 
16510 	genlmsg_end(msg, hdr);
16511 
16512 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16513 				NL80211_MCGRP_MLME, gfp);
16514 	return;
16515 
16516  nla_put_failure:
16517 	nlmsg_free(msg);
16518 }
16519 EXPORT_SYMBOL(cfg80211_tdls_oper_request);
16520 
16521 static int nl80211_netlink_notify(struct notifier_block * nb,
16522 				  unsigned long state,
16523 				  void *_notify)
16524 {
16525 	struct netlink_notify *notify = _notify;
16526 	struct cfg80211_registered_device *rdev;
16527 	struct wireless_dev *wdev;
16528 	struct cfg80211_beacon_registration *reg, *tmp;
16529 
16530 	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
16531 		return NOTIFY_DONE;
16532 
16533 	rcu_read_lock();
16534 
16535 	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
16536 		struct cfg80211_sched_scan_request *sched_scan_req;
16537 
16538 		list_for_each_entry_rcu(sched_scan_req,
16539 					&rdev->sched_scan_req_list,
16540 					list) {
16541 			if (sched_scan_req->owner_nlportid == notify->portid) {
16542 				sched_scan_req->nl_owner_dead = true;
16543 				schedule_work(&rdev->sched_scan_stop_wk);
16544 			}
16545 		}
16546 
16547 		list_for_each_entry_rcu(wdev, &rdev->wiphy.wdev_list, list) {
16548 			cfg80211_mlme_unregister_socket(wdev, notify->portid);
16549 
16550 			if (wdev->owner_nlportid == notify->portid) {
16551 				wdev->nl_owner_dead = true;
16552 				schedule_work(&rdev->destroy_work);
16553 			} else if (wdev->conn_owner_nlportid == notify->portid) {
16554 				schedule_work(&wdev->disconnect_wk);
16555 			}
16556 
16557 			cfg80211_release_pmsr(wdev, notify->portid);
16558 		}
16559 
16560 		spin_lock_bh(&rdev->beacon_registrations_lock);
16561 		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
16562 					 list) {
16563 			if (reg->nlportid == notify->portid) {
16564 				list_del(&reg->list);
16565 				kfree(reg);
16566 				break;
16567 			}
16568 		}
16569 		spin_unlock_bh(&rdev->beacon_registrations_lock);
16570 	}
16571 
16572 	rcu_read_unlock();
16573 
16574 	/*
16575 	 * It is possible that the user space process that is controlling the
16576 	 * indoor setting disappeared, so notify the regulatory core.
16577 	 */
16578 	regulatory_netlink_notify(notify->portid);
16579 	return NOTIFY_OK;
16580 }
16581 
16582 static struct notifier_block nl80211_netlink_notifier = {
16583 	.notifier_call = nl80211_netlink_notify,
16584 };
16585 
16586 void cfg80211_ft_event(struct net_device *netdev,
16587 		       struct cfg80211_ft_event_params *ft_event)
16588 {
16589 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16590 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16591 	struct sk_buff *msg;
16592 	void *hdr;
16593 
16594 	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
16595 
16596 	if (!ft_event->target_ap)
16597 		return;
16598 
16599 	msg = nlmsg_new(100 + ft_event->ies_len + ft_event->ric_ies_len,
16600 			GFP_KERNEL);
16601 	if (!msg)
16602 		return;
16603 
16604 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
16605 	if (!hdr)
16606 		goto out;
16607 
16608 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16609 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16610 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
16611 		goto out;
16612 
16613 	if (ft_event->ies &&
16614 	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
16615 		goto out;
16616 	if (ft_event->ric_ies &&
16617 	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
16618 		    ft_event->ric_ies))
16619 		goto out;
16620 
16621 	genlmsg_end(msg, hdr);
16622 
16623 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16624 				NL80211_MCGRP_MLME, GFP_KERNEL);
16625 	return;
16626  out:
16627 	nlmsg_free(msg);
16628 }
16629 EXPORT_SYMBOL(cfg80211_ft_event);
16630 
16631 void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
16632 {
16633 	struct cfg80211_registered_device *rdev;
16634 	struct sk_buff *msg;
16635 	void *hdr;
16636 	u32 nlportid;
16637 
16638 	rdev = wiphy_to_rdev(wdev->wiphy);
16639 	if (!rdev->crit_proto_nlportid)
16640 		return;
16641 
16642 	nlportid = rdev->crit_proto_nlportid;
16643 	rdev->crit_proto_nlportid = 0;
16644 
16645 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16646 	if (!msg)
16647 		return;
16648 
16649 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
16650 	if (!hdr)
16651 		goto nla_put_failure;
16652 
16653 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16654 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16655 			      NL80211_ATTR_PAD))
16656 		goto nla_put_failure;
16657 
16658 	genlmsg_end(msg, hdr);
16659 
16660 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
16661 	return;
16662 
16663  nla_put_failure:
16664 	nlmsg_free(msg);
16665 }
16666 EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
16667 
16668 void nl80211_send_ap_stopped(struct wireless_dev *wdev)
16669 {
16670 	struct wiphy *wiphy = wdev->wiphy;
16671 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16672 	struct sk_buff *msg;
16673 	void *hdr;
16674 
16675 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
16676 	if (!msg)
16677 		return;
16678 
16679 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
16680 	if (!hdr)
16681 		goto out;
16682 
16683 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16684 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
16685 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
16686 			      NL80211_ATTR_PAD))
16687 		goto out;
16688 
16689 	genlmsg_end(msg, hdr);
16690 
16691 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
16692 				NL80211_MCGRP_MLME, GFP_KERNEL);
16693 	return;
16694  out:
16695 	nlmsg_free(msg);
16696 }
16697 
16698 int cfg80211_external_auth_request(struct net_device *dev,
16699 				   struct cfg80211_external_auth_params *params,
16700 				   gfp_t gfp)
16701 {
16702 	struct wireless_dev *wdev = dev->ieee80211_ptr;
16703 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16704 	struct sk_buff *msg;
16705 	void *hdr;
16706 
16707 	if (!wdev->conn_owner_nlportid)
16708 		return -EINVAL;
16709 
16710 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16711 	if (!msg)
16712 		return -ENOMEM;
16713 
16714 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_EXTERNAL_AUTH);
16715 	if (!hdr)
16716 		goto nla_put_failure;
16717 
16718 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16719 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
16720 	    nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, params->key_mgmt_suite) ||
16721 	    nla_put_u32(msg, NL80211_ATTR_EXTERNAL_AUTH_ACTION,
16722 			params->action) ||
16723 	    nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid) ||
16724 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid.ssid_len,
16725 		    params->ssid.ssid))
16726 		goto nla_put_failure;
16727 
16728 	genlmsg_end(msg, hdr);
16729 	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg,
16730 			wdev->conn_owner_nlportid);
16731 	return 0;
16732 
16733  nla_put_failure:
16734 	nlmsg_free(msg);
16735 	return -ENOBUFS;
16736 }
16737 EXPORT_SYMBOL(cfg80211_external_auth_request);
16738 
16739 void cfg80211_update_owe_info_event(struct net_device *netdev,
16740 				    struct cfg80211_update_owe_info *owe_info,
16741 				    gfp_t gfp)
16742 {
16743 	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
16744 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
16745 	struct sk_buff *msg;
16746 	void *hdr;
16747 
16748 	trace_cfg80211_update_owe_info_event(wiphy, netdev, owe_info);
16749 
16750 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
16751 	if (!msg)
16752 		return;
16753 
16754 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_UPDATE_OWE_INFO);
16755 	if (!hdr)
16756 		goto nla_put_failure;
16757 
16758 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
16759 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
16760 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, owe_info->peer))
16761 		goto nla_put_failure;
16762 
16763 	if (!owe_info->ie_len ||
16764 	    nla_put(msg, NL80211_ATTR_IE, owe_info->ie_len, owe_info->ie))
16765 		goto nla_put_failure;
16766 
16767 	genlmsg_end(msg, hdr);
16768 
16769 	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
16770 				NL80211_MCGRP_MLME, gfp);
16771 	return;
16772 
16773 nla_put_failure:
16774 	genlmsg_cancel(msg, hdr);
16775 	nlmsg_free(msg);
16776 }
16777 EXPORT_SYMBOL(cfg80211_update_owe_info_event);
16778 
16779 /* initialisation/exit functions */
16780 
16781 int __init nl80211_init(void)
16782 {
16783 	int err;
16784 
16785 	err = genl_register_family(&nl80211_fam);
16786 	if (err)
16787 		return err;
16788 
16789 	err = netlink_register_notifier(&nl80211_netlink_notifier);
16790 	if (err)
16791 		goto err_out;
16792 
16793 	return 0;
16794  err_out:
16795 	genl_unregister_family(&nl80211_fam);
16796 	return err;
16797 }
16798 
16799 void nl80211_exit(void)
16800 {
16801 	netlink_unregister_notifier(&nl80211_netlink_notifier);
16802 	genl_unregister_family(&nl80211_fam);
16803 }
16804