1/*
2 * This is the new netlink-based wireless configuration interface.
3 *
4 * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5 * Copyright 2013-2014  Intel Mobile Communications GmbH
6 */
7
8#include <linux/if.h>
9#include <linux/module.h>
10#include <linux/err.h>
11#include <linux/slab.h>
12#include <linux/list.h>
13#include <linux/if_ether.h>
14#include <linux/ieee80211.h>
15#include <linux/nl80211.h>
16#include <linux/rtnetlink.h>
17#include <linux/netlink.h>
18#include <linux/etherdevice.h>
19#include <net/net_namespace.h>
20#include <net/genetlink.h>
21#include <net/cfg80211.h>
22#include <net/sock.h>
23#include <net/inet_connection_sock.h>
24#include "core.h"
25#include "nl80211.h"
26#include "reg.h"
27#include "rdev-ops.h"
28
29static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
30				   struct genl_info *info,
31				   struct cfg80211_crypto_settings *settings,
32				   int cipher_limit);
33
34static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
35			    struct genl_info *info);
36static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
37			      struct genl_info *info);
38
39/* the netlink family */
40static struct genl_family nl80211_fam = {
41	.id = GENL_ID_GENERATE,		/* don't bother with a hardcoded ID */
42	.name = NL80211_GENL_NAME,	/* have users key off the name instead */
43	.hdrsize = 0,			/* no private header */
44	.version = 1,			/* no particular meaning now */
45	.maxattr = NL80211_ATTR_MAX,
46	.netnsok = true,
47	.pre_doit = nl80211_pre_doit,
48	.post_doit = nl80211_post_doit,
49};
50
51/* multicast groups */
52enum nl80211_multicast_groups {
53	NL80211_MCGRP_CONFIG,
54	NL80211_MCGRP_SCAN,
55	NL80211_MCGRP_REGULATORY,
56	NL80211_MCGRP_MLME,
57	NL80211_MCGRP_VENDOR,
58	NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
59};
60
61static const struct genl_multicast_group nl80211_mcgrps[] = {
62	[NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
63	[NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
64	[NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
65	[NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
66	[NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
67#ifdef CONFIG_NL80211_TESTMODE
68	[NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
69#endif
70};
71
72/* returns ERR_PTR values */
73static struct wireless_dev *
74__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
75{
76	struct cfg80211_registered_device *rdev;
77	struct wireless_dev *result = NULL;
78	bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
79	bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
80	u64 wdev_id;
81	int wiphy_idx = -1;
82	int ifidx = -1;
83
84	ASSERT_RTNL();
85
86	if (!have_ifidx && !have_wdev_id)
87		return ERR_PTR(-EINVAL);
88
89	if (have_ifidx)
90		ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
91	if (have_wdev_id) {
92		wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
93		wiphy_idx = wdev_id >> 32;
94	}
95
96	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
97		struct wireless_dev *wdev;
98
99		if (wiphy_net(&rdev->wiphy) != netns)
100			continue;
101
102		if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
103			continue;
104
105		list_for_each_entry(wdev, &rdev->wdev_list, list) {
106			if (have_ifidx && wdev->netdev &&
107			    wdev->netdev->ifindex == ifidx) {
108				result = wdev;
109				break;
110			}
111			if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
112				result = wdev;
113				break;
114			}
115		}
116
117		if (result)
118			break;
119	}
120
121	if (result)
122		return result;
123	return ERR_PTR(-ENODEV);
124}
125
126static struct cfg80211_registered_device *
127__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
128{
129	struct cfg80211_registered_device *rdev = NULL, *tmp;
130	struct net_device *netdev;
131
132	ASSERT_RTNL();
133
134	if (!attrs[NL80211_ATTR_WIPHY] &&
135	    !attrs[NL80211_ATTR_IFINDEX] &&
136	    !attrs[NL80211_ATTR_WDEV])
137		return ERR_PTR(-EINVAL);
138
139	if (attrs[NL80211_ATTR_WIPHY])
140		rdev = cfg80211_rdev_by_wiphy_idx(
141				nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
142
143	if (attrs[NL80211_ATTR_WDEV]) {
144		u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
145		struct wireless_dev *wdev;
146		bool found = false;
147
148		tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
149		if (tmp) {
150			/* make sure wdev exists */
151			list_for_each_entry(wdev, &tmp->wdev_list, list) {
152				if (wdev->identifier != (u32)wdev_id)
153					continue;
154				found = true;
155				break;
156			}
157
158			if (!found)
159				tmp = NULL;
160
161			if (rdev && tmp != rdev)
162				return ERR_PTR(-EINVAL);
163			rdev = tmp;
164		}
165	}
166
167	if (attrs[NL80211_ATTR_IFINDEX]) {
168		int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
169		netdev = __dev_get_by_index(netns, ifindex);
170		if (netdev) {
171			if (netdev->ieee80211_ptr)
172				tmp = wiphy_to_rdev(
173					netdev->ieee80211_ptr->wiphy);
174			else
175				tmp = NULL;
176
177			/* not wireless device -- return error */
178			if (!tmp)
179				return ERR_PTR(-EINVAL);
180
181			/* mismatch -- return error */
182			if (rdev && tmp != rdev)
183				return ERR_PTR(-EINVAL);
184
185			rdev = tmp;
186		}
187	}
188
189	if (!rdev)
190		return ERR_PTR(-ENODEV);
191
192	if (netns != wiphy_net(&rdev->wiphy))
193		return ERR_PTR(-ENODEV);
194
195	return rdev;
196}
197
198/*
199 * This function returns a pointer to the driver
200 * that the genl_info item that is passed refers to.
201 *
202 * The result of this can be a PTR_ERR and hence must
203 * be checked with IS_ERR() for errors.
204 */
205static struct cfg80211_registered_device *
206cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
207{
208	return __cfg80211_rdev_from_attrs(netns, info->attrs);
209}
210
211/* policy for the attributes */
212static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
213	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
214	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
215				      .len = 20-1 },
216	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
217
218	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
219	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
220	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
221	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
222	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
223
224	[NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
225	[NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
226	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
227	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
228	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
229	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
230
231	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
232	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
233	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
234
235	[NL80211_ATTR_MAC] = { .len = ETH_ALEN },
236	[NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
237
238	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
239	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
240				    .len = WLAN_MAX_KEY_LEN },
241	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
242	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
243	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
244	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
245	[NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
246
247	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
248	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
249	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
250				       .len = IEEE80211_MAX_DATA_LEN },
251	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
252				       .len = IEEE80211_MAX_DATA_LEN },
253	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
254	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
255	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
256	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
257					       .len = NL80211_MAX_SUPP_RATES },
258	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
259	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
260	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
261	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
262				   .len = IEEE80211_MAX_MESH_ID_LEN },
263	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
264
265	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
266	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
267
268	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
269	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
270	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
271	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
272					   .len = NL80211_MAX_SUPP_RATES },
273	[NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
274
275	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
276	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
277
278	[NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
279
280	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
281	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
282			      .len = IEEE80211_MAX_DATA_LEN },
283	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
284	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
285
286	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
287				.len = IEEE80211_MAX_SSID_LEN },
288	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
289	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
290	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
291	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
292	[NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
293	[NL80211_ATTR_STA_FLAGS2] = {
294		.len = sizeof(struct nl80211_sta_flag_update),
295	},
296	[NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
297	[NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
298	[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
299	[NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
300	[NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
301	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
302	[NL80211_ATTR_PID] = { .type = NLA_U32 },
303	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
304	[NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
305				 .len = WLAN_PMKID_LEN },
306	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
307	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
308	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
309	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
310				 .len = IEEE80211_MAX_DATA_LEN },
311	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
312	[NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
313	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
314	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
315	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
316	[NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
317	[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
318	[NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
319	[NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
320	[NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
321	[NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
322	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
323	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
324	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
325	[NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
326	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
327	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
328	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
329	[NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
330	[NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
331					 .len = IEEE80211_MAX_DATA_LEN },
332	[NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
333					 .len = IEEE80211_MAX_DATA_LEN },
334	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
335	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
336	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
337	[NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
338	[NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
339	[NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
340	[NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
341	[NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
342	[NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
343	[NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
344	[NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
345				      .len = IEEE80211_MAX_DATA_LEN },
346	[NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
347	[NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
348	[NL80211_ATTR_HT_CAPABILITY_MASK] = {
349		.len = NL80211_HT_CAPABILITY_LEN
350	},
351	[NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
352	[NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
353	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
354	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
355	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
356	[NL80211_ATTR_SAE_DATA] = { .type = NLA_BINARY, },
357	[NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
358	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
359	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
360	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
361	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
362	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
363	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
364	[NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
365	[NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
366	[NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
367	[NL80211_ATTR_VHT_CAPABILITY_MASK] = {
368		.len = NL80211_VHT_CAPABILITY_LEN,
369	},
370	[NL80211_ATTR_MDID] = { .type = NLA_U16 },
371	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
372				  .len = IEEE80211_MAX_DATA_LEN },
373	[NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
374	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
375	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
376	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
377	[NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
378	[NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
379	[NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
380	[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
381	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
382	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
383	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
384	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
385	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
386	[NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
387				   .len = IEEE80211_QOS_MAP_LEN_MAX },
388	[NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
389	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
390	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
391	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
392	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
393	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
394	[NL80211_ATTR_TSID] = { .type = NLA_U8 },
395	[NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
396	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
397	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
398	[NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
399	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
400	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
401	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
402	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
403};
404
405/* policy for the key attributes */
406static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
407	[NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
408	[NL80211_KEY_IDX] = { .type = NLA_U8 },
409	[NL80211_KEY_CIPHER] = { .type = NLA_U32 },
410	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
411	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
412	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
413	[NL80211_KEY_TYPE] = { .type = NLA_U32 },
414	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
415};
416
417/* policy for the key default flags */
418static const struct nla_policy
419nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
420	[NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
421	[NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
422};
423
424/* policy for WoWLAN attributes */
425static const struct nla_policy
426nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
427	[NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
428	[NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
429	[NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
430	[NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
431	[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
432	[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
433	[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
434	[NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
435	[NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
436	[NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
437};
438
439static const struct nla_policy
440nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
441	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
442	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
443	[NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
444	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
445	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
446	[NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
447	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
448		.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
449	},
450	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
451		.len = sizeof(struct nl80211_wowlan_tcp_data_token)
452	},
453	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
454	[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
455	[NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
456};
457
458/* policy for coalesce rule attributes */
459static const struct nla_policy
460nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
461	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
462	[NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
463	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
464};
465
466/* policy for GTK rekey offload attributes */
467static const struct nla_policy
468nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
469	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
470	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
471	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
472};
473
474static const struct nla_policy
475nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
476	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
477						 .len = IEEE80211_MAX_SSID_LEN },
478	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
479};
480
481static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
482				     struct netlink_callback *cb,
483				     struct cfg80211_registered_device **rdev,
484				     struct wireless_dev **wdev)
485{
486	int err;
487
488	rtnl_lock();
489
490	if (!cb->args[0]) {
491		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
492				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
493				  nl80211_policy);
494		if (err)
495			goto out_unlock;
496
497		*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
498						   nl80211_fam.attrbuf);
499		if (IS_ERR(*wdev)) {
500			err = PTR_ERR(*wdev);
501			goto out_unlock;
502		}
503		*rdev = wiphy_to_rdev((*wdev)->wiphy);
504		/* 0 is the first index - add 1 to parse only once */
505		cb->args[0] = (*rdev)->wiphy_idx + 1;
506		cb->args[1] = (*wdev)->identifier;
507	} else {
508		/* subtract the 1 again here */
509		struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
510		struct wireless_dev *tmp;
511
512		if (!wiphy) {
513			err = -ENODEV;
514			goto out_unlock;
515		}
516		*rdev = wiphy_to_rdev(wiphy);
517		*wdev = NULL;
518
519		list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
520			if (tmp->identifier == cb->args[1]) {
521				*wdev = tmp;
522				break;
523			}
524		}
525
526		if (!*wdev) {
527			err = -ENODEV;
528			goto out_unlock;
529		}
530	}
531
532	return 0;
533 out_unlock:
534	rtnl_unlock();
535	return err;
536}
537
538static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
539{
540	rtnl_unlock();
541}
542
543/* IE validation */
544static bool is_valid_ie_attr(const struct nlattr *attr)
545{
546	const u8 *pos;
547	int len;
548
549	if (!attr)
550		return true;
551
552	pos = nla_data(attr);
553	len = nla_len(attr);
554
555	while (len) {
556		u8 elemlen;
557
558		if (len < 2)
559			return false;
560		len -= 2;
561
562		elemlen = pos[1];
563		if (elemlen > len)
564			return false;
565
566		len -= elemlen;
567		pos += 2 + elemlen;
568	}
569
570	return true;
571}
572
573/* message building helper */
574static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
575				   int flags, u8 cmd)
576{
577	/* since there is no private header just add the generic one */
578	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
579}
580
581static int nl80211_msg_put_channel(struct sk_buff *msg,
582				   struct ieee80211_channel *chan,
583				   bool large)
584{
585	/* Some channels must be completely excluded from the
586	 * list to protect old user-space tools from breaking
587	 */
588	if (!large && chan->flags &
589	    (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
590		return 0;
591
592	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
593			chan->center_freq))
594		goto nla_put_failure;
595
596	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
597	    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
598		goto nla_put_failure;
599	if (chan->flags & IEEE80211_CHAN_NO_IR) {
600		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
601			goto nla_put_failure;
602		if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
603			goto nla_put_failure;
604	}
605	if (chan->flags & IEEE80211_CHAN_RADAR) {
606		if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
607			goto nla_put_failure;
608		if (large) {
609			u32 time;
610
611			time = elapsed_jiffies_msecs(chan->dfs_state_entered);
612
613			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
614					chan->dfs_state))
615				goto nla_put_failure;
616			if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
617					time))
618				goto nla_put_failure;
619			if (nla_put_u32(msg,
620					NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
621					chan->dfs_cac_ms))
622				goto nla_put_failure;
623		}
624	}
625
626	if (large) {
627		if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
628		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
629			goto nla_put_failure;
630		if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
631		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
632			goto nla_put_failure;
633		if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
634		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
635			goto nla_put_failure;
636		if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
637		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
638			goto nla_put_failure;
639		if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
640		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
641			goto nla_put_failure;
642		if ((chan->flags & IEEE80211_CHAN_GO_CONCURRENT) &&
643		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_GO_CONCURRENT))
644			goto nla_put_failure;
645		if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
646		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
647			goto nla_put_failure;
648		if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
649		    nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
650			goto nla_put_failure;
651	}
652
653	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
654			DBM_TO_MBM(chan->max_power)))
655		goto nla_put_failure;
656
657	return 0;
658
659 nla_put_failure:
660	return -ENOBUFS;
661}
662
663/* netlink command implementations */
664
665struct key_parse {
666	struct key_params p;
667	int idx;
668	int type;
669	bool def, defmgmt;
670	bool def_uni, def_multi;
671};
672
673static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
674{
675	struct nlattr *tb[NL80211_KEY_MAX + 1];
676	int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
677				   nl80211_key_policy);
678	if (err)
679		return err;
680
681	k->def = !!tb[NL80211_KEY_DEFAULT];
682	k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
683
684	if (k->def) {
685		k->def_uni = true;
686		k->def_multi = true;
687	}
688	if (k->defmgmt)
689		k->def_multi = true;
690
691	if (tb[NL80211_KEY_IDX])
692		k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
693
694	if (tb[NL80211_KEY_DATA]) {
695		k->p.key = nla_data(tb[NL80211_KEY_DATA]);
696		k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
697	}
698
699	if (tb[NL80211_KEY_SEQ]) {
700		k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
701		k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
702	}
703
704	if (tb[NL80211_KEY_CIPHER])
705		k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
706
707	if (tb[NL80211_KEY_TYPE]) {
708		k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
709		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
710			return -EINVAL;
711	}
712
713	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
714		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
715		err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
716				       tb[NL80211_KEY_DEFAULT_TYPES],
717				       nl80211_key_default_policy);
718		if (err)
719			return err;
720
721		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
722		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
723	}
724
725	return 0;
726}
727
728static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
729{
730	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
731		k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
732		k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
733	}
734
735	if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
736		k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
737		k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
738	}
739
740	if (info->attrs[NL80211_ATTR_KEY_IDX])
741		k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
742
743	if (info->attrs[NL80211_ATTR_KEY_CIPHER])
744		k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
745
746	k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
747	k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
748
749	if (k->def) {
750		k->def_uni = true;
751		k->def_multi = true;
752	}
753	if (k->defmgmt)
754		k->def_multi = true;
755
756	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
757		k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
758		if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
759			return -EINVAL;
760	}
761
762	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
763		struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
764		int err = nla_parse_nested(
765				kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
766				info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
767				nl80211_key_default_policy);
768		if (err)
769			return err;
770
771		k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
772		k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
773	}
774
775	return 0;
776}
777
778static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
779{
780	int err;
781
782	memset(k, 0, sizeof(*k));
783	k->idx = -1;
784	k->type = -1;
785
786	if (info->attrs[NL80211_ATTR_KEY])
787		err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
788	else
789		err = nl80211_parse_key_old(info, k);
790
791	if (err)
792		return err;
793
794	if (k->def && k->defmgmt)
795		return -EINVAL;
796
797	if (k->defmgmt) {
798		if (k->def_uni || !k->def_multi)
799			return -EINVAL;
800	}
801
802	if (k->idx != -1) {
803		if (k->defmgmt) {
804			if (k->idx < 4 || k->idx > 5)
805				return -EINVAL;
806		} else if (k->def) {
807			if (k->idx < 0 || k->idx > 3)
808				return -EINVAL;
809		} else {
810			if (k->idx < 0 || k->idx > 5)
811				return -EINVAL;
812		}
813	}
814
815	return 0;
816}
817
818static struct cfg80211_cached_keys *
819nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
820		       struct nlattr *keys, bool *no_ht)
821{
822	struct key_parse parse;
823	struct nlattr *key;
824	struct cfg80211_cached_keys *result;
825	int rem, err, def = 0;
826
827	result = kzalloc(sizeof(*result), GFP_KERNEL);
828	if (!result)
829		return ERR_PTR(-ENOMEM);
830
831	result->def = -1;
832	result->defmgmt = -1;
833
834	nla_for_each_nested(key, keys, rem) {
835		memset(&parse, 0, sizeof(parse));
836		parse.idx = -1;
837
838		err = nl80211_parse_key_new(key, &parse);
839		if (err)
840			goto error;
841		err = -EINVAL;
842		if (!parse.p.key)
843			goto error;
844		if (parse.idx < 0 || parse.idx > 4)
845			goto error;
846		if (parse.def) {
847			if (def)
848				goto error;
849			def = 1;
850			result->def = parse.idx;
851			if (!parse.def_uni || !parse.def_multi)
852				goto error;
853		} else if (parse.defmgmt)
854			goto error;
855		err = cfg80211_validate_key_settings(rdev, &parse.p,
856						     parse.idx, false, NULL);
857		if (err)
858			goto error;
859		result->params[parse.idx].cipher = parse.p.cipher;
860		result->params[parse.idx].key_len = parse.p.key_len;
861		result->params[parse.idx].key = result->data[parse.idx];
862		memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
863
864		if (parse.p.cipher == WLAN_CIPHER_SUITE_WEP40 ||
865		    parse.p.cipher == WLAN_CIPHER_SUITE_WEP104) {
866			if (no_ht)
867				*no_ht = true;
868		}
869	}
870
871	return result;
872 error:
873	kfree(result);
874	return ERR_PTR(err);
875}
876
877static int nl80211_key_allowed(struct wireless_dev *wdev)
878{
879	ASSERT_WDEV_LOCK(wdev);
880
881	switch (wdev->iftype) {
882	case NL80211_IFTYPE_AP:
883	case NL80211_IFTYPE_AP_VLAN:
884	case NL80211_IFTYPE_P2P_GO:
885	case NL80211_IFTYPE_MESH_POINT:
886		break;
887	case NL80211_IFTYPE_ADHOC:
888	case NL80211_IFTYPE_STATION:
889	case NL80211_IFTYPE_P2P_CLIENT:
890		if (!wdev->current_bss)
891			return -ENOLINK;
892		break;
893	case NL80211_IFTYPE_UNSPECIFIED:
894	case NL80211_IFTYPE_OCB:
895	case NL80211_IFTYPE_MONITOR:
896	case NL80211_IFTYPE_P2P_DEVICE:
897	case NL80211_IFTYPE_WDS:
898	case NUM_NL80211_IFTYPES:
899		return -EINVAL;
900	}
901
902	return 0;
903}
904
905static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
906							struct nlattr *tb)
907{
908	struct ieee80211_channel *chan;
909
910	if (tb == NULL)
911		return NULL;
912	chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
913	if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
914		return NULL;
915	return chan;
916}
917
918static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
919{
920	struct nlattr *nl_modes = nla_nest_start(msg, attr);
921	int i;
922
923	if (!nl_modes)
924		goto nla_put_failure;
925
926	i = 0;
927	while (ifmodes) {
928		if ((ifmodes & 1) && nla_put_flag(msg, i))
929			goto nla_put_failure;
930		ifmodes >>= 1;
931		i++;
932	}
933
934	nla_nest_end(msg, nl_modes);
935	return 0;
936
937nla_put_failure:
938	return -ENOBUFS;
939}
940
941static int nl80211_put_iface_combinations(struct wiphy *wiphy,
942					  struct sk_buff *msg,
943					  bool large)
944{
945	struct nlattr *nl_combis;
946	int i, j;
947
948	nl_combis = nla_nest_start(msg,
949				NL80211_ATTR_INTERFACE_COMBINATIONS);
950	if (!nl_combis)
951		goto nla_put_failure;
952
953	for (i = 0; i < wiphy->n_iface_combinations; i++) {
954		const struct ieee80211_iface_combination *c;
955		struct nlattr *nl_combi, *nl_limits;
956
957		c = &wiphy->iface_combinations[i];
958
959		nl_combi = nla_nest_start(msg, i + 1);
960		if (!nl_combi)
961			goto nla_put_failure;
962
963		nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
964		if (!nl_limits)
965			goto nla_put_failure;
966
967		for (j = 0; j < c->n_limits; j++) {
968			struct nlattr *nl_limit;
969
970			nl_limit = nla_nest_start(msg, j + 1);
971			if (!nl_limit)
972				goto nla_put_failure;
973			if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
974					c->limits[j].max))
975				goto nla_put_failure;
976			if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
977						c->limits[j].types))
978				goto nla_put_failure;
979			nla_nest_end(msg, nl_limit);
980		}
981
982		nla_nest_end(msg, nl_limits);
983
984		if (c->beacon_int_infra_match &&
985		    nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
986			goto nla_put_failure;
987		if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
988				c->num_different_channels) ||
989		    nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
990				c->max_interfaces))
991			goto nla_put_failure;
992		if (large &&
993		    (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
994				c->radar_detect_widths) ||
995		     nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
996				c->radar_detect_regions)))
997			goto nla_put_failure;
998
999		nla_nest_end(msg, nl_combi);
1000	}
1001
1002	nla_nest_end(msg, nl_combis);
1003
1004	return 0;
1005nla_put_failure:
1006	return -ENOBUFS;
1007}
1008
1009#ifdef CONFIG_PM
1010static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1011					struct sk_buff *msg)
1012{
1013	const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1014	struct nlattr *nl_tcp;
1015
1016	if (!tcp)
1017		return 0;
1018
1019	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1020	if (!nl_tcp)
1021		return -ENOBUFS;
1022
1023	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1024			tcp->data_payload_max))
1025		return -ENOBUFS;
1026
1027	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1028			tcp->data_payload_max))
1029		return -ENOBUFS;
1030
1031	if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1032		return -ENOBUFS;
1033
1034	if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1035				sizeof(*tcp->tok), tcp->tok))
1036		return -ENOBUFS;
1037
1038	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1039			tcp->data_interval_max))
1040		return -ENOBUFS;
1041
1042	if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1043			tcp->wake_payload_max))
1044		return -ENOBUFS;
1045
1046	nla_nest_end(msg, nl_tcp);
1047	return 0;
1048}
1049
1050static int nl80211_send_wowlan(struct sk_buff *msg,
1051			       struct cfg80211_registered_device *rdev,
1052			       bool large)
1053{
1054	struct nlattr *nl_wowlan;
1055
1056	if (!rdev->wiphy.wowlan)
1057		return 0;
1058
1059	nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1060	if (!nl_wowlan)
1061		return -ENOBUFS;
1062
1063	if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1064	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1065	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1066	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1067	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1068	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1069	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1070	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1071	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1072	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1073	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1074	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1075	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1076	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1077	    ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1078	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1079		return -ENOBUFS;
1080
1081	if (rdev->wiphy.wowlan->n_patterns) {
1082		struct nl80211_pattern_support pat = {
1083			.max_patterns = rdev->wiphy.wowlan->n_patterns,
1084			.min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1085			.max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1086			.max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1087		};
1088
1089		if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1090			    sizeof(pat), &pat))
1091			return -ENOBUFS;
1092	}
1093
1094	if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1095	    nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1096			rdev->wiphy.wowlan->max_nd_match_sets))
1097		return -ENOBUFS;
1098
1099	if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1100		return -ENOBUFS;
1101
1102	nla_nest_end(msg, nl_wowlan);
1103
1104	return 0;
1105}
1106#endif
1107
1108static int nl80211_send_coalesce(struct sk_buff *msg,
1109				 struct cfg80211_registered_device *rdev)
1110{
1111	struct nl80211_coalesce_rule_support rule;
1112
1113	if (!rdev->wiphy.coalesce)
1114		return 0;
1115
1116	rule.max_rules = rdev->wiphy.coalesce->n_rules;
1117	rule.max_delay = rdev->wiphy.coalesce->max_delay;
1118	rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1119	rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1120	rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1121	rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1122
1123	if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1124		return -ENOBUFS;
1125
1126	return 0;
1127}
1128
1129static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1130				      struct ieee80211_supported_band *sband)
1131{
1132	struct nlattr *nl_rates, *nl_rate;
1133	struct ieee80211_rate *rate;
1134	int i;
1135
1136	/* add HT info */
1137	if (sband->ht_cap.ht_supported &&
1138	    (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1139		     sizeof(sband->ht_cap.mcs),
1140		     &sband->ht_cap.mcs) ||
1141	     nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1142			 sband->ht_cap.cap) ||
1143	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1144			sband->ht_cap.ampdu_factor) ||
1145	     nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1146			sband->ht_cap.ampdu_density)))
1147		return -ENOBUFS;
1148
1149	/* add VHT info */
1150	if (sband->vht_cap.vht_supported &&
1151	    (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1152		     sizeof(sband->vht_cap.vht_mcs),
1153		     &sband->vht_cap.vht_mcs) ||
1154	     nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1155			 sband->vht_cap.cap)))
1156		return -ENOBUFS;
1157
1158	/* add bitrates */
1159	nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1160	if (!nl_rates)
1161		return -ENOBUFS;
1162
1163	for (i = 0; i < sband->n_bitrates; i++) {
1164		nl_rate = nla_nest_start(msg, i);
1165		if (!nl_rate)
1166			return -ENOBUFS;
1167
1168		rate = &sband->bitrates[i];
1169		if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1170				rate->bitrate))
1171			return -ENOBUFS;
1172		if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1173		    nla_put_flag(msg,
1174				 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1175			return -ENOBUFS;
1176
1177		nla_nest_end(msg, nl_rate);
1178	}
1179
1180	nla_nest_end(msg, nl_rates);
1181
1182	return 0;
1183}
1184
1185static int
1186nl80211_send_mgmt_stypes(struct sk_buff *msg,
1187			 const struct ieee80211_txrx_stypes *mgmt_stypes)
1188{
1189	u16 stypes;
1190	struct nlattr *nl_ftypes, *nl_ifs;
1191	enum nl80211_iftype ift;
1192	int i;
1193
1194	if (!mgmt_stypes)
1195		return 0;
1196
1197	nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1198	if (!nl_ifs)
1199		return -ENOBUFS;
1200
1201	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1202		nl_ftypes = nla_nest_start(msg, ift);
1203		if (!nl_ftypes)
1204			return -ENOBUFS;
1205		i = 0;
1206		stypes = mgmt_stypes[ift].tx;
1207		while (stypes) {
1208			if ((stypes & 1) &&
1209			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1210					(i << 4) | IEEE80211_FTYPE_MGMT))
1211				return -ENOBUFS;
1212			stypes >>= 1;
1213			i++;
1214		}
1215		nla_nest_end(msg, nl_ftypes);
1216	}
1217
1218	nla_nest_end(msg, nl_ifs);
1219
1220	nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1221	if (!nl_ifs)
1222		return -ENOBUFS;
1223
1224	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1225		nl_ftypes = nla_nest_start(msg, ift);
1226		if (!nl_ftypes)
1227			return -ENOBUFS;
1228		i = 0;
1229		stypes = mgmt_stypes[ift].rx;
1230		while (stypes) {
1231			if ((stypes & 1) &&
1232			    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1233					(i << 4) | IEEE80211_FTYPE_MGMT))
1234				return -ENOBUFS;
1235			stypes >>= 1;
1236			i++;
1237		}
1238		nla_nest_end(msg, nl_ftypes);
1239	}
1240	nla_nest_end(msg, nl_ifs);
1241
1242	return 0;
1243}
1244
1245struct nl80211_dump_wiphy_state {
1246	s64 filter_wiphy;
1247	long start;
1248	long split_start, band_start, chan_start;
1249	bool split;
1250};
1251
1252static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1253			      enum nl80211_commands cmd,
1254			      struct sk_buff *msg, u32 portid, u32 seq,
1255			      int flags, struct nl80211_dump_wiphy_state *state)
1256{
1257	void *hdr;
1258	struct nlattr *nl_bands, *nl_band;
1259	struct nlattr *nl_freqs, *nl_freq;
1260	struct nlattr *nl_cmds;
1261	enum ieee80211_band band;
1262	struct ieee80211_channel *chan;
1263	int i;
1264	const struct ieee80211_txrx_stypes *mgmt_stypes =
1265				rdev->wiphy.mgmt_stypes;
1266	u32 features;
1267
1268	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1269	if (!hdr)
1270		return -ENOBUFS;
1271
1272	if (WARN_ON(!state))
1273		return -EINVAL;
1274
1275	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1276	    nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1277			   wiphy_name(&rdev->wiphy)) ||
1278	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
1279			cfg80211_rdev_list_generation))
1280		goto nla_put_failure;
1281
1282	if (cmd != NL80211_CMD_NEW_WIPHY)
1283		goto finish;
1284
1285	switch (state->split_start) {
1286	case 0:
1287		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1288			       rdev->wiphy.retry_short) ||
1289		    nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1290			       rdev->wiphy.retry_long) ||
1291		    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1292				rdev->wiphy.frag_threshold) ||
1293		    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1294				rdev->wiphy.rts_threshold) ||
1295		    nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1296			       rdev->wiphy.coverage_class) ||
1297		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1298			       rdev->wiphy.max_scan_ssids) ||
1299		    nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1300			       rdev->wiphy.max_sched_scan_ssids) ||
1301		    nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1302				rdev->wiphy.max_scan_ie_len) ||
1303		    nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1304				rdev->wiphy.max_sched_scan_ie_len) ||
1305		    nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1306			       rdev->wiphy.max_match_sets))
1307			goto nla_put_failure;
1308
1309		if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1310		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1311			goto nla_put_failure;
1312		if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1313		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1314			goto nla_put_failure;
1315		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1316		    nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1317			goto nla_put_failure;
1318		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1319		    nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1320			goto nla_put_failure;
1321		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1322		    nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1323			goto nla_put_failure;
1324		if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1325		    nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1326			goto nla_put_failure;
1327		state->split_start++;
1328		if (state->split)
1329			break;
1330	case 1:
1331		if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1332			    sizeof(u32) * rdev->wiphy.n_cipher_suites,
1333			    rdev->wiphy.cipher_suites))
1334			goto nla_put_failure;
1335
1336		if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1337			       rdev->wiphy.max_num_pmkids))
1338			goto nla_put_failure;
1339
1340		if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1341		    nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1342			goto nla_put_failure;
1343
1344		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1345				rdev->wiphy.available_antennas_tx) ||
1346		    nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1347				rdev->wiphy.available_antennas_rx))
1348			goto nla_put_failure;
1349
1350		if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1351		    nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1352				rdev->wiphy.probe_resp_offload))
1353			goto nla_put_failure;
1354
1355		if ((rdev->wiphy.available_antennas_tx ||
1356		     rdev->wiphy.available_antennas_rx) &&
1357		    rdev->ops->get_antenna) {
1358			u32 tx_ant = 0, rx_ant = 0;
1359			int res;
1360			res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1361			if (!res) {
1362				if (nla_put_u32(msg,
1363						NL80211_ATTR_WIPHY_ANTENNA_TX,
1364						tx_ant) ||
1365				    nla_put_u32(msg,
1366						NL80211_ATTR_WIPHY_ANTENNA_RX,
1367						rx_ant))
1368					goto nla_put_failure;
1369			}
1370		}
1371
1372		state->split_start++;
1373		if (state->split)
1374			break;
1375	case 2:
1376		if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1377					rdev->wiphy.interface_modes))
1378				goto nla_put_failure;
1379		state->split_start++;
1380		if (state->split)
1381			break;
1382	case 3:
1383		nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1384		if (!nl_bands)
1385			goto nla_put_failure;
1386
1387		for (band = state->band_start;
1388		     band < IEEE80211_NUM_BANDS; band++) {
1389			struct ieee80211_supported_band *sband;
1390
1391			sband = rdev->wiphy.bands[band];
1392
1393			if (!sband)
1394				continue;
1395
1396			nl_band = nla_nest_start(msg, band);
1397			if (!nl_band)
1398				goto nla_put_failure;
1399
1400			switch (state->chan_start) {
1401			case 0:
1402				if (nl80211_send_band_rateinfo(msg, sband))
1403					goto nla_put_failure;
1404				state->chan_start++;
1405				if (state->split)
1406					break;
1407			default:
1408				/* add frequencies */
1409				nl_freqs = nla_nest_start(
1410					msg, NL80211_BAND_ATTR_FREQS);
1411				if (!nl_freqs)
1412					goto nla_put_failure;
1413
1414				for (i = state->chan_start - 1;
1415				     i < sband->n_channels;
1416				     i++) {
1417					nl_freq = nla_nest_start(msg, i);
1418					if (!nl_freq)
1419						goto nla_put_failure;
1420
1421					chan = &sband->channels[i];
1422
1423					if (nl80211_msg_put_channel(
1424							msg, chan,
1425							state->split))
1426						goto nla_put_failure;
1427
1428					nla_nest_end(msg, nl_freq);
1429					if (state->split)
1430						break;
1431				}
1432				if (i < sband->n_channels)
1433					state->chan_start = i + 2;
1434				else
1435					state->chan_start = 0;
1436				nla_nest_end(msg, nl_freqs);
1437			}
1438
1439			nla_nest_end(msg, nl_band);
1440
1441			if (state->split) {
1442				/* start again here */
1443				if (state->chan_start)
1444					band--;
1445				break;
1446			}
1447		}
1448		nla_nest_end(msg, nl_bands);
1449
1450		if (band < IEEE80211_NUM_BANDS)
1451			state->band_start = band + 1;
1452		else
1453			state->band_start = 0;
1454
1455		/* if bands & channels are done, continue outside */
1456		if (state->band_start == 0 && state->chan_start == 0)
1457			state->split_start++;
1458		if (state->split)
1459			break;
1460	case 4:
1461		nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1462		if (!nl_cmds)
1463			goto nla_put_failure;
1464
1465		i = 0;
1466#define CMD(op, n)							\
1467		 do {							\
1468			if (rdev->ops->op) {				\
1469				i++;					\
1470				if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
1471					goto nla_put_failure;		\
1472			}						\
1473		} while (0)
1474
1475		CMD(add_virtual_intf, NEW_INTERFACE);
1476		CMD(change_virtual_intf, SET_INTERFACE);
1477		CMD(add_key, NEW_KEY);
1478		CMD(start_ap, START_AP);
1479		CMD(add_station, NEW_STATION);
1480		CMD(add_mpath, NEW_MPATH);
1481		CMD(update_mesh_config, SET_MESH_CONFIG);
1482		CMD(change_bss, SET_BSS);
1483		CMD(auth, AUTHENTICATE);
1484		CMD(assoc, ASSOCIATE);
1485		CMD(deauth, DEAUTHENTICATE);
1486		CMD(disassoc, DISASSOCIATE);
1487		CMD(join_ibss, JOIN_IBSS);
1488		CMD(join_mesh, JOIN_MESH);
1489		CMD(set_pmksa, SET_PMKSA);
1490		CMD(del_pmksa, DEL_PMKSA);
1491		CMD(flush_pmksa, FLUSH_PMKSA);
1492		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1493			CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1494		CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1495		CMD(mgmt_tx, FRAME);
1496		CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1497		if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1498			i++;
1499			if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1500				goto nla_put_failure;
1501		}
1502		if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1503		    rdev->ops->join_mesh) {
1504			i++;
1505			if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1506				goto nla_put_failure;
1507		}
1508		CMD(set_wds_peer, SET_WDS_PEER);
1509		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1510			CMD(tdls_mgmt, TDLS_MGMT);
1511			CMD(tdls_oper, TDLS_OPER);
1512		}
1513		if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
1514			CMD(sched_scan_start, START_SCHED_SCAN);
1515		CMD(probe_client, PROBE_CLIENT);
1516		CMD(set_noack_map, SET_NOACK_MAP);
1517		if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1518			i++;
1519			if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1520				goto nla_put_failure;
1521		}
1522		CMD(start_p2p_device, START_P2P_DEVICE);
1523		CMD(set_mcast_rate, SET_MCAST_RATE);
1524#ifdef CONFIG_NL80211_TESTMODE
1525		CMD(testmode_cmd, TESTMODE);
1526#endif
1527		if (state->split) {
1528			CMD(crit_proto_start, CRIT_PROTOCOL_START);
1529			CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1530			if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1531				CMD(channel_switch, CHANNEL_SWITCH);
1532			CMD(set_qos_map, SET_QOS_MAP);
1533			if (rdev->wiphy.features &
1534					NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1535				CMD(add_tx_ts, ADD_TX_TS);
1536		}
1537		/* add into the if now */
1538#undef CMD
1539
1540		if (rdev->ops->connect || rdev->ops->auth) {
1541			i++;
1542			if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1543				goto nla_put_failure;
1544		}
1545
1546		if (rdev->ops->disconnect || rdev->ops->deauth) {
1547			i++;
1548			if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1549				goto nla_put_failure;
1550		}
1551
1552		nla_nest_end(msg, nl_cmds);
1553		state->split_start++;
1554		if (state->split)
1555			break;
1556	case 5:
1557		if (rdev->ops->remain_on_channel &&
1558		    (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1559		    nla_put_u32(msg,
1560				NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1561				rdev->wiphy.max_remain_on_channel_duration))
1562			goto nla_put_failure;
1563
1564		if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1565		    nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1566			goto nla_put_failure;
1567
1568		if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1569			goto nla_put_failure;
1570		state->split_start++;
1571		if (state->split)
1572			break;
1573	case 6:
1574#ifdef CONFIG_PM
1575		if (nl80211_send_wowlan(msg, rdev, state->split))
1576			goto nla_put_failure;
1577		state->split_start++;
1578		if (state->split)
1579			break;
1580#else
1581		state->split_start++;
1582#endif
1583	case 7:
1584		if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1585					rdev->wiphy.software_iftypes))
1586			goto nla_put_failure;
1587
1588		if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1589						   state->split))
1590			goto nla_put_failure;
1591
1592		state->split_start++;
1593		if (state->split)
1594			break;
1595	case 8:
1596		if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1597		    nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1598				rdev->wiphy.ap_sme_capa))
1599			goto nla_put_failure;
1600
1601		features = rdev->wiphy.features;
1602		/*
1603		 * We can only add the per-channel limit information if the
1604		 * dump is split, otherwise it makes it too big. Therefore
1605		 * only advertise it in that case.
1606		 */
1607		if (state->split)
1608			features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1609		if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1610			goto nla_put_failure;
1611
1612		if (rdev->wiphy.ht_capa_mod_mask &&
1613		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1614			    sizeof(*rdev->wiphy.ht_capa_mod_mask),
1615			    rdev->wiphy.ht_capa_mod_mask))
1616			goto nla_put_failure;
1617
1618		if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1619		    rdev->wiphy.max_acl_mac_addrs &&
1620		    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1621				rdev->wiphy.max_acl_mac_addrs))
1622			goto nla_put_failure;
1623
1624		/*
1625		 * Any information below this point is only available to
1626		 * applications that can deal with it being split. This
1627		 * helps ensure that newly added capabilities don't break
1628		 * older tools by overrunning their buffers.
1629		 *
1630		 * We still increment split_start so that in the split
1631		 * case we'll continue with more data in the next round,
1632		 * but break unconditionally so unsplit data stops here.
1633		 */
1634		state->split_start++;
1635		break;
1636	case 9:
1637		if (rdev->wiphy.extended_capabilities &&
1638		    (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1639			     rdev->wiphy.extended_capabilities_len,
1640			     rdev->wiphy.extended_capabilities) ||
1641		     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1642			     rdev->wiphy.extended_capabilities_len,
1643			     rdev->wiphy.extended_capabilities_mask)))
1644			goto nla_put_failure;
1645
1646		if (rdev->wiphy.vht_capa_mod_mask &&
1647		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1648			    sizeof(*rdev->wiphy.vht_capa_mod_mask),
1649			    rdev->wiphy.vht_capa_mod_mask))
1650			goto nla_put_failure;
1651
1652		state->split_start++;
1653		break;
1654	case 10:
1655		if (nl80211_send_coalesce(msg, rdev))
1656			goto nla_put_failure;
1657
1658		if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1659		    (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1660		     nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1661			goto nla_put_failure;
1662
1663		if (rdev->wiphy.max_ap_assoc_sta &&
1664		    nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1665				rdev->wiphy.max_ap_assoc_sta))
1666			goto nla_put_failure;
1667
1668		state->split_start++;
1669		break;
1670	case 11:
1671		if (rdev->wiphy.n_vendor_commands) {
1672			const struct nl80211_vendor_cmd_info *info;
1673			struct nlattr *nested;
1674
1675			nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1676			if (!nested)
1677				goto nla_put_failure;
1678
1679			for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1680				info = &rdev->wiphy.vendor_commands[i].info;
1681				if (nla_put(msg, i + 1, sizeof(*info), info))
1682					goto nla_put_failure;
1683			}
1684			nla_nest_end(msg, nested);
1685		}
1686
1687		if (rdev->wiphy.n_vendor_events) {
1688			const struct nl80211_vendor_cmd_info *info;
1689			struct nlattr *nested;
1690
1691			nested = nla_nest_start(msg,
1692						NL80211_ATTR_VENDOR_EVENTS);
1693			if (!nested)
1694				goto nla_put_failure;
1695
1696			for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1697				info = &rdev->wiphy.vendor_events[i];
1698				if (nla_put(msg, i + 1, sizeof(*info), info))
1699					goto nla_put_failure;
1700			}
1701			nla_nest_end(msg, nested);
1702		}
1703		state->split_start++;
1704		break;
1705	case 12:
1706		if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1707		    nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1708			       rdev->wiphy.max_num_csa_counters))
1709			goto nla_put_failure;
1710
1711		if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1712		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1713			goto nla_put_failure;
1714
1715		if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1716			    sizeof(rdev->wiphy.ext_features),
1717			    rdev->wiphy.ext_features))
1718			goto nla_put_failure;
1719
1720		/* done */
1721		state->split_start = 0;
1722		break;
1723	}
1724 finish:
1725	genlmsg_end(msg, hdr);
1726	return 0;
1727
1728 nla_put_failure:
1729	genlmsg_cancel(msg, hdr);
1730	return -EMSGSIZE;
1731}
1732
1733static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
1734				    struct netlink_callback *cb,
1735				    struct nl80211_dump_wiphy_state *state)
1736{
1737	struct nlattr **tb = nl80211_fam.attrbuf;
1738	int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1739			      tb, nl80211_fam.maxattr, nl80211_policy);
1740	/* ignore parse errors for backward compatibility */
1741	if (ret)
1742		return 0;
1743
1744	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
1745	if (tb[NL80211_ATTR_WIPHY])
1746		state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
1747	if (tb[NL80211_ATTR_WDEV])
1748		state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
1749	if (tb[NL80211_ATTR_IFINDEX]) {
1750		struct net_device *netdev;
1751		struct cfg80211_registered_device *rdev;
1752		int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
1753
1754		netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1755		if (!netdev)
1756			return -ENODEV;
1757		if (netdev->ieee80211_ptr) {
1758			rdev = wiphy_to_rdev(
1759				netdev->ieee80211_ptr->wiphy);
1760			state->filter_wiphy = rdev->wiphy_idx;
1761		}
1762	}
1763
1764	return 0;
1765}
1766
1767static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1768{
1769	int idx = 0, ret;
1770	struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
1771	struct cfg80211_registered_device *rdev;
1772
1773	rtnl_lock();
1774	if (!state) {
1775		state = kzalloc(sizeof(*state), GFP_KERNEL);
1776		if (!state) {
1777			rtnl_unlock();
1778			return -ENOMEM;
1779		}
1780		state->filter_wiphy = -1;
1781		ret = nl80211_dump_wiphy_parse(skb, cb, state);
1782		if (ret) {
1783			kfree(state);
1784			rtnl_unlock();
1785			return ret;
1786		}
1787		cb->args[0] = (long)state;
1788	}
1789
1790	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1791		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1792			continue;
1793		if (++idx <= state->start)
1794			continue;
1795		if (state->filter_wiphy != -1 &&
1796		    state->filter_wiphy != rdev->wiphy_idx)
1797			continue;
1798		/* attempt to fit multiple wiphy data chunks into the skb */
1799		do {
1800			ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
1801						 skb,
1802						 NETLINK_CB(cb->skb).portid,
1803						 cb->nlh->nlmsg_seq,
1804						 NLM_F_MULTI, state);
1805			if (ret < 0) {
1806				/*
1807				 * If sending the wiphy data didn't fit (ENOBUFS
1808				 * or EMSGSIZE returned), this SKB is still
1809				 * empty (so it's not too big because another
1810				 * wiphy dataset is already in the skb) and
1811				 * we've not tried to adjust the dump allocation
1812				 * yet ... then adjust the alloc size to be
1813				 * bigger, and return 1 but with the empty skb.
1814				 * This results in an empty message being RX'ed
1815				 * in userspace, but that is ignored.
1816				 *
1817				 * We can then retry with the larger buffer.
1818				 */
1819				if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
1820				    !skb->len && !state->split &&
1821				    cb->min_dump_alloc < 4096) {
1822					cb->min_dump_alloc = 4096;
1823					state->split_start = 0;
1824					rtnl_unlock();
1825					return 1;
1826				}
1827				idx--;
1828				break;
1829			}
1830		} while (state->split_start > 0);
1831		break;
1832	}
1833	rtnl_unlock();
1834
1835	state->start = idx;
1836
1837	return skb->len;
1838}
1839
1840static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
1841{
1842	kfree((void *)cb->args[0]);
1843	return 0;
1844}
1845
1846static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1847{
1848	struct sk_buff *msg;
1849	struct cfg80211_registered_device *rdev = info->user_ptr[0];
1850	struct nl80211_dump_wiphy_state state = {};
1851
1852	msg = nlmsg_new(4096, GFP_KERNEL);
1853	if (!msg)
1854		return -ENOMEM;
1855
1856	if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
1857			       info->snd_portid, info->snd_seq, 0,
1858			       &state) < 0) {
1859		nlmsg_free(msg);
1860		return -ENOBUFS;
1861	}
1862
1863	return genlmsg_reply(msg, info);
1864}
1865
1866static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1867	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
1868	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
1869	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
1870	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
1871	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
1872};
1873
1874static int parse_txq_params(struct nlattr *tb[],
1875			    struct ieee80211_txq_params *txq_params)
1876{
1877	if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1878	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1879	    !tb[NL80211_TXQ_ATTR_AIFS])
1880		return -EINVAL;
1881
1882	txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1883	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1884	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1885	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1886	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1887
1888	if (txq_params->ac >= NL80211_NUM_ACS)
1889		return -EINVAL;
1890
1891	return 0;
1892}
1893
1894static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1895{
1896	/*
1897	 * You can only set the channel explicitly for WDS interfaces,
1898	 * all others have their channel managed via their respective
1899	 * "establish a connection" command (connect, join, ...)
1900	 *
1901	 * For AP/GO and mesh mode, the channel can be set with the
1902	 * channel userspace API, but is only stored and passed to the
1903	 * low-level driver when the AP starts or the mesh is joined.
1904	 * This is for backward compatibility, userspace can also give
1905	 * the channel in the start-ap or join-mesh commands instead.
1906	 *
1907	 * Monitors are special as they are normally slaved to
1908	 * whatever else is going on, so they have their own special
1909	 * operation to set the monitor channel if possible.
1910	 */
1911	return !wdev ||
1912		wdev->iftype == NL80211_IFTYPE_AP ||
1913		wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1914		wdev->iftype == NL80211_IFTYPE_MONITOR ||
1915		wdev->iftype == NL80211_IFTYPE_P2P_GO;
1916}
1917
1918static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
1919				 struct genl_info *info,
1920				 struct cfg80211_chan_def *chandef)
1921{
1922	u32 control_freq;
1923
1924	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1925		return -EINVAL;
1926
1927	control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1928
1929	chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
1930	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
1931	chandef->center_freq1 = control_freq;
1932	chandef->center_freq2 = 0;
1933
1934	/* Primary channel not allowed */
1935	if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
1936		return -EINVAL;
1937
1938	if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1939		enum nl80211_channel_type chantype;
1940
1941		chantype = nla_get_u32(
1942				info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1943
1944		switch (chantype) {
1945		case NL80211_CHAN_NO_HT:
1946		case NL80211_CHAN_HT20:
1947		case NL80211_CHAN_HT40PLUS:
1948		case NL80211_CHAN_HT40MINUS:
1949			cfg80211_chandef_create(chandef, chandef->chan,
1950						chantype);
1951			break;
1952		default:
1953			return -EINVAL;
1954		}
1955	} else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
1956		chandef->width =
1957			nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
1958		if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
1959			chandef->center_freq1 =
1960				nla_get_u32(
1961					info->attrs[NL80211_ATTR_CENTER_FREQ1]);
1962		if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
1963			chandef->center_freq2 =
1964				nla_get_u32(
1965					info->attrs[NL80211_ATTR_CENTER_FREQ2]);
1966	}
1967
1968	if (!cfg80211_chandef_valid(chandef))
1969		return -EINVAL;
1970
1971	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
1972				     IEEE80211_CHAN_DISABLED))
1973		return -EINVAL;
1974
1975	if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
1976	     chandef->width == NL80211_CHAN_WIDTH_10) &&
1977	    !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
1978		return -EINVAL;
1979
1980	return 0;
1981}
1982
1983static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1984				 struct net_device *dev,
1985				 struct genl_info *info)
1986{
1987	struct cfg80211_chan_def chandef;
1988	int result;
1989	enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
1990	struct wireless_dev *wdev = NULL;
1991
1992	if (dev)
1993		wdev = dev->ieee80211_ptr;
1994	if (!nl80211_can_set_dev_channel(wdev))
1995		return -EOPNOTSUPP;
1996	if (wdev)
1997		iftype = wdev->iftype;
1998
1999	result = nl80211_parse_chandef(rdev, info, &chandef);
2000	if (result)
2001		return result;
2002
2003	switch (iftype) {
2004	case NL80211_IFTYPE_AP:
2005	case NL80211_IFTYPE_P2P_GO:
2006		if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef, iftype)) {
2007			result = -EINVAL;
2008			break;
2009		}
2010		if (wdev->beacon_interval) {
2011			if (!dev || !rdev->ops->set_ap_chanwidth ||
2012			    !(rdev->wiphy.features &
2013			      NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2014				result = -EBUSY;
2015				break;
2016			}
2017
2018			/* Only allow dynamic channel width changes */
2019			if (chandef.chan != wdev->preset_chandef.chan) {
2020				result = -EBUSY;
2021				break;
2022			}
2023			result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2024			if (result)
2025				break;
2026		}
2027		wdev->preset_chandef = chandef;
2028		result = 0;
2029		break;
2030	case NL80211_IFTYPE_MESH_POINT:
2031		result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2032		break;
2033	case NL80211_IFTYPE_MONITOR:
2034		result = cfg80211_set_monitor_channel(rdev, &chandef);
2035		break;
2036	default:
2037		result = -EINVAL;
2038	}
2039
2040	return result;
2041}
2042
2043static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2044{
2045	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2046	struct net_device *netdev = info->user_ptr[1];
2047
2048	return __nl80211_set_channel(rdev, netdev, info);
2049}
2050
2051static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2052{
2053	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2054	struct net_device *dev = info->user_ptr[1];
2055	struct wireless_dev *wdev = dev->ieee80211_ptr;
2056	const u8 *bssid;
2057
2058	if (!info->attrs[NL80211_ATTR_MAC])
2059		return -EINVAL;
2060
2061	if (netif_running(dev))
2062		return -EBUSY;
2063
2064	if (!rdev->ops->set_wds_peer)
2065		return -EOPNOTSUPP;
2066
2067	if (wdev->iftype != NL80211_IFTYPE_WDS)
2068		return -EOPNOTSUPP;
2069
2070	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2071	return rdev_set_wds_peer(rdev, dev, bssid);
2072}
2073
2074
2075static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2076{
2077	struct cfg80211_registered_device *rdev;
2078	struct net_device *netdev = NULL;
2079	struct wireless_dev *wdev;
2080	int result = 0, rem_txq_params = 0;
2081	struct nlattr *nl_txq_params;
2082	u32 changed;
2083	u8 retry_short = 0, retry_long = 0;
2084	u32 frag_threshold = 0, rts_threshold = 0;
2085	u8 coverage_class = 0;
2086
2087	ASSERT_RTNL();
2088
2089	/*
2090	 * Try to find the wiphy and netdev. Normally this
2091	 * function shouldn't need the netdev, but this is
2092	 * done for backward compatibility -- previously
2093	 * setting the channel was done per wiphy, but now
2094	 * it is per netdev. Previous userland like hostapd
2095	 * also passed a netdev to set_wiphy, so that it is
2096	 * possible to let that go to the right netdev!
2097	 */
2098
2099	if (info->attrs[NL80211_ATTR_IFINDEX]) {
2100		int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2101
2102		netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2103		if (netdev && netdev->ieee80211_ptr)
2104			rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2105		else
2106			netdev = NULL;
2107	}
2108
2109	if (!netdev) {
2110		rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2111						  info->attrs);
2112		if (IS_ERR(rdev))
2113			return PTR_ERR(rdev);
2114		wdev = NULL;
2115		netdev = NULL;
2116		result = 0;
2117	} else
2118		wdev = netdev->ieee80211_ptr;
2119
2120	/*
2121	 * end workaround code, by now the rdev is available
2122	 * and locked, and wdev may or may not be NULL.
2123	 */
2124
2125	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2126		result = cfg80211_dev_rename(
2127			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2128
2129	if (result)
2130		return result;
2131
2132	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2133		struct ieee80211_txq_params txq_params;
2134		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2135
2136		if (!rdev->ops->set_txq_params)
2137			return -EOPNOTSUPP;
2138
2139		if (!netdev)
2140			return -EINVAL;
2141
2142		if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2143		    netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2144			return -EINVAL;
2145
2146		if (!netif_running(netdev))
2147			return -ENETDOWN;
2148
2149		nla_for_each_nested(nl_txq_params,
2150				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2151				    rem_txq_params) {
2152			result = nla_parse(tb, NL80211_TXQ_ATTR_MAX,
2153					   nla_data(nl_txq_params),
2154					   nla_len(nl_txq_params),
2155					   txq_params_policy);
2156			if (result)
2157				return result;
2158			result = parse_txq_params(tb, &txq_params);
2159			if (result)
2160				return result;
2161
2162			result = rdev_set_txq_params(rdev, netdev,
2163						     &txq_params);
2164			if (result)
2165				return result;
2166		}
2167	}
2168
2169	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2170		result = __nl80211_set_channel(
2171			rdev,
2172			nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2173			info);
2174		if (result)
2175			return result;
2176	}
2177
2178	if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2179		struct wireless_dev *txp_wdev = wdev;
2180		enum nl80211_tx_power_setting type;
2181		int idx, mbm = 0;
2182
2183		if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2184			txp_wdev = NULL;
2185
2186		if (!rdev->ops->set_tx_power)
2187			return -EOPNOTSUPP;
2188
2189		idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2190		type = nla_get_u32(info->attrs[idx]);
2191
2192		if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2193		    (type != NL80211_TX_POWER_AUTOMATIC))
2194			return -EINVAL;
2195
2196		if (type != NL80211_TX_POWER_AUTOMATIC) {
2197			idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2198			mbm = nla_get_u32(info->attrs[idx]);
2199		}
2200
2201		result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2202		if (result)
2203			return result;
2204	}
2205
2206	if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2207	    info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2208		u32 tx_ant, rx_ant;
2209		if ((!rdev->wiphy.available_antennas_tx &&
2210		     !rdev->wiphy.available_antennas_rx) ||
2211		    !rdev->ops->set_antenna)
2212			return -EOPNOTSUPP;
2213
2214		tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2215		rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2216
2217		/* reject antenna configurations which don't match the
2218		 * available antenna masks, except for the "all" mask */
2219		if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2220		    (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2221			return -EINVAL;
2222
2223		tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2224		rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2225
2226		result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2227		if (result)
2228			return result;
2229	}
2230
2231	changed = 0;
2232
2233	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2234		retry_short = nla_get_u8(
2235			info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2236		if (retry_short == 0)
2237			return -EINVAL;
2238
2239		changed |= WIPHY_PARAM_RETRY_SHORT;
2240	}
2241
2242	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2243		retry_long = nla_get_u8(
2244			info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2245		if (retry_long == 0)
2246			return -EINVAL;
2247
2248		changed |= WIPHY_PARAM_RETRY_LONG;
2249	}
2250
2251	if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2252		frag_threshold = nla_get_u32(
2253			info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2254		if (frag_threshold < 256)
2255			return -EINVAL;
2256
2257		if (frag_threshold != (u32) -1) {
2258			/*
2259			 * Fragments (apart from the last one) are required to
2260			 * have even length. Make the fragmentation code
2261			 * simpler by stripping LSB should someone try to use
2262			 * odd threshold value.
2263			 */
2264			frag_threshold &= ~0x1;
2265		}
2266		changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2267	}
2268
2269	if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2270		rts_threshold = nla_get_u32(
2271			info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2272		changed |= WIPHY_PARAM_RTS_THRESHOLD;
2273	}
2274
2275	if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2276		if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2277			return -EINVAL;
2278
2279		coverage_class = nla_get_u8(
2280			info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2281		changed |= WIPHY_PARAM_COVERAGE_CLASS;
2282	}
2283
2284	if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2285		if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2286			return -EOPNOTSUPP;
2287
2288		changed |= WIPHY_PARAM_DYN_ACK;
2289	}
2290
2291	if (changed) {
2292		u8 old_retry_short, old_retry_long;
2293		u32 old_frag_threshold, old_rts_threshold;
2294		u8 old_coverage_class;
2295
2296		if (!rdev->ops->set_wiphy_params)
2297			return -EOPNOTSUPP;
2298
2299		old_retry_short = rdev->wiphy.retry_short;
2300		old_retry_long = rdev->wiphy.retry_long;
2301		old_frag_threshold = rdev->wiphy.frag_threshold;
2302		old_rts_threshold = rdev->wiphy.rts_threshold;
2303		old_coverage_class = rdev->wiphy.coverage_class;
2304
2305		if (changed & WIPHY_PARAM_RETRY_SHORT)
2306			rdev->wiphy.retry_short = retry_short;
2307		if (changed & WIPHY_PARAM_RETRY_LONG)
2308			rdev->wiphy.retry_long = retry_long;
2309		if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2310			rdev->wiphy.frag_threshold = frag_threshold;
2311		if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2312			rdev->wiphy.rts_threshold = rts_threshold;
2313		if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2314			rdev->wiphy.coverage_class = coverage_class;
2315
2316		result = rdev_set_wiphy_params(rdev, changed);
2317		if (result) {
2318			rdev->wiphy.retry_short = old_retry_short;
2319			rdev->wiphy.retry_long = old_retry_long;
2320			rdev->wiphy.frag_threshold = old_frag_threshold;
2321			rdev->wiphy.rts_threshold = old_rts_threshold;
2322			rdev->wiphy.coverage_class = old_coverage_class;
2323		}
2324	}
2325	return 0;
2326}
2327
2328static inline u64 wdev_id(struct wireless_dev *wdev)
2329{
2330	return (u64)wdev->identifier |
2331	       ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2332}
2333
2334static int nl80211_send_chandef(struct sk_buff *msg,
2335				const struct cfg80211_chan_def *chandef)
2336{
2337	if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2338		return -EINVAL;
2339
2340	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2341			chandef->chan->center_freq))
2342		return -ENOBUFS;
2343	switch (chandef->width) {
2344	case NL80211_CHAN_WIDTH_20_NOHT:
2345	case NL80211_CHAN_WIDTH_20:
2346	case NL80211_CHAN_WIDTH_40:
2347		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2348				cfg80211_get_chandef_type(chandef)))
2349			return -ENOBUFS;
2350		break;
2351	default:
2352		break;
2353	}
2354	if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2355		return -ENOBUFS;
2356	if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2357		return -ENOBUFS;
2358	if (chandef->center_freq2 &&
2359	    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2360		return -ENOBUFS;
2361	return 0;
2362}
2363
2364static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2365			      struct cfg80211_registered_device *rdev,
2366			      struct wireless_dev *wdev, bool removal)
2367{
2368	struct net_device *dev = wdev->netdev;
2369	u8 cmd = NL80211_CMD_NEW_INTERFACE;
2370	void *hdr;
2371
2372	if (removal)
2373		cmd = NL80211_CMD_DEL_INTERFACE;
2374
2375	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2376	if (!hdr)
2377		return -1;
2378
2379	if (dev &&
2380	    (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2381	     nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2382		goto nla_put_failure;
2383
2384	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2385	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2386	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
2387	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2388	    nla_put_u32(msg, NL80211_ATTR_GENERATION,
2389			rdev->devlist_generation ^
2390			(cfg80211_rdev_list_generation << 2)))
2391		goto nla_put_failure;
2392
2393	if (rdev->ops->get_channel) {
2394		int ret;
2395		struct cfg80211_chan_def chandef;
2396
2397		ret = rdev_get_channel(rdev, wdev, &chandef);
2398		if (ret == 0) {
2399			if (nl80211_send_chandef(msg, &chandef))
2400				goto nla_put_failure;
2401		}
2402	}
2403
2404	if (wdev->ssid_len) {
2405		if (nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2406			goto nla_put_failure;
2407	}
2408
2409	genlmsg_end(msg, hdr);
2410	return 0;
2411
2412 nla_put_failure:
2413	genlmsg_cancel(msg, hdr);
2414	return -EMSGSIZE;
2415}
2416
2417static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2418{
2419	int wp_idx = 0;
2420	int if_idx = 0;
2421	int wp_start = cb->args[0];
2422	int if_start = cb->args[1];
2423	struct cfg80211_registered_device *rdev;
2424	struct wireless_dev *wdev;
2425
2426	rtnl_lock();
2427	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2428		if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2429			continue;
2430		if (wp_idx < wp_start) {
2431			wp_idx++;
2432			continue;
2433		}
2434		if_idx = 0;
2435
2436		list_for_each_entry(wdev, &rdev->wdev_list, list) {
2437			if (if_idx < if_start) {
2438				if_idx++;
2439				continue;
2440			}
2441			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2442					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
2443					       rdev, wdev, false) < 0) {
2444				goto out;
2445			}
2446			if_idx++;
2447		}
2448
2449		wp_idx++;
2450	}
2451 out:
2452	rtnl_unlock();
2453
2454	cb->args[0] = wp_idx;
2455	cb->args[1] = if_idx;
2456
2457	return skb->len;
2458}
2459
2460static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2461{
2462	struct sk_buff *msg;
2463	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2464	struct wireless_dev *wdev = info->user_ptr[1];
2465
2466	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2467	if (!msg)
2468		return -ENOMEM;
2469
2470	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2471			       rdev, wdev, false) < 0) {
2472		nlmsg_free(msg);
2473		return -ENOBUFS;
2474	}
2475
2476	return genlmsg_reply(msg, info);
2477}
2478
2479static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2480	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2481	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2482	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2483	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2484	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2485	[NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2486};
2487
2488static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2489{
2490	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2491	int flag;
2492
2493	*mntrflags = 0;
2494
2495	if (!nla)
2496		return -EINVAL;
2497
2498	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
2499			     nla, mntr_flags_policy))
2500		return -EINVAL;
2501
2502	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2503		if (flags[flag])
2504			*mntrflags |= (1<<flag);
2505
2506	return 0;
2507}
2508
2509static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
2510			       struct net_device *netdev, u8 use_4addr,
2511			       enum nl80211_iftype iftype)
2512{
2513	if (!use_4addr) {
2514		if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
2515			return -EBUSY;
2516		return 0;
2517	}
2518
2519	switch (iftype) {
2520	case NL80211_IFTYPE_AP_VLAN:
2521		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
2522			return 0;
2523		break;
2524	case NL80211_IFTYPE_STATION:
2525		if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
2526			return 0;
2527		break;
2528	default:
2529		break;
2530	}
2531
2532	return -EOPNOTSUPP;
2533}
2534
2535static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
2536{
2537	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2538	struct vif_params params;
2539	int err;
2540	enum nl80211_iftype otype, ntype;
2541	struct net_device *dev = info->user_ptr[1];
2542	u32 _flags, *flags = NULL;
2543	bool change = false;
2544
2545	memset(&params, 0, sizeof(params));
2546
2547	otype = ntype = dev->ieee80211_ptr->iftype;
2548
2549	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2550		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2551		if (otype != ntype)
2552			change = true;
2553		if (ntype > NL80211_IFTYPE_MAX)
2554			return -EINVAL;
2555	}
2556
2557	if (info->attrs[NL80211_ATTR_MESH_ID]) {
2558		struct wireless_dev *wdev = dev->ieee80211_ptr;
2559
2560		if (ntype != NL80211_IFTYPE_MESH_POINT)
2561			return -EINVAL;
2562		if (netif_running(dev))
2563			return -EBUSY;
2564
2565		wdev_lock(wdev);
2566		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2567			     IEEE80211_MAX_MESH_ID_LEN);
2568		wdev->mesh_id_up_len =
2569			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2570		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2571		       wdev->mesh_id_up_len);
2572		wdev_unlock(wdev);
2573	}
2574
2575	if (info->attrs[NL80211_ATTR_4ADDR]) {
2576		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2577		change = true;
2578		err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
2579		if (err)
2580			return err;
2581	} else {
2582		params.use_4addr = -1;
2583	}
2584
2585	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2586		if (ntype != NL80211_IFTYPE_MONITOR)
2587			return -EINVAL;
2588		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2589					  &_flags);
2590		if (err)
2591			return err;
2592
2593		flags = &_flags;
2594		change = true;
2595	}
2596
2597	if (flags && (*flags & MONITOR_FLAG_ACTIVE) &&
2598	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2599		return -EOPNOTSUPP;
2600
2601	if (change)
2602		err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
2603	else
2604		err = 0;
2605
2606	if (!err && params.use_4addr != -1)
2607		dev->ieee80211_ptr->use_4addr = params.use_4addr;
2608
2609	return err;
2610}
2611
2612static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
2613{
2614	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2615	struct vif_params params;
2616	struct wireless_dev *wdev;
2617	struct sk_buff *msg, *event;
2618	int err;
2619	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
2620	u32 flags;
2621
2622	/* to avoid failing a new interface creation due to pending removal */
2623	cfg80211_destroy_ifaces(rdev);
2624
2625	memset(&params, 0, sizeof(params));
2626
2627	if (!info->attrs[NL80211_ATTR_IFNAME])
2628		return -EINVAL;
2629
2630	if (info->attrs[NL80211_ATTR_IFTYPE]) {
2631		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
2632		if (type > NL80211_IFTYPE_MAX)
2633			return -EINVAL;
2634	}
2635
2636	if (!rdev->ops->add_virtual_intf ||
2637	    !(rdev->wiphy.interface_modes & (1 << type)))
2638		return -EOPNOTSUPP;
2639
2640	if ((type == NL80211_IFTYPE_P2P_DEVICE ||
2641	     rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
2642	    info->attrs[NL80211_ATTR_MAC]) {
2643		nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
2644			   ETH_ALEN);
2645		if (!is_valid_ether_addr(params.macaddr))
2646			return -EADDRNOTAVAIL;
2647	}
2648
2649	if (info->attrs[NL80211_ATTR_4ADDR]) {
2650		params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
2651		err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
2652		if (err)
2653			return err;
2654	}
2655
2656	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
2657				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
2658				  &flags);
2659
2660	if (!err && (flags & MONITOR_FLAG_ACTIVE) &&
2661	    !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2662		return -EOPNOTSUPP;
2663
2664	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2665	if (!msg)
2666		return -ENOMEM;
2667
2668	wdev = rdev_add_virtual_intf(rdev,
2669				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
2670				NET_NAME_USER, type, err ? NULL : &flags,
2671				&params);
2672	if (WARN_ON(!wdev)) {
2673		nlmsg_free(msg);
2674		return -EPROTO;
2675	} else if (IS_ERR(wdev)) {
2676		nlmsg_free(msg);
2677		return PTR_ERR(wdev);
2678	}
2679
2680	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
2681		wdev->owner_nlportid = info->snd_portid;
2682
2683	switch (type) {
2684	case NL80211_IFTYPE_MESH_POINT:
2685		if (!info->attrs[NL80211_ATTR_MESH_ID])
2686			break;
2687		wdev_lock(wdev);
2688		BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
2689			     IEEE80211_MAX_MESH_ID_LEN);
2690		wdev->mesh_id_up_len =
2691			nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
2692		memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
2693		       wdev->mesh_id_up_len);
2694		wdev_unlock(wdev);
2695		break;
2696	case NL80211_IFTYPE_P2P_DEVICE:
2697		/*
2698		 * P2P Device doesn't have a netdev, so doesn't go
2699		 * through the netdev notifier and must be added here
2700		 */
2701		mutex_init(&wdev->mtx);
2702		INIT_LIST_HEAD(&wdev->event_list);
2703		spin_lock_init(&wdev->event_lock);
2704		INIT_LIST_HEAD(&wdev->mgmt_registrations);
2705		spin_lock_init(&wdev->mgmt_registrations_lock);
2706
2707		wdev->identifier = ++rdev->wdev_id;
2708		list_add_rcu(&wdev->list, &rdev->wdev_list);
2709		rdev->devlist_generation++;
2710		break;
2711	default:
2712		break;
2713	}
2714
2715	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2716			       rdev, wdev, false) < 0) {
2717		nlmsg_free(msg);
2718		return -ENOBUFS;
2719	}
2720
2721	event = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2722	if (event) {
2723		if (nl80211_send_iface(event, 0, 0, 0,
2724				       rdev, wdev, false) < 0) {
2725			nlmsg_free(event);
2726			goto out;
2727		}
2728
2729		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2730					event, 0, NL80211_MCGRP_CONFIG,
2731					GFP_KERNEL);
2732	}
2733
2734out:
2735	return genlmsg_reply(msg, info);
2736}
2737
2738static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
2739{
2740	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2741	struct wireless_dev *wdev = info->user_ptr[1];
2742	struct sk_buff *msg;
2743	int status;
2744
2745	if (!rdev->ops->del_virtual_intf)
2746		return -EOPNOTSUPP;
2747
2748	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2749	if (msg && nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, true) < 0) {
2750		nlmsg_free(msg);
2751		msg = NULL;
2752	}
2753
2754	/*
2755	 * If we remove a wireless device without a netdev then clear
2756	 * user_ptr[1] so that nl80211_post_doit won't dereference it
2757	 * to check if it needs to do dev_put(). Otherwise it crashes
2758	 * since the wdev has been freed, unlike with a netdev where
2759	 * we need the dev_put() for the netdev to really be freed.
2760	 */
2761	if (!wdev->netdev)
2762		info->user_ptr[1] = NULL;
2763
2764	status = rdev_del_virtual_intf(rdev, wdev);
2765	if (status >= 0 && msg)
2766		genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
2767					msg, 0, NL80211_MCGRP_CONFIG,
2768					GFP_KERNEL);
2769	else
2770		nlmsg_free(msg);
2771
2772	return status;
2773}
2774
2775static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
2776{
2777	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2778	struct net_device *dev = info->user_ptr[1];
2779	u16 noack_map;
2780
2781	if (!info->attrs[NL80211_ATTR_NOACK_MAP])
2782		return -EINVAL;
2783
2784	if (!rdev->ops->set_noack_map)
2785		return -EOPNOTSUPP;
2786
2787	noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
2788
2789	return rdev_set_noack_map(rdev, dev, noack_map);
2790}
2791
2792struct get_key_cookie {
2793	struct sk_buff *msg;
2794	int error;
2795	int idx;
2796};
2797
2798static void get_key_callback(void *c, struct key_params *params)
2799{
2800	struct nlattr *key;
2801	struct get_key_cookie *cookie = c;
2802
2803	if ((params->key &&
2804	     nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
2805		     params->key_len, params->key)) ||
2806	    (params->seq &&
2807	     nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
2808		     params->seq_len, params->seq)) ||
2809	    (params->cipher &&
2810	     nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
2811			 params->cipher)))
2812		goto nla_put_failure;
2813
2814	key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
2815	if (!key)
2816		goto nla_put_failure;
2817
2818	if ((params->key &&
2819	     nla_put(cookie->msg, NL80211_KEY_DATA,
2820		     params->key_len, params->key)) ||
2821	    (params->seq &&
2822	     nla_put(cookie->msg, NL80211_KEY_SEQ,
2823		     params->seq_len, params->seq)) ||
2824	    (params->cipher &&
2825	     nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
2826			 params->cipher)))
2827		goto nla_put_failure;
2828
2829	if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
2830		goto nla_put_failure;
2831
2832	nla_nest_end(cookie->msg, key);
2833
2834	return;
2835 nla_put_failure:
2836	cookie->error = 1;
2837}
2838
2839static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
2840{
2841	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2842	int err;
2843	struct net_device *dev = info->user_ptr[1];
2844	u8 key_idx = 0;
2845	const u8 *mac_addr = NULL;
2846	bool pairwise;
2847	struct get_key_cookie cookie = {
2848		.error = 0,
2849	};
2850	void *hdr;
2851	struct sk_buff *msg;
2852
2853	if (info->attrs[NL80211_ATTR_KEY_IDX])
2854		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
2855
2856	if (key_idx > 5)
2857		return -EINVAL;
2858
2859	if (info->attrs[NL80211_ATTR_MAC])
2860		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2861
2862	pairwise = !!mac_addr;
2863	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
2864		u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
2865		if (kt >= NUM_NL80211_KEYTYPES)
2866			return -EINVAL;
2867		if (kt != NL80211_KEYTYPE_GROUP &&
2868		    kt != NL80211_KEYTYPE_PAIRWISE)
2869			return -EINVAL;
2870		pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
2871	}
2872
2873	if (!rdev->ops->get_key)
2874		return -EOPNOTSUPP;
2875
2876	if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2877		return -ENOENT;
2878
2879	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2880	if (!msg)
2881		return -ENOMEM;
2882
2883	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
2884			     NL80211_CMD_NEW_KEY);
2885	if (!hdr)
2886		goto nla_put_failure;
2887
2888	cookie.msg = msg;
2889	cookie.idx = key_idx;
2890
2891	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2892	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
2893		goto nla_put_failure;
2894	if (mac_addr &&
2895	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
2896		goto nla_put_failure;
2897
2898	err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
2899			   get_key_callback);
2900
2901	if (err)
2902		goto free_msg;
2903
2904	if (cookie.error)
2905		goto nla_put_failure;
2906
2907	genlmsg_end(msg, hdr);
2908	return genlmsg_reply(msg, info);
2909
2910 nla_put_failure:
2911	err = -ENOBUFS;
2912 free_msg:
2913	nlmsg_free(msg);
2914	return err;
2915}
2916
2917static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
2918{
2919	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2920	struct key_parse key;
2921	int err;
2922	struct net_device *dev = info->user_ptr[1];
2923
2924	err = nl80211_parse_key(info, &key);
2925	if (err)
2926		return err;
2927
2928	if (key.idx < 0)
2929		return -EINVAL;
2930
2931	/* only support setting default key */
2932	if (!key.def && !key.defmgmt)
2933		return -EINVAL;
2934
2935	wdev_lock(dev->ieee80211_ptr);
2936
2937	if (key.def) {
2938		if (!rdev->ops->set_default_key) {
2939			err = -EOPNOTSUPP;
2940			goto out;
2941		}
2942
2943		err = nl80211_key_allowed(dev->ieee80211_ptr);
2944		if (err)
2945			goto out;
2946
2947		err = rdev_set_default_key(rdev, dev, key.idx,
2948						 key.def_uni, key.def_multi);
2949
2950		if (err)
2951			goto out;
2952
2953#ifdef CONFIG_CFG80211_WEXT
2954		dev->ieee80211_ptr->wext.default_key = key.idx;
2955#endif
2956	} else {
2957		if (key.def_uni || !key.def_multi) {
2958			err = -EINVAL;
2959			goto out;
2960		}
2961
2962		if (!rdev->ops->set_default_mgmt_key) {
2963			err = -EOPNOTSUPP;
2964			goto out;
2965		}
2966
2967		err = nl80211_key_allowed(dev->ieee80211_ptr);
2968		if (err)
2969			goto out;
2970
2971		err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
2972		if (err)
2973			goto out;
2974
2975#ifdef CONFIG_CFG80211_WEXT
2976		dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
2977#endif
2978	}
2979
2980 out:
2981	wdev_unlock(dev->ieee80211_ptr);
2982
2983	return err;
2984}
2985
2986static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
2987{
2988	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2989	int err;
2990	struct net_device *dev = info->user_ptr[1];
2991	struct key_parse key;
2992	const u8 *mac_addr = NULL;
2993
2994	err = nl80211_parse_key(info, &key);
2995	if (err)
2996		return err;
2997
2998	if (!key.p.key)
2999		return -EINVAL;
3000
3001	if (info->attrs[NL80211_ATTR_MAC])
3002		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3003
3004	if (key.type == -1) {
3005		if (mac_addr)
3006			key.type = NL80211_KEYTYPE_PAIRWISE;
3007		else
3008			key.type = NL80211_KEYTYPE_GROUP;
3009	}
3010
3011	/* for now */
3012	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3013	    key.type != NL80211_KEYTYPE_GROUP)
3014		return -EINVAL;
3015
3016	if (!rdev->ops->add_key)
3017		return -EOPNOTSUPP;
3018
3019	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3020					   key.type == NL80211_KEYTYPE_PAIRWISE,
3021					   mac_addr))
3022		return -EINVAL;
3023
3024	wdev_lock(dev->ieee80211_ptr);
3025	err = nl80211_key_allowed(dev->ieee80211_ptr);
3026	if (!err)
3027		err = rdev_add_key(rdev, dev, key.idx,
3028				   key.type == NL80211_KEYTYPE_PAIRWISE,
3029				    mac_addr, &key.p);
3030	wdev_unlock(dev->ieee80211_ptr);
3031
3032	return err;
3033}
3034
3035static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
3036{
3037	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3038	int err;
3039	struct net_device *dev = info->user_ptr[1];
3040	u8 *mac_addr = NULL;
3041	struct key_parse key;
3042
3043	err = nl80211_parse_key(info, &key);
3044	if (err)
3045		return err;
3046
3047	if (info->attrs[NL80211_ATTR_MAC])
3048		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3049
3050	if (key.type == -1) {
3051		if (mac_addr)
3052			key.type = NL80211_KEYTYPE_PAIRWISE;
3053		else
3054			key.type = NL80211_KEYTYPE_GROUP;
3055	}
3056
3057	/* for now */
3058	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3059	    key.type != NL80211_KEYTYPE_GROUP)
3060		return -EINVAL;
3061
3062	if (!rdev->ops->del_key)
3063		return -EOPNOTSUPP;
3064
3065	wdev_lock(dev->ieee80211_ptr);
3066	err = nl80211_key_allowed(dev->ieee80211_ptr);
3067
3068	if (key.type == NL80211_KEYTYPE_GROUP && mac_addr &&
3069	    !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3070		err = -ENOENT;
3071
3072	if (!err)
3073		err = rdev_del_key(rdev, dev, key.idx,
3074				   key.type == NL80211_KEYTYPE_PAIRWISE,
3075				   mac_addr);
3076
3077#ifdef CONFIG_CFG80211_WEXT
3078	if (!err) {
3079		if (key.idx == dev->ieee80211_ptr->wext.default_key)
3080			dev->ieee80211_ptr->wext.default_key = -1;
3081		else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
3082			dev->ieee80211_ptr->wext.default_mgmt_key = -1;
3083	}
3084#endif
3085	wdev_unlock(dev->ieee80211_ptr);
3086
3087	return err;
3088}
3089
3090/* This function returns an error or the number of nested attributes */
3091static int validate_acl_mac_addrs(struct nlattr *nl_attr)
3092{
3093	struct nlattr *attr;
3094	int n_entries = 0, tmp;
3095
3096	nla_for_each_nested(attr, nl_attr, tmp) {
3097		if (nla_len(attr) != ETH_ALEN)
3098			return -EINVAL;
3099
3100		n_entries++;
3101	}
3102
3103	return n_entries;
3104}
3105
3106/*
3107 * This function parses ACL information and allocates memory for ACL data.
3108 * On successful return, the calling function is responsible to free the
3109 * ACL buffer returned by this function.
3110 */
3111static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,
3112						struct genl_info *info)
3113{
3114	enum nl80211_acl_policy acl_policy;
3115	struct nlattr *attr;
3116	struct cfg80211_acl_data *acl;
3117	int i = 0, n_entries, tmp;
3118
3119	if (!wiphy->max_acl_mac_addrs)
3120		return ERR_PTR(-EOPNOTSUPP);
3121
3122	if (!info->attrs[NL80211_ATTR_ACL_POLICY])
3123		return ERR_PTR(-EINVAL);
3124
3125	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);
3126	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&
3127	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)
3128		return ERR_PTR(-EINVAL);
3129
3130	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])
3131		return ERR_PTR(-EINVAL);
3132
3133	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);
3134	if (n_entries < 0)
3135		return ERR_PTR(n_entries);
3136
3137	if (n_entries > wiphy->max_acl_mac_addrs)
3138		return ERR_PTR(-ENOTSUPP);
3139
3140	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),
3141		      GFP_KERNEL);
3142	if (!acl)
3143		return ERR_PTR(-ENOMEM);
3144
3145	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {
3146		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);
3147		i++;
3148	}
3149
3150	acl->n_acl_entries = n_entries;
3151	acl->acl_policy = acl_policy;
3152
3153	return acl;
3154}
3155
3156static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)
3157{
3158	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3159	struct net_device *dev = info->user_ptr[1];
3160	struct cfg80211_acl_data *acl;
3161	int err;
3162
3163	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3164	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3165		return -EOPNOTSUPP;
3166
3167	if (!dev->ieee80211_ptr->beacon_interval)
3168		return -EINVAL;
3169
3170	acl = parse_acl_data(&rdev->wiphy, info);
3171	if (IS_ERR(acl))
3172		return PTR_ERR(acl);
3173
3174	err = rdev_set_mac_acl(rdev, dev, acl);
3175
3176	kfree(acl);
3177
3178	return err;
3179}
3180
3181static int nl80211_parse_beacon(struct nlattr *attrs[],
3182				struct cfg80211_beacon_data *bcn)
3183{
3184	bool haveinfo = false;
3185
3186	if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) ||
3187	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) ||
3188	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
3189	    !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
3190		return -EINVAL;
3191
3192	memset(bcn, 0, sizeof(*bcn));
3193
3194	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
3195		bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
3196		bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
3197		if (!bcn->head_len)
3198			return -EINVAL;
3199		haveinfo = true;
3200	}
3201
3202	if (attrs[NL80211_ATTR_BEACON_TAIL]) {
3203		bcn->tail = nla_data(attrs[NL80211_ATTR_BEACON_TAIL]);
3204		bcn->tail_len = nla_len(attrs[NL80211_ATTR_BEACON_TAIL]);
3205		haveinfo = true;
3206	}
3207
3208	if (!haveinfo)
3209		return -EINVAL;
3210
3211	if (attrs[NL80211_ATTR_IE]) {
3212		bcn->beacon_ies = nla_data(attrs[NL80211_ATTR_IE]);
3213		bcn->beacon_ies_len = nla_len(attrs[NL80211_ATTR_IE]);
3214	}
3215
3216	if (attrs[NL80211_ATTR_IE_PROBE_RESP]) {
3217		bcn->proberesp_ies =
3218			nla_data(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3219		bcn->proberesp_ies_len =
3220			nla_len(attrs[NL80211_ATTR_IE_PROBE_RESP]);
3221	}
3222
3223	if (attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
3224		bcn->assocresp_ies =
3225			nla_data(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3226		bcn->assocresp_ies_len =
3227			nla_len(attrs[NL80211_ATTR_IE_ASSOC_RESP]);
3228	}
3229
3230	if (attrs[NL80211_ATTR_PROBE_RESP]) {
3231		bcn->probe_resp = nla_data(attrs[NL80211_ATTR_PROBE_RESP]);
3232		bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
3233	}
3234
3235	return 0;
3236}
3237
3238static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
3239				   struct cfg80211_ap_settings *params)
3240{
3241	struct wireless_dev *wdev;
3242	bool ret = false;
3243
3244	list_for_each_entry(wdev, &rdev->wdev_list, list) {
3245		if (wdev->iftype != NL80211_IFTYPE_AP &&
3246		    wdev->iftype != NL80211_IFTYPE_P2P_GO)
3247			continue;
3248
3249		if (!wdev->preset_chandef.chan)
3250			continue;
3251
3252		params->chandef = wdev->preset_chandef;
3253		ret = true;
3254		break;
3255	}
3256
3257	return ret;
3258}
3259
3260static bool nl80211_valid_auth_type(struct cfg80211_registered_device *rdev,
3261				    enum nl80211_auth_type auth_type,
3262				    enum nl80211_commands cmd)
3263{
3264	if (auth_type > NL80211_AUTHTYPE_MAX)
3265		return false;
3266
3267	switch (cmd) {
3268	case NL80211_CMD_AUTHENTICATE:
3269		if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
3270		    auth_type == NL80211_AUTHTYPE_SAE)
3271			return false;
3272		return true;
3273	case NL80211_CMD_CONNECT:
3274	case NL80211_CMD_START_AP:
3275		/* SAE not supported yet */
3276		if (auth_type == NL80211_AUTHTYPE_SAE)
3277			return false;
3278		return true;
3279	default:
3280		return false;
3281	}
3282}
3283
3284static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
3285{
3286	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3287	struct net_device *dev = info->user_ptr[1];
3288	struct wireless_dev *wdev = dev->ieee80211_ptr;
3289	struct cfg80211_ap_settings params;
3290	int err;
3291
3292	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3293	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3294		return -EOPNOTSUPP;
3295
3296	if (!rdev->ops->start_ap)
3297		return -EOPNOTSUPP;
3298
3299	if (wdev->beacon_interval)
3300		return -EALREADY;
3301
3302	memset(&params, 0, sizeof(params));
3303
3304	/* these are required for START_AP */
3305	if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
3306	    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
3307	    !info->attrs[NL80211_ATTR_BEACON_HEAD])
3308		return -EINVAL;
3309
3310	err = nl80211_parse_beacon(info->attrs, &params.beacon);
3311	if (err)
3312		return err;
3313
3314	params.beacon_interval =
3315		nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3316	params.dtim_period =
3317		nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
3318
3319	err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
3320	if (err)
3321		return err;
3322
3323	/*
3324	 * In theory, some of these attributes should be required here
3325	 * but since they were not used when the command was originally
3326	 * added, keep them optional for old user space programs to let
3327	 * them continue to work with drivers that do not need the
3328	 * additional information -- drivers must check!
3329	 */
3330	if (info->attrs[NL80211_ATTR_SSID]) {
3331		params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3332		params.ssid_len =
3333			nla_len(info->attrs[NL80211_ATTR_SSID]);
3334		if (params.ssid_len == 0 ||
3335		    params.ssid_len > IEEE80211_MAX_SSID_LEN)
3336			return -EINVAL;
3337	}
3338
3339	if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
3340		params.hidden_ssid = nla_get_u32(
3341			info->attrs[NL80211_ATTR_HIDDEN_SSID]);
3342		if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
3343		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
3344		    params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
3345			return -EINVAL;
3346	}
3347
3348	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3349
3350	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3351		params.auth_type = nla_get_u32(
3352			info->attrs[NL80211_ATTR_AUTH_TYPE]);
3353		if (!nl80211_valid_auth_type(rdev, params.auth_type,
3354					     NL80211_CMD_START_AP))
3355			return -EINVAL;
3356	} else
3357		params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3358
3359	err = nl80211_crypto_settings(rdev, info, &params.crypto,
3360				      NL80211_MAX_NR_CIPHER_SUITES);
3361	if (err)
3362		return err;
3363
3364	if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
3365		if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
3366			return -EOPNOTSUPP;
3367		params.inactivity_timeout = nla_get_u16(
3368			info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
3369	}
3370
3371	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
3372		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3373			return -EINVAL;
3374		params.p2p_ctwindow =
3375			nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
3376		if (params.p2p_ctwindow > 127)
3377			return -EINVAL;
3378		if (params.p2p_ctwindow != 0 &&
3379		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
3380			return -EINVAL;
3381	}
3382
3383	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
3384		u8 tmp;
3385
3386		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3387			return -EINVAL;
3388		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
3389		if (tmp > 1)
3390			return -EINVAL;
3391		params.p2p_opp_ps = tmp;
3392		if (params.p2p_opp_ps != 0 &&
3393		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
3394			return -EINVAL;
3395	}
3396
3397	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3398		err = nl80211_parse_chandef(rdev, info, &params.chandef);
3399		if (err)
3400			return err;
3401	} else if (wdev->preset_chandef.chan) {
3402		params.chandef = wdev->preset_chandef;
3403	} else if (!nl80211_get_ap_channel(rdev, &params))
3404		return -EINVAL;
3405
3406	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
3407				     wdev->iftype))
3408		return -EINVAL;
3409
3410	if (info->attrs[NL80211_ATTR_SMPS_MODE]) {
3411		params.smps_mode =
3412			nla_get_u8(info->attrs[NL80211_ATTR_SMPS_MODE]);
3413		switch (params.smps_mode) {
3414		case NL80211_SMPS_OFF:
3415			break;
3416		case NL80211_SMPS_STATIC:
3417			if (!(rdev->wiphy.features &
3418			      NL80211_FEATURE_STATIC_SMPS))
3419				return -EINVAL;
3420			break;
3421		case NL80211_SMPS_DYNAMIC:
3422			if (!(rdev->wiphy.features &
3423			      NL80211_FEATURE_DYNAMIC_SMPS))
3424				return -EINVAL;
3425			break;
3426		default:
3427			return -EINVAL;
3428		}
3429	} else {
3430		params.smps_mode = NL80211_SMPS_OFF;
3431	}
3432
3433	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {
3434		params.acl = parse_acl_data(&rdev->wiphy, info);
3435		if (IS_ERR(params.acl))
3436			return PTR_ERR(params.acl);
3437	}
3438
3439	wdev_lock(wdev);
3440	err = rdev_start_ap(rdev, dev, &params);
3441	if (!err) {
3442		wdev->preset_chandef = params.chandef;
3443		wdev->beacon_interval = params.beacon_interval;
3444		wdev->chandef = params.chandef;
3445		wdev->ssid_len = params.ssid_len;
3446		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);
3447	}
3448	wdev_unlock(wdev);
3449
3450	kfree(params.acl);
3451
3452	return err;
3453}
3454
3455static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
3456{
3457	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3458	struct net_device *dev = info->user_ptr[1];
3459	struct wireless_dev *wdev = dev->ieee80211_ptr;
3460	struct cfg80211_beacon_data params;
3461	int err;
3462
3463	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3464	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3465		return -EOPNOTSUPP;
3466
3467	if (!rdev->ops->change_beacon)
3468		return -EOPNOTSUPP;
3469
3470	if (!wdev->beacon_interval)
3471		return -EINVAL;
3472
3473	err = nl80211_parse_beacon(info->attrs, &params);
3474	if (err)
3475		return err;
3476
3477	wdev_lock(wdev);
3478	err = rdev_change_beacon(rdev, dev, &params);
3479	wdev_unlock(wdev);
3480
3481	return err;
3482}
3483
3484static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
3485{
3486	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3487	struct net_device *dev = info->user_ptr[1];
3488
3489	return cfg80211_stop_ap(rdev, dev, false);
3490}
3491
3492static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
3493	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
3494	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
3495	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
3496	[NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
3497	[NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
3498	[NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
3499};
3500
3501static int parse_station_flags(struct genl_info *info,
3502			       enum nl80211_iftype iftype,
3503			       struct station_parameters *params)
3504{
3505	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
3506	struct nlattr *nla;
3507	int flag;
3508
3509	/*
3510	 * Try parsing the new attribute first so userspace
3511	 * can specify both for older kernels.
3512	 */
3513	nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
3514	if (nla) {
3515		struct nl80211_sta_flag_update *sta_flags;
3516
3517		sta_flags = nla_data(nla);
3518		params->sta_flags_mask = sta_flags->mask;
3519		params->sta_flags_set = sta_flags->set;
3520		params->sta_flags_set &= params->sta_flags_mask;
3521		if ((params->sta_flags_mask |
3522		     params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
3523			return -EINVAL;
3524		return 0;
3525	}
3526
3527	/* if present, parse the old attribute */
3528
3529	nla = info->attrs[NL80211_ATTR_STA_FLAGS];
3530	if (!nla)
3531		return 0;
3532
3533	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
3534			     nla, sta_flags_policy))
3535		return -EINVAL;
3536
3537	/*
3538	 * Only allow certain flags for interface types so that
3539	 * other attributes are silently ignored. Remember that
3540	 * this is backward compatibility code with old userspace
3541	 * and shouldn't be hit in other cases anyway.
3542	 */
3543	switch (iftype) {
3544	case NL80211_IFTYPE_AP:
3545	case NL80211_IFTYPE_AP_VLAN:
3546	case NL80211_IFTYPE_P2P_GO:
3547		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3548					 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
3549					 BIT(NL80211_STA_FLAG_WME) |
3550					 BIT(NL80211_STA_FLAG_MFP);
3551		break;
3552	case NL80211_IFTYPE_P2P_CLIENT:
3553	case NL80211_IFTYPE_STATION:
3554		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
3555					 BIT(NL80211_STA_FLAG_TDLS_PEER);
3556		break;
3557	case NL80211_IFTYPE_MESH_POINT:
3558		params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3559					 BIT(NL80211_STA_FLAG_MFP) |
3560					 BIT(NL80211_STA_FLAG_AUTHORIZED);
3561	default:
3562		return -EINVAL;
3563	}
3564
3565	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
3566		if (flags[flag]) {
3567			params->sta_flags_set |= (1<<flag);
3568
3569			/* no longer support new API additions in old API */
3570			if (flag > NL80211_STA_FLAG_MAX_OLD_API)
3571				return -EINVAL;
3572		}
3573	}
3574
3575	return 0;
3576}
3577
3578static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
3579				 int attr)
3580{
3581	struct nlattr *rate;
3582	u32 bitrate;
3583	u16 bitrate_compat;
3584	enum nl80211_attrs rate_flg;
3585
3586	rate = nla_nest_start(msg, attr);
3587	if (!rate)
3588		return false;
3589
3590	/* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
3591	bitrate = cfg80211_calculate_bitrate(info);
3592	/* report 16-bit bitrate only if we can */
3593	bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
3594	if (bitrate > 0 &&
3595	    nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate))
3596		return false;
3597	if (bitrate_compat > 0 &&
3598	    nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat))
3599		return false;
3600
3601	switch (info->bw) {
3602	case RATE_INFO_BW_5:
3603		rate_flg = NL80211_RATE_INFO_5_MHZ_WIDTH;
3604		break;
3605	case RATE_INFO_BW_10:
3606		rate_flg = NL80211_RATE_INFO_10_MHZ_WIDTH;
3607		break;
3608	default:
3609		WARN_ON(1);
3610		/* fall through */
3611	case RATE_INFO_BW_20:
3612		rate_flg = 0;
3613		break;
3614	case RATE_INFO_BW_40:
3615		rate_flg = NL80211_RATE_INFO_40_MHZ_WIDTH;
3616		break;
3617	case RATE_INFO_BW_80:
3618		rate_flg = NL80211_RATE_INFO_80_MHZ_WIDTH;
3619		break;
3620	case RATE_INFO_BW_160:
3621		rate_flg = NL80211_RATE_INFO_160_MHZ_WIDTH;
3622		break;
3623	}
3624
3625	if (rate_flg && nla_put_flag(msg, rate_flg))
3626		return false;
3627
3628	if (info->flags & RATE_INFO_FLAGS_MCS) {
3629		if (nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs))
3630			return false;
3631		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3632		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3633			return false;
3634	} else if (info->flags & RATE_INFO_FLAGS_VHT_MCS) {
3635		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_MCS, info->mcs))
3636			return false;
3637		if (nla_put_u8(msg, NL80211_RATE_INFO_VHT_NSS, info->nss))
3638			return false;
3639		if (info->flags & RATE_INFO_FLAGS_SHORT_GI &&
3640		    nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI))
3641			return false;
3642	}
3643
3644	nla_nest_end(msg, rate);
3645	return true;
3646}
3647
3648static bool nl80211_put_signal(struct sk_buff *msg, u8 mask, s8 *signal,
3649			       int id)
3650{
3651	void *attr;
3652	int i = 0;
3653
3654	if (!mask)
3655		return true;
3656
3657	attr = nla_nest_start(msg, id);
3658	if (!attr)
3659		return false;
3660
3661	for (i = 0; i < IEEE80211_MAX_CHAINS; i++) {
3662		if (!(mask & BIT(i)))
3663			continue;
3664
3665		if (nla_put_u8(msg, i, signal[i]))
3666			return false;
3667	}
3668
3669	nla_nest_end(msg, attr);
3670
3671	return true;
3672}
3673
3674static int nl80211_send_station(struct sk_buff *msg, u32 cmd, u32 portid,
3675				u32 seq, int flags,
3676				struct cfg80211_registered_device *rdev,
3677				struct net_device *dev,
3678				const u8 *mac_addr, struct station_info *sinfo)
3679{
3680	void *hdr;
3681	struct nlattr *sinfoattr, *bss_param;
3682
3683	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
3684	if (!hdr)
3685		return -1;
3686
3687	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3688	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
3689	    nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
3690		goto nla_put_failure;
3691
3692	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
3693	if (!sinfoattr)
3694		goto nla_put_failure;
3695
3696#define PUT_SINFO(attr, memb, type) do {				\
3697	if (sinfo->filled & BIT(NL80211_STA_INFO_ ## attr) &&		\
3698	    nla_put_ ## type(msg, NL80211_STA_INFO_ ## attr,		\
3699			     sinfo->memb))				\
3700		goto nla_put_failure;					\
3701	} while (0)
3702
3703	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
3704	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
3705
3706	if (sinfo->filled & (BIT(NL80211_STA_INFO_RX_BYTES) |
3707			     BIT(NL80211_STA_INFO_RX_BYTES64)) &&
3708	    nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
3709			(u32)sinfo->rx_bytes))
3710		goto nla_put_failure;
3711
3712	if (sinfo->filled & (BIT(NL80211_STA_INFO_TX_BYTES) |
3713			     BIT(NL80211_STA_INFO_TX_BYTES64)) &&
3714	    nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
3715			(u32)sinfo->tx_bytes))
3716		goto nla_put_failure;
3717
3718	PUT_SINFO(RX_BYTES64, rx_bytes, u64);
3719	PUT_SINFO(TX_BYTES64, tx_bytes, u64);
3720	PUT_SINFO(LLID, llid, u16);
3721	PUT_SINFO(PLID, plid, u16);
3722	PUT_SINFO(PLINK_STATE, plink_state, u8);
3723
3724	switch (rdev->wiphy.signal_type) {
3725	case CFG80211_SIGNAL_TYPE_MBM:
3726		PUT_SINFO(SIGNAL, signal, u8);
3727		PUT_SINFO(SIGNAL_AVG, signal_avg, u8);
3728		break;
3729	default:
3730		break;
3731	}
3732	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL)) {
3733		if (!nl80211_put_signal(msg, sinfo->chains,
3734					sinfo->chain_signal,
3735					NL80211_STA_INFO_CHAIN_SIGNAL))
3736			goto nla_put_failure;
3737	}
3738	if (sinfo->filled & BIT(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)) {
3739		if (!nl80211_put_signal(msg, sinfo->chains,
3740					sinfo->chain_signal_avg,
3741					NL80211_STA_INFO_CHAIN_SIGNAL_AVG))
3742			goto nla_put_failure;
3743	}
3744	if (sinfo->filled & BIT(NL80211_STA_INFO_TX_BITRATE)) {
3745		if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
3746					  NL80211_STA_INFO_TX_BITRATE))
3747			goto nla_put_failure;
3748	}
3749	if (sinfo->filled & BIT(NL80211_STA_INFO_RX_BITRATE)) {
3750		if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
3751					  NL80211_STA_INFO_RX_BITRATE))
3752			goto nla_put_failure;
3753	}
3754
3755	PUT_SINFO(RX_PACKETS, rx_packets, u32);
3756	PUT_SINFO(TX_PACKETS, tx_packets, u32);
3757	PUT_SINFO(TX_RETRIES, tx_retries, u32);
3758	PUT_SINFO(TX_FAILED, tx_failed, u32);
3759	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
3760	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
3761	PUT_SINFO(LOCAL_PM, local_pm, u32);
3762	PUT_SINFO(PEER_PM, peer_pm, u32);
3763	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
3764
3765	if (sinfo->filled & BIT(NL80211_STA_INFO_BSS_PARAM)) {
3766		bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
3767		if (!bss_param)
3768			goto nla_put_failure;
3769
3770		if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
3771		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
3772		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
3773		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
3774		    ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
3775		     nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
3776		    nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
3777			       sinfo->bss_param.dtim_period) ||
3778		    nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
3779				sinfo->bss_param.beacon_interval))
3780			goto nla_put_failure;
3781
3782		nla_nest_end(msg, bss_param);
3783	}
3784	if ((sinfo->filled & BIT(NL80211_STA_INFO_STA_FLAGS)) &&
3785	    nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
3786		    sizeof(struct nl80211_sta_flag_update),
3787		    &sinfo->sta_flags))
3788		goto nla_put_failure;
3789
3790	PUT_SINFO(T_OFFSET, t_offset, u64);
3791	PUT_SINFO(RX_DROP_MISC, rx_dropped_misc, u64);
3792	PUT_SINFO(BEACON_RX, rx_beacon, u64);
3793	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
3794
3795#undef PUT_SINFO
3796
3797	if (sinfo->filled & BIT(NL80211_STA_INFO_TID_STATS)) {
3798		struct nlattr *tidsattr;
3799		int tid;
3800
3801		tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
3802		if (!tidsattr)
3803			goto nla_put_failure;
3804
3805		for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
3806			struct cfg80211_tid_stats *tidstats;
3807			struct nlattr *tidattr;
3808
3809			tidstats = &sinfo->pertid[tid];
3810
3811			if (!tidstats->filled)
3812				continue;
3813
3814			tidattr = nla_nest_start(msg, tid + 1);
3815			if (!tidattr)
3816				goto nla_put_failure;
3817
3818#define PUT_TIDVAL(attr, memb, type) do {				\
3819	if (tidstats->filled & BIT(NL80211_TID_STATS_ ## attr) &&	\
3820	    nla_put_ ## type(msg, NL80211_TID_STATS_ ## attr,		\
3821			     tidstats->memb))				\
3822		goto nla_put_failure;					\
3823	} while (0)
3824
3825			PUT_TIDVAL(RX_MSDU, rx_msdu, u64);
3826			PUT_TIDVAL(TX_MSDU, tx_msdu, u64);
3827			PUT_TIDVAL(TX_MSDU_RETRIES, tx_msdu_retries, u64);
3828			PUT_TIDVAL(TX_MSDU_FAILED, tx_msdu_failed, u64);
3829
3830#undef PUT_TIDVAL
3831			nla_nest_end(msg, tidattr);
3832		}
3833
3834		nla_nest_end(msg, tidsattr);
3835	}
3836
3837	nla_nest_end(msg, sinfoattr);
3838
3839	if (sinfo->assoc_req_ies_len &&
3840	    nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
3841		    sinfo->assoc_req_ies))
3842		goto nla_put_failure;
3843
3844	genlmsg_end(msg, hdr);
3845	return 0;
3846
3847 nla_put_failure:
3848	genlmsg_cancel(msg, hdr);
3849	return -EMSGSIZE;
3850}
3851
3852static int nl80211_dump_station(struct sk_buff *skb,
3853				struct netlink_callback *cb)
3854{
3855	struct station_info sinfo;
3856	struct cfg80211_registered_device *rdev;
3857	struct wireless_dev *wdev;
3858	u8 mac_addr[ETH_ALEN];
3859	int sta_idx = cb->args[2];
3860	int err;
3861
3862	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
3863	if (err)
3864		return err;
3865
3866	if (!wdev->netdev) {
3867		err = -EINVAL;
3868		goto out_err;
3869	}
3870
3871	if (!rdev->ops->dump_station) {
3872		err = -EOPNOTSUPP;
3873		goto out_err;
3874	}
3875
3876	while (1) {
3877		memset(&sinfo, 0, sizeof(sinfo));
3878		err = rdev_dump_station(rdev, wdev->netdev, sta_idx,
3879					mac_addr, &sinfo);
3880		if (err == -ENOENT)
3881			break;
3882		if (err)
3883			goto out_err;
3884
3885		if (nl80211_send_station(skb, NL80211_CMD_NEW_STATION,
3886				NETLINK_CB(cb->skb).portid,
3887				cb->nlh->nlmsg_seq, NLM_F_MULTI,
3888				rdev, wdev->netdev, mac_addr,
3889				&sinfo) < 0)
3890			goto out;
3891
3892		sta_idx++;
3893	}
3894
3895
3896 out:
3897	cb->args[2] = sta_idx;
3898	err = skb->len;
3899 out_err:
3900	nl80211_finish_wdev_dump(rdev);
3901
3902	return err;
3903}
3904
3905static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
3906{
3907	struct cfg80211_registered_device *rdev = info->user_ptr[0];
3908	struct net_device *dev = info->user_ptr[1];
3909	struct station_info sinfo;
3910	struct sk_buff *msg;
3911	u8 *mac_addr = NULL;
3912	int err;
3913
3914	memset(&sinfo, 0, sizeof(sinfo));
3915
3916	if (!info->attrs[NL80211_ATTR_MAC])
3917		return -EINVAL;
3918
3919	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3920
3921	if (!rdev->ops->get_station)
3922		return -EOPNOTSUPP;
3923
3924	err = rdev_get_station(rdev, dev, mac_addr, &sinfo);
3925	if (err)
3926		return err;
3927
3928	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3929	if (!msg)
3930		return -ENOMEM;
3931
3932	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION,
3933				 info->snd_portid, info->snd_seq, 0,
3934				 rdev, dev, mac_addr, &sinfo) < 0) {
3935		nlmsg_free(msg);
3936		return -ENOBUFS;
3937	}
3938
3939	return genlmsg_reply(msg, info);
3940}
3941
3942int cfg80211_check_station_change(struct wiphy *wiphy,
3943				  struct station_parameters *params,
3944				  enum cfg80211_station_type statype)
3945{
3946	if (params->listen_interval != -1)
3947		return -EINVAL;
3948	if (params->aid &&
3949	    !(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3950		return -EINVAL;
3951
3952	/* When you run into this, adjust the code below for the new flag */
3953	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
3954
3955	switch (statype) {
3956	case CFG80211_STA_MESH_PEER_KERNEL:
3957	case CFG80211_STA_MESH_PEER_USER:
3958		/*
3959		 * No ignoring the TDLS flag here -- the userspace mesh
3960		 * code doesn't have the bug of including TDLS in the
3961		 * mask everywhere.
3962		 */
3963		if (params->sta_flags_mask &
3964				~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
3965				  BIT(NL80211_STA_FLAG_MFP) |
3966				  BIT(NL80211_STA_FLAG_AUTHORIZED)))
3967			return -EINVAL;
3968		break;
3969	case CFG80211_STA_TDLS_PEER_SETUP:
3970	case CFG80211_STA_TDLS_PEER_ACTIVE:
3971		if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
3972			return -EINVAL;
3973		/* ignore since it can't change */
3974		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3975		break;
3976	default:
3977		/* disallow mesh-specific things */
3978		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
3979			return -EINVAL;
3980		if (params->local_pm)
3981			return -EINVAL;
3982		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
3983			return -EINVAL;
3984	}
3985
3986	if (statype != CFG80211_STA_TDLS_PEER_SETUP &&
3987	    statype != CFG80211_STA_TDLS_PEER_ACTIVE) {
3988		/* TDLS can't be set, ... */
3989		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
3990			return -EINVAL;
3991		/*
3992		 * ... but don't bother the driver with it. This works around
3993		 * a hostapd/wpa_supplicant issue -- it always includes the
3994		 * TLDS_PEER flag in the mask even for AP mode.
3995		 */
3996		params->sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
3997	}
3998
3999	if (statype != CFG80211_STA_TDLS_PEER_SETUP) {
4000		/* reject other things that can't change */
4001		if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD)
4002			return -EINVAL;
4003		if (params->sta_modify_mask & STATION_PARAM_APPLY_CAPABILITY)
4004			return -EINVAL;
4005		if (params->supported_rates)
4006			return -EINVAL;
4007		if (params->ext_capab || params->ht_capa || params->vht_capa)
4008			return -EINVAL;
4009	}
4010
4011	if (statype != CFG80211_STA_AP_CLIENT) {
4012		if (params->vlan)
4013			return -EINVAL;
4014	}
4015
4016	switch (statype) {
4017	case CFG80211_STA_AP_MLME_CLIENT:
4018		/* Use this only for authorizing/unauthorizing a station */
4019		if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4020			return -EOPNOTSUPP;
4021		break;
4022	case CFG80211_STA_AP_CLIENT:
4023		/* accept only the listed bits */
4024		if (params->sta_flags_mask &
4025				~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4026				  BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4027				  BIT(NL80211_STA_FLAG_ASSOCIATED) |
4028				  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
4029				  BIT(NL80211_STA_FLAG_WME) |
4030				  BIT(NL80211_STA_FLAG_MFP)))
4031			return -EINVAL;
4032
4033		/* but authenticated/associated only if driver handles it */
4034		if (!(wiphy->features & NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4035		    params->sta_flags_mask &
4036				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4037				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4038			return -EINVAL;
4039		break;
4040	case CFG80211_STA_IBSS:
4041	case CFG80211_STA_AP_STA:
4042		/* reject any changes other than AUTHORIZED */
4043		if (params->sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
4044			return -EINVAL;
4045		break;
4046	case CFG80211_STA_TDLS_PEER_SETUP:
4047		/* reject any changes other than AUTHORIZED or WME */
4048		if (params->sta_flags_mask & ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
4049					       BIT(NL80211_STA_FLAG_WME)))
4050			return -EINVAL;
4051		/* force (at least) rates when authorizing */
4052		if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED) &&
4053		    !params->supported_rates)
4054			return -EINVAL;
4055		break;
4056	case CFG80211_STA_TDLS_PEER_ACTIVE:
4057		/* reject any changes */
4058		return -EINVAL;
4059	case CFG80211_STA_MESH_PEER_KERNEL:
4060		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE)
4061			return -EINVAL;
4062		break;
4063	case CFG80211_STA_MESH_PEER_USER:
4064		if (params->plink_action != NL80211_PLINK_ACTION_NO_ACTION)
4065			return -EINVAL;
4066		break;
4067	}
4068
4069	return 0;
4070}
4071EXPORT_SYMBOL(cfg80211_check_station_change);
4072
4073/*
4074 * Get vlan interface making sure it is running and on the right wiphy.
4075 */
4076static struct net_device *get_vlan(struct genl_info *info,
4077				   struct cfg80211_registered_device *rdev)
4078{
4079	struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
4080	struct net_device *v;
4081	int ret;
4082
4083	if (!vlanattr)
4084		return NULL;
4085
4086	v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
4087	if (!v)
4088		return ERR_PTR(-ENODEV);
4089
4090	if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
4091		ret = -EINVAL;
4092		goto error;
4093	}
4094
4095	if (v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4096	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4097	    v->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
4098		ret = -EINVAL;
4099		goto error;
4100	}
4101
4102	if (!netif_running(v)) {
4103		ret = -ENETDOWN;
4104		goto error;
4105	}
4106
4107	return v;
4108 error:
4109	dev_put(v);
4110	return ERR_PTR(ret);
4111}
4112
4113static const struct nla_policy
4114nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] = {
4115	[NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
4116	[NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
4117};
4118
4119static int nl80211_parse_sta_wme(struct genl_info *info,
4120				 struct station_parameters *params)
4121{
4122	struct nlattr *tb[NL80211_STA_WME_MAX + 1];
4123	struct nlattr *nla;
4124	int err;
4125
4126	/* parse WME attributes if present */
4127	if (!info->attrs[NL80211_ATTR_STA_WME])
4128		return 0;
4129
4130	nla = info->attrs[NL80211_ATTR_STA_WME];
4131	err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
4132			       nl80211_sta_wme_policy);
4133	if (err)
4134		return err;
4135
4136	if (tb[NL80211_STA_WME_UAPSD_QUEUES])
4137		params->uapsd_queues = nla_get_u8(
4138			tb[NL80211_STA_WME_UAPSD_QUEUES]);
4139	if (params->uapsd_queues & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
4140		return -EINVAL;
4141
4142	if (tb[NL80211_STA_WME_MAX_SP])
4143		params->max_sp = nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
4144
4145	if (params->max_sp & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
4146		return -EINVAL;
4147
4148	params->sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
4149
4150	return 0;
4151}
4152
4153static int nl80211_parse_sta_channel_info(struct genl_info *info,
4154				      struct station_parameters *params)
4155{
4156	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]) {
4157		params->supported_channels =
4158		     nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4159		params->supported_channels_len =
4160		     nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
4161		/*
4162		 * Need to include at least one (first channel, number of
4163		 * channels) tuple for each subband, and must have proper
4164		 * tuples for the rest of the data as well.
4165		 */
4166		if (params->supported_channels_len < 2)
4167			return -EINVAL;
4168		if (params->supported_channels_len % 2)
4169			return -EINVAL;
4170	}
4171
4172	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]) {
4173		params->supported_oper_classes =
4174		 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4175		params->supported_oper_classes_len =
4176		  nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
4177		/*
4178		 * The value of the Length field of the Supported Operating
4179		 * Classes element is between 2 and 253.
4180		 */
4181		if (params->supported_oper_classes_len < 2 ||
4182		    params->supported_oper_classes_len > 253)
4183			return -EINVAL;
4184	}
4185	return 0;
4186}
4187
4188static int nl80211_set_station_tdls(struct genl_info *info,
4189				    struct station_parameters *params)
4190{
4191	int err;
4192	/* Dummy STA entry gets updated once the peer capabilities are known */
4193	if (info->attrs[NL80211_ATTR_PEER_AID])
4194		params->aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4195	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4196		params->ht_capa =
4197			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4198	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4199		params->vht_capa =
4200			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4201
4202	err = nl80211_parse_sta_channel_info(info, params);
4203	if (err)
4204		return err;
4205
4206	return nl80211_parse_sta_wme(info, params);
4207}
4208
4209static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
4210{
4211	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4212	struct net_device *dev = info->user_ptr[1];
4213	struct station_parameters params;
4214	u8 *mac_addr;
4215	int err;
4216
4217	memset(&params, 0, sizeof(params));
4218
4219	params.listen_interval = -1;
4220
4221	if (!rdev->ops->change_station)
4222		return -EOPNOTSUPP;
4223
4224	if (info->attrs[NL80211_ATTR_STA_AID])
4225		return -EINVAL;
4226
4227	if (!info->attrs[NL80211_ATTR_MAC])
4228		return -EINVAL;
4229
4230	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4231
4232	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
4233		params.supported_rates =
4234			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4235		params.supported_rates_len =
4236			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4237	}
4238
4239	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4240		params.capability =
4241			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4242		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4243	}
4244
4245	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4246		params.ext_capab =
4247			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4248		params.ext_capab_len =
4249			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4250	}
4251
4252	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4253		return -EINVAL;
4254
4255	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4256		return -EINVAL;
4257
4258	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4259		params.plink_action =
4260			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4261		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4262			return -EINVAL;
4263	}
4264
4265	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
4266		params.plink_state =
4267			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
4268		if (params.plink_state >= NUM_NL80211_PLINK_STATES)
4269			return -EINVAL;
4270		params.sta_modify_mask |= STATION_PARAM_APPLY_PLINK_STATE;
4271	}
4272
4273	if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
4274		enum nl80211_mesh_power_mode pm = nla_get_u32(
4275			info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
4276
4277		if (pm <= NL80211_MESH_POWER_UNKNOWN ||
4278		    pm > NL80211_MESH_POWER_MAX)
4279			return -EINVAL;
4280
4281		params.local_pm = pm;
4282	}
4283
4284	/* Include parameters for TDLS peer (will check later) */
4285	err = nl80211_set_station_tdls(info, &params);
4286	if (err)
4287		return err;
4288
4289	params.vlan = get_vlan(info, rdev);
4290	if (IS_ERR(params.vlan))
4291		return PTR_ERR(params.vlan);
4292
4293	switch (dev->ieee80211_ptr->iftype) {
4294	case NL80211_IFTYPE_AP:
4295	case NL80211_IFTYPE_AP_VLAN:
4296	case NL80211_IFTYPE_P2P_GO:
4297	case NL80211_IFTYPE_P2P_CLIENT:
4298	case NL80211_IFTYPE_STATION:
4299	case NL80211_IFTYPE_ADHOC:
4300	case NL80211_IFTYPE_MESH_POINT:
4301		break;
4302	default:
4303		err = -EOPNOTSUPP;
4304		goto out_put_vlan;
4305	}
4306
4307	/* driver will call cfg80211_check_station_change() */
4308	err = rdev_change_station(rdev, dev, mac_addr, &params);
4309
4310 out_put_vlan:
4311	if (params.vlan)
4312		dev_put(params.vlan);
4313
4314	return err;
4315}
4316
4317static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
4318{
4319	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4320	int err;
4321	struct net_device *dev = info->user_ptr[1];
4322	struct station_parameters params;
4323	u8 *mac_addr = NULL;
4324
4325	memset(&params, 0, sizeof(params));
4326
4327	if (!rdev->ops->add_station)
4328		return -EOPNOTSUPP;
4329
4330	if (!info->attrs[NL80211_ATTR_MAC])
4331		return -EINVAL;
4332
4333	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
4334		return -EINVAL;
4335
4336	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
4337		return -EINVAL;
4338
4339	if (!info->attrs[NL80211_ATTR_STA_AID] &&
4340	    !info->attrs[NL80211_ATTR_PEER_AID])
4341		return -EINVAL;
4342
4343	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
4344	params.supported_rates =
4345		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4346	params.supported_rates_len =
4347		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
4348	params.listen_interval =
4349		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
4350
4351	if (info->attrs[NL80211_ATTR_PEER_AID])
4352		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
4353	else
4354		params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
4355	if (!params.aid || params.aid > IEEE80211_MAX_AID)
4356		return -EINVAL;
4357
4358	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
4359		params.capability =
4360			nla_get_u16(info->attrs[NL80211_ATTR_STA_CAPABILITY]);
4361		params.sta_modify_mask |= STATION_PARAM_APPLY_CAPABILITY;
4362	}
4363
4364	if (info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]) {
4365		params.ext_capab =
4366			nla_data(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4367		params.ext_capab_len =
4368			nla_len(info->attrs[NL80211_ATTR_STA_EXT_CAPABILITY]);
4369	}
4370
4371	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
4372		params.ht_capa =
4373			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4374
4375	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY])
4376		params.vht_capa =
4377			nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]);
4378
4379	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
4380		params.opmode_notif_used = true;
4381		params.opmode_notif =
4382			nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
4383	}
4384
4385	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
4386		params.plink_action =
4387			nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
4388		if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
4389			return -EINVAL;
4390	}
4391
4392	err = nl80211_parse_sta_channel_info(info, &params);
4393	if (err)
4394		return err;
4395
4396	err = nl80211_parse_sta_wme(info, &params);
4397	if (err)
4398		return err;
4399
4400	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
4401		return -EINVAL;
4402
4403	/* HT/VHT requires QoS, but if we don't have that just ignore HT/VHT
4404	 * as userspace might just pass through the capabilities from the IEs
4405	 * directly, rather than enforcing this restriction and returning an
4406	 * error in this case.
4407	 */
4408	if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME))) {
4409		params.ht_capa = NULL;
4410		params.vht_capa = NULL;
4411	}
4412
4413	/* When you run into this, adjust the code below for the new flag */
4414	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
4415
4416	switch (dev->ieee80211_ptr->iftype) {
4417	case NL80211_IFTYPE_AP:
4418	case NL80211_IFTYPE_AP_VLAN:
4419	case NL80211_IFTYPE_P2P_GO:
4420		/* ignore WME attributes if iface/sta is not capable */
4421		if (!(rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) ||
4422		    !(params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)))
4423			params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4424
4425		/* TDLS peers cannot be added */
4426		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4427		    info->attrs[NL80211_ATTR_PEER_AID])
4428			return -EINVAL;
4429		/* but don't bother the driver with it */
4430		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
4431
4432		/* allow authenticated/associated only if driver handles it */
4433		if (!(rdev->wiphy.features &
4434				NL80211_FEATURE_FULL_AP_CLIENT_STATE) &&
4435		    params.sta_flags_mask &
4436				(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
4437				 BIT(NL80211_STA_FLAG_ASSOCIATED)))
4438			return -EINVAL;
4439
4440		/* must be last in here for error handling */
4441		params.vlan = get_vlan(info, rdev);
4442		if (IS_ERR(params.vlan))
4443			return PTR_ERR(params.vlan);
4444		break;
4445	case NL80211_IFTYPE_MESH_POINT:
4446		/* ignore uAPSD data */
4447		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4448
4449		/* associated is disallowed */
4450		if (params.sta_flags_mask & BIT(NL80211_STA_FLAG_ASSOCIATED))
4451			return -EINVAL;
4452		/* TDLS peers cannot be added */
4453		if ((params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)) ||
4454		    info->attrs[NL80211_ATTR_PEER_AID])
4455			return -EINVAL;
4456		break;
4457	case NL80211_IFTYPE_STATION:
4458	case NL80211_IFTYPE_P2P_CLIENT:
4459		/* ignore uAPSD data */
4460		params.sta_modify_mask &= ~STATION_PARAM_APPLY_UAPSD;
4461
4462		/* these are disallowed */
4463		if (params.sta_flags_mask &
4464				(BIT(NL80211_STA_FLAG_ASSOCIATED) |
4465				 BIT(NL80211_STA_FLAG_AUTHENTICATED)))
4466			return -EINVAL;
4467		/* Only TDLS peers can be added */
4468		if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
4469			return -EINVAL;
4470		/* Can only add if TDLS ... */
4471		if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
4472			return -EOPNOTSUPP;
4473		/* ... with external setup is supported */
4474		if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
4475			return -EOPNOTSUPP;
4476		/*
4477		 * Older wpa_supplicant versions always mark the TDLS peer
4478		 * as authorized, but it shouldn't yet be.
4479		 */
4480		params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_AUTHORIZED);
4481		break;
4482	default:
4483		return -EOPNOTSUPP;
4484	}
4485
4486	/* be aware of params.vlan when changing code here */
4487
4488	err = rdev_add_station(rdev, dev, mac_addr, &params);
4489
4490	if (params.vlan)
4491		dev_put(params.vlan);
4492	return err;
4493}
4494
4495static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
4496{
4497	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4498	struct net_device *dev = info->user_ptr[1];
4499	struct station_del_parameters params;
4500
4501	memset(&params, 0, sizeof(params));
4502
4503	if (info->attrs[NL80211_ATTR_MAC])
4504		params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
4505
4506	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4507	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4508	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4509	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4510		return -EINVAL;
4511
4512	if (!rdev->ops->del_station)
4513		return -EOPNOTSUPP;
4514
4515	if (info->attrs[NL80211_ATTR_MGMT_SUBTYPE]) {
4516		params.subtype =
4517			nla_get_u8(info->attrs[NL80211_ATTR_MGMT_SUBTYPE]);
4518		if (params.subtype != IEEE80211_STYPE_DISASSOC >> 4 &&
4519		    params.subtype != IEEE80211_STYPE_DEAUTH >> 4)
4520			return -EINVAL;
4521	} else {
4522		/* Default to Deauthentication frame */
4523		params.subtype = IEEE80211_STYPE_DEAUTH >> 4;
4524	}
4525
4526	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
4527		params.reason_code =
4528			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4529		if (params.reason_code == 0)
4530			return -EINVAL; /* 0 is reserved */
4531	} else {
4532		/* Default to reason code 2 */
4533		params.reason_code = WLAN_REASON_PREV_AUTH_NOT_VALID;
4534	}
4535
4536	return rdev_del_station(rdev, dev, &params);
4537}
4538
4539static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
4540				int flags, struct net_device *dev,
4541				u8 *dst, u8 *next_hop,
4542				struct mpath_info *pinfo)
4543{
4544	void *hdr;
4545	struct nlattr *pinfoattr;
4546
4547	hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_MPATH);
4548	if (!hdr)
4549		return -1;
4550
4551	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
4552	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
4553	    nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
4554	    nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
4555		goto nla_put_failure;
4556
4557	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
4558	if (!pinfoattr)
4559		goto nla_put_failure;
4560	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
4561	    nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
4562			pinfo->frame_qlen))
4563		goto nla_put_failure;
4564	if (((pinfo->filled & MPATH_INFO_SN) &&
4565	     nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
4566	    ((pinfo->filled & MPATH_INFO_METRIC) &&
4567	     nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
4568			 pinfo->metric)) ||
4569	    ((pinfo->filled & MPATH_INFO_EXPTIME) &&
4570	     nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
4571			 pinfo->exptime)) ||
4572	    ((pinfo->filled & MPATH_INFO_FLAGS) &&
4573	     nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
4574			pinfo->flags)) ||
4575	    ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
4576	     nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
4577			 pinfo->discovery_timeout)) ||
4578	    ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
4579	     nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
4580			pinfo->discovery_retries)))
4581		goto nla_put_failure;
4582
4583	nla_nest_end(msg, pinfoattr);
4584
4585	genlmsg_end(msg, hdr);
4586	return 0;
4587
4588 nla_put_failure:
4589	genlmsg_cancel(msg, hdr);
4590	return -EMSGSIZE;
4591}
4592
4593static int nl80211_dump_mpath(struct sk_buff *skb,
4594			      struct netlink_callback *cb)
4595{
4596	struct mpath_info pinfo;
4597	struct cfg80211_registered_device *rdev;
4598	struct wireless_dev *wdev;
4599	u8 dst[ETH_ALEN];
4600	u8 next_hop[ETH_ALEN];
4601	int path_idx = cb->args[2];
4602	int err;
4603
4604	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4605	if (err)
4606		return err;
4607
4608	if (!rdev->ops->dump_mpath) {
4609		err = -EOPNOTSUPP;
4610		goto out_err;
4611	}
4612
4613	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4614		err = -EOPNOTSUPP;
4615		goto out_err;
4616	}
4617
4618	while (1) {
4619		err = rdev_dump_mpath(rdev, wdev->netdev, path_idx, dst,
4620				      next_hop, &pinfo);
4621		if (err == -ENOENT)
4622			break;
4623		if (err)
4624			goto out_err;
4625
4626		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4627				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4628				       wdev->netdev, dst, next_hop,
4629				       &pinfo) < 0)
4630			goto out;
4631
4632		path_idx++;
4633	}
4634
4635
4636 out:
4637	cb->args[2] = path_idx;
4638	err = skb->len;
4639 out_err:
4640	nl80211_finish_wdev_dump(rdev);
4641	return err;
4642}
4643
4644static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
4645{
4646	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4647	int err;
4648	struct net_device *dev = info->user_ptr[1];
4649	struct mpath_info pinfo;
4650	struct sk_buff *msg;
4651	u8 *dst = NULL;
4652	u8 next_hop[ETH_ALEN];
4653
4654	memset(&pinfo, 0, sizeof(pinfo));
4655
4656	if (!info->attrs[NL80211_ATTR_MAC])
4657		return -EINVAL;
4658
4659	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4660
4661	if (!rdev->ops->get_mpath)
4662		return -EOPNOTSUPP;
4663
4664	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4665		return -EOPNOTSUPP;
4666
4667	err = rdev_get_mpath(rdev, dev, dst, next_hop, &pinfo);
4668	if (err)
4669		return err;
4670
4671	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4672	if (!msg)
4673		return -ENOMEM;
4674
4675	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4676				 dev, dst, next_hop, &pinfo) < 0) {
4677		nlmsg_free(msg);
4678		return -ENOBUFS;
4679	}
4680
4681	return genlmsg_reply(msg, info);
4682}
4683
4684static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
4685{
4686	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4687	struct net_device *dev = info->user_ptr[1];
4688	u8 *dst = NULL;
4689	u8 *next_hop = NULL;
4690
4691	if (!info->attrs[NL80211_ATTR_MAC])
4692		return -EINVAL;
4693
4694	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4695		return -EINVAL;
4696
4697	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4698	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4699
4700	if (!rdev->ops->change_mpath)
4701		return -EOPNOTSUPP;
4702
4703	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4704		return -EOPNOTSUPP;
4705
4706	return rdev_change_mpath(rdev, dev, dst, next_hop);
4707}
4708
4709static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
4710{
4711	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4712	struct net_device *dev = info->user_ptr[1];
4713	u8 *dst = NULL;
4714	u8 *next_hop = NULL;
4715
4716	if (!info->attrs[NL80211_ATTR_MAC])
4717		return -EINVAL;
4718
4719	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
4720		return -EINVAL;
4721
4722	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4723	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
4724
4725	if (!rdev->ops->add_mpath)
4726		return -EOPNOTSUPP;
4727
4728	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4729		return -EOPNOTSUPP;
4730
4731	return rdev_add_mpath(rdev, dev, dst, next_hop);
4732}
4733
4734static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
4735{
4736	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4737	struct net_device *dev = info->user_ptr[1];
4738	u8 *dst = NULL;
4739
4740	if (info->attrs[NL80211_ATTR_MAC])
4741		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4742
4743	if (!rdev->ops->del_mpath)
4744		return -EOPNOTSUPP;
4745
4746	return rdev_del_mpath(rdev, dev, dst);
4747}
4748
4749static int nl80211_get_mpp(struct sk_buff *skb, struct genl_info *info)
4750{
4751	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4752	int err;
4753	struct net_device *dev = info->user_ptr[1];
4754	struct mpath_info pinfo;
4755	struct sk_buff *msg;
4756	u8 *dst = NULL;
4757	u8 mpp[ETH_ALEN];
4758
4759	memset(&pinfo, 0, sizeof(pinfo));
4760
4761	if (!info->attrs[NL80211_ATTR_MAC])
4762		return -EINVAL;
4763
4764	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
4765
4766	if (!rdev->ops->get_mpp)
4767		return -EOPNOTSUPP;
4768
4769	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
4770		return -EOPNOTSUPP;
4771
4772	err = rdev_get_mpp(rdev, dev, dst, mpp, &pinfo);
4773	if (err)
4774		return err;
4775
4776	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4777	if (!msg)
4778		return -ENOMEM;
4779
4780	if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
4781			       dev, dst, mpp, &pinfo) < 0) {
4782		nlmsg_free(msg);
4783		return -ENOBUFS;
4784	}
4785
4786	return genlmsg_reply(msg, info);
4787}
4788
4789static int nl80211_dump_mpp(struct sk_buff *skb,
4790			    struct netlink_callback *cb)
4791{
4792	struct mpath_info pinfo;
4793	struct cfg80211_registered_device *rdev;
4794	struct wireless_dev *wdev;
4795	u8 dst[ETH_ALEN];
4796	u8 mpp[ETH_ALEN];
4797	int path_idx = cb->args[2];
4798	int err;
4799
4800	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
4801	if (err)
4802		return err;
4803
4804	if (!rdev->ops->dump_mpp) {
4805		err = -EOPNOTSUPP;
4806		goto out_err;
4807	}
4808
4809	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4810		err = -EOPNOTSUPP;
4811		goto out_err;
4812	}
4813
4814	while (1) {
4815		err = rdev_dump_mpp(rdev, wdev->netdev, path_idx, dst,
4816				    mpp, &pinfo);
4817		if (err == -ENOENT)
4818			break;
4819		if (err)
4820			goto out_err;
4821
4822		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4823				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
4824				       wdev->netdev, dst, mpp,
4825				       &pinfo) < 0)
4826			goto out;
4827
4828		path_idx++;
4829	}
4830
4831 out:
4832	cb->args[2] = path_idx;
4833	err = skb->len;
4834 out_err:
4835	nl80211_finish_wdev_dump(rdev);
4836	return err;
4837}
4838
4839static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
4840{
4841	struct cfg80211_registered_device *rdev = info->user_ptr[0];
4842	struct net_device *dev = info->user_ptr[1];
4843	struct wireless_dev *wdev = dev->ieee80211_ptr;
4844	struct bss_parameters params;
4845	int err;
4846
4847	memset(&params, 0, sizeof(params));
4848	/* default to not changing parameters */
4849	params.use_cts_prot = -1;
4850	params.use_short_preamble = -1;
4851	params.use_short_slot_time = -1;
4852	params.ap_isolate = -1;
4853	params.ht_opmode = -1;
4854	params.p2p_ctwindow = -1;
4855	params.p2p_opp_ps = -1;
4856
4857	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
4858		params.use_cts_prot =
4859		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
4860	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
4861		params.use_short_preamble =
4862		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
4863	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
4864		params.use_short_slot_time =
4865		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
4866	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4867		params.basic_rates =
4868			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4869		params.basic_rates_len =
4870			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4871	}
4872	if (info->attrs[NL80211_ATTR_AP_ISOLATE])
4873		params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
4874	if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
4875		params.ht_opmode =
4876			nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
4877
4878	if (info->attrs[NL80211_ATTR_P2P_CTWINDOW]) {
4879		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4880			return -EINVAL;
4881		params.p2p_ctwindow =
4882			nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4883		if (params.p2p_ctwindow < 0)
4884			return -EINVAL;
4885		if (params.p2p_ctwindow != 0 &&
4886		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4887			return -EINVAL;
4888	}
4889
4890	if (info->attrs[NL80211_ATTR_P2P_OPPPS]) {
4891		u8 tmp;
4892
4893		if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4894			return -EINVAL;
4895		tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4896		if (tmp > 1)
4897			return -EINVAL;
4898		params.p2p_opp_ps = tmp;
4899		if (params.p2p_opp_ps &&
4900		    !(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
4901			return -EINVAL;
4902	}
4903
4904	if (!rdev->ops->change_bss)
4905		return -EOPNOTSUPP;
4906
4907	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4908	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4909		return -EOPNOTSUPP;
4910
4911	wdev_lock(wdev);
4912	err = rdev_change_bss(rdev, dev, &params);
4913	wdev_unlock(wdev);
4914
4915	return err;
4916}
4917
4918static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
4919	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
4920	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
4921	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
4922	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
4923	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
4924	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
4925	[NL80211_ATTR_DFS_CAC_TIME]		= { .type = NLA_U32 },
4926};
4927
4928static int parse_reg_rule(struct nlattr *tb[],
4929	struct ieee80211_reg_rule *reg_rule)
4930{
4931	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
4932	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
4933
4934	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
4935		return -EINVAL;
4936	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
4937		return -EINVAL;
4938	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
4939		return -EINVAL;
4940	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
4941		return -EINVAL;
4942	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
4943		return -EINVAL;
4944
4945	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
4946
4947	freq_range->start_freq_khz =
4948		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
4949	freq_range->end_freq_khz =
4950		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
4951	freq_range->max_bandwidth_khz =
4952		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
4953
4954	power_rule->max_eirp =
4955		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
4956
4957	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
4958		power_rule->max_antenna_gain =
4959			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
4960
4961	if (tb[NL80211_ATTR_DFS_CAC_TIME])
4962		reg_rule->dfs_cac_ms =
4963			nla_get_u32(tb[NL80211_ATTR_DFS_CAC_TIME]);
4964
4965	return 0;
4966}
4967
4968static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
4969{
4970	char *data = NULL;
4971	bool is_indoor;
4972	enum nl80211_user_reg_hint_type user_reg_hint_type;
4973	u32 owner_nlportid;
4974
4975
4976	/*
4977	 * You should only get this when cfg80211 hasn't yet initialized
4978	 * completely when built-in to the kernel right between the time
4979	 * window between nl80211_init() and regulatory_init(), if that is
4980	 * even possible.
4981	 */
4982	if (unlikely(!rcu_access_pointer(cfg80211_regdomain)))
4983		return -EINPROGRESS;
4984
4985	if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
4986		user_reg_hint_type =
4987		  nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
4988	else
4989		user_reg_hint_type = NL80211_USER_REG_HINT_USER;
4990
4991	switch (user_reg_hint_type) {
4992	case NL80211_USER_REG_HINT_USER:
4993	case NL80211_USER_REG_HINT_CELL_BASE:
4994		if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
4995			return -EINVAL;
4996
4997		data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
4998		return regulatory_hint_user(data, user_reg_hint_type);
4999	case NL80211_USER_REG_HINT_INDOOR:
5000		if (info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
5001			owner_nlportid = info->snd_portid;
5002			is_indoor = !!info->attrs[NL80211_ATTR_REG_INDOOR];
5003		} else {
5004			owner_nlportid = 0;
5005			is_indoor = true;
5006		}
5007
5008		return regulatory_hint_indoor(is_indoor, owner_nlportid);
5009	default:
5010		return -EINVAL;
5011	}
5012}
5013
5014static int nl80211_get_mesh_config(struct sk_buff *skb,
5015				   struct genl_info *info)
5016{
5017	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5018	struct net_device *dev = info->user_ptr[1];
5019	struct wireless_dev *wdev = dev->ieee80211_ptr;
5020	struct mesh_config cur_params;
5021	int err = 0;
5022	void *hdr;
5023	struct nlattr *pinfoattr;
5024	struct sk_buff *msg;
5025
5026	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5027		return -EOPNOTSUPP;
5028
5029	if (!rdev->ops->get_mesh_config)
5030		return -EOPNOTSUPP;
5031
5032	wdev_lock(wdev);
5033	/* If not connected, get default parameters */
5034	if (!wdev->mesh_id_len)
5035		memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
5036	else
5037		err = rdev_get_mesh_config(rdev, dev, &cur_params);
5038	wdev_unlock(wdev);
5039
5040	if (err)
5041		return err;
5042
5043	/* Draw up a netlink message to send back */
5044	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5045	if (!msg)
5046		return -ENOMEM;
5047	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5048			     NL80211_CMD_GET_MESH_CONFIG);
5049	if (!hdr)
5050		goto out;
5051	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
5052	if (!pinfoattr)
5053		goto nla_put_failure;
5054	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
5055	    nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
5056			cur_params.dot11MeshRetryTimeout) ||
5057	    nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5058			cur_params.dot11MeshConfirmTimeout) ||
5059	    nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
5060			cur_params.dot11MeshHoldingTimeout) ||
5061	    nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
5062			cur_params.dot11MeshMaxPeerLinks) ||
5063	    nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
5064		       cur_params.dot11MeshMaxRetries) ||
5065	    nla_put_u8(msg, NL80211_MESHCONF_TTL,
5066		       cur_params.dot11MeshTTL) ||
5067	    nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
5068		       cur_params.element_ttl) ||
5069	    nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5070		       cur_params.auto_open_plinks) ||
5071	    nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5072			cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
5073	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5074		       cur_params.dot11MeshHWMPmaxPREQretries) ||
5075	    nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
5076			cur_params.path_refresh_time) ||
5077	    nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5078			cur_params.min_discovery_timeout) ||
5079	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5080			cur_params.dot11MeshHWMPactivePathTimeout) ||
5081	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5082			cur_params.dot11MeshHWMPpreqMinInterval) ||
5083	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5084			cur_params.dot11MeshHWMPperrMinInterval) ||
5085	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5086			cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
5087	    nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
5088		       cur_params.dot11MeshHWMPRootMode) ||
5089	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5090			cur_params.dot11MeshHWMPRannInterval) ||
5091	    nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5092		       cur_params.dot11MeshGateAnnouncementProtocol) ||
5093	    nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
5094		       cur_params.dot11MeshForwarding) ||
5095	    nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
5096			cur_params.rssi_threshold) ||
5097	    nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
5098			cur_params.ht_opmode) ||
5099	    nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5100			cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
5101	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5102			cur_params.dot11MeshHWMProotInterval) ||
5103	    nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5104			cur_params.dot11MeshHWMPconfirmationInterval) ||
5105	    nla_put_u32(msg, NL80211_MESHCONF_POWER_MODE,
5106			cur_params.power_mode) ||
5107	    nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
5108			cur_params.dot11MeshAwakeWindowDuration) ||
5109	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
5110			cur_params.plink_timeout))
5111		goto nla_put_failure;
5112	nla_nest_end(msg, pinfoattr);
5113	genlmsg_end(msg, hdr);
5114	return genlmsg_reply(msg, info);
5115
5116 nla_put_failure:
5117	genlmsg_cancel(msg, hdr);
5118 out:
5119	nlmsg_free(msg);
5120	return -ENOBUFS;
5121}
5122
5123static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
5124	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
5125	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
5126	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
5127	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
5128	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
5129	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
5130	[NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
5131	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
5132	[NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
5133	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
5134	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
5135	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
5136	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
5137	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
5138	[NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
5139	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
5140	[NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
5141	[NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
5142	[NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
5143	[NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
5144	[NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
5145	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
5146	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
5147	[NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
5148	[NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
5149	[NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
5150	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
5151	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
5152};
5153
5154static const struct nla_policy
5155	nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
5156	[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
5157	[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
5158	[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
5159	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
5160	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
5161	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
5162	[NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
5163				    .len = IEEE80211_MAX_DATA_LEN },
5164	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
5165};
5166
5167static int nl80211_parse_mesh_config(struct genl_info *info,
5168				     struct mesh_config *cfg,
5169				     u32 *mask_out)
5170{
5171	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
5172	u32 mask = 0;
5173
5174#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
5175do {									    \
5176	if (tb[attr]) {							    \
5177		if (fn(tb[attr]) < min || fn(tb[attr]) > max)		    \
5178			return -EINVAL;					    \
5179		cfg->param = fn(tb[attr]);				    \
5180		mask |= (1 << (attr - 1));				    \
5181	}								    \
5182} while (0)
5183
5184
5185	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
5186		return -EINVAL;
5187	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
5188			     info->attrs[NL80211_ATTR_MESH_CONFIG],
5189			     nl80211_meshconf_params_policy))
5190		return -EINVAL;
5191
5192	/* This makes sure that there aren't more than 32 mesh config
5193	 * parameters (otherwise our bitfield scheme would not work.) */
5194	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
5195
5196	/* Fill in the params struct */
5197	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
5198				  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
5199				  nla_get_u16);
5200	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
5201				  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
5202				  nla_get_u16);
5203	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
5204				  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
5205				  nla_get_u16);
5206	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
5207				  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
5208				  nla_get_u16);
5209	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
5210				  mask, NL80211_MESHCONF_MAX_RETRIES,
5211				  nla_get_u8);
5212	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
5213				  mask, NL80211_MESHCONF_TTL, nla_get_u8);
5214	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
5215				  mask, NL80211_MESHCONF_ELEMENT_TTL,
5216				  nla_get_u8);
5217	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
5218				  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
5219				  nla_get_u8);
5220	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
5221				  1, 255, mask,
5222				  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
5223				  nla_get_u32);
5224	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
5225				  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
5226				  nla_get_u8);
5227	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
5228				  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
5229				  nla_get_u32);
5230	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
5231				  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
5232				  nla_get_u16);
5233	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
5234				  1, 65535, mask,
5235				  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
5236				  nla_get_u32);
5237	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
5238				  1, 65535, mask,
5239				  NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
5240				  nla_get_u16);
5241	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
5242				  1, 65535, mask,
5243				  NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
5244				  nla_get_u16);
5245	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5246				  dot11MeshHWMPnetDiameterTraversalTime,
5247				  1, 65535, mask,
5248				  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
5249				  nla_get_u16);
5250	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
5251				  mask, NL80211_MESHCONF_HWMP_ROOTMODE,
5252				  nla_get_u8);
5253	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
5254				  mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
5255				  nla_get_u16);
5256	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5257				  dot11MeshGateAnnouncementProtocol, 0, 1,
5258				  mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
5259				  nla_get_u8);
5260	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
5261				  mask, NL80211_MESHCONF_FORWARDING,
5262				  nla_get_u8);
5263	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
5264				  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
5265				  nla_get_s32);
5266	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode, 0, 16,
5267				  mask, NL80211_MESHCONF_HT_OPMODE,
5268				  nla_get_u16);
5269	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
5270				  1, 65535, mask,
5271				  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
5272				  nla_get_u32);
5273	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
5274				  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
5275				  nla_get_u16);
5276	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
5277				  dot11MeshHWMPconfirmationInterval,
5278				  1, 65535, mask,
5279				  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
5280				  nla_get_u16);
5281	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
5282				  NL80211_MESH_POWER_ACTIVE,
5283				  NL80211_MESH_POWER_MAX,
5284				  mask, NL80211_MESHCONF_POWER_MODE,
5285				  nla_get_u32);
5286	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
5287				  0, 65535, mask,
5288				  NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
5289	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
5290				  mask, NL80211_MESHCONF_PLINK_TIMEOUT,
5291				  nla_get_u32);
5292	if (mask_out)
5293		*mask_out = mask;
5294
5295	return 0;
5296
5297#undef FILL_IN_MESH_PARAM_IF_SET
5298}
5299
5300static int nl80211_parse_mesh_setup(struct genl_info *info,
5301				     struct mesh_setup *setup)
5302{
5303	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5304	struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
5305
5306	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
5307		return -EINVAL;
5308	if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
5309			     info->attrs[NL80211_ATTR_MESH_SETUP],
5310			     nl80211_mesh_setup_params_policy))
5311		return -EINVAL;
5312
5313	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
5314		setup->sync_method =
5315		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
5316		 IEEE80211_SYNC_METHOD_VENDOR :
5317		 IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
5318
5319	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
5320		setup->path_sel_proto =
5321		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
5322		 IEEE80211_PATH_PROTOCOL_VENDOR :
5323		 IEEE80211_PATH_PROTOCOL_HWMP;
5324
5325	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
5326		setup->path_metric =
5327		(nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
5328		 IEEE80211_PATH_METRIC_VENDOR :
5329		 IEEE80211_PATH_METRIC_AIRTIME;
5330
5331
5332	if (tb[NL80211_MESH_SETUP_IE]) {
5333		struct nlattr *ieattr =
5334			tb[NL80211_MESH_SETUP_IE];
5335		if (!is_valid_ie_attr(ieattr))
5336			return -EINVAL;
5337		setup->ie = nla_data(ieattr);
5338		setup->ie_len = nla_len(ieattr);
5339	}
5340	if (tb[NL80211_MESH_SETUP_USERSPACE_MPM] &&
5341	    !(rdev->wiphy.features & NL80211_FEATURE_USERSPACE_MPM))
5342		return -EINVAL;
5343	setup->user_mpm = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_MPM]);
5344	setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
5345	setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
5346	if (setup->is_secure)
5347		setup->user_mpm = true;
5348
5349	if (tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]) {
5350		if (!setup->user_mpm)
5351			return -EINVAL;
5352		setup->auth_id =
5353			nla_get_u8(tb[NL80211_MESH_SETUP_AUTH_PROTOCOL]);
5354	}
5355
5356	return 0;
5357}
5358
5359static int nl80211_update_mesh_config(struct sk_buff *skb,
5360				      struct genl_info *info)
5361{
5362	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5363	struct net_device *dev = info->user_ptr[1];
5364	struct wireless_dev *wdev = dev->ieee80211_ptr;
5365	struct mesh_config cfg;
5366	u32 mask;
5367	int err;
5368
5369	if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
5370		return -EOPNOTSUPP;
5371
5372	if (!rdev->ops->update_mesh_config)
5373		return -EOPNOTSUPP;
5374
5375	err = nl80211_parse_mesh_config(info, &cfg, &mask);
5376	if (err)
5377		return err;
5378
5379	wdev_lock(wdev);
5380	if (!wdev->mesh_id_len)
5381		err = -ENOLINK;
5382
5383	if (!err)
5384		err = rdev_update_mesh_config(rdev, dev, mask, &cfg);
5385
5386	wdev_unlock(wdev);
5387
5388	return err;
5389}
5390
5391static int nl80211_put_regdom(const struct ieee80211_regdomain *regdom,
5392			      struct sk_buff *msg)
5393{
5394	struct nlattr *nl_reg_rules;
5395	unsigned int i;
5396
5397	if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, regdom->alpha2) ||
5398	    (regdom->dfs_region &&
5399	     nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
5400		goto nla_put_failure;
5401
5402	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
5403	if (!nl_reg_rules)
5404		goto nla_put_failure;
5405
5406	for (i = 0; i < regdom->n_reg_rules; i++) {
5407		struct nlattr *nl_reg_rule;
5408		const struct ieee80211_reg_rule *reg_rule;
5409		const struct ieee80211_freq_range *freq_range;
5410		const struct ieee80211_power_rule *power_rule;
5411		unsigned int max_bandwidth_khz;
5412
5413		reg_rule = &regdom->reg_rules[i];
5414		freq_range = &reg_rule->freq_range;
5415		power_rule = &reg_rule->power_rule;
5416
5417		nl_reg_rule = nla_nest_start(msg, i);
5418		if (!nl_reg_rule)
5419			goto nla_put_failure;
5420
5421		max_bandwidth_khz = freq_range->max_bandwidth_khz;
5422		if (!max_bandwidth_khz)
5423			max_bandwidth_khz = reg_get_max_bandwidth(regdom,
5424								  reg_rule);
5425
5426		if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
5427				reg_rule->flags) ||
5428		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
5429				freq_range->start_freq_khz) ||
5430		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
5431				freq_range->end_freq_khz) ||
5432		    nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
5433				max_bandwidth_khz) ||
5434		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
5435				power_rule->max_antenna_gain) ||
5436		    nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
5437				power_rule->max_eirp) ||
5438		    nla_put_u32(msg, NL80211_ATTR_DFS_CAC_TIME,
5439				reg_rule->dfs_cac_ms))
5440			goto nla_put_failure;
5441
5442		nla_nest_end(msg, nl_reg_rule);
5443	}
5444
5445	nla_nest_end(msg, nl_reg_rules);
5446	return 0;
5447
5448nla_put_failure:
5449	return -EMSGSIZE;
5450}
5451
5452static int nl80211_get_reg_do(struct sk_buff *skb, struct genl_info *info)
5453{
5454	const struct ieee80211_regdomain *regdom = NULL;
5455	struct cfg80211_registered_device *rdev;
5456	struct wiphy *wiphy = NULL;
5457	struct sk_buff *msg;
5458	void *hdr;
5459
5460	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5461	if (!msg)
5462		return -ENOBUFS;
5463
5464	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
5465			     NL80211_CMD_GET_REG);
5466	if (!hdr)
5467		goto put_failure;
5468
5469	if (info->attrs[NL80211_ATTR_WIPHY]) {
5470		bool self_managed;
5471
5472		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
5473		if (IS_ERR(rdev)) {
5474			nlmsg_free(msg);
5475			return PTR_ERR(rdev);
5476		}
5477
5478		wiphy = &rdev->wiphy;
5479		self_managed = wiphy->regulatory_flags &
5480			       REGULATORY_WIPHY_SELF_MANAGED;
5481		regdom = get_wiphy_regdom(wiphy);
5482
5483		/* a self-managed-reg device must have a private regdom */
5484		if (WARN_ON(!regdom && self_managed)) {
5485			nlmsg_free(msg);
5486			return -EINVAL;
5487		}
5488
5489		if (regdom &&
5490		    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5491			goto nla_put_failure;
5492	}
5493
5494	if (!wiphy && reg_last_request_cell_base() &&
5495	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5496			NL80211_USER_REG_HINT_CELL_BASE))
5497		goto nla_put_failure;
5498
5499	rcu_read_lock();
5500
5501	if (!regdom)
5502		regdom = rcu_dereference(cfg80211_regdomain);
5503
5504	if (nl80211_put_regdom(regdom, msg))
5505		goto nla_put_failure_rcu;
5506
5507	rcu_read_unlock();
5508
5509	genlmsg_end(msg, hdr);
5510	return genlmsg_reply(msg, info);
5511
5512nla_put_failure_rcu:
5513	rcu_read_unlock();
5514nla_put_failure:
5515	genlmsg_cancel(msg, hdr);
5516put_failure:
5517	nlmsg_free(msg);
5518	return -EMSGSIZE;
5519}
5520
5521static int nl80211_send_regdom(struct sk_buff *msg, struct netlink_callback *cb,
5522			       u32 seq, int flags, struct wiphy *wiphy,
5523			       const struct ieee80211_regdomain *regdom)
5524{
5525	void *hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
5526				   NL80211_CMD_GET_REG);
5527
5528	if (!hdr)
5529		return -1;
5530
5531	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5532
5533	if (nl80211_put_regdom(regdom, msg))
5534		goto nla_put_failure;
5535
5536	if (!wiphy && reg_last_request_cell_base() &&
5537	    nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
5538			NL80211_USER_REG_HINT_CELL_BASE))
5539		goto nla_put_failure;
5540
5541	if (wiphy &&
5542	    nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
5543		goto nla_put_failure;
5544
5545	if (wiphy && wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
5546	    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
5547		goto nla_put_failure;
5548
5549	genlmsg_end(msg, hdr);
5550	return 0;
5551
5552nla_put_failure:
5553	genlmsg_cancel(msg, hdr);
5554	return -EMSGSIZE;
5555}
5556
5557static int nl80211_get_reg_dump(struct sk_buff *skb,
5558				struct netlink_callback *cb)
5559{
5560	const struct ieee80211_regdomain *regdom = NULL;
5561	struct cfg80211_registered_device *rdev;
5562	int err, reg_idx, start = cb->args[2];
5563
5564	rtnl_lock();
5565
5566	if (cfg80211_regdomain && start == 0) {
5567		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5568					  NLM_F_MULTI, NULL,
5569					  rtnl_dereference(cfg80211_regdomain));
5570		if (err < 0)
5571			goto out_err;
5572	}
5573
5574	/* the global regdom is idx 0 */
5575	reg_idx = 1;
5576	list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
5577		regdom = get_wiphy_regdom(&rdev->wiphy);
5578		if (!regdom)
5579			continue;
5580
5581		if (++reg_idx <= start)
5582			continue;
5583
5584		err = nl80211_send_regdom(skb, cb, cb->nlh->nlmsg_seq,
5585					  NLM_F_MULTI, &rdev->wiphy, regdom);
5586		if (err < 0) {
5587			reg_idx--;
5588			break;
5589		}
5590	}
5591
5592	cb->args[2] = reg_idx;
5593	err = skb->len;
5594out_err:
5595	rtnl_unlock();
5596	return err;
5597}
5598
5599static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
5600{
5601	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
5602	struct nlattr *nl_reg_rule;
5603	char *alpha2;
5604	int rem_reg_rules, r;
5605	u32 num_rules = 0, rule_idx = 0, size_of_regd;
5606	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
5607	struct ieee80211_regdomain *rd;
5608
5609	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
5610		return -EINVAL;
5611
5612	if (!info->attrs[NL80211_ATTR_REG_RULES])
5613		return -EINVAL;
5614
5615	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
5616
5617	if (info->attrs[NL80211_ATTR_DFS_REGION])
5618		dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
5619
5620	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5621			    rem_reg_rules) {
5622		num_rules++;
5623		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
5624			return -EINVAL;
5625	}
5626
5627	if (!reg_is_valid_request(alpha2))
5628		return -EINVAL;
5629
5630	size_of_regd = sizeof(struct ieee80211_regdomain) +
5631		       num_rules * sizeof(struct ieee80211_reg_rule);
5632
5633	rd = kzalloc(size_of_regd, GFP_KERNEL);
5634	if (!rd)
5635		return -ENOMEM;
5636
5637	rd->n_reg_rules = num_rules;
5638	rd->alpha2[0] = alpha2[0];
5639	rd->alpha2[1] = alpha2[1];
5640
5641	/*
5642	 * Disable DFS master mode if the DFS region was
5643	 * not supported or known on this kernel.
5644	 */
5645	if (reg_supported_dfs_region(dfs_region))
5646		rd->dfs_region = dfs_region;
5647
5648	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
5649			    rem_reg_rules) {
5650		r = nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
5651			      nla_data(nl_reg_rule), nla_len(nl_reg_rule),
5652			      reg_rule_policy);
5653		if (r)
5654			goto bad_reg;
5655		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
5656		if (r)
5657			goto bad_reg;
5658
5659		rule_idx++;
5660
5661		if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
5662			r = -EINVAL;
5663			goto bad_reg;
5664		}
5665	}
5666
5667	r = set_regdom(rd, REGD_SOURCE_CRDA);
5668	/* set_regdom took ownership */
5669	rd = NULL;
5670
5671 bad_reg:
5672	kfree(rd);
5673	return r;
5674}
5675
5676static int validate_scan_freqs(struct nlattr *freqs)
5677{
5678	struct nlattr *attr1, *attr2;
5679	int n_channels = 0, tmp1, tmp2;
5680
5681	nla_for_each_nested(attr1, freqs, tmp1) {
5682		n_channels++;
5683		/*
5684		 * Some hardware has a limited channel list for
5685		 * scanning, and it is pretty much nonsensical
5686		 * to scan for a channel twice, so disallow that
5687		 * and don't require drivers to check that the
5688		 * channel list they get isn't longer than what
5689		 * they can scan, as long as they can scan all
5690		 * the channels they registered at once.
5691		 */
5692		nla_for_each_nested(attr2, freqs, tmp2)
5693			if (attr1 != attr2 &&
5694			    nla_get_u32(attr1) == nla_get_u32(attr2))
5695				return 0;
5696	}
5697
5698	return n_channels;
5699}
5700
5701static int nl80211_parse_random_mac(struct nlattr **attrs,
5702				    u8 *mac_addr, u8 *mac_addr_mask)
5703{
5704	int i;
5705
5706	if (!attrs[NL80211_ATTR_MAC] && !attrs[NL80211_ATTR_MAC_MASK]) {
5707		eth_zero_addr(mac_addr);
5708		eth_zero_addr(mac_addr_mask);
5709		mac_addr[0] = 0x2;
5710		mac_addr_mask[0] = 0x3;
5711
5712		return 0;
5713	}
5714
5715	/* need both or none */
5716	if (!attrs[NL80211_ATTR_MAC] || !attrs[NL80211_ATTR_MAC_MASK])
5717		return -EINVAL;
5718
5719	memcpy(mac_addr, nla_data(attrs[NL80211_ATTR_MAC]), ETH_ALEN);
5720	memcpy(mac_addr_mask, nla_data(attrs[NL80211_ATTR_MAC_MASK]), ETH_ALEN);
5721
5722	/* don't allow or configure an mcast address */
5723	if (!is_multicast_ether_addr(mac_addr_mask) ||
5724	    is_multicast_ether_addr(mac_addr))
5725		return -EINVAL;
5726
5727	/*
5728	 * allow users to pass a MAC address that has bits set outside
5729	 * of the mask, but don't bother drivers with having to deal
5730	 * with such bits
5731	 */
5732	for (i = 0; i < ETH_ALEN; i++)
5733		mac_addr[i] &= mac_addr_mask[i];
5734
5735	return 0;
5736}
5737
5738static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
5739{
5740	struct cfg80211_registered_device *rdev = info->user_ptr[0];
5741	struct wireless_dev *wdev = info->user_ptr[1];
5742	struct cfg80211_scan_request *request;
5743	struct nlattr *attr;
5744	struct wiphy *wiphy;
5745	int err, tmp, n_ssids = 0, n_channels, i;
5746	size_t ie_len;
5747
5748	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5749		return -EINVAL;
5750
5751	wiphy = &rdev->wiphy;
5752
5753	if (!rdev->ops->scan)
5754		return -EOPNOTSUPP;
5755
5756	if (rdev->scan_req || rdev->scan_msg) {
5757		err = -EBUSY;
5758		goto unlock;
5759	}
5760
5761	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5762		n_channels = validate_scan_freqs(
5763				info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5764		if (!n_channels) {
5765			err = -EINVAL;
5766			goto unlock;
5767		}
5768	} else {
5769		n_channels = ieee80211_get_num_supported_channels(wiphy);
5770	}
5771
5772	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
5773		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
5774			n_ssids++;
5775
5776	if (n_ssids > wiphy->max_scan_ssids) {
5777		err = -EINVAL;
5778		goto unlock;
5779	}
5780
5781	if (info->attrs[NL80211_ATTR_IE])
5782		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5783	else
5784		ie_len = 0;
5785
5786	if (ie_len > wiphy->max_scan_ie_len) {
5787		err = -EINVAL;
5788		goto unlock;
5789	}
5790
5791	request = kzalloc(sizeof(*request)
5792			+ sizeof(*request->ssids) * n_ssids
5793			+ sizeof(*request->channels) * n_channels
5794			+ ie_len, GFP_KERNEL);
5795	if (!request) {
5796		err = -ENOMEM;
5797		goto unlock;
5798	}
5799
5800	if (n_ssids)
5801		request->ssids = (void *)&request->channels[n_channels];
5802	request->n_ssids = n_ssids;
5803	if (ie_len) {
5804		if (n_ssids)
5805			request->ie = (void *)(request->ssids + n_ssids);
5806		else
5807			request->ie = (void *)(request->channels + n_channels);
5808	}
5809
5810	i = 0;
5811	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5812		/* user specified, bail out if channel not found */
5813		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
5814			struct ieee80211_channel *chan;
5815
5816			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
5817
5818			if (!chan) {
5819				err = -EINVAL;
5820				goto out_free;
5821			}
5822
5823			/* ignore disabled channels */
5824			if (chan->flags & IEEE80211_CHAN_DISABLED)
5825				continue;
5826
5827			request->channels[i] = chan;
5828			i++;
5829		}
5830	} else {
5831		enum ieee80211_band band;
5832
5833		/* all channels */
5834		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
5835			int j;
5836			if (!wiphy->bands[band])
5837				continue;
5838			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
5839				struct ieee80211_channel *chan;
5840
5841				chan = &wiphy->bands[band]->channels[j];
5842
5843				if (chan->flags & IEEE80211_CHAN_DISABLED)
5844					continue;
5845
5846				request->channels[i] = chan;
5847				i++;
5848			}
5849		}
5850	}
5851
5852	if (!i) {
5853		err = -EINVAL;
5854		goto out_free;
5855	}
5856
5857	request->n_channels = i;
5858
5859	i = 0;
5860	if (n_ssids) {
5861		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
5862			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
5863				err = -EINVAL;
5864				goto out_free;
5865			}
5866			request->ssids[i].ssid_len = nla_len(attr);
5867			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
5868			i++;
5869		}
5870	}
5871
5872	if (info->attrs[NL80211_ATTR_IE]) {
5873		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5874		memcpy((void *)request->ie,
5875		       nla_data(info->attrs[NL80211_ATTR_IE]),
5876		       request->ie_len);
5877	}
5878
5879	for (i = 0; i < IEEE80211_NUM_BANDS; i++)
5880		if (wiphy->bands[i])
5881			request->rates[i] =
5882				(1 << wiphy->bands[i]->n_bitrates) - 1;
5883
5884	if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
5885		nla_for_each_nested(attr,
5886				    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
5887				    tmp) {
5888			enum ieee80211_band band = nla_type(attr);
5889
5890			if (band < 0 || band >= IEEE80211_NUM_BANDS) {
5891				err = -EINVAL;
5892				goto out_free;
5893			}
5894
5895			if (!wiphy->bands[band])
5896				continue;
5897
5898			err = ieee80211_get_ratemask(wiphy->bands[band],
5899						     nla_data(attr),
5900						     nla_len(attr),
5901						     &request->rates[band]);
5902			if (err)
5903				goto out_free;
5904		}
5905	}
5906
5907	if (info->attrs[NL80211_ATTR_SCAN_FLAGS]) {
5908		request->flags = nla_get_u32(
5909			info->attrs[NL80211_ATTR_SCAN_FLAGS]);
5910		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
5911		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
5912			err = -EOPNOTSUPP;
5913			goto out_free;
5914		}
5915
5916		if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
5917			if (!(wiphy->features &
5918					NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR)) {
5919				err = -EOPNOTSUPP;
5920				goto out_free;
5921			}
5922
5923			if (wdev->current_bss) {
5924				err = -EOPNOTSUPP;
5925				goto out_free;
5926			}
5927
5928			err = nl80211_parse_random_mac(info->attrs,
5929						       request->mac_addr,
5930						       request->mac_addr_mask);
5931			if (err)
5932				goto out_free;
5933		}
5934	}
5935
5936	request->no_cck =
5937		nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5938
5939	request->wdev = wdev;
5940	request->wiphy = &rdev->wiphy;
5941	request->scan_start = jiffies;
5942
5943	rdev->scan_req = request;
5944	err = rdev_scan(rdev, request);
5945
5946	if (!err) {
5947		nl80211_send_scan_start(rdev, wdev);
5948		if (wdev->netdev)
5949			dev_hold(wdev->netdev);
5950	} else {
5951 out_free:
5952		rdev->scan_req = NULL;
5953		kfree(request);
5954	}
5955
5956 unlock:
5957	return err;
5958}
5959
5960static struct cfg80211_sched_scan_request *
5961nl80211_parse_sched_scan(struct wiphy *wiphy, struct wireless_dev *wdev,
5962			 struct nlattr **attrs)
5963{
5964	struct cfg80211_sched_scan_request *request;
5965	struct nlattr *attr;
5966	int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
5967	u32 interval;
5968	enum ieee80211_band band;
5969	size_t ie_len;
5970	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
5971	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
5972
5973	if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
5974		return ERR_PTR(-EINVAL);
5975
5976	if (!attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
5977		return ERR_PTR(-EINVAL);
5978
5979	interval = nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
5980	if (interval == 0)
5981		return ERR_PTR(-EINVAL);
5982
5983	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
5984		n_channels = validate_scan_freqs(
5985				attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
5986		if (!n_channels)
5987			return ERR_PTR(-EINVAL);
5988	} else {
5989		n_channels = ieee80211_get_num_supported_channels(wiphy);
5990	}
5991
5992	if (attrs[NL80211_ATTR_SCAN_SSIDS])
5993		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
5994				    tmp)
5995			n_ssids++;
5996
5997	if (n_ssids > wiphy->max_sched_scan_ssids)
5998		return ERR_PTR(-EINVAL);
5999
6000	/*
6001	 * First, count the number of 'real' matchsets. Due to an issue with
6002	 * the old implementation, matchsets containing only the RSSI attribute
6003	 * (NL80211_SCHED_SCAN_MATCH_ATTR_RSSI) are considered as the 'default'
6004	 * RSSI for all matchsets, rather than their own matchset for reporting
6005	 * all APs with a strong RSSI. This is needed to be compatible with
6006	 * older userspace that treated a matchset with only the RSSI as the
6007	 * global RSSI for all other matchsets - if there are other matchsets.
6008	 */
6009	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6010		nla_for_each_nested(attr,
6011				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6012				    tmp) {
6013			struct nlattr *rssi;
6014
6015			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6016					nla_data(attr), nla_len(attr),
6017					nl80211_match_policy);
6018			if (err)
6019				return ERR_PTR(err);
6020			/* add other standalone attributes here */
6021			if (tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID]) {
6022				n_match_sets++;
6023				continue;
6024			}
6025			rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6026			if (rssi)
6027				default_match_rssi = nla_get_s32(rssi);
6028		}
6029	}
6030
6031	/* However, if there's no other matchset, add the RSSI one */
6032	if (!n_match_sets && default_match_rssi != NL80211_SCAN_RSSI_THOLD_OFF)
6033		n_match_sets = 1;
6034
6035	if (n_match_sets > wiphy->max_match_sets)
6036		return ERR_PTR(-EINVAL);
6037
6038	if (attrs[NL80211_ATTR_IE])
6039		ie_len = nla_len(attrs[NL80211_ATTR_IE]);
6040	else
6041		ie_len = 0;
6042
6043	if (ie_len > wiphy->max_sched_scan_ie_len)
6044		return ERR_PTR(-EINVAL);
6045
6046	request = kzalloc(sizeof(*request)
6047			+ sizeof(*request->ssids) * n_ssids
6048			+ sizeof(*request->match_sets) * n_match_sets
6049			+ sizeof(*request->channels) * n_channels
6050			+ ie_len, GFP_KERNEL);
6051	if (!request)
6052		return ERR_PTR(-ENOMEM);
6053
6054	if (n_ssids)
6055		request->ssids = (void *)&request->channels[n_channels];
6056	request->n_ssids = n_ssids;
6057	if (ie_len) {
6058		if (n_ssids)
6059			request->ie = (void *)(request->ssids + n_ssids);
6060		else
6061			request->ie = (void *)(request->channels + n_channels);
6062	}
6063
6064	if (n_match_sets) {
6065		if (request->ie)
6066			request->match_sets = (void *)(request->ie + ie_len);
6067		else if (n_ssids)
6068			request->match_sets =
6069				(void *)(request->ssids + n_ssids);
6070		else
6071			request->match_sets =
6072				(void *)(request->channels + n_channels);
6073	}
6074	request->n_match_sets = n_match_sets;
6075
6076	i = 0;
6077	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
6078		/* user specified, bail out if channel not found */
6079		nla_for_each_nested(attr,
6080				    attrs[NL80211_ATTR_SCAN_FREQUENCIES],
6081				    tmp) {
6082			struct ieee80211_channel *chan;
6083
6084			chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
6085
6086			if (!chan) {
6087				err = -EINVAL;
6088				goto out_free;
6089			}
6090
6091			/* ignore disabled channels */
6092			if (chan->flags & IEEE80211_CHAN_DISABLED)
6093				continue;
6094
6095			request->channels[i] = chan;
6096			i++;
6097		}
6098	} else {
6099		/* all channels */
6100		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
6101			int j;
6102			if (!wiphy->bands[band])
6103				continue;
6104			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
6105				struct ieee80211_channel *chan;
6106
6107				chan = &wiphy->bands[band]->channels[j];
6108
6109				if (chan->flags & IEEE80211_CHAN_DISABLED)
6110					continue;
6111
6112				request->channels[i] = chan;
6113				i++;
6114			}
6115		}
6116	}
6117
6118	if (!i) {
6119		err = -EINVAL;
6120		goto out_free;
6121	}
6122
6123	request->n_channels = i;
6124
6125	i = 0;
6126	if (n_ssids) {
6127		nla_for_each_nested(attr, attrs[NL80211_ATTR_SCAN_SSIDS],
6128				    tmp) {
6129			if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
6130				err = -EINVAL;
6131				goto out_free;
6132			}
6133			request->ssids[i].ssid_len = nla_len(attr);
6134			memcpy(request->ssids[i].ssid, nla_data(attr),
6135			       nla_len(attr));
6136			i++;
6137		}
6138	}
6139
6140	i = 0;
6141	if (attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
6142		nla_for_each_nested(attr,
6143				    attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
6144				    tmp) {
6145			struct nlattr *ssid, *rssi;
6146
6147			err = nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
6148					nla_data(attr), nla_len(attr),
6149					nl80211_match_policy);
6150			if (err)
6151				goto out_free;
6152			ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
6153			if (ssid) {
6154				if (WARN_ON(i >= n_match_sets)) {
6155					/* this indicates a programming error,
6156					 * the loop above should have verified
6157					 * things properly
6158					 */
6159					err = -EINVAL;
6160					goto out_free;
6161				}
6162
6163				if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
6164					err = -EINVAL;
6165					goto out_free;
6166				}
6167				memcpy(request->match_sets[i].ssid.ssid,
6168				       nla_data(ssid), nla_len(ssid));
6169				request->match_sets[i].ssid.ssid_len =
6170					nla_len(ssid);
6171				/* special attribute - old implemenation w/a */
6172				request->match_sets[i].rssi_thold =
6173					default_match_rssi;
6174				rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
6175				if (rssi)
6176					request->match_sets[i].rssi_thold =
6177						nla_get_s32(rssi);
6178			}
6179			i++;
6180		}
6181
6182		/* there was no other matchset, so the RSSI one is alone */
6183		if (i == 0 && n_match_sets)
6184			request->match_sets[0].rssi_thold = default_match_rssi;
6185
6186		request->min_rssi_thold = INT_MAX;
6187		for (i = 0; i < n_match_sets; i++)
6188			request->min_rssi_thold =
6189				min(request->match_sets[i].rssi_thold,
6190				    request->min_rssi_thold);
6191	} else {
6192		request->min_rssi_thold = NL80211_SCAN_RSSI_THOLD_OFF;
6193	}
6194
6195	if (ie_len) {
6196		request->ie_len = ie_len;
6197		memcpy((void *)request->ie,
6198		       nla_data(attrs[NL80211_ATTR_IE]),
6199		       request->ie_len);
6200	}
6201
6202	if (attrs[NL80211_ATTR_SCAN_FLAGS]) {
6203		request->flags = nla_get_u32(
6204			attrs[NL80211_ATTR_SCAN_FLAGS]);
6205		if ((request->flags & NL80211_SCAN_FLAG_LOW_PRIORITY) &&
6206		    !(wiphy->features & NL80211_FEATURE_LOW_PRIORITY_SCAN)) {
6207			err = -EOPNOTSUPP;
6208			goto out_free;
6209		}
6210
6211		if (request->flags & NL80211_SCAN_FLAG_RANDOM_ADDR) {
6212			u32 flg = NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
6213
6214			if (!wdev) /* must be net-detect */
6215				flg = NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
6216
6217			if (!(wiphy->features & flg)) {
6218				err = -EOPNOTSUPP;
6219				goto out_free;
6220			}
6221
6222			if (wdev && wdev->current_bss) {
6223				err = -EOPNOTSUPP;
6224				goto out_free;
6225			}
6226
6227			err = nl80211_parse_random_mac(attrs, request->mac_addr,
6228						       request->mac_addr_mask);
6229			if (err)
6230				goto out_free;
6231		}
6232	}
6233
6234	if (attrs[NL80211_ATTR_SCHED_SCAN_DELAY])
6235		request->delay =
6236			nla_get_u32(attrs[NL80211_ATTR_SCHED_SCAN_DELAY]);
6237
6238	request->interval = interval;
6239	request->scan_start = jiffies;
6240
6241	return request;
6242
6243out_free:
6244	kfree(request);
6245	return ERR_PTR(err);
6246}
6247
6248static int nl80211_start_sched_scan(struct sk_buff *skb,
6249				    struct genl_info *info)
6250{
6251	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6252	struct net_device *dev = info->user_ptr[1];
6253	struct wireless_dev *wdev = dev->ieee80211_ptr;
6254	struct cfg80211_sched_scan_request *sched_scan_req;
6255	int err;
6256
6257	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6258	    !rdev->ops->sched_scan_start)
6259		return -EOPNOTSUPP;
6260
6261	if (rdev->sched_scan_req)
6262		return -EINPROGRESS;
6263
6264	sched_scan_req = nl80211_parse_sched_scan(&rdev->wiphy, wdev,
6265						  info->attrs);
6266
6267	err = PTR_ERR_OR_ZERO(sched_scan_req);
6268	if (err)
6269		goto out_err;
6270
6271	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
6272	if (err)
6273		goto out_free;
6274
6275	sched_scan_req->dev = dev;
6276	sched_scan_req->wiphy = &rdev->wiphy;
6277
6278	if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
6279		sched_scan_req->owner_nlportid = info->snd_portid;
6280
6281	rcu_assign_pointer(rdev->sched_scan_req, sched_scan_req);
6282
6283	nl80211_send_sched_scan(rdev, dev,
6284				NL80211_CMD_START_SCHED_SCAN);
6285	return 0;
6286
6287out_free:
6288	kfree(sched_scan_req);
6289out_err:
6290	return err;
6291}
6292
6293static int nl80211_stop_sched_scan(struct sk_buff *skb,
6294				   struct genl_info *info)
6295{
6296	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6297
6298	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
6299	    !rdev->ops->sched_scan_stop)
6300		return -EOPNOTSUPP;
6301
6302	return __cfg80211_stop_sched_scan(rdev, false);
6303}
6304
6305static int nl80211_start_radar_detection(struct sk_buff *skb,
6306					 struct genl_info *info)
6307{
6308	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6309	struct net_device *dev = info->user_ptr[1];
6310	struct wireless_dev *wdev = dev->ieee80211_ptr;
6311	struct cfg80211_chan_def chandef;
6312	enum nl80211_dfs_regions dfs_region;
6313	unsigned int cac_time_ms;
6314	int err;
6315
6316	dfs_region = reg_get_dfs_region(wdev->wiphy);
6317	if (dfs_region == NL80211_DFS_UNSET)
6318		return -EINVAL;
6319
6320	err = nl80211_parse_chandef(rdev, info, &chandef);
6321	if (err)
6322		return err;
6323
6324	if (netif_carrier_ok(dev))
6325		return -EBUSY;
6326
6327	if (wdev->cac_started)
6328		return -EBUSY;
6329
6330	err = cfg80211_chandef_dfs_required(wdev->wiphy, &chandef,
6331					    wdev->iftype);
6332	if (err < 0)
6333		return err;
6334
6335	if (err == 0)
6336		return -EINVAL;
6337
6338	if (!cfg80211_chandef_dfs_usable(wdev->wiphy, &chandef))
6339		return -EINVAL;
6340
6341	if (!rdev->ops->start_radar_detection)
6342		return -EOPNOTSUPP;
6343
6344	cac_time_ms = cfg80211_chandef_dfs_cac_time(&rdev->wiphy, &chandef);
6345	if (WARN_ON(!cac_time_ms))
6346		cac_time_ms = IEEE80211_DFS_MIN_CAC_TIME_MS;
6347
6348	err = rdev->ops->start_radar_detection(&rdev->wiphy, dev, &chandef,
6349					       cac_time_ms);
6350	if (!err) {
6351		wdev->chandef = chandef;
6352		wdev->cac_started = true;
6353		wdev->cac_start_time = jiffies;
6354		wdev->cac_time_ms = cac_time_ms;
6355	}
6356	return err;
6357}
6358
6359static int nl80211_channel_switch(struct sk_buff *skb, struct genl_info *info)
6360{
6361	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6362	struct net_device *dev = info->user_ptr[1];
6363	struct wireless_dev *wdev = dev->ieee80211_ptr;
6364	struct cfg80211_csa_settings params;
6365	/* csa_attrs is defined static to avoid waste of stack size - this
6366	 * function is called under RTNL lock, so this should not be a problem.
6367	 */
6368	static struct nlattr *csa_attrs[NL80211_ATTR_MAX+1];
6369	int err;
6370	bool need_new_beacon = false;
6371	int len, i;
6372	u32 cs_count;
6373
6374	if (!rdev->ops->channel_switch ||
6375	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH))
6376		return -EOPNOTSUPP;
6377
6378	switch (dev->ieee80211_ptr->iftype) {
6379	case NL80211_IFTYPE_AP:
6380	case NL80211_IFTYPE_P2P_GO:
6381		need_new_beacon = true;
6382
6383		/* useless if AP is not running */
6384		if (!wdev->beacon_interval)
6385			return -ENOTCONN;
6386		break;
6387	case NL80211_IFTYPE_ADHOC:
6388		if (!wdev->ssid_len)
6389			return -ENOTCONN;
6390		break;
6391	case NL80211_IFTYPE_MESH_POINT:
6392		if (!wdev->mesh_id_len)
6393			return -ENOTCONN;
6394		break;
6395	default:
6396		return -EOPNOTSUPP;
6397	}
6398
6399	memset(&params, 0, sizeof(params));
6400
6401	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
6402	    !info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
6403		return -EINVAL;
6404
6405	/* only important for AP, IBSS and mesh create IEs internally */
6406	if (need_new_beacon && !info->attrs[NL80211_ATTR_CSA_IES])
6407		return -EINVAL;
6408
6409	/* Even though the attribute is u32, the specification says
6410	 * u8, so let's make sure we don't overflow.
6411	 */
6412	cs_count = nla_get_u32(info->attrs[NL80211_ATTR_CH_SWITCH_COUNT]);
6413	if (cs_count > 255)
6414		return -EINVAL;
6415
6416	params.count = cs_count;
6417
6418	if (!need_new_beacon)
6419		goto skip_beacons;
6420
6421	err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
6422	if (err)
6423		return err;
6424
6425	err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
6426			       info->attrs[NL80211_ATTR_CSA_IES],
6427			       nl80211_policy);
6428	if (err)
6429		return err;
6430
6431	err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
6432	if (err)
6433		return err;
6434
6435	if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
6436		return -EINVAL;
6437
6438	len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6439	if (!len || (len % sizeof(u16)))
6440		return -EINVAL;
6441
6442	params.n_counter_offsets_beacon = len / sizeof(u16);
6443	if (rdev->wiphy.max_num_csa_counters &&
6444	    (params.n_counter_offsets_beacon >
6445	     rdev->wiphy.max_num_csa_counters))
6446		return -EINVAL;
6447
6448	params.counter_offsets_beacon =
6449		nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
6450
6451	/* sanity checks - counters should fit and be the same */
6452	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
6453		u16 offset = params.counter_offsets_beacon[i];
6454
6455		if (offset >= params.beacon_csa.tail_len)
6456			return -EINVAL;
6457
6458		if (params.beacon_csa.tail[offset] != params.count)
6459			return -EINVAL;
6460	}
6461
6462	if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
6463		len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6464		if (!len || (len % sizeof(u16)))
6465			return -EINVAL;
6466
6467		params.n_counter_offsets_presp = len / sizeof(u16);
6468		if (rdev->wiphy.max_num_csa_counters &&
6469		    (params.n_counter_offsets_beacon >
6470		     rdev->wiphy.max_num_csa_counters))
6471			return -EINVAL;
6472
6473		params.counter_offsets_presp =
6474			nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
6475
6476		/* sanity checks - counters should fit and be the same */
6477		for (i = 0; i < params.n_counter_offsets_presp; i++) {
6478			u16 offset = params.counter_offsets_presp[i];
6479
6480			if (offset >= params.beacon_csa.probe_resp_len)
6481				return -EINVAL;
6482
6483			if (params.beacon_csa.probe_resp[offset] !=
6484			    params.count)
6485				return -EINVAL;
6486		}
6487	}
6488
6489skip_beacons:
6490	err = nl80211_parse_chandef(rdev, info, &params.chandef);
6491	if (err)
6492		return err;
6493
6494	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &params.chandef,
6495				     wdev->iftype))
6496		return -EINVAL;
6497
6498	err = cfg80211_chandef_dfs_required(wdev->wiphy,
6499					    &params.chandef,
6500					    wdev->iftype);
6501	if (err < 0)
6502		return err;
6503
6504	if (err > 0)
6505		params.radar_required = true;
6506
6507	if (info->attrs[NL80211_ATTR_CH_SWITCH_BLOCK_TX])
6508		params.block_tx = true;
6509
6510	wdev_lock(wdev);
6511	err = rdev_channel_switch(rdev, dev, &params);
6512	wdev_unlock(wdev);
6513
6514	return err;
6515}
6516
6517static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
6518			    u32 seq, int flags,
6519			    struct cfg80211_registered_device *rdev,
6520			    struct wireless_dev *wdev,
6521			    struct cfg80211_internal_bss *intbss)
6522{
6523	struct cfg80211_bss *res = &intbss->pub;
6524	const struct cfg80211_bss_ies *ies;
6525	void *hdr;
6526	struct nlattr *bss;
6527
6528	ASSERT_WDEV_LOCK(wdev);
6529
6530	hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
6531			     NL80211_CMD_NEW_SCAN_RESULTS);
6532	if (!hdr)
6533		return -1;
6534
6535	genl_dump_check_consistent(cb, hdr, &nl80211_fam);
6536
6537	if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
6538		goto nla_put_failure;
6539	if (wdev->netdev &&
6540	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
6541		goto nla_put_failure;
6542	if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
6543		goto nla_put_failure;
6544
6545	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
6546	if (!bss)
6547		goto nla_put_failure;
6548	if ((!is_zero_ether_addr(res->bssid) &&
6549	     nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)))
6550		goto nla_put_failure;
6551
6552	rcu_read_lock();
6553	/* indicate whether we have probe response data or not */
6554	if (rcu_access_pointer(res->proberesp_ies) &&
6555	    nla_put_flag(msg, NL80211_BSS_PRESP_DATA))
6556		goto fail_unlock_rcu;
6557
6558	/* this pointer prefers to be pointed to probe response data
6559	 * but is always valid
6560	 */
6561	ies = rcu_dereference(res->ies);
6562	if (ies) {
6563		if (nla_put_u64(msg, NL80211_BSS_TSF, ies->tsf))
6564			goto fail_unlock_rcu;
6565		if (ies->len && nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
6566					ies->len, ies->data))
6567			goto fail_unlock_rcu;
6568	}
6569
6570	/* and this pointer is always (unless driver didn't know) beacon data */
6571	ies = rcu_dereference(res->beacon_ies);
6572	if (ies && ies->from_beacon) {
6573		if (nla_put_u64(msg, NL80211_BSS_BEACON_TSF, ies->tsf))
6574			goto fail_unlock_rcu;
6575		if (ies->len && nla_put(msg, NL80211_BSS_BEACON_IES,
6576					ies->len, ies->data))
6577			goto fail_unlock_rcu;
6578	}
6579	rcu_read_unlock();
6580
6581	if (res->beacon_interval &&
6582	    nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
6583		goto nla_put_failure;
6584	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
6585	    nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
6586	    nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) ||
6587	    nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
6588			jiffies_to_msecs(jiffies - intbss->ts)))
6589		goto nla_put_failure;
6590
6591	switch (rdev->wiphy.signal_type) {
6592	case CFG80211_SIGNAL_TYPE_MBM:
6593		if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
6594			goto nla_put_failure;
6595		break;
6596	case CFG80211_SIGNAL_TYPE_UNSPEC:
6597		if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
6598			goto nla_put_failure;
6599		break;
6600	default:
6601		break;
6602	}
6603
6604	switch (wdev->iftype) {
6605	case NL80211_IFTYPE_P2P_CLIENT:
6606	case NL80211_IFTYPE_STATION:
6607		if (intbss == wdev->current_bss &&
6608		    nla_put_u32(msg, NL80211_BSS_STATUS,
6609				NL80211_BSS_STATUS_ASSOCIATED))
6610			goto nla_put_failure;
6611		break;
6612	case NL80211_IFTYPE_ADHOC:
6613		if (intbss == wdev->current_bss &&
6614		    nla_put_u32(msg, NL80211_BSS_STATUS,
6615				NL80211_BSS_STATUS_IBSS_JOINED))
6616			goto nla_put_failure;
6617		break;
6618	default:
6619		break;
6620	}
6621
6622	nla_nest_end(msg, bss);
6623
6624	genlmsg_end(msg, hdr);
6625	return 0;
6626
6627 fail_unlock_rcu:
6628	rcu_read_unlock();
6629 nla_put_failure:
6630	genlmsg_cancel(msg, hdr);
6631	return -EMSGSIZE;
6632}
6633
6634static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
6635{
6636	struct cfg80211_registered_device *rdev;
6637	struct cfg80211_internal_bss *scan;
6638	struct wireless_dev *wdev;
6639	int start = cb->args[2], idx = 0;
6640	int err;
6641
6642	err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6643	if (err)
6644		return err;
6645
6646	wdev_lock(wdev);
6647	spin_lock_bh(&rdev->bss_lock);
6648	cfg80211_bss_expire(rdev);
6649
6650	cb->seq = rdev->bss_generation;
6651
6652	list_for_each_entry(scan, &rdev->bss_list, list) {
6653		if (++idx <= start)
6654			continue;
6655		if (nl80211_send_bss(skb, cb,
6656				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6657				rdev, wdev, scan) < 0) {
6658			idx--;
6659			break;
6660		}
6661	}
6662
6663	spin_unlock_bh(&rdev->bss_lock);
6664	wdev_unlock(wdev);
6665
6666	cb->args[2] = idx;
6667	nl80211_finish_wdev_dump(rdev);
6668
6669	return skb->len;
6670}
6671
6672static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
6673			       int flags, struct net_device *dev,
6674			       bool allow_radio_stats,
6675			       struct survey_info *survey)
6676{
6677	void *hdr;
6678	struct nlattr *infoattr;
6679
6680	/* skip radio stats if userspace didn't request them */
6681	if (!survey->channel && !allow_radio_stats)
6682		return 0;
6683
6684	hdr = nl80211hdr_put(msg, portid, seq, flags,
6685			     NL80211_CMD_NEW_SURVEY_RESULTS);
6686	if (!hdr)
6687		return -ENOMEM;
6688
6689	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
6690		goto nla_put_failure;
6691
6692	infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
6693	if (!infoattr)
6694		goto nla_put_failure;
6695
6696	if (survey->channel &&
6697	    nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
6698			survey->channel->center_freq))
6699		goto nla_put_failure;
6700
6701	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
6702	    nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
6703		goto nla_put_failure;
6704	if ((survey->filled & SURVEY_INFO_IN_USE) &&
6705	    nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
6706		goto nla_put_failure;
6707	if ((survey->filled & SURVEY_INFO_TIME) &&
6708	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME,
6709			survey->time))
6710		goto nla_put_failure;
6711	if ((survey->filled & SURVEY_INFO_TIME_BUSY) &&
6712	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_BUSY,
6713			survey->time_busy))
6714		goto nla_put_failure;
6715	if ((survey->filled & SURVEY_INFO_TIME_EXT_BUSY) &&
6716	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_EXT_BUSY,
6717			survey->time_ext_busy))
6718		goto nla_put_failure;
6719	if ((survey->filled & SURVEY_INFO_TIME_RX) &&
6720	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_RX,
6721			survey->time_rx))
6722		goto nla_put_failure;
6723	if ((survey->filled & SURVEY_INFO_TIME_TX) &&
6724	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_TX,
6725			survey->time_tx))
6726		goto nla_put_failure;
6727	if ((survey->filled & SURVEY_INFO_TIME_SCAN) &&
6728	    nla_put_u64(msg, NL80211_SURVEY_INFO_TIME_SCAN,
6729			survey->time_scan))
6730		goto nla_put_failure;
6731
6732	nla_nest_end(msg, infoattr);
6733
6734	genlmsg_end(msg, hdr);
6735	return 0;
6736
6737 nla_put_failure:
6738	genlmsg_cancel(msg, hdr);
6739	return -EMSGSIZE;
6740}
6741
6742static int nl80211_dump_survey(struct sk_buff *skb, struct netlink_callback *cb)
6743{
6744	struct survey_info survey;
6745	struct cfg80211_registered_device *rdev;
6746	struct wireless_dev *wdev;
6747	int survey_idx = cb->args[2];
6748	int res;
6749	bool radio_stats;
6750
6751	res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
6752	if (res)
6753		return res;
6754
6755	/* prepare_wdev_dump parsed the attributes */
6756	radio_stats = nl80211_fam.attrbuf[NL80211_ATTR_SURVEY_RADIO_STATS];
6757
6758	if (!wdev->netdev) {
6759		res = -EINVAL;
6760		goto out_err;
6761	}
6762
6763	if (!rdev->ops->dump_survey) {
6764		res = -EOPNOTSUPP;
6765		goto out_err;
6766	}
6767
6768	while (1) {
6769		res = rdev_dump_survey(rdev, wdev->netdev, survey_idx, &survey);
6770		if (res == -ENOENT)
6771			break;
6772		if (res)
6773			goto out_err;
6774
6775		/* don't send disabled channels, but do send non-channel data */
6776		if (survey.channel &&
6777		    survey.channel->flags & IEEE80211_CHAN_DISABLED) {
6778			survey_idx++;
6779			continue;
6780		}
6781
6782		if (nl80211_send_survey(skb,
6783				NETLINK_CB(cb->skb).portid,
6784				cb->nlh->nlmsg_seq, NLM_F_MULTI,
6785				wdev->netdev, radio_stats, &survey) < 0)
6786			goto out;
6787		survey_idx++;
6788	}
6789
6790 out:
6791	cb->args[2] = survey_idx;
6792	res = skb->len;
6793 out_err:
6794	nl80211_finish_wdev_dump(rdev);
6795	return res;
6796}
6797
6798static bool nl80211_valid_wpa_versions(u32 wpa_versions)
6799{
6800	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
6801				  NL80211_WPA_VERSION_2));
6802}
6803
6804static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
6805{
6806	struct cfg80211_registered_device *rdev = info->user_ptr[0];
6807	struct net_device *dev = info->user_ptr[1];
6808	struct ieee80211_channel *chan;
6809	const u8 *bssid, *ssid, *ie = NULL, *sae_data = NULL;
6810	int err, ssid_len, ie_len = 0, sae_data_len = 0;
6811	enum nl80211_auth_type auth_type;
6812	struct key_parse key;
6813	bool local_state_change;
6814
6815	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
6816		return -EINVAL;
6817
6818	if (!info->attrs[NL80211_ATTR_MAC])
6819		return -EINVAL;
6820
6821	if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
6822		return -EINVAL;
6823
6824	if (!info->attrs[NL80211_ATTR_SSID])
6825		return -EINVAL;
6826
6827	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
6828		return -EINVAL;
6829
6830	err = nl80211_parse_key(info, &key);
6831	if (err)
6832		return err;
6833
6834	if (key.idx >= 0) {
6835		if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
6836			return -EINVAL;
6837		if (!key.p.key || !key.p.key_len)
6838			return -EINVAL;
6839		if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
6840		     key.p.key_len != WLAN_KEY_LEN_WEP40) &&
6841		    (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
6842		     key.p.key_len != WLAN_KEY_LEN_WEP104))
6843			return -EINVAL;
6844		if (key.idx > 4)
6845			return -EINVAL;
6846	} else {
6847		key.p.key_len = 0;
6848		key.p.key = NULL;
6849	}
6850
6851	if (key.idx >= 0) {
6852		int i;
6853		bool ok = false;
6854		for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
6855			if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
6856				ok = true;
6857				break;
6858			}
6859		}
6860		if (!ok)
6861			return -EINVAL;
6862	}
6863
6864	if (!rdev->ops->auth)
6865		return -EOPNOTSUPP;
6866
6867	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
6868	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
6869		return -EOPNOTSUPP;
6870
6871	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
6872	chan = nl80211_get_valid_chan(&rdev->wiphy,
6873				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
6874	if (!chan)
6875		return -EINVAL;
6876
6877	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
6878	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
6879
6880	if (info->attrs[NL80211_ATTR_IE]) {
6881		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
6882		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
6883	}
6884
6885	auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
6886	if (!nl80211_valid_auth_type(rdev, auth_type, NL80211_CMD_AUTHENTICATE))
6887		return -EINVAL;
6888
6889	if (auth_type == NL80211_AUTHTYPE_SAE &&
6890	    !info->attrs[NL80211_ATTR_SAE_DATA])
6891		return -EINVAL;
6892
6893	if (info->attrs[NL80211_ATTR_SAE_DATA]) {
6894		if (auth_type != NL80211_AUTHTYPE_SAE)
6895			return -EINVAL;
6896		sae_data = nla_data(info->attrs[NL80211_ATTR_SAE_DATA]);
6897		sae_data_len = nla_len(info->attrs[NL80211_ATTR_SAE_DATA]);
6898		/* need to include at least Auth Transaction and Status Code */
6899		if (sae_data_len < 4)
6900			return -EINVAL;
6901	}
6902
6903	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
6904
6905	/*
6906	 * Since we no longer track auth state, ignore
6907	 * requests to only change local state.
6908	 */
6909	if (local_state_change)
6910		return 0;
6911
6912	wdev_lock(dev->ieee80211_ptr);
6913	err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
6914				 ssid, ssid_len, ie, ie_len,
6915				 key.p.key, key.p.key_len, key.idx,
6916				 sae_data, sae_data_len);
6917	wdev_unlock(dev->ieee80211_ptr);
6918	return err;
6919}
6920
6921static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
6922				   struct genl_info *info,
6923				   struct cfg80211_crypto_settings *settings,
6924				   int cipher_limit)
6925{
6926	memset(settings, 0, sizeof(*settings));
6927
6928	settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
6929
6930	if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
6931		u16 proto;
6932		proto = nla_get_u16(
6933			info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
6934		settings->control_port_ethertype = cpu_to_be16(proto);
6935		if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
6936		    proto != ETH_P_PAE)
6937			return -EINVAL;
6938		if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
6939			settings->control_port_no_encrypt = true;
6940	} else
6941		settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
6942
6943	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
6944		void *data;
6945		int len, i;
6946
6947		data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6948		len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
6949		settings->n_ciphers_pairwise = len / sizeof(u32);
6950
6951		if (len % sizeof(u32))
6952			return -EINVAL;
6953
6954		if (settings->n_ciphers_pairwise > cipher_limit)
6955			return -EINVAL;
6956
6957		memcpy(settings->ciphers_pairwise, data, len);
6958
6959		for (i = 0; i < settings->n_ciphers_pairwise; i++)
6960			if (!cfg80211_supported_cipher_suite(
6961					&rdev->wiphy,
6962					settings->ciphers_pairwise[i]))
6963				return -EINVAL;
6964	}
6965
6966	if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
6967		settings->cipher_group =
6968			nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
6969		if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
6970						     settings->cipher_group))
6971			return -EINVAL;
6972	}
6973
6974	if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
6975		settings->wpa_versions =
6976			nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
6977		if (!nl80211_valid_wpa_versions(settings->wpa_versions))
6978			return -EINVAL;
6979	}
6980
6981	if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
6982		void *data;
6983		int len;
6984
6985		data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
6986		len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
6987		settings->n_akm_suites = len / sizeof(u32);
6988
6989		if (len % sizeof(u32))
6990			return -EINVAL;
6991
6992		if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
6993			return -EINVAL;
6994
6995		memcpy(settings->akm_suites, data, len);
6996	}
6997
6998	return 0;
6999}
7000
7001static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
7002{
7003	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7004	struct net_device *dev = info->user_ptr[1];
7005	struct ieee80211_channel *chan;
7006	struct cfg80211_assoc_request req = {};
7007	const u8 *bssid, *ssid;
7008	int err, ssid_len = 0;
7009
7010	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7011		return -EINVAL;
7012
7013	if (!info->attrs[NL80211_ATTR_MAC] ||
7014	    !info->attrs[NL80211_ATTR_SSID] ||
7015	    !info->attrs[NL80211_ATTR_WIPHY_FREQ])
7016		return -EINVAL;
7017
7018	if (!rdev->ops->assoc)
7019		return -EOPNOTSUPP;
7020
7021	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7022	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7023		return -EOPNOTSUPP;
7024
7025	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7026
7027	chan = nl80211_get_valid_chan(&rdev->wiphy,
7028				      info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7029	if (!chan)
7030		return -EINVAL;
7031
7032	ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7033	ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7034
7035	if (info->attrs[NL80211_ATTR_IE]) {
7036		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7037		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7038	}
7039
7040	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7041		enum nl80211_mfp mfp =
7042			nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7043		if (mfp == NL80211_MFP_REQUIRED)
7044			req.use_mfp = true;
7045		else if (mfp != NL80211_MFP_NO)
7046			return -EINVAL;
7047	}
7048
7049	if (info->attrs[NL80211_ATTR_PREV_BSSID])
7050		req.prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
7051
7052	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7053		req.flags |= ASSOC_REQ_DISABLE_HT;
7054
7055	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7056		memcpy(&req.ht_capa_mask,
7057		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7058		       sizeof(req.ht_capa_mask));
7059
7060	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7061		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7062			return -EINVAL;
7063		memcpy(&req.ht_capa,
7064		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7065		       sizeof(req.ht_capa));
7066	}
7067
7068	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7069		req.flags |= ASSOC_REQ_DISABLE_VHT;
7070
7071	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7072		memcpy(&req.vht_capa_mask,
7073		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7074		       sizeof(req.vht_capa_mask));
7075
7076	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7077		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7078			return -EINVAL;
7079		memcpy(&req.vht_capa,
7080		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7081		       sizeof(req.vht_capa));
7082	}
7083
7084	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7085		if (!(rdev->wiphy.features &
7086		      NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
7087		    !(rdev->wiphy.features & NL80211_FEATURE_QUIET))
7088			return -EINVAL;
7089		req.flags |= ASSOC_REQ_USE_RRM;
7090	}
7091
7092	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
7093	if (!err) {
7094		wdev_lock(dev->ieee80211_ptr);
7095		err = cfg80211_mlme_assoc(rdev, dev, chan, bssid,
7096					  ssid, ssid_len, &req);
7097		wdev_unlock(dev->ieee80211_ptr);
7098	}
7099
7100	return err;
7101}
7102
7103static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
7104{
7105	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7106	struct net_device *dev = info->user_ptr[1];
7107	const u8 *ie = NULL, *bssid;
7108	int ie_len = 0, err;
7109	u16 reason_code;
7110	bool local_state_change;
7111
7112	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7113		return -EINVAL;
7114
7115	if (!info->attrs[NL80211_ATTR_MAC])
7116		return -EINVAL;
7117
7118	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7119		return -EINVAL;
7120
7121	if (!rdev->ops->deauth)
7122		return -EOPNOTSUPP;
7123
7124	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7125	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7126		return -EOPNOTSUPP;
7127
7128	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7129
7130	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7131	if (reason_code == 0) {
7132		/* Reason Code 0 is reserved */
7133		return -EINVAL;
7134	}
7135
7136	if (info->attrs[NL80211_ATTR_IE]) {
7137		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7138		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7139	}
7140
7141	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7142
7143	wdev_lock(dev->ieee80211_ptr);
7144	err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
7145				   local_state_change);
7146	wdev_unlock(dev->ieee80211_ptr);
7147	return err;
7148}
7149
7150static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
7151{
7152	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7153	struct net_device *dev = info->user_ptr[1];
7154	const u8 *ie = NULL, *bssid;
7155	int ie_len = 0, err;
7156	u16 reason_code;
7157	bool local_state_change;
7158
7159	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7160		return -EINVAL;
7161
7162	if (!info->attrs[NL80211_ATTR_MAC])
7163		return -EINVAL;
7164
7165	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7166		return -EINVAL;
7167
7168	if (!rdev->ops->disassoc)
7169		return -EOPNOTSUPP;
7170
7171	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7172	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7173		return -EOPNOTSUPP;
7174
7175	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7176
7177	reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7178	if (reason_code == 0) {
7179		/* Reason Code 0 is reserved */
7180		return -EINVAL;
7181	}
7182
7183	if (info->attrs[NL80211_ATTR_IE]) {
7184		ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7185		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7186	}
7187
7188	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
7189
7190	wdev_lock(dev->ieee80211_ptr);
7191	err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
7192				     local_state_change);
7193	wdev_unlock(dev->ieee80211_ptr);
7194	return err;
7195}
7196
7197static bool
7198nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
7199			 int mcast_rate[IEEE80211_NUM_BANDS],
7200			 int rateval)
7201{
7202	struct wiphy *wiphy = &rdev->wiphy;
7203	bool found = false;
7204	int band, i;
7205
7206	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
7207		struct ieee80211_supported_band *sband;
7208
7209		sband = wiphy->bands[band];
7210		if (!sband)
7211			continue;
7212
7213		for (i = 0; i < sband->n_bitrates; i++) {
7214			if (sband->bitrates[i].bitrate == rateval) {
7215				mcast_rate[band] = i + 1;
7216				found = true;
7217				break;
7218			}
7219		}
7220	}
7221
7222	return found;
7223}
7224
7225static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
7226{
7227	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7228	struct net_device *dev = info->user_ptr[1];
7229	struct cfg80211_ibss_params ibss;
7230	struct wiphy *wiphy;
7231	struct cfg80211_cached_keys *connkeys = NULL;
7232	int err;
7233
7234	memset(&ibss, 0, sizeof(ibss));
7235
7236	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7237		return -EINVAL;
7238
7239	if (!info->attrs[NL80211_ATTR_SSID] ||
7240	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7241		return -EINVAL;
7242
7243	ibss.beacon_interval = 100;
7244
7245	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
7246		ibss.beacon_interval =
7247			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
7248		if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
7249			return -EINVAL;
7250	}
7251
7252	if (!rdev->ops->join_ibss)
7253		return -EOPNOTSUPP;
7254
7255	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7256		return -EOPNOTSUPP;
7257
7258	wiphy = &rdev->wiphy;
7259
7260	if (info->attrs[NL80211_ATTR_MAC]) {
7261		ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7262
7263		if (!is_valid_ether_addr(ibss.bssid))
7264			return -EINVAL;
7265	}
7266	ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7267	ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7268
7269	if (info->attrs[NL80211_ATTR_IE]) {
7270		ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7271		ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7272	}
7273
7274	err = nl80211_parse_chandef(rdev, info, &ibss.chandef);
7275	if (err)
7276		return err;
7277
7278	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &ibss.chandef,
7279				     NL80211_IFTYPE_ADHOC))
7280		return -EINVAL;
7281
7282	switch (ibss.chandef.width) {
7283	case NL80211_CHAN_WIDTH_5:
7284	case NL80211_CHAN_WIDTH_10:
7285	case NL80211_CHAN_WIDTH_20_NOHT:
7286		break;
7287	case NL80211_CHAN_WIDTH_20:
7288	case NL80211_CHAN_WIDTH_40:
7289		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7290			return -EINVAL;
7291		break;
7292	case NL80211_CHAN_WIDTH_80:
7293	case NL80211_CHAN_WIDTH_80P80:
7294	case NL80211_CHAN_WIDTH_160:
7295		if (!(rdev->wiphy.features & NL80211_FEATURE_HT_IBSS))
7296			return -EINVAL;
7297		if (!wiphy_ext_feature_isset(&rdev->wiphy,
7298					     NL80211_EXT_FEATURE_VHT_IBSS))
7299			return -EINVAL;
7300		break;
7301	default:
7302		return -EINVAL;
7303	}
7304
7305	ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
7306	ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
7307
7308	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
7309		u8 *rates =
7310			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7311		int n_rates =
7312			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
7313		struct ieee80211_supported_band *sband =
7314			wiphy->bands[ibss.chandef.chan->band];
7315
7316		err = ieee80211_get_ratemask(sband, rates, n_rates,
7317					     &ibss.basic_rates);
7318		if (err)
7319			return err;
7320	}
7321
7322	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7323		memcpy(&ibss.ht_capa_mask,
7324		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7325		       sizeof(ibss.ht_capa_mask));
7326
7327	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7328		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7329			return -EINVAL;
7330		memcpy(&ibss.ht_capa,
7331		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7332		       sizeof(ibss.ht_capa));
7333	}
7334
7335	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
7336	    !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
7337			nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
7338		return -EINVAL;
7339
7340	if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7341		bool no_ht = false;
7342
7343		connkeys = nl80211_parse_connkeys(rdev,
7344					  info->attrs[NL80211_ATTR_KEYS],
7345					  &no_ht);
7346		if (IS_ERR(connkeys))
7347			return PTR_ERR(connkeys);
7348
7349		if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
7350		    no_ht) {
7351			kfree(connkeys);
7352			return -EINVAL;
7353		}
7354	}
7355
7356	ibss.control_port =
7357		nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
7358
7359	ibss.userspace_handles_dfs =
7360		nla_get_flag(info->attrs[NL80211_ATTR_HANDLE_DFS]);
7361
7362	err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
7363	if (err)
7364		kzfree(connkeys);
7365	return err;
7366}
7367
7368static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
7369{
7370	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7371	struct net_device *dev = info->user_ptr[1];
7372
7373	if (!rdev->ops->leave_ibss)
7374		return -EOPNOTSUPP;
7375
7376	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
7377		return -EOPNOTSUPP;
7378
7379	return cfg80211_leave_ibss(rdev, dev, false);
7380}
7381
7382static int nl80211_set_mcast_rate(struct sk_buff *skb, struct genl_info *info)
7383{
7384	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7385	struct net_device *dev = info->user_ptr[1];
7386	int mcast_rate[IEEE80211_NUM_BANDS];
7387	u32 nla_rate;
7388	int err;
7389
7390	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
7391	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
7392		return -EOPNOTSUPP;
7393
7394	if (!rdev->ops->set_mcast_rate)
7395		return -EOPNOTSUPP;
7396
7397	memset(mcast_rate, 0, sizeof(mcast_rate));
7398
7399	if (!info->attrs[NL80211_ATTR_MCAST_RATE])
7400		return -EINVAL;
7401
7402	nla_rate = nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE]);
7403	if (!nl80211_parse_mcast_rate(rdev, mcast_rate, nla_rate))
7404		return -EINVAL;
7405
7406	err = rdev->ops->set_mcast_rate(&rdev->wiphy, dev, mcast_rate);
7407
7408	return err;
7409}
7410
7411static struct sk_buff *
7412__cfg80211_alloc_vendor_skb(struct cfg80211_registered_device *rdev,
7413			    struct wireless_dev *wdev, int approxlen,
7414			    u32 portid, u32 seq, enum nl80211_commands cmd,
7415			    enum nl80211_attrs attr,
7416			    const struct nl80211_vendor_cmd_info *info,
7417			    gfp_t gfp)
7418{
7419	struct sk_buff *skb;
7420	void *hdr;
7421	struct nlattr *data;
7422
7423	skb = nlmsg_new(approxlen + 100, gfp);
7424	if (!skb)
7425		return NULL;
7426
7427	hdr = nl80211hdr_put(skb, portid, seq, 0, cmd);
7428	if (!hdr) {
7429		kfree_skb(skb);
7430		return NULL;
7431	}
7432
7433	if (nla_put_u32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
7434		goto nla_put_failure;
7435
7436	if (info) {
7437		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_ID,
7438				info->vendor_id))
7439			goto nla_put_failure;
7440		if (nla_put_u32(skb, NL80211_ATTR_VENDOR_SUBCMD,
7441				info->subcmd))
7442			goto nla_put_failure;
7443	}
7444
7445	if (wdev) {
7446		if (nla_put_u64(skb, NL80211_ATTR_WDEV,
7447				wdev_id(wdev)))
7448			goto nla_put_failure;
7449		if (wdev->netdev &&
7450		    nla_put_u32(skb, NL80211_ATTR_IFINDEX,
7451				wdev->netdev->ifindex))
7452			goto nla_put_failure;
7453	}
7454
7455	data = nla_nest_start(skb, attr);
7456
7457	((void **)skb->cb)[0] = rdev;
7458	((void **)skb->cb)[1] = hdr;
7459	((void **)skb->cb)[2] = data;
7460
7461	return skb;
7462
7463 nla_put_failure:
7464	kfree_skb(skb);
7465	return NULL;
7466}
7467
7468struct sk_buff *__cfg80211_alloc_event_skb(struct wiphy *wiphy,
7469					   struct wireless_dev *wdev,
7470					   enum nl80211_commands cmd,
7471					   enum nl80211_attrs attr,
7472					   int vendor_event_idx,
7473					   int approxlen, gfp_t gfp)
7474{
7475	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
7476	const struct nl80211_vendor_cmd_info *info;
7477
7478	switch (cmd) {
7479	case NL80211_CMD_TESTMODE:
7480		if (WARN_ON(vendor_event_idx != -1))
7481			return NULL;
7482		info = NULL;
7483		break;
7484	case NL80211_CMD_VENDOR:
7485		if (WARN_ON(vendor_event_idx < 0 ||
7486			    vendor_event_idx >= wiphy->n_vendor_events))
7487			return NULL;
7488		info = &wiphy->vendor_events[vendor_event_idx];
7489		break;
7490	default:
7491		WARN_ON(1);
7492		return NULL;
7493	}
7494
7495	return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
7496					   cmd, attr, info, gfp);
7497}
7498EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
7499
7500void __cfg80211_send_event_skb(struct sk_buff *skb, gfp_t gfp)
7501{
7502	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
7503	void *hdr = ((void **)skb->cb)[1];
7504	struct nlattr *data = ((void **)skb->cb)[2];
7505	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
7506
7507	/* clear CB data for netlink core to own from now on */
7508	memset(skb->cb, 0, sizeof(skb->cb));
7509
7510	nla_nest_end(skb, data);
7511	genlmsg_end(skb, hdr);
7512
7513	if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
7514		mcgrp = NL80211_MCGRP_VENDOR;
7515
7516	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
7517				mcgrp, gfp);
7518}
7519EXPORT_SYMBOL(__cfg80211_send_event_skb);
7520
7521#ifdef CONFIG_NL80211_TESTMODE
7522static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
7523{
7524	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7525	struct wireless_dev *wdev =
7526		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
7527	int err;
7528
7529	if (!rdev->ops->testmode_cmd)
7530		return -EOPNOTSUPP;
7531
7532	if (IS_ERR(wdev)) {
7533		err = PTR_ERR(wdev);
7534		if (err != -EINVAL)
7535			return err;
7536		wdev = NULL;
7537	} else if (wdev->wiphy != &rdev->wiphy) {
7538		return -EINVAL;
7539	}
7540
7541	if (!info->attrs[NL80211_ATTR_TESTDATA])
7542		return -EINVAL;
7543
7544	rdev->cur_cmd_info = info;
7545	err = rdev_testmode_cmd(rdev, wdev,
7546				nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
7547				nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
7548	rdev->cur_cmd_info = NULL;
7549
7550	return err;
7551}
7552
7553static int nl80211_testmode_dump(struct sk_buff *skb,
7554				 struct netlink_callback *cb)
7555{
7556	struct cfg80211_registered_device *rdev;
7557	int err;
7558	long phy_idx;
7559	void *data = NULL;
7560	int data_len = 0;
7561
7562	rtnl_lock();
7563
7564	if (cb->args[0]) {
7565		/*
7566		 * 0 is a valid index, but not valid for args[0],
7567		 * so we need to offset by 1.
7568		 */
7569		phy_idx = cb->args[0] - 1;
7570	} else {
7571		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
7572				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
7573				  nl80211_policy);
7574		if (err)
7575			goto out_err;
7576
7577		rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk),
7578						  nl80211_fam.attrbuf);
7579		if (IS_ERR(rdev)) {
7580			err = PTR_ERR(rdev);
7581			goto out_err;
7582		}
7583		phy_idx = rdev->wiphy_idx;
7584		rdev = NULL;
7585
7586		if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
7587			cb->args[1] =
7588				(long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
7589	}
7590
7591	if (cb->args[1]) {
7592		data = nla_data((void *)cb->args[1]);
7593		data_len = nla_len((void *)cb->args[1]);
7594	}
7595
7596	rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
7597	if (!rdev) {
7598		err = -ENOENT;
7599		goto out_err;
7600	}
7601
7602	if (!rdev->ops->testmode_dump) {
7603		err = -EOPNOTSUPP;
7604		goto out_err;
7605	}
7606
7607	while (1) {
7608		void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).portid,
7609					   cb->nlh->nlmsg_seq, NLM_F_MULTI,
7610					   NL80211_CMD_TESTMODE);
7611		struct nlattr *tmdata;
7612
7613		if (!hdr)
7614			break;
7615
7616		if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx)) {
7617			genlmsg_cancel(skb, hdr);
7618			break;
7619		}
7620
7621		tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
7622		if (!tmdata) {
7623			genlmsg_cancel(skb, hdr);
7624			break;
7625		}
7626		err = rdev_testmode_dump(rdev, skb, cb, data, data_len);
7627		nla_nest_end(skb, tmdata);
7628
7629		if (err == -ENOBUFS || err == -ENOENT) {
7630			genlmsg_cancel(skb, hdr);
7631			break;
7632		} else if (err) {
7633			genlmsg_cancel(skb, hdr);
7634			goto out_err;
7635		}
7636
7637		genlmsg_end(skb, hdr);
7638	}
7639
7640	err = skb->len;
7641	/* see above */
7642	cb->args[0] = phy_idx + 1;
7643 out_err:
7644	rtnl_unlock();
7645	return err;
7646}
7647#endif
7648
7649static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
7650{
7651	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7652	struct net_device *dev = info->user_ptr[1];
7653	struct cfg80211_connect_params connect;
7654	struct wiphy *wiphy;
7655	struct cfg80211_cached_keys *connkeys = NULL;
7656	int err;
7657
7658	memset(&connect, 0, sizeof(connect));
7659
7660	if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7661		return -EINVAL;
7662
7663	if (!info->attrs[NL80211_ATTR_SSID] ||
7664	    !nla_len(info->attrs[NL80211_ATTR_SSID]))
7665		return -EINVAL;
7666
7667	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
7668		connect.auth_type =
7669			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
7670		if (!nl80211_valid_auth_type(rdev, connect.auth_type,
7671					     NL80211_CMD_CONNECT))
7672			return -EINVAL;
7673	} else
7674		connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
7675
7676	connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
7677
7678	err = nl80211_crypto_settings(rdev, info, &connect.crypto,
7679				      NL80211_MAX_NR_CIPHER_SUITES);
7680	if (err)
7681		return err;
7682
7683	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7684	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7685		return -EOPNOTSUPP;
7686
7687	wiphy = &rdev->wiphy;
7688
7689	connect.bg_scan_period = -1;
7690	if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
7691		(wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
7692		connect.bg_scan_period =
7693			nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
7694	}
7695
7696	if (info->attrs[NL80211_ATTR_MAC])
7697		connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7698	else if (info->attrs[NL80211_ATTR_MAC_HINT])
7699		connect.bssid_hint =
7700			nla_data(info->attrs[NL80211_ATTR_MAC_HINT]);
7701	connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
7702	connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
7703
7704	if (info->attrs[NL80211_ATTR_IE]) {
7705		connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
7706		connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7707	}
7708
7709	if (info->attrs[NL80211_ATTR_USE_MFP]) {
7710		connect.mfp = nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
7711		if (connect.mfp != NL80211_MFP_REQUIRED &&
7712		    connect.mfp != NL80211_MFP_NO)
7713			return -EINVAL;
7714	} else {
7715		connect.mfp = NL80211_MFP_NO;
7716	}
7717
7718	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
7719		connect.channel = nl80211_get_valid_chan(
7720			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
7721		if (!connect.channel)
7722			return -EINVAL;
7723	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
7724		connect.channel_hint = nl80211_get_valid_chan(
7725			wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
7726		if (!connect.channel_hint)
7727			return -EINVAL;
7728	}
7729
7730	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
7731		connkeys = nl80211_parse_connkeys(rdev,
7732					  info->attrs[NL80211_ATTR_KEYS], NULL);
7733		if (IS_ERR(connkeys))
7734			return PTR_ERR(connkeys);
7735	}
7736
7737	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
7738		connect.flags |= ASSOC_REQ_DISABLE_HT;
7739
7740	if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
7741		memcpy(&connect.ht_capa_mask,
7742		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
7743		       sizeof(connect.ht_capa_mask));
7744
7745	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
7746		if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
7747			kzfree(connkeys);
7748			return -EINVAL;
7749		}
7750		memcpy(&connect.ht_capa,
7751		       nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
7752		       sizeof(connect.ht_capa));
7753	}
7754
7755	if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_VHT]))
7756		connect.flags |= ASSOC_REQ_DISABLE_VHT;
7757
7758	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK])
7759		memcpy(&connect.vht_capa_mask,
7760		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]),
7761		       sizeof(connect.vht_capa_mask));
7762
7763	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
7764		if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
7765			kzfree(connkeys);
7766			return -EINVAL;
7767		}
7768		memcpy(&connect.vht_capa,
7769		       nla_data(info->attrs[NL80211_ATTR_VHT_CAPABILITY]),
7770		       sizeof(connect.vht_capa));
7771	}
7772
7773	if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) {
7774		if (!(rdev->wiphy.features &
7775		      NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) ||
7776		    !(rdev->wiphy.features & NL80211_FEATURE_QUIET))
7777			return -EINVAL;
7778		connect.flags |= ASSOC_REQ_USE_RRM;
7779	}
7780
7781	wdev_lock(dev->ieee80211_ptr);
7782	err = cfg80211_connect(rdev, dev, &connect, connkeys, NULL);
7783	wdev_unlock(dev->ieee80211_ptr);
7784	if (err)
7785		kzfree(connkeys);
7786	return err;
7787}
7788
7789static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
7790{
7791	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7792	struct net_device *dev = info->user_ptr[1];
7793	u16 reason;
7794	int ret;
7795
7796	if (!info->attrs[NL80211_ATTR_REASON_CODE])
7797		reason = WLAN_REASON_DEAUTH_LEAVING;
7798	else
7799		reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
7800
7801	if (reason == 0)
7802		return -EINVAL;
7803
7804	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7805	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7806		return -EOPNOTSUPP;
7807
7808	wdev_lock(dev->ieee80211_ptr);
7809	ret = cfg80211_disconnect(rdev, dev, reason, true);
7810	wdev_unlock(dev->ieee80211_ptr);
7811	return ret;
7812}
7813
7814static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
7815{
7816	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7817	struct net *net;
7818	int err;
7819
7820	if (info->attrs[NL80211_ATTR_PID]) {
7821		u32 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
7822
7823		net = get_net_ns_by_pid(pid);
7824	} else if (info->attrs[NL80211_ATTR_NETNS_FD]) {
7825		u32 fd = nla_get_u32(info->attrs[NL80211_ATTR_NETNS_FD]);
7826
7827		net = get_net_ns_by_fd(fd);
7828	} else {
7829		return -EINVAL;
7830	}
7831
7832	if (IS_ERR(net))
7833		return PTR_ERR(net);
7834
7835	err = 0;
7836
7837	/* check if anything to do */
7838	if (!net_eq(wiphy_net(&rdev->wiphy), net))
7839		err = cfg80211_switch_netns(rdev, net);
7840
7841	put_net(net);
7842	return err;
7843}
7844
7845static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
7846{
7847	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7848	int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
7849			struct cfg80211_pmksa *pmksa) = NULL;
7850	struct net_device *dev = info->user_ptr[1];
7851	struct cfg80211_pmksa pmksa;
7852
7853	memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
7854
7855	if (!info->attrs[NL80211_ATTR_MAC])
7856		return -EINVAL;
7857
7858	if (!info->attrs[NL80211_ATTR_PMKID])
7859		return -EINVAL;
7860
7861	pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
7862	pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
7863
7864	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7865	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7866		return -EOPNOTSUPP;
7867
7868	switch (info->genlhdr->cmd) {
7869	case NL80211_CMD_SET_PMKSA:
7870		rdev_ops = rdev->ops->set_pmksa;
7871		break;
7872	case NL80211_CMD_DEL_PMKSA:
7873		rdev_ops = rdev->ops->del_pmksa;
7874		break;
7875	default:
7876		WARN_ON(1);
7877		break;
7878	}
7879
7880	if (!rdev_ops)
7881		return -EOPNOTSUPP;
7882
7883	return rdev_ops(&rdev->wiphy, dev, &pmksa);
7884}
7885
7886static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
7887{
7888	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7889	struct net_device *dev = info->user_ptr[1];
7890
7891	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
7892	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
7893		return -EOPNOTSUPP;
7894
7895	if (!rdev->ops->flush_pmksa)
7896		return -EOPNOTSUPP;
7897
7898	return rdev_flush_pmksa(rdev, dev);
7899}
7900
7901static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
7902{
7903	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7904	struct net_device *dev = info->user_ptr[1];
7905	u8 action_code, dialog_token;
7906	u32 peer_capability = 0;
7907	u16 status_code;
7908	u8 *peer;
7909	bool initiator;
7910
7911	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7912	    !rdev->ops->tdls_mgmt)
7913		return -EOPNOTSUPP;
7914
7915	if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
7916	    !info->attrs[NL80211_ATTR_STATUS_CODE] ||
7917	    !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
7918	    !info->attrs[NL80211_ATTR_IE] ||
7919	    !info->attrs[NL80211_ATTR_MAC])
7920		return -EINVAL;
7921
7922	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7923	action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
7924	status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
7925	dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
7926	initiator = nla_get_flag(info->attrs[NL80211_ATTR_TDLS_INITIATOR]);
7927	if (info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY])
7928		peer_capability =
7929			nla_get_u32(info->attrs[NL80211_ATTR_TDLS_PEER_CAPABILITY]);
7930
7931	return rdev_tdls_mgmt(rdev, dev, peer, action_code,
7932			      dialog_token, status_code, peer_capability,
7933			      initiator,
7934			      nla_data(info->attrs[NL80211_ATTR_IE]),
7935			      nla_len(info->attrs[NL80211_ATTR_IE]));
7936}
7937
7938static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
7939{
7940	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7941	struct net_device *dev = info->user_ptr[1];
7942	enum nl80211_tdls_operation operation;
7943	u8 *peer;
7944
7945	if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
7946	    !rdev->ops->tdls_oper)
7947		return -EOPNOTSUPP;
7948
7949	if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
7950	    !info->attrs[NL80211_ATTR_MAC])
7951		return -EINVAL;
7952
7953	operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
7954	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
7955
7956	return rdev_tdls_oper(rdev, dev, peer, operation);
7957}
7958
7959static int nl80211_remain_on_channel(struct sk_buff *skb,
7960				     struct genl_info *info)
7961{
7962	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7963	struct wireless_dev *wdev = info->user_ptr[1];
7964	struct cfg80211_chan_def chandef;
7965	struct sk_buff *msg;
7966	void *hdr;
7967	u64 cookie;
7968	u32 duration;
7969	int err;
7970
7971	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
7972	    !info->attrs[NL80211_ATTR_DURATION])
7973		return -EINVAL;
7974
7975	duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
7976
7977	if (!rdev->ops->remain_on_channel ||
7978	    !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
7979		return -EOPNOTSUPP;
7980
7981	/*
7982	 * We should be on that channel for at least a minimum amount of
7983	 * time (10ms) but no longer than the driver supports.
7984	 */
7985	if (duration < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
7986	    duration > rdev->wiphy.max_remain_on_channel_duration)
7987		return -EINVAL;
7988
7989	err = nl80211_parse_chandef(rdev, info, &chandef);
7990	if (err)
7991		return err;
7992
7993	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
7994	if (!msg)
7995		return -ENOMEM;
7996
7997	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
7998			     NL80211_CMD_REMAIN_ON_CHANNEL);
7999	if (!hdr) {
8000		err = -ENOBUFS;
8001		goto free_msg;
8002	}
8003
8004	err = rdev_remain_on_channel(rdev, wdev, chandef.chan,
8005				     duration, &cookie);
8006
8007	if (err)
8008		goto free_msg;
8009
8010	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8011		goto nla_put_failure;
8012
8013	genlmsg_end(msg, hdr);
8014
8015	return genlmsg_reply(msg, info);
8016
8017 nla_put_failure:
8018	err = -ENOBUFS;
8019 free_msg:
8020	nlmsg_free(msg);
8021	return err;
8022}
8023
8024static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
8025					    struct genl_info *info)
8026{
8027	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8028	struct wireless_dev *wdev = info->user_ptr[1];
8029	u64 cookie;
8030
8031	if (!info->attrs[NL80211_ATTR_COOKIE])
8032		return -EINVAL;
8033
8034	if (!rdev->ops->cancel_remain_on_channel)
8035		return -EOPNOTSUPP;
8036
8037	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8038
8039	return rdev_cancel_remain_on_channel(rdev, wdev, cookie);
8040}
8041
8042static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
8043			   u8 *rates, u8 rates_len)
8044{
8045	u8 i;
8046	u32 mask = 0;
8047
8048	for (i = 0; i < rates_len; i++) {
8049		int rate = (rates[i] & 0x7f) * 5;
8050		int ridx;
8051		for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
8052			struct ieee80211_rate *srate =
8053				&sband->bitrates[ridx];
8054			if (rate == srate->bitrate) {
8055				mask |= 1 << ridx;
8056				break;
8057			}
8058		}
8059		if (ridx == sband->n_bitrates)
8060			return 0; /* rate not found */
8061	}
8062
8063	return mask;
8064}
8065
8066static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
8067			       u8 *rates, u8 rates_len,
8068			       u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
8069{
8070	u8 i;
8071
8072	memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
8073
8074	for (i = 0; i < rates_len; i++) {
8075		int ridx, rbit;
8076
8077		ridx = rates[i] / 8;
8078		rbit = BIT(rates[i] % 8);
8079
8080		/* check validity */
8081		if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
8082			return false;
8083
8084		/* check availability */
8085		if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
8086			mcs[ridx] |= rbit;
8087		else
8088			return false;
8089	}
8090
8091	return true;
8092}
8093
8094static u16 vht_mcs_map_to_mcs_mask(u8 vht_mcs_map)
8095{
8096	u16 mcs_mask = 0;
8097
8098	switch (vht_mcs_map) {
8099	case IEEE80211_VHT_MCS_NOT_SUPPORTED:
8100		break;
8101	case IEEE80211_VHT_MCS_SUPPORT_0_7:
8102		mcs_mask = 0x00FF;
8103		break;
8104	case IEEE80211_VHT_MCS_SUPPORT_0_8:
8105		mcs_mask = 0x01FF;
8106		break;
8107	case IEEE80211_VHT_MCS_SUPPORT_0_9:
8108		mcs_mask = 0x03FF;
8109		break;
8110	default:
8111		break;
8112	}
8113
8114	return mcs_mask;
8115}
8116
8117static void vht_build_mcs_mask(u16 vht_mcs_map,
8118			       u16 vht_mcs_mask[NL80211_VHT_NSS_MAX])
8119{
8120	u8 nss;
8121
8122	for (nss = 0; nss < NL80211_VHT_NSS_MAX; nss++) {
8123		vht_mcs_mask[nss] = vht_mcs_map_to_mcs_mask(vht_mcs_map & 0x03);
8124		vht_mcs_map >>= 2;
8125	}
8126}
8127
8128static bool vht_set_mcs_mask(struct ieee80211_supported_band *sband,
8129			     struct nl80211_txrate_vht *txrate,
8130			     u16 mcs[NL80211_VHT_NSS_MAX])
8131{
8132	u16 tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8133	u16 tx_mcs_mask[NL80211_VHT_NSS_MAX] = {};
8134	u8 i;
8135
8136	if (!sband->vht_cap.vht_supported)
8137		return false;
8138
8139	memset(mcs, 0, sizeof(u16) * NL80211_VHT_NSS_MAX);
8140
8141	/* Build vht_mcs_mask from VHT capabilities */
8142	vht_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
8143
8144	for (i = 0; i < NL80211_VHT_NSS_MAX; i++) {
8145		if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
8146			mcs[i] = txrate->mcs[i];
8147		else
8148			return false;
8149	}
8150
8151	return true;
8152}
8153
8154static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
8155	[NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
8156				    .len = NL80211_MAX_SUPP_RATES },
8157	[NL80211_TXRATE_HT] = { .type = NLA_BINARY,
8158				.len = NL80211_MAX_SUPP_HT_RATES },
8159	[NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
8160	[NL80211_TXRATE_GI] = { .type = NLA_U8 },
8161};
8162
8163static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
8164				       struct genl_info *info)
8165{
8166	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
8167	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8168	struct cfg80211_bitrate_mask mask;
8169	int rem, i;
8170	struct net_device *dev = info->user_ptr[1];
8171	struct nlattr *tx_rates;
8172	struct ieee80211_supported_band *sband;
8173	u16 vht_tx_mcs_map;
8174
8175	if (!rdev->ops->set_bitrate_mask)
8176		return -EOPNOTSUPP;
8177
8178	memset(&mask, 0, sizeof(mask));
8179	/* Default to all rates enabled */
8180	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
8181		sband = rdev->wiphy.bands[i];
8182
8183		if (!sband)
8184			continue;
8185
8186		mask.control[i].legacy = (1 << sband->n_bitrates) - 1;
8187		memcpy(mask.control[i].ht_mcs,
8188		       sband->ht_cap.mcs.rx_mask,
8189		       sizeof(mask.control[i].ht_mcs));
8190
8191		if (!sband->vht_cap.vht_supported)
8192			continue;
8193
8194		vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
8195		vht_build_mcs_mask(vht_tx_mcs_map, mask.control[i].vht_mcs);
8196	}
8197
8198	/* if no rates are given set it back to the defaults */
8199	if (!info->attrs[NL80211_ATTR_TX_RATES])
8200		goto out;
8201
8202	/*
8203	 * The nested attribute uses enum nl80211_band as the index. This maps
8204	 * directly to the enum ieee80211_band values used in cfg80211.
8205	 */
8206	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
8207	nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
8208		enum ieee80211_band band = nla_type(tx_rates);
8209		int err;
8210
8211		if (band < 0 || band >= IEEE80211_NUM_BANDS)
8212			return -EINVAL;
8213		sband = rdev->wiphy.bands[band];
8214		if (sband == NULL)
8215			return -EINVAL;
8216		err = nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
8217				nla_len(tx_rates), nl80211_txattr_policy);
8218		if (err)
8219			return err;
8220		if (tb[NL80211_TXRATE_LEGACY]) {
8221			mask.control[band].legacy = rateset_to_mask(
8222				sband,
8223				nla_data(tb[NL80211_TXRATE_LEGACY]),
8224				nla_len(tb[NL80211_TXRATE_LEGACY]));
8225			if ((mask.control[band].legacy == 0) &&
8226			    nla_len(tb[NL80211_TXRATE_LEGACY]))
8227				return -EINVAL;
8228		}
8229		if (tb[NL80211_TXRATE_HT]) {
8230			if (!ht_rateset_to_mask(
8231					sband,
8232					nla_data(tb[NL80211_TXRATE_HT]),
8233					nla_len(tb[NL80211_TXRATE_HT]),
8234					mask.control[band].ht_mcs))
8235				return -EINVAL;
8236		}
8237		if (tb[NL80211_TXRATE_VHT]) {
8238			if (!vht_set_mcs_mask(
8239					sband,
8240					nla_data(tb[NL80211_TXRATE_VHT]),
8241					mask.control[band].vht_mcs))
8242				return -EINVAL;
8243		}
8244		if (tb[NL80211_TXRATE_GI]) {
8245			mask.control[band].gi =
8246				nla_get_u8(tb[NL80211_TXRATE_GI]);
8247			if (mask.control[band].gi > NL80211_TXRATE_FORCE_LGI)
8248				return -EINVAL;
8249		}
8250
8251		if (mask.control[band].legacy == 0) {
8252			/* don't allow empty legacy rates if HT or VHT
8253			 * are not even supported.
8254			 */
8255			if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported ||
8256			      rdev->wiphy.bands[band]->vht_cap.vht_supported))
8257				return -EINVAL;
8258
8259			for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
8260				if (mask.control[band].ht_mcs[i])
8261					goto out;
8262
8263			for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
8264				if (mask.control[band].vht_mcs[i])
8265					goto out;
8266
8267			/* legacy and mcs rates may not be both empty */
8268			return -EINVAL;
8269		}
8270	}
8271
8272out:
8273	return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
8274}
8275
8276static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
8277{
8278	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8279	struct wireless_dev *wdev = info->user_ptr[1];
8280	u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
8281
8282	if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
8283		return -EINVAL;
8284
8285	if (info->attrs[NL80211_ATTR_FRAME_TYPE])
8286		frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
8287
8288	switch (wdev->iftype) {
8289	case NL80211_IFTYPE_STATION:
8290	case NL80211_IFTYPE_ADHOC:
8291	case NL80211_IFTYPE_P2P_CLIENT:
8292	case NL80211_IFTYPE_AP:
8293	case NL80211_IFTYPE_AP_VLAN:
8294	case NL80211_IFTYPE_MESH_POINT:
8295	case NL80211_IFTYPE_P2P_GO:
8296	case NL80211_IFTYPE_P2P_DEVICE:
8297		break;
8298	default:
8299		return -EOPNOTSUPP;
8300	}
8301
8302	/* not much point in registering if we can't reply */
8303	if (!rdev->ops->mgmt_tx)
8304		return -EOPNOTSUPP;
8305
8306	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
8307			nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
8308			nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
8309}
8310
8311static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
8312{
8313	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8314	struct wireless_dev *wdev = info->user_ptr[1];
8315	struct cfg80211_chan_def chandef;
8316	int err;
8317	void *hdr = NULL;
8318	u64 cookie;
8319	struct sk_buff *msg = NULL;
8320	struct cfg80211_mgmt_tx_params params = {
8321		.dont_wait_for_ack =
8322			info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK],
8323	};
8324
8325	if (!info->attrs[NL80211_ATTR_FRAME])
8326		return -EINVAL;
8327
8328	if (!rdev->ops->mgmt_tx)
8329		return -EOPNOTSUPP;
8330
8331	switch (wdev->iftype) {
8332	case NL80211_IFTYPE_P2P_DEVICE:
8333		if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
8334			return -EINVAL;
8335	case NL80211_IFTYPE_STATION:
8336	case NL80211_IFTYPE_ADHOC:
8337	case NL80211_IFTYPE_P2P_CLIENT:
8338	case NL80211_IFTYPE_AP:
8339	case NL80211_IFTYPE_AP_VLAN:
8340	case NL80211_IFTYPE_MESH_POINT:
8341	case NL80211_IFTYPE_P2P_GO:
8342		break;
8343	default:
8344		return -EOPNOTSUPP;
8345	}
8346
8347	if (info->attrs[NL80211_ATTR_DURATION]) {
8348		if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8349			return -EINVAL;
8350		params.wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
8351
8352		/*
8353		 * We should wait on the channel for at least a minimum amount
8354		 * of time (10ms) but no longer than the driver supports.
8355		 */
8356		if (params.wait < NL80211_MIN_REMAIN_ON_CHANNEL_TIME ||
8357		    params.wait > rdev->wiphy.max_remain_on_channel_duration)
8358			return -EINVAL;
8359
8360	}
8361
8362	params.offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
8363
8364	if (params.offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
8365		return -EINVAL;
8366
8367	params.no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
8368
8369	/* get the channel if any has been specified, otherwise pass NULL to
8370	 * the driver. The latter will use the current one
8371	 */
8372	chandef.chan = NULL;
8373	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8374		err = nl80211_parse_chandef(rdev, info, &chandef);
8375		if (err)
8376			return err;
8377	}
8378
8379	if (!chandef.chan && params.offchan)
8380		return -EINVAL;
8381
8382	params.buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
8383	params.len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
8384
8385	if (info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]) {
8386		int len = nla_len(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8387		int i;
8388
8389		if (len % sizeof(u16))
8390			return -EINVAL;
8391
8392		params.n_csa_offsets = len / sizeof(u16);
8393		params.csa_offsets =
8394			nla_data(info->attrs[NL80211_ATTR_CSA_C_OFFSETS_TX]);
8395
8396		/* check that all the offsets fit the frame */
8397		for (i = 0; i < params.n_csa_offsets; i++) {
8398			if (params.csa_offsets[i] >= params.len)
8399				return -EINVAL;
8400		}
8401	}
8402
8403	if (!params.dont_wait_for_ack) {
8404		msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8405		if (!msg)
8406			return -ENOMEM;
8407
8408		hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8409				     NL80211_CMD_FRAME);
8410		if (!hdr) {
8411			err = -ENOBUFS;
8412			goto free_msg;
8413		}
8414	}
8415
8416	params.chan = chandef.chan;
8417	err = cfg80211_mlme_mgmt_tx(rdev, wdev, &params, &cookie);
8418	if (err)
8419		goto free_msg;
8420
8421	if (msg) {
8422		if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
8423			goto nla_put_failure;
8424
8425		genlmsg_end(msg, hdr);
8426		return genlmsg_reply(msg, info);
8427	}
8428
8429	return 0;
8430
8431 nla_put_failure:
8432	err = -ENOBUFS;
8433 free_msg:
8434	nlmsg_free(msg);
8435	return err;
8436}
8437
8438static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
8439{
8440	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8441	struct wireless_dev *wdev = info->user_ptr[1];
8442	u64 cookie;
8443
8444	if (!info->attrs[NL80211_ATTR_COOKIE])
8445		return -EINVAL;
8446
8447	if (!rdev->ops->mgmt_tx_cancel_wait)
8448		return -EOPNOTSUPP;
8449
8450	switch (wdev->iftype) {
8451	case NL80211_IFTYPE_STATION:
8452	case NL80211_IFTYPE_ADHOC:
8453	case NL80211_IFTYPE_P2P_CLIENT:
8454	case NL80211_IFTYPE_AP:
8455	case NL80211_IFTYPE_AP_VLAN:
8456	case NL80211_IFTYPE_P2P_GO:
8457	case NL80211_IFTYPE_P2P_DEVICE:
8458		break;
8459	default:
8460		return -EOPNOTSUPP;
8461	}
8462
8463	cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
8464
8465	return rdev_mgmt_tx_cancel_wait(rdev, wdev, cookie);
8466}
8467
8468static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
8469{
8470	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8471	struct wireless_dev *wdev;
8472	struct net_device *dev = info->user_ptr[1];
8473	u8 ps_state;
8474	bool state;
8475	int err;
8476
8477	if (!info->attrs[NL80211_ATTR_PS_STATE])
8478		return -EINVAL;
8479
8480	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
8481
8482	if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
8483		return -EINVAL;
8484
8485	wdev = dev->ieee80211_ptr;
8486
8487	if (!rdev->ops->set_power_mgmt)
8488		return -EOPNOTSUPP;
8489
8490	state = (ps_state == NL80211_PS_ENABLED) ? true : false;
8491
8492	if (state == wdev->ps)
8493		return 0;
8494
8495	err = rdev_set_power_mgmt(rdev, dev, state, wdev->ps_timeout);
8496	if (!err)
8497		wdev->ps = state;
8498	return err;
8499}
8500
8501static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
8502{
8503	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8504	enum nl80211_ps_state ps_state;
8505	struct wireless_dev *wdev;
8506	struct net_device *dev = info->user_ptr[1];
8507	struct sk_buff *msg;
8508	void *hdr;
8509	int err;
8510
8511	wdev = dev->ieee80211_ptr;
8512
8513	if (!rdev->ops->set_power_mgmt)
8514		return -EOPNOTSUPP;
8515
8516	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
8517	if (!msg)
8518		return -ENOMEM;
8519
8520	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8521			     NL80211_CMD_GET_POWER_SAVE);
8522	if (!hdr) {
8523		err = -ENOBUFS;
8524		goto free_msg;
8525	}
8526
8527	if (wdev->ps)
8528		ps_state = NL80211_PS_ENABLED;
8529	else
8530		ps_state = NL80211_PS_DISABLED;
8531
8532	if (nla_put_u32(msg, NL80211_ATTR_PS_STATE, ps_state))
8533		goto nla_put_failure;
8534
8535	genlmsg_end(msg, hdr);
8536	return genlmsg_reply(msg, info);
8537
8538 nla_put_failure:
8539	err = -ENOBUFS;
8540 free_msg:
8541	nlmsg_free(msg);
8542	return err;
8543}
8544
8545static const struct nla_policy
8546nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] = {
8547	[NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
8548	[NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
8549	[NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
8550	[NL80211_ATTR_CQM_TXE_RATE] = { .type = NLA_U32 },
8551	[NL80211_ATTR_CQM_TXE_PKTS] = { .type = NLA_U32 },
8552	[NL80211_ATTR_CQM_TXE_INTVL] = { .type = NLA_U32 },
8553};
8554
8555static int nl80211_set_cqm_txe(struct genl_info *info,
8556			       u32 rate, u32 pkts, u32 intvl)
8557{
8558	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8559	struct net_device *dev = info->user_ptr[1];
8560	struct wireless_dev *wdev = dev->ieee80211_ptr;
8561
8562	if (rate > 100 || intvl > NL80211_CQM_TXE_MAX_INTVL)
8563		return -EINVAL;
8564
8565	if (!rdev->ops->set_cqm_txe_config)
8566		return -EOPNOTSUPP;
8567
8568	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8569	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8570		return -EOPNOTSUPP;
8571
8572	return rdev_set_cqm_txe_config(rdev, dev, rate, pkts, intvl);
8573}
8574
8575static int nl80211_set_cqm_rssi(struct genl_info *info,
8576				s32 threshold, u32 hysteresis)
8577{
8578	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8579	struct net_device *dev = info->user_ptr[1];
8580	struct wireless_dev *wdev = dev->ieee80211_ptr;
8581
8582	if (threshold > 0)
8583		return -EINVAL;
8584
8585	/* disabling - hysteresis should also be zero then */
8586	if (threshold == 0)
8587		hysteresis = 0;
8588
8589	if (!rdev->ops->set_cqm_rssi_config)
8590		return -EOPNOTSUPP;
8591
8592	if (wdev->iftype != NL80211_IFTYPE_STATION &&
8593	    wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
8594		return -EOPNOTSUPP;
8595
8596	return rdev_set_cqm_rssi_config(rdev, dev, threshold, hysteresis);
8597}
8598
8599static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
8600{
8601	struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
8602	struct nlattr *cqm;
8603	int err;
8604
8605	cqm = info->attrs[NL80211_ATTR_CQM];
8606	if (!cqm)
8607		return -EINVAL;
8608
8609	err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
8610			       nl80211_attr_cqm_policy);
8611	if (err)
8612		return err;
8613
8614	if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
8615	    attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
8616		s32 threshold = nla_get_s32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
8617		u32 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
8618
8619		return nl80211_set_cqm_rssi(info, threshold, hysteresis);
8620	}
8621
8622	if (attrs[NL80211_ATTR_CQM_TXE_RATE] &&
8623	    attrs[NL80211_ATTR_CQM_TXE_PKTS] &&
8624	    attrs[NL80211_ATTR_CQM_TXE_INTVL]) {
8625		u32 rate = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_RATE]);
8626		u32 pkts = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_PKTS]);
8627		u32 intvl = nla_get_u32(attrs[NL80211_ATTR_CQM_TXE_INTVL]);
8628
8629		return nl80211_set_cqm_txe(info, rate, pkts, intvl);
8630	}
8631
8632	return -EINVAL;
8633}
8634
8635static int nl80211_join_ocb(struct sk_buff *skb, struct genl_info *info)
8636{
8637	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8638	struct net_device *dev = info->user_ptr[1];
8639	struct ocb_setup setup = {};
8640	int err;
8641
8642	err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8643	if (err)
8644		return err;
8645
8646	return cfg80211_join_ocb(rdev, dev, &setup);
8647}
8648
8649static int nl80211_leave_ocb(struct sk_buff *skb, struct genl_info *info)
8650{
8651	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8652	struct net_device *dev = info->user_ptr[1];
8653
8654	return cfg80211_leave_ocb(rdev, dev);
8655}
8656
8657static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
8658{
8659	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8660	struct net_device *dev = info->user_ptr[1];
8661	struct mesh_config cfg;
8662	struct mesh_setup setup;
8663	int err;
8664
8665	/* start with default */
8666	memcpy(&cfg, &default_mesh_config, sizeof(cfg));
8667	memcpy(&setup, &default_mesh_setup, sizeof(setup));
8668
8669	if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
8670		/* and parse parameters if given */
8671		err = nl80211_parse_mesh_config(info, &cfg, NULL);
8672		if (err)
8673			return err;
8674	}
8675
8676	if (!info->attrs[NL80211_ATTR_MESH_ID] ||
8677	    !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
8678		return -EINVAL;
8679
8680	setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
8681	setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
8682
8683	if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
8684	    !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
8685			    nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
8686			return -EINVAL;
8687
8688	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
8689		setup.beacon_interval =
8690			nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
8691		if (setup.beacon_interval < 10 ||
8692		    setup.beacon_interval > 10000)
8693			return -EINVAL;
8694	}
8695
8696	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
8697		setup.dtim_period =
8698			nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
8699		if (setup.dtim_period < 1 || setup.dtim_period > 100)
8700			return -EINVAL;
8701	}
8702
8703	if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
8704		/* parse additional setup parameters if given */
8705		err = nl80211_parse_mesh_setup(info, &setup);
8706		if (err)
8707			return err;
8708	}
8709
8710	if (setup.user_mpm)
8711		cfg.auto_open_plinks = false;
8712
8713	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
8714		err = nl80211_parse_chandef(rdev, info, &setup.chandef);
8715		if (err)
8716			return err;
8717	} else {
8718		/* cfg80211_join_mesh() will sort it out */
8719		setup.chandef.chan = NULL;
8720	}
8721
8722	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
8723		u8 *rates = nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8724		int n_rates =
8725			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
8726		struct ieee80211_supported_band *sband;
8727
8728		if (!setup.chandef.chan)
8729			return -EINVAL;
8730
8731		sband = rdev->wiphy.bands[setup.chandef.chan->band];
8732
8733		err = ieee80211_get_ratemask(sband, rates, n_rates,
8734					     &setup.basic_rates);
8735		if (err)
8736			return err;
8737	}
8738
8739	return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
8740}
8741
8742static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
8743{
8744	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8745	struct net_device *dev = info->user_ptr[1];
8746
8747	return cfg80211_leave_mesh(rdev, dev);
8748}
8749
8750#ifdef CONFIG_PM
8751static int nl80211_send_wowlan_patterns(struct sk_buff *msg,
8752					struct cfg80211_registered_device *rdev)
8753{
8754	struct cfg80211_wowlan *wowlan = rdev->wiphy.wowlan_config;
8755	struct nlattr *nl_pats, *nl_pat;
8756	int i, pat_len;
8757
8758	if (!wowlan->n_patterns)
8759		return 0;
8760
8761	nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
8762	if (!nl_pats)
8763		return -ENOBUFS;
8764
8765	for (i = 0; i < wowlan->n_patterns; i++) {
8766		nl_pat = nla_nest_start(msg, i + 1);
8767		if (!nl_pat)
8768			return -ENOBUFS;
8769		pat_len = wowlan->patterns[i].pattern_len;
8770		if (nla_put(msg, NL80211_PKTPAT_MASK, DIV_ROUND_UP(pat_len, 8),
8771			    wowlan->patterns[i].mask) ||
8772		    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
8773			    wowlan->patterns[i].pattern) ||
8774		    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
8775				wowlan->patterns[i].pkt_offset))
8776			return -ENOBUFS;
8777		nla_nest_end(msg, nl_pat);
8778	}
8779	nla_nest_end(msg, nl_pats);
8780
8781	return 0;
8782}
8783
8784static int nl80211_send_wowlan_tcp(struct sk_buff *msg,
8785				   struct cfg80211_wowlan_tcp *tcp)
8786{
8787	struct nlattr *nl_tcp;
8788
8789	if (!tcp)
8790		return 0;
8791
8792	nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
8793	if (!nl_tcp)
8794		return -ENOBUFS;
8795
8796	if (nla_put_in_addr(msg, NL80211_WOWLAN_TCP_SRC_IPV4, tcp->src) ||
8797	    nla_put_in_addr(msg, NL80211_WOWLAN_TCP_DST_IPV4, tcp->dst) ||
8798	    nla_put(msg, NL80211_WOWLAN_TCP_DST_MAC, ETH_ALEN, tcp->dst_mac) ||
8799	    nla_put_u16(msg, NL80211_WOWLAN_TCP_SRC_PORT, tcp->src_port) ||
8800	    nla_put_u16(msg, NL80211_WOWLAN_TCP_DST_PORT, tcp->dst_port) ||
8801	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
8802		    tcp->payload_len, tcp->payload) ||
8803	    nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
8804			tcp->data_interval) ||
8805	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
8806		    tcp->wake_len, tcp->wake_data) ||
8807	    nla_put(msg, NL80211_WOWLAN_TCP_WAKE_MASK,
8808		    DIV_ROUND_UP(tcp->wake_len, 8), tcp->wake_mask))
8809		return -ENOBUFS;
8810
8811	if (tcp->payload_seq.len &&
8812	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ,
8813		    sizeof(tcp->payload_seq), &tcp->payload_seq))
8814		return -ENOBUFS;
8815
8816	if (tcp->payload_tok.len &&
8817	    nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
8818		    sizeof(tcp->payload_tok) + tcp->tokens_size,
8819		    &tcp->payload_tok))
8820		return -ENOBUFS;
8821
8822	nla_nest_end(msg, nl_tcp);
8823
8824	return 0;
8825}
8826
8827static int nl80211_send_wowlan_nd(struct sk_buff *msg,
8828				  struct cfg80211_sched_scan_request *req)
8829{
8830	struct nlattr *nd, *freqs, *matches, *match;
8831	int i;
8832
8833	if (!req)
8834		return 0;
8835
8836	nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
8837	if (!nd)
8838		return -ENOBUFS;
8839
8840	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, req->interval))
8841		return -ENOBUFS;
8842
8843	if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, req->delay))
8844		return -ENOBUFS;
8845
8846	freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
8847	if (!freqs)
8848		return -ENOBUFS;
8849
8850	for (i = 0; i < req->n_channels; i++)
8851		nla_put_u32(msg, i, req->channels[i]->center_freq);
8852
8853	nla_nest_end(msg, freqs);
8854
8855	if (req->n_match_sets) {
8856		matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
8857		for (i = 0; i < req->n_match_sets; i++) {
8858			match = nla_nest_start(msg, i);
8859			nla_put(msg, NL80211_SCHED_SCAN_MATCH_ATTR_SSID,
8860				req->match_sets[i].ssid.ssid_len,
8861				req->match_sets[i].ssid.ssid);
8862			nla_nest_end(msg, match);
8863		}
8864		nla_nest_end(msg, matches);
8865	}
8866
8867	nla_nest_end(msg, nd);
8868
8869	return 0;
8870}
8871
8872static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
8873{
8874	struct cfg80211_registered_device *rdev = info->user_ptr[0];
8875	struct sk_buff *msg;
8876	void *hdr;
8877	u32 size = NLMSG_DEFAULT_SIZE;
8878
8879	if (!rdev->wiphy.wowlan)
8880		return -EOPNOTSUPP;
8881
8882	if (rdev->wiphy.wowlan_config && rdev->wiphy.wowlan_config->tcp) {
8883		/* adjust size to have room for all the data */
8884		size += rdev->wiphy.wowlan_config->tcp->tokens_size +
8885			rdev->wiphy.wowlan_config->tcp->payload_len +
8886			rdev->wiphy.wowlan_config->tcp->wake_len +
8887			rdev->wiphy.wowlan_config->tcp->wake_len / 8;
8888	}
8889
8890	msg = nlmsg_new(size, GFP_KERNEL);
8891	if (!msg)
8892		return -ENOMEM;
8893
8894	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
8895			     NL80211_CMD_GET_WOWLAN);
8896	if (!hdr)
8897		goto nla_put_failure;
8898
8899	if (rdev->wiphy.wowlan_config) {
8900		struct nlattr *nl_wowlan;
8901
8902		nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
8903		if (!nl_wowlan)
8904			goto nla_put_failure;
8905
8906		if ((rdev->wiphy.wowlan_config->any &&
8907		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
8908		    (rdev->wiphy.wowlan_config->disconnect &&
8909		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
8910		    (rdev->wiphy.wowlan_config->magic_pkt &&
8911		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
8912		    (rdev->wiphy.wowlan_config->gtk_rekey_failure &&
8913		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
8914		    (rdev->wiphy.wowlan_config->eap_identity_req &&
8915		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
8916		    (rdev->wiphy.wowlan_config->four_way_handshake &&
8917		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
8918		    (rdev->wiphy.wowlan_config->rfkill_release &&
8919		     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
8920			goto nla_put_failure;
8921
8922		if (nl80211_send_wowlan_patterns(msg, rdev))
8923			goto nla_put_failure;
8924
8925		if (nl80211_send_wowlan_tcp(msg,
8926					    rdev->wiphy.wowlan_config->tcp))
8927			goto nla_put_failure;
8928
8929		if (nl80211_send_wowlan_nd(
8930			    msg,
8931			    rdev->wiphy.wowlan_config->nd_config))
8932			goto nla_put_failure;
8933
8934		nla_nest_end(msg, nl_wowlan);
8935	}
8936
8937	genlmsg_end(msg, hdr);
8938	return genlmsg_reply(msg, info);
8939
8940nla_put_failure:
8941	nlmsg_free(msg);
8942	return -ENOBUFS;
8943}
8944
8945static int nl80211_parse_wowlan_tcp(struct cfg80211_registered_device *rdev,
8946				    struct nlattr *attr,
8947				    struct cfg80211_wowlan *trig)
8948{
8949	struct nlattr *tb[NUM_NL80211_WOWLAN_TCP];
8950	struct cfg80211_wowlan_tcp *cfg;
8951	struct nl80211_wowlan_tcp_data_token *tok = NULL;
8952	struct nl80211_wowlan_tcp_data_seq *seq = NULL;
8953	u32 size;
8954	u32 data_size, wake_size, tokens_size = 0, wake_mask_size;
8955	int err, port;
8956
8957	if (!rdev->wiphy.wowlan->tcp)
8958		return -EINVAL;
8959
8960	err = nla_parse(tb, MAX_NL80211_WOWLAN_TCP,
8961			nla_data(attr), nla_len(attr),
8962			nl80211_wowlan_tcp_policy);
8963	if (err)
8964		return err;
8965
8966	if (!tb[NL80211_WOWLAN_TCP_SRC_IPV4] ||
8967	    !tb[NL80211_WOWLAN_TCP_DST_IPV4] ||
8968	    !tb[NL80211_WOWLAN_TCP_DST_MAC] ||
8969	    !tb[NL80211_WOWLAN_TCP_DST_PORT] ||
8970	    !tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD] ||
8971	    !tb[NL80211_WOWLAN_TCP_DATA_INTERVAL] ||
8972	    !tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD] ||
8973	    !tb[NL80211_WOWLAN_TCP_WAKE_MASK])
8974		return -EINVAL;
8975
8976	data_size = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]);
8977	if (data_size > rdev->wiphy.wowlan->tcp->data_payload_max)
8978		return -EINVAL;
8979
8980	if (nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) >
8981			rdev->wiphy.wowlan->tcp->data_interval_max ||
8982	    nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]) == 0)
8983		return -EINVAL;
8984
8985	wake_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]);
8986	if (wake_size > rdev->wiphy.wowlan->tcp->wake_payload_max)
8987		return -EINVAL;
8988
8989	wake_mask_size = nla_len(tb[NL80211_WOWLAN_TCP_WAKE_MASK]);
8990	if (wake_mask_size != DIV_ROUND_UP(wake_size, 8))
8991		return -EINVAL;
8992
8993	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]) {
8994		u32 tokln = nla_len(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8995
8996		tok = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN]);
8997		tokens_size = tokln - sizeof(*tok);
8998
8999		if (!tok->len || tokens_size % tok->len)
9000			return -EINVAL;
9001		if (!rdev->wiphy.wowlan->tcp->tok)
9002			return -EINVAL;
9003		if (tok->len > rdev->wiphy.wowlan->tcp->tok->max_len)
9004			return -EINVAL;
9005		if (tok->len < rdev->wiphy.wowlan->tcp->tok->min_len)
9006			return -EINVAL;
9007		if (tokens_size > rdev->wiphy.wowlan->tcp->tok->bufsize)
9008			return -EINVAL;
9009		if (tok->offset + tok->len > data_size)
9010			return -EINVAL;
9011	}
9012
9013	if (tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]) {
9014		seq = nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ]);
9015		if (!rdev->wiphy.wowlan->tcp->seq)
9016			return -EINVAL;
9017		if (seq->len == 0 || seq->len > 4)
9018			return -EINVAL;
9019		if (seq->len + seq->offset > data_size)
9020			return -EINVAL;
9021	}
9022
9023	size = sizeof(*cfg);
9024	size += data_size;
9025	size += wake_size + wake_mask_size;
9026	size += tokens_size;
9027
9028	cfg = kzalloc(size, GFP_KERNEL);
9029	if (!cfg)
9030		return -ENOMEM;
9031	cfg->src = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_SRC_IPV4]);
9032	cfg->dst = nla_get_in_addr(tb[NL80211_WOWLAN_TCP_DST_IPV4]);
9033	memcpy(cfg->dst_mac, nla_data(tb[NL80211_WOWLAN_TCP_DST_MAC]),
9034	       ETH_ALEN);
9035	if (tb[NL80211_WOWLAN_TCP_SRC_PORT])
9036		port = nla_get_u16(tb[NL80211_WOWLAN_TCP_SRC_PORT]);
9037	else
9038		port = 0;
9039#ifdef CONFIG_INET
9040	/* allocate a socket and port for it and use it */
9041	err = __sock_create(wiphy_net(&rdev->wiphy), PF_INET, SOCK_STREAM,
9042			    IPPROTO_TCP, &cfg->sock, 1);
9043	if (err) {
9044		kfree(cfg);
9045		return err;
9046	}
9047	if (inet_csk_get_port(cfg->sock->sk, port)) {
9048		sock_release(cfg->sock);
9049		kfree(cfg);
9050		return -EADDRINUSE;
9051	}
9052	cfg->src_port = inet_sk(cfg->sock->sk)->inet_num;
9053#else
9054	if (!port) {
9055		kfree(cfg);
9056		return -EINVAL;
9057	}
9058	cfg->src_port = port;
9059#endif
9060
9061	cfg->dst_port = nla_get_u16(tb[NL80211_WOWLAN_TCP_DST_PORT]);
9062	cfg->payload_len = data_size;
9063	cfg->payload = (u8 *)cfg + sizeof(*cfg) + tokens_size;
9064	memcpy((void *)cfg->payload,
9065	       nla_data(tb[NL80211_WOWLAN_TCP_DATA_PAYLOAD]),
9066	       data_size);
9067	if (seq)
9068		cfg->payload_seq = *seq;
9069	cfg->data_interval = nla_get_u32(tb[NL80211_WOWLAN_TCP_DATA_INTERVAL]);
9070	cfg->wake_len = wake_size;
9071	cfg->wake_data = (u8 *)cfg + sizeof(*cfg) + tokens_size + data_size;
9072	memcpy((void *)cfg->wake_data,
9073	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_PAYLOAD]),
9074	       wake_size);
9075	cfg->wake_mask = (u8 *)cfg + sizeof(*cfg) + tokens_size +
9076			 data_size + wake_size;
9077	memcpy((void *)cfg->wake_mask,
9078	       nla_data(tb[NL80211_WOWLAN_TCP_WAKE_MASK]),
9079	       wake_mask_size);
9080	if (tok) {
9081		cfg->tokens_size = tokens_size;
9082		memcpy(&cfg->payload_tok, tok, sizeof(*tok) + tokens_size);
9083	}
9084
9085	trig->tcp = cfg;
9086
9087	return 0;
9088}
9089
9090static int nl80211_parse_wowlan_nd(struct cfg80211_registered_device *rdev,
9091				   const struct wiphy_wowlan_support *wowlan,
9092				   struct nlattr *attr,
9093				   struct cfg80211_wowlan *trig)
9094{
9095	struct nlattr **tb;
9096	int err;
9097
9098	tb = kzalloc(NUM_NL80211_ATTR * sizeof(*tb), GFP_KERNEL);
9099	if (!tb)
9100		return -ENOMEM;
9101
9102	if (!(wowlan->flags & WIPHY_WOWLAN_NET_DETECT)) {
9103		err = -EOPNOTSUPP;
9104		goto out;
9105	}
9106
9107	err = nla_parse(tb, NL80211_ATTR_MAX,
9108			nla_data(attr), nla_len(attr),
9109			nl80211_policy);
9110	if (err)
9111		goto out;
9112
9113	trig->nd_config = nl80211_parse_sched_scan(&rdev->wiphy, NULL, tb);
9114	err = PTR_ERR_OR_ZERO(trig->nd_config);
9115	if (err)
9116		trig->nd_config = NULL;
9117
9118out:
9119	kfree(tb);
9120	return err;
9121}
9122
9123static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
9124{
9125	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9126	struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
9127	struct cfg80211_wowlan new_triggers = {};
9128	struct cfg80211_wowlan *ntrig;
9129	const struct wiphy_wowlan_support *wowlan = rdev->wiphy.wowlan;
9130	int err, i;
9131	bool prev_enabled = rdev->wiphy.wowlan_config;
9132	bool regular = false;
9133
9134	if (!wowlan)
9135		return -EOPNOTSUPP;
9136
9137	if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]) {
9138		cfg80211_rdev_free_wowlan(rdev);
9139		rdev->wiphy.wowlan_config = NULL;
9140		goto set_wakeup;
9141	}
9142
9143	err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
9144			nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9145			nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
9146			nl80211_wowlan_policy);
9147	if (err)
9148		return err;
9149
9150	if (tb[NL80211_WOWLAN_TRIG_ANY]) {
9151		if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
9152			return -EINVAL;
9153		new_triggers.any = true;
9154	}
9155
9156	if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
9157		if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
9158			return -EINVAL;
9159		new_triggers.disconnect = true;
9160		regular = true;
9161	}
9162
9163	if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
9164		if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
9165			return -EINVAL;
9166		new_triggers.magic_pkt = true;
9167		regular = true;
9168	}
9169
9170	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
9171		return -EINVAL;
9172
9173	if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
9174		if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
9175			return -EINVAL;
9176		new_triggers.gtk_rekey_failure = true;
9177		regular = true;
9178	}
9179
9180	if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
9181		if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
9182			return -EINVAL;
9183		new_triggers.eap_identity_req = true;
9184		regular = true;
9185	}
9186
9187	if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
9188		if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
9189			return -EINVAL;
9190		new_triggers.four_way_handshake = true;
9191		regular = true;
9192	}
9193
9194	if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
9195		if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
9196			return -EINVAL;
9197		new_triggers.rfkill_release = true;
9198		regular = true;
9199	}
9200
9201	if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
9202		struct nlattr *pat;
9203		int n_patterns = 0;
9204		int rem, pat_len, mask_len, pkt_offset;
9205		struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9206
9207		regular = true;
9208
9209		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9210				    rem)
9211			n_patterns++;
9212		if (n_patterns > wowlan->n_patterns)
9213			return -EINVAL;
9214
9215		new_triggers.patterns = kcalloc(n_patterns,
9216						sizeof(new_triggers.patterns[0]),
9217						GFP_KERNEL);
9218		if (!new_triggers.patterns)
9219			return -ENOMEM;
9220
9221		new_triggers.n_patterns = n_patterns;
9222		i = 0;
9223
9224		nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
9225				    rem) {
9226			u8 *mask_pat;
9227
9228			nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9229				  nla_len(pat), NULL);
9230			err = -EINVAL;
9231			if (!pat_tb[NL80211_PKTPAT_MASK] ||
9232			    !pat_tb[NL80211_PKTPAT_PATTERN])
9233				goto error;
9234			pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9235			mask_len = DIV_ROUND_UP(pat_len, 8);
9236			if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9237				goto error;
9238			if (pat_len > wowlan->pattern_max_len ||
9239			    pat_len < wowlan->pattern_min_len)
9240				goto error;
9241
9242			if (!pat_tb[NL80211_PKTPAT_OFFSET])
9243				pkt_offset = 0;
9244			else
9245				pkt_offset = nla_get_u32(
9246					pat_tb[NL80211_PKTPAT_OFFSET]);
9247			if (pkt_offset > wowlan->max_pkt_offset)
9248				goto error;
9249			new_triggers.patterns[i].pkt_offset = pkt_offset;
9250
9251			mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9252			if (!mask_pat) {
9253				err = -ENOMEM;
9254				goto error;
9255			}
9256			new_triggers.patterns[i].mask = mask_pat;
9257			memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9258			       mask_len);
9259			mask_pat += mask_len;
9260			new_triggers.patterns[i].pattern = mask_pat;
9261			new_triggers.patterns[i].pattern_len = pat_len;
9262			memcpy(mask_pat,
9263			       nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9264			       pat_len);
9265			i++;
9266		}
9267	}
9268
9269	if (tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION]) {
9270		regular = true;
9271		err = nl80211_parse_wowlan_tcp(
9272			rdev, tb[NL80211_WOWLAN_TRIG_TCP_CONNECTION],
9273			&new_triggers);
9274		if (err)
9275			goto error;
9276	}
9277
9278	if (tb[NL80211_WOWLAN_TRIG_NET_DETECT]) {
9279		regular = true;
9280		err = nl80211_parse_wowlan_nd(
9281			rdev, wowlan, tb[NL80211_WOWLAN_TRIG_NET_DETECT],
9282			&new_triggers);
9283		if (err)
9284			goto error;
9285	}
9286
9287	/* The 'any' trigger means the device continues operating more or less
9288	 * as in its normal operation mode and wakes up the host on most of the
9289	 * normal interrupts (like packet RX, ...)
9290	 * It therefore makes little sense to combine with the more constrained
9291	 * wakeup trigger modes.
9292	 */
9293	if (new_triggers.any && regular) {
9294		err = -EINVAL;
9295		goto error;
9296	}
9297
9298	ntrig = kmemdup(&new_triggers, sizeof(new_triggers), GFP_KERNEL);
9299	if (!ntrig) {
9300		err = -ENOMEM;
9301		goto error;
9302	}
9303	cfg80211_rdev_free_wowlan(rdev);
9304	rdev->wiphy.wowlan_config = ntrig;
9305
9306 set_wakeup:
9307	if (rdev->ops->set_wakeup &&
9308	    prev_enabled != !!rdev->wiphy.wowlan_config)
9309		rdev_set_wakeup(rdev, rdev->wiphy.wowlan_config);
9310
9311	return 0;
9312 error:
9313	for (i = 0; i < new_triggers.n_patterns; i++)
9314		kfree(new_triggers.patterns[i].mask);
9315	kfree(new_triggers.patterns);
9316	if (new_triggers.tcp && new_triggers.tcp->sock)
9317		sock_release(new_triggers.tcp->sock);
9318	kfree(new_triggers.tcp);
9319	return err;
9320}
9321#endif
9322
9323static int nl80211_send_coalesce_rules(struct sk_buff *msg,
9324				       struct cfg80211_registered_device *rdev)
9325{
9326	struct nlattr *nl_pats, *nl_pat, *nl_rule, *nl_rules;
9327	int i, j, pat_len;
9328	struct cfg80211_coalesce_rules *rule;
9329
9330	if (!rdev->coalesce->n_rules)
9331		return 0;
9332
9333	nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
9334	if (!nl_rules)
9335		return -ENOBUFS;
9336
9337	for (i = 0; i < rdev->coalesce->n_rules; i++) {
9338		nl_rule = nla_nest_start(msg, i + 1);
9339		if (!nl_rule)
9340			return -ENOBUFS;
9341
9342		rule = &rdev->coalesce->rules[i];
9343		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_DELAY,
9344				rule->delay))
9345			return -ENOBUFS;
9346
9347		if (nla_put_u32(msg, NL80211_ATTR_COALESCE_RULE_CONDITION,
9348				rule->condition))
9349			return -ENOBUFS;
9350
9351		nl_pats = nla_nest_start(msg,
9352				NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
9353		if (!nl_pats)
9354			return -ENOBUFS;
9355
9356		for (j = 0; j < rule->n_patterns; j++) {
9357			nl_pat = nla_nest_start(msg, j + 1);
9358			if (!nl_pat)
9359				return -ENOBUFS;
9360			pat_len = rule->patterns[j].pattern_len;
9361			if (nla_put(msg, NL80211_PKTPAT_MASK,
9362				    DIV_ROUND_UP(pat_len, 8),
9363				    rule->patterns[j].mask) ||
9364			    nla_put(msg, NL80211_PKTPAT_PATTERN, pat_len,
9365				    rule->patterns[j].pattern) ||
9366			    nla_put_u32(msg, NL80211_PKTPAT_OFFSET,
9367					rule->patterns[j].pkt_offset))
9368				return -ENOBUFS;
9369			nla_nest_end(msg, nl_pat);
9370		}
9371		nla_nest_end(msg, nl_pats);
9372		nla_nest_end(msg, nl_rule);
9373	}
9374	nla_nest_end(msg, nl_rules);
9375
9376	return 0;
9377}
9378
9379static int nl80211_get_coalesce(struct sk_buff *skb, struct genl_info *info)
9380{
9381	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9382	struct sk_buff *msg;
9383	void *hdr;
9384
9385	if (!rdev->wiphy.coalesce)
9386		return -EOPNOTSUPP;
9387
9388	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9389	if (!msg)
9390		return -ENOMEM;
9391
9392	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9393			     NL80211_CMD_GET_COALESCE);
9394	if (!hdr)
9395		goto nla_put_failure;
9396
9397	if (rdev->coalesce && nl80211_send_coalesce_rules(msg, rdev))
9398		goto nla_put_failure;
9399
9400	genlmsg_end(msg, hdr);
9401	return genlmsg_reply(msg, info);
9402
9403nla_put_failure:
9404	nlmsg_free(msg);
9405	return -ENOBUFS;
9406}
9407
9408void cfg80211_rdev_free_coalesce(struct cfg80211_registered_device *rdev)
9409{
9410	struct cfg80211_coalesce *coalesce = rdev->coalesce;
9411	int i, j;
9412	struct cfg80211_coalesce_rules *rule;
9413
9414	if (!coalesce)
9415		return;
9416
9417	for (i = 0; i < coalesce->n_rules; i++) {
9418		rule = &coalesce->rules[i];
9419		for (j = 0; j < rule->n_patterns; j++)
9420			kfree(rule->patterns[j].mask);
9421		kfree(rule->patterns);
9422	}
9423	kfree(coalesce->rules);
9424	kfree(coalesce);
9425	rdev->coalesce = NULL;
9426}
9427
9428static int nl80211_parse_coalesce_rule(struct cfg80211_registered_device *rdev,
9429				       struct nlattr *rule,
9430				       struct cfg80211_coalesce_rules *new_rule)
9431{
9432	int err, i;
9433	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9434	struct nlattr *tb[NUM_NL80211_ATTR_COALESCE_RULE], *pat;
9435	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
9436	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
9437
9438	err = nla_parse(tb, NL80211_ATTR_COALESCE_RULE_MAX, nla_data(rule),
9439			nla_len(rule), nl80211_coalesce_policy);
9440	if (err)
9441		return err;
9442
9443	if (tb[NL80211_ATTR_COALESCE_RULE_DELAY])
9444		new_rule->delay =
9445			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_DELAY]);
9446	if (new_rule->delay > coalesce->max_delay)
9447		return -EINVAL;
9448
9449	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
9450		new_rule->condition =
9451			nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
9452	if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
9453	    new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
9454		return -EINVAL;
9455
9456	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
9457		return -EINVAL;
9458
9459	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9460			    rem)
9461		n_patterns++;
9462	if (n_patterns > coalesce->n_patterns)
9463		return -EINVAL;
9464
9465	new_rule->patterns = kcalloc(n_patterns, sizeof(new_rule->patterns[0]),
9466				     GFP_KERNEL);
9467	if (!new_rule->patterns)
9468		return -ENOMEM;
9469
9470	new_rule->n_patterns = n_patterns;
9471	i = 0;
9472
9473	nla_for_each_nested(pat, tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN],
9474			    rem) {
9475		u8 *mask_pat;
9476
9477		nla_parse(pat_tb, MAX_NL80211_PKTPAT, nla_data(pat),
9478			  nla_len(pat), NULL);
9479		if (!pat_tb[NL80211_PKTPAT_MASK] ||
9480		    !pat_tb[NL80211_PKTPAT_PATTERN])
9481			return -EINVAL;
9482		pat_len = nla_len(pat_tb[NL80211_PKTPAT_PATTERN]);
9483		mask_len = DIV_ROUND_UP(pat_len, 8);
9484		if (nla_len(pat_tb[NL80211_PKTPAT_MASK]) != mask_len)
9485			return -EINVAL;
9486		if (pat_len > coalesce->pattern_max_len ||
9487		    pat_len < coalesce->pattern_min_len)
9488			return -EINVAL;
9489
9490		if (!pat_tb[NL80211_PKTPAT_OFFSET])
9491			pkt_offset = 0;
9492		else
9493			pkt_offset = nla_get_u32(pat_tb[NL80211_PKTPAT_OFFSET]);
9494		if (pkt_offset > coalesce->max_pkt_offset)
9495			return -EINVAL;
9496		new_rule->patterns[i].pkt_offset = pkt_offset;
9497
9498		mask_pat = kmalloc(mask_len + pat_len, GFP_KERNEL);
9499		if (!mask_pat)
9500			return -ENOMEM;
9501
9502		new_rule->patterns[i].mask = mask_pat;
9503		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_MASK]),
9504		       mask_len);
9505
9506		mask_pat += mask_len;
9507		new_rule->patterns[i].pattern = mask_pat;
9508		new_rule->patterns[i].pattern_len = pat_len;
9509		memcpy(mask_pat, nla_data(pat_tb[NL80211_PKTPAT_PATTERN]),
9510		       pat_len);
9511		i++;
9512	}
9513
9514	return 0;
9515}
9516
9517static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
9518{
9519	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9520	const struct wiphy_coalesce_support *coalesce = rdev->wiphy.coalesce;
9521	struct cfg80211_coalesce new_coalesce = {};
9522	struct cfg80211_coalesce *n_coalesce;
9523	int err, rem_rule, n_rules = 0, i, j;
9524	struct nlattr *rule;
9525	struct cfg80211_coalesce_rules *tmp_rule;
9526
9527	if (!rdev->wiphy.coalesce || !rdev->ops->set_coalesce)
9528		return -EOPNOTSUPP;
9529
9530	if (!info->attrs[NL80211_ATTR_COALESCE_RULE]) {
9531		cfg80211_rdev_free_coalesce(rdev);
9532		rdev->ops->set_coalesce(&rdev->wiphy, NULL);
9533		return 0;
9534	}
9535
9536	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9537			    rem_rule)
9538		n_rules++;
9539	if (n_rules > coalesce->n_rules)
9540		return -EINVAL;
9541
9542	new_coalesce.rules = kcalloc(n_rules, sizeof(new_coalesce.rules[0]),
9543				     GFP_KERNEL);
9544	if (!new_coalesce.rules)
9545		return -ENOMEM;
9546
9547	new_coalesce.n_rules = n_rules;
9548	i = 0;
9549
9550	nla_for_each_nested(rule, info->attrs[NL80211_ATTR_COALESCE_RULE],
9551			    rem_rule) {
9552		err = nl80211_parse_coalesce_rule(rdev, rule,
9553						  &new_coalesce.rules[i]);
9554		if (err)
9555			goto error;
9556
9557		i++;
9558	}
9559
9560	err = rdev->ops->set_coalesce(&rdev->wiphy, &new_coalesce);
9561	if (err)
9562		goto error;
9563
9564	n_coalesce = kmemdup(&new_coalesce, sizeof(new_coalesce), GFP_KERNEL);
9565	if (!n_coalesce) {
9566		err = -ENOMEM;
9567		goto error;
9568	}
9569	cfg80211_rdev_free_coalesce(rdev);
9570	rdev->coalesce = n_coalesce;
9571
9572	return 0;
9573error:
9574	for (i = 0; i < new_coalesce.n_rules; i++) {
9575		tmp_rule = &new_coalesce.rules[i];
9576		for (j = 0; j < tmp_rule->n_patterns; j++)
9577			kfree(tmp_rule->patterns[j].mask);
9578		kfree(tmp_rule->patterns);
9579	}
9580	kfree(new_coalesce.rules);
9581
9582	return err;
9583}
9584
9585static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
9586{
9587	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9588	struct net_device *dev = info->user_ptr[1];
9589	struct wireless_dev *wdev = dev->ieee80211_ptr;
9590	struct nlattr *tb[NUM_NL80211_REKEY_DATA];
9591	struct cfg80211_gtk_rekey_data rekey_data;
9592	int err;
9593
9594	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
9595		return -EINVAL;
9596
9597	err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
9598			nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
9599			nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
9600			nl80211_rekey_policy);
9601	if (err)
9602		return err;
9603
9604	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
9605		return -ERANGE;
9606	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
9607		return -ERANGE;
9608	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
9609		return -ERANGE;
9610
9611	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
9612	rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
9613	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
9614
9615	wdev_lock(wdev);
9616	if (!wdev->current_bss) {
9617		err = -ENOTCONN;
9618		goto out;
9619	}
9620
9621	if (!rdev->ops->set_rekey_data) {
9622		err = -EOPNOTSUPP;
9623		goto out;
9624	}
9625
9626	err = rdev_set_rekey_data(rdev, dev, &rekey_data);
9627 out:
9628	wdev_unlock(wdev);
9629	return err;
9630}
9631
9632static int nl80211_register_unexpected_frame(struct sk_buff *skb,
9633					     struct genl_info *info)
9634{
9635	struct net_device *dev = info->user_ptr[1];
9636	struct wireless_dev *wdev = dev->ieee80211_ptr;
9637
9638	if (wdev->iftype != NL80211_IFTYPE_AP &&
9639	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
9640		return -EINVAL;
9641
9642	if (wdev->ap_unexpected_nlportid)
9643		return -EBUSY;
9644
9645	wdev->ap_unexpected_nlportid = info->snd_portid;
9646	return 0;
9647}
9648
9649static int nl80211_probe_client(struct sk_buff *skb,
9650				struct genl_info *info)
9651{
9652	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9653	struct net_device *dev = info->user_ptr[1];
9654	struct wireless_dev *wdev = dev->ieee80211_ptr;
9655	struct sk_buff *msg;
9656	void *hdr;
9657	const u8 *addr;
9658	u64 cookie;
9659	int err;
9660
9661	if (wdev->iftype != NL80211_IFTYPE_AP &&
9662	    wdev->iftype != NL80211_IFTYPE_P2P_GO)
9663		return -EOPNOTSUPP;
9664
9665	if (!info->attrs[NL80211_ATTR_MAC])
9666		return -EINVAL;
9667
9668	if (!rdev->ops->probe_client)
9669		return -EOPNOTSUPP;
9670
9671	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9672	if (!msg)
9673		return -ENOMEM;
9674
9675	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9676			     NL80211_CMD_PROBE_CLIENT);
9677	if (!hdr) {
9678		err = -ENOBUFS;
9679		goto free_msg;
9680	}
9681
9682	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
9683
9684	err = rdev_probe_client(rdev, dev, addr, &cookie);
9685	if (err)
9686		goto free_msg;
9687
9688	if (nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
9689		goto nla_put_failure;
9690
9691	genlmsg_end(msg, hdr);
9692
9693	return genlmsg_reply(msg, info);
9694
9695 nla_put_failure:
9696	err = -ENOBUFS;
9697 free_msg:
9698	nlmsg_free(msg);
9699	return err;
9700}
9701
9702static int nl80211_register_beacons(struct sk_buff *skb, struct genl_info *info)
9703{
9704	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9705	struct cfg80211_beacon_registration *reg, *nreg;
9706	int rv;
9707
9708	if (!(rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS))
9709		return -EOPNOTSUPP;
9710
9711	nreg = kzalloc(sizeof(*nreg), GFP_KERNEL);
9712	if (!nreg)
9713		return -ENOMEM;
9714
9715	/* First, check if already registered. */
9716	spin_lock_bh(&rdev->beacon_registrations_lock);
9717	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
9718		if (reg->nlportid == info->snd_portid) {
9719			rv = -EALREADY;
9720			goto out_err;
9721		}
9722	}
9723	/* Add it to the list */
9724	nreg->nlportid = info->snd_portid;
9725	list_add(&nreg->list, &rdev->beacon_registrations);
9726
9727	spin_unlock_bh(&rdev->beacon_registrations_lock);
9728
9729	return 0;
9730out_err:
9731	spin_unlock_bh(&rdev->beacon_registrations_lock);
9732	kfree(nreg);
9733	return rv;
9734}
9735
9736static int nl80211_start_p2p_device(struct sk_buff *skb, struct genl_info *info)
9737{
9738	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9739	struct wireless_dev *wdev = info->user_ptr[1];
9740	int err;
9741
9742	if (!rdev->ops->start_p2p_device)
9743		return -EOPNOTSUPP;
9744
9745	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9746		return -EOPNOTSUPP;
9747
9748	if (wdev->p2p_started)
9749		return 0;
9750
9751	if (rfkill_blocked(rdev->rfkill))
9752		return -ERFKILL;
9753
9754	err = rdev_start_p2p_device(rdev, wdev);
9755	if (err)
9756		return err;
9757
9758	wdev->p2p_started = true;
9759	rdev->opencount++;
9760
9761	return 0;
9762}
9763
9764static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
9765{
9766	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9767	struct wireless_dev *wdev = info->user_ptr[1];
9768
9769	if (wdev->iftype != NL80211_IFTYPE_P2P_DEVICE)
9770		return -EOPNOTSUPP;
9771
9772	if (!rdev->ops->stop_p2p_device)
9773		return -EOPNOTSUPP;
9774
9775	cfg80211_stop_p2p_device(rdev, wdev);
9776
9777	return 0;
9778}
9779
9780static int nl80211_get_protocol_features(struct sk_buff *skb,
9781					 struct genl_info *info)
9782{
9783	void *hdr;
9784	struct sk_buff *msg;
9785
9786	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
9787	if (!msg)
9788		return -ENOMEM;
9789
9790	hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
9791			     NL80211_CMD_GET_PROTOCOL_FEATURES);
9792	if (!hdr)
9793		goto nla_put_failure;
9794
9795	if (nla_put_u32(msg, NL80211_ATTR_PROTOCOL_FEATURES,
9796			NL80211_PROTOCOL_FEATURE_SPLIT_WIPHY_DUMP))
9797		goto nla_put_failure;
9798
9799	genlmsg_end(msg, hdr);
9800	return genlmsg_reply(msg, info);
9801
9802 nla_put_failure:
9803	kfree_skb(msg);
9804	return -ENOBUFS;
9805}
9806
9807static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
9808{
9809	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9810	struct cfg80211_update_ft_ies_params ft_params;
9811	struct net_device *dev = info->user_ptr[1];
9812
9813	if (!rdev->ops->update_ft_ies)
9814		return -EOPNOTSUPP;
9815
9816	if (!info->attrs[NL80211_ATTR_MDID] ||
9817	    !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9818		return -EINVAL;
9819
9820	memset(&ft_params, 0, sizeof(ft_params));
9821	ft_params.md = nla_get_u16(info->attrs[NL80211_ATTR_MDID]);
9822	ft_params.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9823	ft_params.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9824
9825	return rdev_update_ft_ies(rdev, dev, &ft_params);
9826}
9827
9828static int nl80211_crit_protocol_start(struct sk_buff *skb,
9829				       struct genl_info *info)
9830{
9831	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9832	struct wireless_dev *wdev = info->user_ptr[1];
9833	enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
9834	u16 duration;
9835	int ret;
9836
9837	if (!rdev->ops->crit_proto_start)
9838		return -EOPNOTSUPP;
9839
9840	if (WARN_ON(!rdev->ops->crit_proto_stop))
9841		return -EINVAL;
9842
9843	if (rdev->crit_proto_nlportid)
9844		return -EBUSY;
9845
9846	/* determine protocol if provided */
9847	if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
9848		proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
9849
9850	if (proto >= NUM_NL80211_CRIT_PROTO)
9851		return -EINVAL;
9852
9853	/* timeout must be provided */
9854	if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
9855		return -EINVAL;
9856
9857	duration =
9858		nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
9859
9860	if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
9861		return -ERANGE;
9862
9863	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
9864	if (!ret)
9865		rdev->crit_proto_nlportid = info->snd_portid;
9866
9867	return ret;
9868}
9869
9870static int nl80211_crit_protocol_stop(struct sk_buff *skb,
9871				      struct genl_info *info)
9872{
9873	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9874	struct wireless_dev *wdev = info->user_ptr[1];
9875
9876	if (!rdev->ops->crit_proto_stop)
9877		return -EOPNOTSUPP;
9878
9879	if (rdev->crit_proto_nlportid) {
9880		rdev->crit_proto_nlportid = 0;
9881		rdev_crit_proto_stop(rdev, wdev);
9882	}
9883	return 0;
9884}
9885
9886static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
9887{
9888	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9889	struct wireless_dev *wdev =
9890		__cfg80211_wdev_from_attrs(genl_info_net(info), info->attrs);
9891	int i, err;
9892	u32 vid, subcmd;
9893
9894	if (!rdev->wiphy.vendor_commands)
9895		return -EOPNOTSUPP;
9896
9897	if (IS_ERR(wdev)) {
9898		err = PTR_ERR(wdev);
9899		if (err != -EINVAL)
9900			return err;
9901		wdev = NULL;
9902	} else if (wdev->wiphy != &rdev->wiphy) {
9903		return -EINVAL;
9904	}
9905
9906	if (!info->attrs[NL80211_ATTR_VENDOR_ID] ||
9907	    !info->attrs[NL80211_ATTR_VENDOR_SUBCMD])
9908		return -EINVAL;
9909
9910	vid = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_ID]);
9911	subcmd = nla_get_u32(info->attrs[NL80211_ATTR_VENDOR_SUBCMD]);
9912	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
9913		const struct wiphy_vendor_command *vcmd;
9914		void *data = NULL;
9915		int len = 0;
9916
9917		vcmd = &rdev->wiphy.vendor_commands[i];
9918
9919		if (vcmd->info.vendor_id != vid || vcmd->info.subcmd != subcmd)
9920			continue;
9921
9922		if (vcmd->flags & (WIPHY_VENDOR_CMD_NEED_WDEV |
9923				   WIPHY_VENDOR_CMD_NEED_NETDEV)) {
9924			if (!wdev)
9925				return -EINVAL;
9926			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_NETDEV &&
9927			    !wdev->netdev)
9928				return -EINVAL;
9929
9930			if (vcmd->flags & WIPHY_VENDOR_CMD_NEED_RUNNING) {
9931				if (wdev->netdev &&
9932				    !netif_running(wdev->netdev))
9933					return -ENETDOWN;
9934				if (!wdev->netdev && !wdev->p2p_started)
9935					return -ENETDOWN;
9936			}
9937		} else {
9938			wdev = NULL;
9939		}
9940
9941		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
9942			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9943			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
9944		}
9945
9946		rdev->cur_cmd_info = info;
9947		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
9948							  data, len);
9949		rdev->cur_cmd_info = NULL;
9950		return err;
9951	}
9952
9953	return -EOPNOTSUPP;
9954}
9955
9956struct sk_buff *__cfg80211_alloc_reply_skb(struct wiphy *wiphy,
9957					   enum nl80211_commands cmd,
9958					   enum nl80211_attrs attr,
9959					   int approxlen)
9960{
9961	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
9962
9963	if (WARN_ON(!rdev->cur_cmd_info))
9964		return NULL;
9965
9966	return __cfg80211_alloc_vendor_skb(rdev, NULL, approxlen,
9967					   rdev->cur_cmd_info->snd_portid,
9968					   rdev->cur_cmd_info->snd_seq,
9969					   cmd, attr, NULL, GFP_KERNEL);
9970}
9971EXPORT_SYMBOL(__cfg80211_alloc_reply_skb);
9972
9973int cfg80211_vendor_cmd_reply(struct sk_buff *skb)
9974{
9975	struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
9976	void *hdr = ((void **)skb->cb)[1];
9977	struct nlattr *data = ((void **)skb->cb)[2];
9978
9979	/* clear CB data for netlink core to own from now on */
9980	memset(skb->cb, 0, sizeof(skb->cb));
9981
9982	if (WARN_ON(!rdev->cur_cmd_info)) {
9983		kfree_skb(skb);
9984		return -EINVAL;
9985	}
9986
9987	nla_nest_end(skb, data);
9988	genlmsg_end(skb, hdr);
9989	return genlmsg_reply(skb, rdev->cur_cmd_info);
9990}
9991EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
9992
9993
9994static int nl80211_set_qos_map(struct sk_buff *skb,
9995			       struct genl_info *info)
9996{
9997	struct cfg80211_registered_device *rdev = info->user_ptr[0];
9998	struct cfg80211_qos_map *qos_map = NULL;
9999	struct net_device *dev = info->user_ptr[1];
10000	u8 *pos, len, num_des, des_len, des;
10001	int ret;
10002
10003	if (!rdev->ops->set_qos_map)
10004		return -EOPNOTSUPP;
10005
10006	if (info->attrs[NL80211_ATTR_QOS_MAP]) {
10007		pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
10008		len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
10009
10010		if (len % 2 || len < IEEE80211_QOS_MAP_LEN_MIN ||
10011		    len > IEEE80211_QOS_MAP_LEN_MAX)
10012			return -EINVAL;
10013
10014		qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
10015		if (!qos_map)
10016			return -ENOMEM;
10017
10018		num_des = (len - IEEE80211_QOS_MAP_LEN_MIN) >> 1;
10019		if (num_des) {
10020			des_len = num_des *
10021				sizeof(struct cfg80211_dscp_exception);
10022			memcpy(qos_map->dscp_exception, pos, des_len);
10023			qos_map->num_des = num_des;
10024			for (des = 0; des < num_des; des++) {
10025				if (qos_map->dscp_exception[des].up > 7) {
10026					kfree(qos_map);
10027					return -EINVAL;
10028				}
10029			}
10030			pos += des_len;
10031		}
10032		memcpy(qos_map->up, pos, IEEE80211_QOS_MAP_LEN_MIN);
10033	}
10034
10035	wdev_lock(dev->ieee80211_ptr);
10036	ret = nl80211_key_allowed(dev->ieee80211_ptr);
10037	if (!ret)
10038		ret = rdev_set_qos_map(rdev, dev, qos_map);
10039	wdev_unlock(dev->ieee80211_ptr);
10040
10041	kfree(qos_map);
10042	return ret;
10043}
10044
10045static int nl80211_add_tx_ts(struct sk_buff *skb, struct genl_info *info)
10046{
10047	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10048	struct net_device *dev = info->user_ptr[1];
10049	struct wireless_dev *wdev = dev->ieee80211_ptr;
10050	const u8 *peer;
10051	u8 tsid, up;
10052	u16 admitted_time = 0;
10053	int err;
10054
10055	if (!(rdev->wiphy.features & NL80211_FEATURE_SUPPORTS_WMM_ADMISSION))
10056		return -EOPNOTSUPP;
10057
10058	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC] ||
10059	    !info->attrs[NL80211_ATTR_USER_PRIO])
10060		return -EINVAL;
10061
10062	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10063	if (tsid >= IEEE80211_NUM_TIDS)
10064		return -EINVAL;
10065
10066	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
10067	if (up >= IEEE80211_NUM_UPS)
10068		return -EINVAL;
10069
10070	/* WMM uses TIDs 0-7 even for TSPEC */
10071	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
10072		/* TODO: handle 802.11 TSPEC/admission control
10073		 * need more attributes for that (e.g. BA session requirement);
10074		 * change the WMM adminssion test above to allow both then
10075		 */
10076		return -EINVAL;
10077	}
10078
10079	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10080
10081	if (info->attrs[NL80211_ATTR_ADMITTED_TIME]) {
10082		admitted_time =
10083			nla_get_u16(info->attrs[NL80211_ATTR_ADMITTED_TIME]);
10084		if (!admitted_time)
10085			return -EINVAL;
10086	}
10087
10088	wdev_lock(wdev);
10089	switch (wdev->iftype) {
10090	case NL80211_IFTYPE_STATION:
10091	case NL80211_IFTYPE_P2P_CLIENT:
10092		if (wdev->current_bss)
10093			break;
10094		err = -ENOTCONN;
10095		goto out;
10096	default:
10097		err = -EOPNOTSUPP;
10098		goto out;
10099	}
10100
10101	err = rdev_add_tx_ts(rdev, dev, tsid, peer, up, admitted_time);
10102
10103 out:
10104	wdev_unlock(wdev);
10105	return err;
10106}
10107
10108static int nl80211_del_tx_ts(struct sk_buff *skb, struct genl_info *info)
10109{
10110	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10111	struct net_device *dev = info->user_ptr[1];
10112	struct wireless_dev *wdev = dev->ieee80211_ptr;
10113	const u8 *peer;
10114	u8 tsid;
10115	int err;
10116
10117	if (!info->attrs[NL80211_ATTR_TSID] || !info->attrs[NL80211_ATTR_MAC])
10118		return -EINVAL;
10119
10120	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
10121	peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
10122
10123	wdev_lock(wdev);
10124	err = rdev_del_tx_ts(rdev, dev, tsid, peer);
10125	wdev_unlock(wdev);
10126
10127	return err;
10128}
10129
10130static int nl80211_tdls_channel_switch(struct sk_buff *skb,
10131				       struct genl_info *info)
10132{
10133	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10134	struct net_device *dev = info->user_ptr[1];
10135	struct wireless_dev *wdev = dev->ieee80211_ptr;
10136	struct cfg80211_chan_def chandef = {};
10137	const u8 *addr;
10138	u8 oper_class;
10139	int err;
10140
10141	if (!rdev->ops->tdls_channel_switch ||
10142	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10143		return -EOPNOTSUPP;
10144
10145	switch (dev->ieee80211_ptr->iftype) {
10146	case NL80211_IFTYPE_STATION:
10147	case NL80211_IFTYPE_P2P_CLIENT:
10148		break;
10149	default:
10150		return -EOPNOTSUPP;
10151	}
10152
10153	if (!info->attrs[NL80211_ATTR_MAC] ||
10154	    !info->attrs[NL80211_ATTR_OPER_CLASS])
10155		return -EINVAL;
10156
10157	err = nl80211_parse_chandef(rdev, info, &chandef);
10158	if (err)
10159		return err;
10160
10161	/*
10162	 * Don't allow wide channels on the 2.4Ghz band, as per IEEE802.11-2012
10163	 * section 10.22.6.2.1. Disallow 5/10Mhz channels as well for now, the
10164	 * specification is not defined for them.
10165	 */
10166	if (chandef.chan->band == IEEE80211_BAND_2GHZ &&
10167	    chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
10168	    chandef.width != NL80211_CHAN_WIDTH_20)
10169		return -EINVAL;
10170
10171	/* we will be active on the TDLS link */
10172	if (!cfg80211_reg_can_beacon(&rdev->wiphy, &chandef, wdev->iftype))
10173		return -EINVAL;
10174
10175	/* don't allow switching to DFS channels */
10176	if (cfg80211_chandef_dfs_required(wdev->wiphy, &chandef, wdev->iftype))
10177		return -EINVAL;
10178
10179	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10180	oper_class = nla_get_u8(info->attrs[NL80211_ATTR_OPER_CLASS]);
10181
10182	wdev_lock(wdev);
10183	err = rdev_tdls_channel_switch(rdev, dev, addr, oper_class, &chandef);
10184	wdev_unlock(wdev);
10185
10186	return err;
10187}
10188
10189static int nl80211_tdls_cancel_channel_switch(struct sk_buff *skb,
10190					      struct genl_info *info)
10191{
10192	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10193	struct net_device *dev = info->user_ptr[1];
10194	struct wireless_dev *wdev = dev->ieee80211_ptr;
10195	const u8 *addr;
10196
10197	if (!rdev->ops->tdls_channel_switch ||
10198	    !rdev->ops->tdls_cancel_channel_switch ||
10199	    !(rdev->wiphy.features & NL80211_FEATURE_TDLS_CHANNEL_SWITCH))
10200		return -EOPNOTSUPP;
10201
10202	switch (dev->ieee80211_ptr->iftype) {
10203	case NL80211_IFTYPE_STATION:
10204	case NL80211_IFTYPE_P2P_CLIENT:
10205		break;
10206	default:
10207		return -EOPNOTSUPP;
10208	}
10209
10210	if (!info->attrs[NL80211_ATTR_MAC])
10211		return -EINVAL;
10212
10213	addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
10214
10215	wdev_lock(wdev);
10216	rdev_tdls_cancel_channel_switch(rdev, dev, addr);
10217	wdev_unlock(wdev);
10218
10219	return 0;
10220}
10221
10222#define NL80211_FLAG_NEED_WIPHY		0x01
10223#define NL80211_FLAG_NEED_NETDEV	0x02
10224#define NL80211_FLAG_NEED_RTNL		0x04
10225#define NL80211_FLAG_CHECK_NETDEV_UP	0x08
10226#define NL80211_FLAG_NEED_NETDEV_UP	(NL80211_FLAG_NEED_NETDEV |\
10227					 NL80211_FLAG_CHECK_NETDEV_UP)
10228#define NL80211_FLAG_NEED_WDEV		0x10
10229/* If a netdev is associated, it must be UP, P2P must be started */
10230#define NL80211_FLAG_NEED_WDEV_UP	(NL80211_FLAG_NEED_WDEV |\
10231					 NL80211_FLAG_CHECK_NETDEV_UP)
10232#define NL80211_FLAG_CLEAR_SKB		0x20
10233
10234static int nl80211_pre_doit(const struct genl_ops *ops, struct sk_buff *skb,
10235			    struct genl_info *info)
10236{
10237	struct cfg80211_registered_device *rdev;
10238	struct wireless_dev *wdev;
10239	struct net_device *dev;
10240	bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
10241
10242	if (rtnl)
10243		rtnl_lock();
10244
10245	if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
10246		rdev = cfg80211_get_dev_from_info(genl_info_net(info), info);
10247		if (IS_ERR(rdev)) {
10248			if (rtnl)
10249				rtnl_unlock();
10250			return PTR_ERR(rdev);
10251		}
10252		info->user_ptr[0] = rdev;
10253	} else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV ||
10254		   ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10255		ASSERT_RTNL();
10256
10257		wdev = __cfg80211_wdev_from_attrs(genl_info_net(info),
10258						  info->attrs);
10259		if (IS_ERR(wdev)) {
10260			if (rtnl)
10261				rtnl_unlock();
10262			return PTR_ERR(wdev);
10263		}
10264
10265		dev = wdev->netdev;
10266		rdev = wiphy_to_rdev(wdev->wiphy);
10267
10268		if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
10269			if (!dev) {
10270				if (rtnl)
10271					rtnl_unlock();
10272				return -EINVAL;
10273			}
10274
10275			info->user_ptr[1] = dev;
10276		} else {
10277			info->user_ptr[1] = wdev;
10278		}
10279
10280		if (dev) {
10281			if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
10282			    !netif_running(dev)) {
10283				if (rtnl)
10284					rtnl_unlock();
10285				return -ENETDOWN;
10286			}
10287
10288			dev_hold(dev);
10289		} else if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP) {
10290			if (!wdev->p2p_started) {
10291				if (rtnl)
10292					rtnl_unlock();
10293				return -ENETDOWN;
10294			}
10295		}
10296
10297		info->user_ptr[0] = rdev;
10298	}
10299
10300	return 0;
10301}
10302
10303static void nl80211_post_doit(const struct genl_ops *ops, struct sk_buff *skb,
10304			      struct genl_info *info)
10305{
10306	if (info->user_ptr[1]) {
10307		if (ops->internal_flags & NL80211_FLAG_NEED_WDEV) {
10308			struct wireless_dev *wdev = info->user_ptr[1];
10309
10310			if (wdev->netdev)
10311				dev_put(wdev->netdev);
10312		} else {
10313			dev_put(info->user_ptr[1]);
10314		}
10315	}
10316
10317	if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
10318		rtnl_unlock();
10319
10320	/* If needed, clear the netlink message payload from the SKB
10321	 * as it might contain key data that shouldn't stick around on
10322	 * the heap after the SKB is freed. The netlink message header
10323	 * is still needed for further processing, so leave it intact.
10324	 */
10325	if (ops->internal_flags & NL80211_FLAG_CLEAR_SKB) {
10326		struct nlmsghdr *nlh = nlmsg_hdr(skb);
10327
10328		memset(nlmsg_data(nlh), 0, nlmsg_len(nlh));
10329	}
10330}
10331
10332static const struct genl_ops nl80211_ops[] = {
10333	{
10334		.cmd = NL80211_CMD_GET_WIPHY,
10335		.doit = nl80211_get_wiphy,
10336		.dumpit = nl80211_dump_wiphy,
10337		.done = nl80211_dump_wiphy_done,
10338		.policy = nl80211_policy,
10339		/* can be retrieved by unprivileged users */
10340		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10341				  NL80211_FLAG_NEED_RTNL,
10342	},
10343	{
10344		.cmd = NL80211_CMD_SET_WIPHY,
10345		.doit = nl80211_set_wiphy,
10346		.policy = nl80211_policy,
10347		.flags = GENL_ADMIN_PERM,
10348		.internal_flags = NL80211_FLAG_NEED_RTNL,
10349	},
10350	{
10351		.cmd = NL80211_CMD_GET_INTERFACE,
10352		.doit = nl80211_get_interface,
10353		.dumpit = nl80211_dump_interface,
10354		.policy = nl80211_policy,
10355		/* can be retrieved by unprivileged users */
10356		.internal_flags = NL80211_FLAG_NEED_WDEV |
10357				  NL80211_FLAG_NEED_RTNL,
10358	},
10359	{
10360		.cmd = NL80211_CMD_SET_INTERFACE,
10361		.doit = nl80211_set_interface,
10362		.policy = nl80211_policy,
10363		.flags = GENL_ADMIN_PERM,
10364		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10365				  NL80211_FLAG_NEED_RTNL,
10366	},
10367	{
10368		.cmd = NL80211_CMD_NEW_INTERFACE,
10369		.doit = nl80211_new_interface,
10370		.policy = nl80211_policy,
10371		.flags = GENL_ADMIN_PERM,
10372		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10373				  NL80211_FLAG_NEED_RTNL,
10374	},
10375	{
10376		.cmd = NL80211_CMD_DEL_INTERFACE,
10377		.doit = nl80211_del_interface,
10378		.policy = nl80211_policy,
10379		.flags = GENL_ADMIN_PERM,
10380		.internal_flags = NL80211_FLAG_NEED_WDEV |
10381				  NL80211_FLAG_NEED_RTNL,
10382	},
10383	{
10384		.cmd = NL80211_CMD_GET_KEY,
10385		.doit = nl80211_get_key,
10386		.policy = nl80211_policy,
10387		.flags = GENL_ADMIN_PERM,
10388		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10389				  NL80211_FLAG_NEED_RTNL,
10390	},
10391	{
10392		.cmd = NL80211_CMD_SET_KEY,
10393		.doit = nl80211_set_key,
10394		.policy = nl80211_policy,
10395		.flags = GENL_ADMIN_PERM,
10396		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10397				  NL80211_FLAG_NEED_RTNL |
10398				  NL80211_FLAG_CLEAR_SKB,
10399	},
10400	{
10401		.cmd = NL80211_CMD_NEW_KEY,
10402		.doit = nl80211_new_key,
10403		.policy = nl80211_policy,
10404		.flags = GENL_ADMIN_PERM,
10405		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10406				  NL80211_FLAG_NEED_RTNL |
10407				  NL80211_FLAG_CLEAR_SKB,
10408	},
10409	{
10410		.cmd = NL80211_CMD_DEL_KEY,
10411		.doit = nl80211_del_key,
10412		.policy = nl80211_policy,
10413		.flags = GENL_ADMIN_PERM,
10414		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10415				  NL80211_FLAG_NEED_RTNL,
10416	},
10417	{
10418		.cmd = NL80211_CMD_SET_BEACON,
10419		.policy = nl80211_policy,
10420		.flags = GENL_ADMIN_PERM,
10421		.doit = nl80211_set_beacon,
10422		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10423				  NL80211_FLAG_NEED_RTNL,
10424	},
10425	{
10426		.cmd = NL80211_CMD_START_AP,
10427		.policy = nl80211_policy,
10428		.flags = GENL_ADMIN_PERM,
10429		.doit = nl80211_start_ap,
10430		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10431				  NL80211_FLAG_NEED_RTNL,
10432	},
10433	{
10434		.cmd = NL80211_CMD_STOP_AP,
10435		.policy = nl80211_policy,
10436		.flags = GENL_ADMIN_PERM,
10437		.doit = nl80211_stop_ap,
10438		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10439				  NL80211_FLAG_NEED_RTNL,
10440	},
10441	{
10442		.cmd = NL80211_CMD_GET_STATION,
10443		.doit = nl80211_get_station,
10444		.dumpit = nl80211_dump_station,
10445		.policy = nl80211_policy,
10446		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10447				  NL80211_FLAG_NEED_RTNL,
10448	},
10449	{
10450		.cmd = NL80211_CMD_SET_STATION,
10451		.doit = nl80211_set_station,
10452		.policy = nl80211_policy,
10453		.flags = GENL_ADMIN_PERM,
10454		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10455				  NL80211_FLAG_NEED_RTNL,
10456	},
10457	{
10458		.cmd = NL80211_CMD_NEW_STATION,
10459		.doit = nl80211_new_station,
10460		.policy = nl80211_policy,
10461		.flags = GENL_ADMIN_PERM,
10462		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10463				  NL80211_FLAG_NEED_RTNL,
10464	},
10465	{
10466		.cmd = NL80211_CMD_DEL_STATION,
10467		.doit = nl80211_del_station,
10468		.policy = nl80211_policy,
10469		.flags = GENL_ADMIN_PERM,
10470		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10471				  NL80211_FLAG_NEED_RTNL,
10472	},
10473	{
10474		.cmd = NL80211_CMD_GET_MPATH,
10475		.doit = nl80211_get_mpath,
10476		.dumpit = nl80211_dump_mpath,
10477		.policy = nl80211_policy,
10478		.flags = GENL_ADMIN_PERM,
10479		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10480				  NL80211_FLAG_NEED_RTNL,
10481	},
10482	{
10483		.cmd = NL80211_CMD_GET_MPP,
10484		.doit = nl80211_get_mpp,
10485		.dumpit = nl80211_dump_mpp,
10486		.policy = nl80211_policy,
10487		.flags = GENL_ADMIN_PERM,
10488		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10489				  NL80211_FLAG_NEED_RTNL,
10490	},
10491	{
10492		.cmd = NL80211_CMD_SET_MPATH,
10493		.doit = nl80211_set_mpath,
10494		.policy = nl80211_policy,
10495		.flags = GENL_ADMIN_PERM,
10496		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10497				  NL80211_FLAG_NEED_RTNL,
10498	},
10499	{
10500		.cmd = NL80211_CMD_NEW_MPATH,
10501		.doit = nl80211_new_mpath,
10502		.policy = nl80211_policy,
10503		.flags = GENL_ADMIN_PERM,
10504		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10505				  NL80211_FLAG_NEED_RTNL,
10506	},
10507	{
10508		.cmd = NL80211_CMD_DEL_MPATH,
10509		.doit = nl80211_del_mpath,
10510		.policy = nl80211_policy,
10511		.flags = GENL_ADMIN_PERM,
10512		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10513				  NL80211_FLAG_NEED_RTNL,
10514	},
10515	{
10516		.cmd = NL80211_CMD_SET_BSS,
10517		.doit = nl80211_set_bss,
10518		.policy = nl80211_policy,
10519		.flags = GENL_ADMIN_PERM,
10520		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10521				  NL80211_FLAG_NEED_RTNL,
10522	},
10523	{
10524		.cmd = NL80211_CMD_GET_REG,
10525		.doit = nl80211_get_reg_do,
10526		.dumpit = nl80211_get_reg_dump,
10527		.policy = nl80211_policy,
10528		.internal_flags = NL80211_FLAG_NEED_RTNL,
10529		/* can be retrieved by unprivileged users */
10530	},
10531	{
10532		.cmd = NL80211_CMD_SET_REG,
10533		.doit = nl80211_set_reg,
10534		.policy = nl80211_policy,
10535		.flags = GENL_ADMIN_PERM,
10536		.internal_flags = NL80211_FLAG_NEED_RTNL,
10537	},
10538	{
10539		.cmd = NL80211_CMD_REQ_SET_REG,
10540		.doit = nl80211_req_set_reg,
10541		.policy = nl80211_policy,
10542		.flags = GENL_ADMIN_PERM,
10543	},
10544	{
10545		.cmd = NL80211_CMD_GET_MESH_CONFIG,
10546		.doit = nl80211_get_mesh_config,
10547		.policy = nl80211_policy,
10548		/* can be retrieved by unprivileged users */
10549		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10550				  NL80211_FLAG_NEED_RTNL,
10551	},
10552	{
10553		.cmd = NL80211_CMD_SET_MESH_CONFIG,
10554		.doit = nl80211_update_mesh_config,
10555		.policy = nl80211_policy,
10556		.flags = GENL_ADMIN_PERM,
10557		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10558				  NL80211_FLAG_NEED_RTNL,
10559	},
10560	{
10561		.cmd = NL80211_CMD_TRIGGER_SCAN,
10562		.doit = nl80211_trigger_scan,
10563		.policy = nl80211_policy,
10564		.flags = GENL_ADMIN_PERM,
10565		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10566				  NL80211_FLAG_NEED_RTNL,
10567	},
10568	{
10569		.cmd = NL80211_CMD_GET_SCAN,
10570		.policy = nl80211_policy,
10571		.dumpit = nl80211_dump_scan,
10572	},
10573	{
10574		.cmd = NL80211_CMD_START_SCHED_SCAN,
10575		.doit = nl80211_start_sched_scan,
10576		.policy = nl80211_policy,
10577		.flags = GENL_ADMIN_PERM,
10578		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10579				  NL80211_FLAG_NEED_RTNL,
10580	},
10581	{
10582		.cmd = NL80211_CMD_STOP_SCHED_SCAN,
10583		.doit = nl80211_stop_sched_scan,
10584		.policy = nl80211_policy,
10585		.flags = GENL_ADMIN_PERM,
10586		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10587				  NL80211_FLAG_NEED_RTNL,
10588	},
10589	{
10590		.cmd = NL80211_CMD_AUTHENTICATE,
10591		.doit = nl80211_authenticate,
10592		.policy = nl80211_policy,
10593		.flags = GENL_ADMIN_PERM,
10594		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10595				  NL80211_FLAG_NEED_RTNL |
10596				  NL80211_FLAG_CLEAR_SKB,
10597	},
10598	{
10599		.cmd = NL80211_CMD_ASSOCIATE,
10600		.doit = nl80211_associate,
10601		.policy = nl80211_policy,
10602		.flags = GENL_ADMIN_PERM,
10603		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10604				  NL80211_FLAG_NEED_RTNL,
10605	},
10606	{
10607		.cmd = NL80211_CMD_DEAUTHENTICATE,
10608		.doit = nl80211_deauthenticate,
10609		.policy = nl80211_policy,
10610		.flags = GENL_ADMIN_PERM,
10611		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10612				  NL80211_FLAG_NEED_RTNL,
10613	},
10614	{
10615		.cmd = NL80211_CMD_DISASSOCIATE,
10616		.doit = nl80211_disassociate,
10617		.policy = nl80211_policy,
10618		.flags = GENL_ADMIN_PERM,
10619		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10620				  NL80211_FLAG_NEED_RTNL,
10621	},
10622	{
10623		.cmd = NL80211_CMD_JOIN_IBSS,
10624		.doit = nl80211_join_ibss,
10625		.policy = nl80211_policy,
10626		.flags = GENL_ADMIN_PERM,
10627		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10628				  NL80211_FLAG_NEED_RTNL,
10629	},
10630	{
10631		.cmd = NL80211_CMD_LEAVE_IBSS,
10632		.doit = nl80211_leave_ibss,
10633		.policy = nl80211_policy,
10634		.flags = GENL_ADMIN_PERM,
10635		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10636				  NL80211_FLAG_NEED_RTNL,
10637	},
10638#ifdef CONFIG_NL80211_TESTMODE
10639	{
10640		.cmd = NL80211_CMD_TESTMODE,
10641		.doit = nl80211_testmode_do,
10642		.dumpit = nl80211_testmode_dump,
10643		.policy = nl80211_policy,
10644		.flags = GENL_ADMIN_PERM,
10645		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10646				  NL80211_FLAG_NEED_RTNL,
10647	},
10648#endif
10649	{
10650		.cmd = NL80211_CMD_CONNECT,
10651		.doit = nl80211_connect,
10652		.policy = nl80211_policy,
10653		.flags = GENL_ADMIN_PERM,
10654		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10655				  NL80211_FLAG_NEED_RTNL,
10656	},
10657	{
10658		.cmd = NL80211_CMD_DISCONNECT,
10659		.doit = nl80211_disconnect,
10660		.policy = nl80211_policy,
10661		.flags = GENL_ADMIN_PERM,
10662		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10663				  NL80211_FLAG_NEED_RTNL,
10664	},
10665	{
10666		.cmd = NL80211_CMD_SET_WIPHY_NETNS,
10667		.doit = nl80211_wiphy_netns,
10668		.policy = nl80211_policy,
10669		.flags = GENL_ADMIN_PERM,
10670		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10671				  NL80211_FLAG_NEED_RTNL,
10672	},
10673	{
10674		.cmd = NL80211_CMD_GET_SURVEY,
10675		.policy = nl80211_policy,
10676		.dumpit = nl80211_dump_survey,
10677	},
10678	{
10679		.cmd = NL80211_CMD_SET_PMKSA,
10680		.doit = nl80211_setdel_pmksa,
10681		.policy = nl80211_policy,
10682		.flags = GENL_ADMIN_PERM,
10683		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10684				  NL80211_FLAG_NEED_RTNL,
10685	},
10686	{
10687		.cmd = NL80211_CMD_DEL_PMKSA,
10688		.doit = nl80211_setdel_pmksa,
10689		.policy = nl80211_policy,
10690		.flags = GENL_ADMIN_PERM,
10691		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10692				  NL80211_FLAG_NEED_RTNL,
10693	},
10694	{
10695		.cmd = NL80211_CMD_FLUSH_PMKSA,
10696		.doit = nl80211_flush_pmksa,
10697		.policy = nl80211_policy,
10698		.flags = GENL_ADMIN_PERM,
10699		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10700				  NL80211_FLAG_NEED_RTNL,
10701	},
10702	{
10703		.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
10704		.doit = nl80211_remain_on_channel,
10705		.policy = nl80211_policy,
10706		.flags = GENL_ADMIN_PERM,
10707		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10708				  NL80211_FLAG_NEED_RTNL,
10709	},
10710	{
10711		.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
10712		.doit = nl80211_cancel_remain_on_channel,
10713		.policy = nl80211_policy,
10714		.flags = GENL_ADMIN_PERM,
10715		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10716				  NL80211_FLAG_NEED_RTNL,
10717	},
10718	{
10719		.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
10720		.doit = nl80211_set_tx_bitrate_mask,
10721		.policy = nl80211_policy,
10722		.flags = GENL_ADMIN_PERM,
10723		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10724				  NL80211_FLAG_NEED_RTNL,
10725	},
10726	{
10727		.cmd = NL80211_CMD_REGISTER_FRAME,
10728		.doit = nl80211_register_mgmt,
10729		.policy = nl80211_policy,
10730		.flags = GENL_ADMIN_PERM,
10731		.internal_flags = NL80211_FLAG_NEED_WDEV |
10732				  NL80211_FLAG_NEED_RTNL,
10733	},
10734	{
10735		.cmd = NL80211_CMD_FRAME,
10736		.doit = nl80211_tx_mgmt,
10737		.policy = nl80211_policy,
10738		.flags = GENL_ADMIN_PERM,
10739		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10740				  NL80211_FLAG_NEED_RTNL,
10741	},
10742	{
10743		.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
10744		.doit = nl80211_tx_mgmt_cancel_wait,
10745		.policy = nl80211_policy,
10746		.flags = GENL_ADMIN_PERM,
10747		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10748				  NL80211_FLAG_NEED_RTNL,
10749	},
10750	{
10751		.cmd = NL80211_CMD_SET_POWER_SAVE,
10752		.doit = nl80211_set_power_save,
10753		.policy = nl80211_policy,
10754		.flags = GENL_ADMIN_PERM,
10755		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10756				  NL80211_FLAG_NEED_RTNL,
10757	},
10758	{
10759		.cmd = NL80211_CMD_GET_POWER_SAVE,
10760		.doit = nl80211_get_power_save,
10761		.policy = nl80211_policy,
10762		/* can be retrieved by unprivileged users */
10763		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10764				  NL80211_FLAG_NEED_RTNL,
10765	},
10766	{
10767		.cmd = NL80211_CMD_SET_CQM,
10768		.doit = nl80211_set_cqm,
10769		.policy = nl80211_policy,
10770		.flags = GENL_ADMIN_PERM,
10771		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10772				  NL80211_FLAG_NEED_RTNL,
10773	},
10774	{
10775		.cmd = NL80211_CMD_SET_CHANNEL,
10776		.doit = nl80211_set_channel,
10777		.policy = nl80211_policy,
10778		.flags = GENL_ADMIN_PERM,
10779		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10780				  NL80211_FLAG_NEED_RTNL,
10781	},
10782	{
10783		.cmd = NL80211_CMD_SET_WDS_PEER,
10784		.doit = nl80211_set_wds_peer,
10785		.policy = nl80211_policy,
10786		.flags = GENL_ADMIN_PERM,
10787		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10788				  NL80211_FLAG_NEED_RTNL,
10789	},
10790	{
10791		.cmd = NL80211_CMD_JOIN_MESH,
10792		.doit = nl80211_join_mesh,
10793		.policy = nl80211_policy,
10794		.flags = GENL_ADMIN_PERM,
10795		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10796				  NL80211_FLAG_NEED_RTNL,
10797	},
10798	{
10799		.cmd = NL80211_CMD_LEAVE_MESH,
10800		.doit = nl80211_leave_mesh,
10801		.policy = nl80211_policy,
10802		.flags = GENL_ADMIN_PERM,
10803		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10804				  NL80211_FLAG_NEED_RTNL,
10805	},
10806	{
10807		.cmd = NL80211_CMD_JOIN_OCB,
10808		.doit = nl80211_join_ocb,
10809		.policy = nl80211_policy,
10810		.flags = GENL_ADMIN_PERM,
10811		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10812				  NL80211_FLAG_NEED_RTNL,
10813	},
10814	{
10815		.cmd = NL80211_CMD_LEAVE_OCB,
10816		.doit = nl80211_leave_ocb,
10817		.policy = nl80211_policy,
10818		.flags = GENL_ADMIN_PERM,
10819		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10820				  NL80211_FLAG_NEED_RTNL,
10821	},
10822#ifdef CONFIG_PM
10823	{
10824		.cmd = NL80211_CMD_GET_WOWLAN,
10825		.doit = nl80211_get_wowlan,
10826		.policy = nl80211_policy,
10827		/* can be retrieved by unprivileged users */
10828		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10829				  NL80211_FLAG_NEED_RTNL,
10830	},
10831	{
10832		.cmd = NL80211_CMD_SET_WOWLAN,
10833		.doit = nl80211_set_wowlan,
10834		.policy = nl80211_policy,
10835		.flags = GENL_ADMIN_PERM,
10836		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10837				  NL80211_FLAG_NEED_RTNL,
10838	},
10839#endif
10840	{
10841		.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
10842		.doit = nl80211_set_rekey_data,
10843		.policy = nl80211_policy,
10844		.flags = GENL_ADMIN_PERM,
10845		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10846				  NL80211_FLAG_NEED_RTNL |
10847				  NL80211_FLAG_CLEAR_SKB,
10848	},
10849	{
10850		.cmd = NL80211_CMD_TDLS_MGMT,
10851		.doit = nl80211_tdls_mgmt,
10852		.policy = nl80211_policy,
10853		.flags = GENL_ADMIN_PERM,
10854		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10855				  NL80211_FLAG_NEED_RTNL,
10856	},
10857	{
10858		.cmd = NL80211_CMD_TDLS_OPER,
10859		.doit = nl80211_tdls_oper,
10860		.policy = nl80211_policy,
10861		.flags = GENL_ADMIN_PERM,
10862		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10863				  NL80211_FLAG_NEED_RTNL,
10864	},
10865	{
10866		.cmd = NL80211_CMD_UNEXPECTED_FRAME,
10867		.doit = nl80211_register_unexpected_frame,
10868		.policy = nl80211_policy,
10869		.flags = GENL_ADMIN_PERM,
10870		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10871				  NL80211_FLAG_NEED_RTNL,
10872	},
10873	{
10874		.cmd = NL80211_CMD_PROBE_CLIENT,
10875		.doit = nl80211_probe_client,
10876		.policy = nl80211_policy,
10877		.flags = GENL_ADMIN_PERM,
10878		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10879				  NL80211_FLAG_NEED_RTNL,
10880	},
10881	{
10882		.cmd = NL80211_CMD_REGISTER_BEACONS,
10883		.doit = nl80211_register_beacons,
10884		.policy = nl80211_policy,
10885		.flags = GENL_ADMIN_PERM,
10886		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10887				  NL80211_FLAG_NEED_RTNL,
10888	},
10889	{
10890		.cmd = NL80211_CMD_SET_NOACK_MAP,
10891		.doit = nl80211_set_noack_map,
10892		.policy = nl80211_policy,
10893		.flags = GENL_ADMIN_PERM,
10894		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10895				  NL80211_FLAG_NEED_RTNL,
10896	},
10897	{
10898		.cmd = NL80211_CMD_START_P2P_DEVICE,
10899		.doit = nl80211_start_p2p_device,
10900		.policy = nl80211_policy,
10901		.flags = GENL_ADMIN_PERM,
10902		.internal_flags = NL80211_FLAG_NEED_WDEV |
10903				  NL80211_FLAG_NEED_RTNL,
10904	},
10905	{
10906		.cmd = NL80211_CMD_STOP_P2P_DEVICE,
10907		.doit = nl80211_stop_p2p_device,
10908		.policy = nl80211_policy,
10909		.flags = GENL_ADMIN_PERM,
10910		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10911				  NL80211_FLAG_NEED_RTNL,
10912	},
10913	{
10914		.cmd = NL80211_CMD_SET_MCAST_RATE,
10915		.doit = nl80211_set_mcast_rate,
10916		.policy = nl80211_policy,
10917		.flags = GENL_ADMIN_PERM,
10918		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10919				  NL80211_FLAG_NEED_RTNL,
10920	},
10921	{
10922		.cmd = NL80211_CMD_SET_MAC_ACL,
10923		.doit = nl80211_set_mac_acl,
10924		.policy = nl80211_policy,
10925		.flags = GENL_ADMIN_PERM,
10926		.internal_flags = NL80211_FLAG_NEED_NETDEV |
10927				  NL80211_FLAG_NEED_RTNL,
10928	},
10929	{
10930		.cmd = NL80211_CMD_RADAR_DETECT,
10931		.doit = nl80211_start_radar_detection,
10932		.policy = nl80211_policy,
10933		.flags = GENL_ADMIN_PERM,
10934		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10935				  NL80211_FLAG_NEED_RTNL,
10936	},
10937	{
10938		.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
10939		.doit = nl80211_get_protocol_features,
10940		.policy = nl80211_policy,
10941	},
10942	{
10943		.cmd = NL80211_CMD_UPDATE_FT_IES,
10944		.doit = nl80211_update_ft_ies,
10945		.policy = nl80211_policy,
10946		.flags = GENL_ADMIN_PERM,
10947		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10948				  NL80211_FLAG_NEED_RTNL,
10949	},
10950	{
10951		.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
10952		.doit = nl80211_crit_protocol_start,
10953		.policy = nl80211_policy,
10954		.flags = GENL_ADMIN_PERM,
10955		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10956				  NL80211_FLAG_NEED_RTNL,
10957	},
10958	{
10959		.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
10960		.doit = nl80211_crit_protocol_stop,
10961		.policy = nl80211_policy,
10962		.flags = GENL_ADMIN_PERM,
10963		.internal_flags = NL80211_FLAG_NEED_WDEV_UP |
10964				  NL80211_FLAG_NEED_RTNL,
10965	},
10966	{
10967		.cmd = NL80211_CMD_GET_COALESCE,
10968		.doit = nl80211_get_coalesce,
10969		.policy = nl80211_policy,
10970		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10971				  NL80211_FLAG_NEED_RTNL,
10972	},
10973	{
10974		.cmd = NL80211_CMD_SET_COALESCE,
10975		.doit = nl80211_set_coalesce,
10976		.policy = nl80211_policy,
10977		.flags = GENL_ADMIN_PERM,
10978		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10979				  NL80211_FLAG_NEED_RTNL,
10980	},
10981	{
10982		.cmd = NL80211_CMD_CHANNEL_SWITCH,
10983		.doit = nl80211_channel_switch,
10984		.policy = nl80211_policy,
10985		.flags = GENL_ADMIN_PERM,
10986		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
10987				  NL80211_FLAG_NEED_RTNL,
10988	},
10989	{
10990		.cmd = NL80211_CMD_VENDOR,
10991		.doit = nl80211_vendor_cmd,
10992		.policy = nl80211_policy,
10993		.flags = GENL_ADMIN_PERM,
10994		.internal_flags = NL80211_FLAG_NEED_WIPHY |
10995				  NL80211_FLAG_NEED_RTNL,
10996	},
10997	{
10998		.cmd = NL80211_CMD_SET_QOS_MAP,
10999		.doit = nl80211_set_qos_map,
11000		.policy = nl80211_policy,
11001		.flags = GENL_ADMIN_PERM,
11002		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11003				  NL80211_FLAG_NEED_RTNL,
11004	},
11005	{
11006		.cmd = NL80211_CMD_ADD_TX_TS,
11007		.doit = nl80211_add_tx_ts,
11008		.policy = nl80211_policy,
11009		.flags = GENL_ADMIN_PERM,
11010		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11011				  NL80211_FLAG_NEED_RTNL,
11012	},
11013	{
11014		.cmd = NL80211_CMD_DEL_TX_TS,
11015		.doit = nl80211_del_tx_ts,
11016		.policy = nl80211_policy,
11017		.flags = GENL_ADMIN_PERM,
11018		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11019				  NL80211_FLAG_NEED_RTNL,
11020	},
11021	{
11022		.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
11023		.doit = nl80211_tdls_channel_switch,
11024		.policy = nl80211_policy,
11025		.flags = GENL_ADMIN_PERM,
11026		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11027				  NL80211_FLAG_NEED_RTNL,
11028	},
11029	{
11030		.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
11031		.doit = nl80211_tdls_cancel_channel_switch,
11032		.policy = nl80211_policy,
11033		.flags = GENL_ADMIN_PERM,
11034		.internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
11035				  NL80211_FLAG_NEED_RTNL,
11036	},
11037};
11038
11039/* notification functions */
11040
11041void nl80211_notify_wiphy(struct cfg80211_registered_device *rdev,
11042			  enum nl80211_commands cmd)
11043{
11044	struct sk_buff *msg;
11045	struct nl80211_dump_wiphy_state state = {};
11046
11047	WARN_ON(cmd != NL80211_CMD_NEW_WIPHY &&
11048		cmd != NL80211_CMD_DEL_WIPHY);
11049
11050	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11051	if (!msg)
11052		return;
11053
11054	if (nl80211_send_wiphy(rdev, cmd, msg, 0, 0, 0, &state) < 0) {
11055		nlmsg_free(msg);
11056		return;
11057	}
11058
11059	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11060				NL80211_MCGRP_CONFIG, GFP_KERNEL);
11061}
11062
11063static int nl80211_add_scan_req(struct sk_buff *msg,
11064				struct cfg80211_registered_device *rdev)
11065{
11066	struct cfg80211_scan_request *req = rdev->scan_req;
11067	struct nlattr *nest;
11068	int i;
11069
11070	if (WARN_ON(!req))
11071		return 0;
11072
11073	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
11074	if (!nest)
11075		goto nla_put_failure;
11076	for (i = 0; i < req->n_ssids; i++) {
11077		if (nla_put(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid))
11078			goto nla_put_failure;
11079	}
11080	nla_nest_end(msg, nest);
11081
11082	nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
11083	if (!nest)
11084		goto nla_put_failure;
11085	for (i = 0; i < req->n_channels; i++) {
11086		if (nla_put_u32(msg, i, req->channels[i]->center_freq))
11087			goto nla_put_failure;
11088	}
11089	nla_nest_end(msg, nest);
11090
11091	if (req->ie &&
11092	    nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
11093		goto nla_put_failure;
11094
11095	if (req->flags &&
11096	    nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
11097		goto nla_put_failure;
11098
11099	return 0;
11100 nla_put_failure:
11101	return -ENOBUFS;
11102}
11103
11104static int nl80211_send_scan_msg(struct sk_buff *msg,
11105				 struct cfg80211_registered_device *rdev,
11106				 struct wireless_dev *wdev,
11107				 u32 portid, u32 seq, int flags,
11108				 u32 cmd)
11109{
11110	void *hdr;
11111
11112	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11113	if (!hdr)
11114		return -1;
11115
11116	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11117	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11118					 wdev->netdev->ifindex)) ||
11119	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
11120		goto nla_put_failure;
11121
11122	/* ignore errors and send incomplete event anyway */
11123	nl80211_add_scan_req(msg, rdev);
11124
11125	genlmsg_end(msg, hdr);
11126	return 0;
11127
11128 nla_put_failure:
11129	genlmsg_cancel(msg, hdr);
11130	return -EMSGSIZE;
11131}
11132
11133static int
11134nl80211_send_sched_scan_msg(struct sk_buff *msg,
11135			    struct cfg80211_registered_device *rdev,
11136			    struct net_device *netdev,
11137			    u32 portid, u32 seq, int flags, u32 cmd)
11138{
11139	void *hdr;
11140
11141	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
11142	if (!hdr)
11143		return -1;
11144
11145	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11146	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
11147		goto nla_put_failure;
11148
11149	genlmsg_end(msg, hdr);
11150	return 0;
11151
11152 nla_put_failure:
11153	genlmsg_cancel(msg, hdr);
11154	return -EMSGSIZE;
11155}
11156
11157void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
11158			     struct wireless_dev *wdev)
11159{
11160	struct sk_buff *msg;
11161
11162	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11163	if (!msg)
11164		return;
11165
11166	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11167				  NL80211_CMD_TRIGGER_SCAN) < 0) {
11168		nlmsg_free(msg);
11169		return;
11170	}
11171
11172	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11173				NL80211_MCGRP_SCAN, GFP_KERNEL);
11174}
11175
11176struct sk_buff *nl80211_build_scan_msg(struct cfg80211_registered_device *rdev,
11177				       struct wireless_dev *wdev, bool aborted)
11178{
11179	struct sk_buff *msg;
11180
11181	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11182	if (!msg)
11183		return NULL;
11184
11185	if (nl80211_send_scan_msg(msg, rdev, wdev, 0, 0, 0,
11186				  aborted ? NL80211_CMD_SCAN_ABORTED :
11187					    NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
11188		nlmsg_free(msg);
11189		return NULL;
11190	}
11191
11192	return msg;
11193}
11194
11195void nl80211_send_scan_result(struct cfg80211_registered_device *rdev,
11196			      struct sk_buff *msg)
11197{
11198	if (!msg)
11199		return;
11200
11201	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11202				NL80211_MCGRP_SCAN, GFP_KERNEL);
11203}
11204
11205void nl80211_send_sched_scan_results(struct cfg80211_registered_device *rdev,
11206				     struct net_device *netdev)
11207{
11208	struct sk_buff *msg;
11209
11210	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11211	if (!msg)
11212		return;
11213
11214	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0,
11215					NL80211_CMD_SCHED_SCAN_RESULTS) < 0) {
11216		nlmsg_free(msg);
11217		return;
11218	}
11219
11220	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11221				NL80211_MCGRP_SCAN, GFP_KERNEL);
11222}
11223
11224void nl80211_send_sched_scan(struct cfg80211_registered_device *rdev,
11225			     struct net_device *netdev, u32 cmd)
11226{
11227	struct sk_buff *msg;
11228
11229	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11230	if (!msg)
11231		return;
11232
11233	if (nl80211_send_sched_scan_msg(msg, rdev, netdev, 0, 0, 0, cmd) < 0) {
11234		nlmsg_free(msg);
11235		return;
11236	}
11237
11238	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11239				NL80211_MCGRP_SCAN, GFP_KERNEL);
11240}
11241
11242static bool nl80211_reg_change_event_fill(struct sk_buff *msg,
11243					  struct regulatory_request *request)
11244{
11245	/* Userspace can always count this one always being set */
11246	if (nla_put_u8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator))
11247		goto nla_put_failure;
11248
11249	if (request->alpha2[0] == '0' && request->alpha2[1] == '0') {
11250		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11251			       NL80211_REGDOM_TYPE_WORLD))
11252			goto nla_put_failure;
11253	} else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') {
11254		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11255			       NL80211_REGDOM_TYPE_CUSTOM_WORLD))
11256			goto nla_put_failure;
11257	} else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
11258		   request->intersect) {
11259		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11260			       NL80211_REGDOM_TYPE_INTERSECTION))
11261			goto nla_put_failure;
11262	} else {
11263		if (nla_put_u8(msg, NL80211_ATTR_REG_TYPE,
11264			       NL80211_REGDOM_TYPE_COUNTRY) ||
11265		    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
11266				   request->alpha2))
11267			goto nla_put_failure;
11268	}
11269
11270	if (request->wiphy_idx != WIPHY_IDX_INVALID) {
11271		struct wiphy *wiphy = wiphy_idx_to_wiphy(request->wiphy_idx);
11272
11273		if (wiphy &&
11274		    nla_put_u32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx))
11275			goto nla_put_failure;
11276
11277		if (wiphy &&
11278		    wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
11279		    nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
11280			goto nla_put_failure;
11281	}
11282
11283	return true;
11284
11285nla_put_failure:
11286	return false;
11287}
11288
11289/*
11290 * This can happen on global regulatory changes or device specific settings
11291 * based on custom regulatory domains.
11292 */
11293void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
11294				     struct regulatory_request *request)
11295{
11296	struct sk_buff *msg;
11297	void *hdr;
11298
11299	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11300	if (!msg)
11301		return;
11302
11303	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
11304	if (!hdr) {
11305		nlmsg_free(msg);
11306		return;
11307	}
11308
11309	if (nl80211_reg_change_event_fill(msg, request) == false)
11310		goto nla_put_failure;
11311
11312	genlmsg_end(msg, hdr);
11313
11314	rcu_read_lock();
11315	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
11316				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
11317	rcu_read_unlock();
11318
11319	return;
11320
11321nla_put_failure:
11322	genlmsg_cancel(msg, hdr);
11323	nlmsg_free(msg);
11324}
11325
11326static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
11327				    struct net_device *netdev,
11328				    const u8 *buf, size_t len,
11329				    enum nl80211_commands cmd, gfp_t gfp,
11330				    int uapsd_queues)
11331{
11332	struct sk_buff *msg;
11333	void *hdr;
11334
11335	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11336	if (!msg)
11337		return;
11338
11339	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11340	if (!hdr) {
11341		nlmsg_free(msg);
11342		return;
11343	}
11344
11345	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11346	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11347	    nla_put(msg, NL80211_ATTR_FRAME, len, buf))
11348		goto nla_put_failure;
11349
11350	if (uapsd_queues >= 0) {
11351		struct nlattr *nla_wmm =
11352			nla_nest_start(msg, NL80211_ATTR_STA_WME);
11353		if (!nla_wmm)
11354			goto nla_put_failure;
11355
11356		if (nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
11357			       uapsd_queues))
11358			goto nla_put_failure;
11359
11360		nla_nest_end(msg, nla_wmm);
11361	}
11362
11363	genlmsg_end(msg, hdr);
11364
11365	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11366				NL80211_MCGRP_MLME, gfp);
11367	return;
11368
11369 nla_put_failure:
11370	genlmsg_cancel(msg, hdr);
11371	nlmsg_free(msg);
11372}
11373
11374void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
11375			  struct net_device *netdev, const u8 *buf,
11376			  size_t len, gfp_t gfp)
11377{
11378	nl80211_send_mlme_event(rdev, netdev, buf, len,
11379				NL80211_CMD_AUTHENTICATE, gfp, -1);
11380}
11381
11382void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
11383			   struct net_device *netdev, const u8 *buf,
11384			   size_t len, gfp_t gfp, int uapsd_queues)
11385{
11386	nl80211_send_mlme_event(rdev, netdev, buf, len,
11387				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
11388}
11389
11390void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
11391			 struct net_device *netdev, const u8 *buf,
11392			 size_t len, gfp_t gfp)
11393{
11394	nl80211_send_mlme_event(rdev, netdev, buf, len,
11395				NL80211_CMD_DEAUTHENTICATE, gfp, -1);
11396}
11397
11398void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
11399			   struct net_device *netdev, const u8 *buf,
11400			   size_t len, gfp_t gfp)
11401{
11402	nl80211_send_mlme_event(rdev, netdev, buf, len,
11403				NL80211_CMD_DISASSOCIATE, gfp, -1);
11404}
11405
11406void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
11407				  size_t len)
11408{
11409	struct wireless_dev *wdev = dev->ieee80211_ptr;
11410	struct wiphy *wiphy = wdev->wiphy;
11411	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11412	const struct ieee80211_mgmt *mgmt = (void *)buf;
11413	u32 cmd;
11414
11415	if (WARN_ON(len < 2))
11416		return;
11417
11418	if (ieee80211_is_deauth(mgmt->frame_control))
11419		cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
11420	else
11421		cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
11422
11423	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
11424	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
11425}
11426EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
11427
11428static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
11429				      struct net_device *netdev, int cmd,
11430				      const u8 *addr, gfp_t gfp)
11431{
11432	struct sk_buff *msg;
11433	void *hdr;
11434
11435	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11436	if (!msg)
11437		return;
11438
11439	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11440	if (!hdr) {
11441		nlmsg_free(msg);
11442		return;
11443	}
11444
11445	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11446	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11447	    nla_put_flag(msg, NL80211_ATTR_TIMED_OUT) ||
11448	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
11449		goto nla_put_failure;
11450
11451	genlmsg_end(msg, hdr);
11452
11453	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11454				NL80211_MCGRP_MLME, gfp);
11455	return;
11456
11457 nla_put_failure:
11458	genlmsg_cancel(msg, hdr);
11459	nlmsg_free(msg);
11460}
11461
11462void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
11463			       struct net_device *netdev, const u8 *addr,
11464			       gfp_t gfp)
11465{
11466	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
11467				  addr, gfp);
11468}
11469
11470void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
11471				struct net_device *netdev, const u8 *addr,
11472				gfp_t gfp)
11473{
11474	nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
11475				  addr, gfp);
11476}
11477
11478void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
11479				 struct net_device *netdev, const u8 *bssid,
11480				 const u8 *req_ie, size_t req_ie_len,
11481				 const u8 *resp_ie, size_t resp_ie_len,
11482				 u16 status, gfp_t gfp)
11483{
11484	struct sk_buff *msg;
11485	void *hdr;
11486
11487	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11488	if (!msg)
11489		return;
11490
11491	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
11492	if (!hdr) {
11493		nlmsg_free(msg);
11494		return;
11495	}
11496
11497	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11498	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11499	    (bssid && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid)) ||
11500	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status) ||
11501	    (req_ie &&
11502	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11503	    (resp_ie &&
11504	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11505		goto nla_put_failure;
11506
11507	genlmsg_end(msg, hdr);
11508
11509	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11510				NL80211_MCGRP_MLME, gfp);
11511	return;
11512
11513 nla_put_failure:
11514	genlmsg_cancel(msg, hdr);
11515	nlmsg_free(msg);
11516
11517}
11518
11519void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
11520			 struct net_device *netdev, const u8 *bssid,
11521			 const u8 *req_ie, size_t req_ie_len,
11522			 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
11523{
11524	struct sk_buff *msg;
11525	void *hdr;
11526
11527	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11528	if (!msg)
11529		return;
11530
11531	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
11532	if (!hdr) {
11533		nlmsg_free(msg);
11534		return;
11535	}
11536
11537	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11538	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11539	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid) ||
11540	    (req_ie &&
11541	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie)) ||
11542	    (resp_ie &&
11543	     nla_put(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie)))
11544		goto nla_put_failure;
11545
11546	genlmsg_end(msg, hdr);
11547
11548	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11549				NL80211_MCGRP_MLME, gfp);
11550	return;
11551
11552 nla_put_failure:
11553	genlmsg_cancel(msg, hdr);
11554	nlmsg_free(msg);
11555
11556}
11557
11558void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
11559			       struct net_device *netdev, u16 reason,
11560			       const u8 *ie, size_t ie_len, bool from_ap)
11561{
11562	struct sk_buff *msg;
11563	void *hdr;
11564
11565	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
11566	if (!msg)
11567		return;
11568
11569	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
11570	if (!hdr) {
11571		nlmsg_free(msg);
11572		return;
11573	}
11574
11575	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11576	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11577	    (from_ap && reason &&
11578	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason)) ||
11579	    (from_ap &&
11580	     nla_put_flag(msg, NL80211_ATTR_DISCONNECTED_BY_AP)) ||
11581	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie)))
11582		goto nla_put_failure;
11583
11584	genlmsg_end(msg, hdr);
11585
11586	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11587				NL80211_MCGRP_MLME, GFP_KERNEL);
11588	return;
11589
11590 nla_put_failure:
11591	genlmsg_cancel(msg, hdr);
11592	nlmsg_free(msg);
11593
11594}
11595
11596void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
11597			     struct net_device *netdev, const u8 *bssid,
11598			     gfp_t gfp)
11599{
11600	struct sk_buff *msg;
11601	void *hdr;
11602
11603	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11604	if (!msg)
11605		return;
11606
11607	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
11608	if (!hdr) {
11609		nlmsg_free(msg);
11610		return;
11611	}
11612
11613	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11614	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11615	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
11616		goto nla_put_failure;
11617
11618	genlmsg_end(msg, hdr);
11619
11620	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11621				NL80211_MCGRP_MLME, gfp);
11622	return;
11623
11624 nla_put_failure:
11625	genlmsg_cancel(msg, hdr);
11626	nlmsg_free(msg);
11627}
11628
11629void cfg80211_notify_new_peer_candidate(struct net_device *dev, const u8 *addr,
11630					const u8* ie, u8 ie_len, gfp_t gfp)
11631{
11632	struct wireless_dev *wdev = dev->ieee80211_ptr;
11633	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11634	struct sk_buff *msg;
11635	void *hdr;
11636
11637	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_MESH_POINT))
11638		return;
11639
11640	trace_cfg80211_notify_new_peer_candidate(dev, addr);
11641
11642	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11643	if (!msg)
11644		return;
11645
11646	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NEW_PEER_CANDIDATE);
11647	if (!hdr) {
11648		nlmsg_free(msg);
11649		return;
11650	}
11651
11652	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11653	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11654	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
11655	    (ie_len && ie &&
11656	     nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
11657		goto nla_put_failure;
11658
11659	genlmsg_end(msg, hdr);
11660
11661	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11662				NL80211_MCGRP_MLME, gfp);
11663	return;
11664
11665 nla_put_failure:
11666	genlmsg_cancel(msg, hdr);
11667	nlmsg_free(msg);
11668}
11669EXPORT_SYMBOL(cfg80211_notify_new_peer_candidate);
11670
11671void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
11672				 struct net_device *netdev, const u8 *addr,
11673				 enum nl80211_key_type key_type, int key_id,
11674				 const u8 *tsc, gfp_t gfp)
11675{
11676	struct sk_buff *msg;
11677	void *hdr;
11678
11679	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11680	if (!msg)
11681		return;
11682
11683	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
11684	if (!hdr) {
11685		nlmsg_free(msg);
11686		return;
11687	}
11688
11689	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11690	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
11691	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
11692	    nla_put_u32(msg, NL80211_ATTR_KEY_TYPE, key_type) ||
11693	    (key_id != -1 &&
11694	     nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_id)) ||
11695	    (tsc && nla_put(msg, NL80211_ATTR_KEY_SEQ, 6, tsc)))
11696		goto nla_put_failure;
11697
11698	genlmsg_end(msg, hdr);
11699
11700	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11701				NL80211_MCGRP_MLME, gfp);
11702	return;
11703
11704 nla_put_failure:
11705	genlmsg_cancel(msg, hdr);
11706	nlmsg_free(msg);
11707}
11708
11709void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
11710				    struct ieee80211_channel *channel_before,
11711				    struct ieee80211_channel *channel_after)
11712{
11713	struct sk_buff *msg;
11714	void *hdr;
11715	struct nlattr *nl_freq;
11716
11717	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
11718	if (!msg)
11719		return;
11720
11721	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
11722	if (!hdr) {
11723		nlmsg_free(msg);
11724		return;
11725	}
11726
11727	/*
11728	 * Since we are applying the beacon hint to a wiphy we know its
11729	 * wiphy_idx is valid
11730	 */
11731	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)))
11732		goto nla_put_failure;
11733
11734	/* Before */
11735	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
11736	if (!nl_freq)
11737		goto nla_put_failure;
11738	if (nl80211_msg_put_channel(msg, channel_before, false))
11739		goto nla_put_failure;
11740	nla_nest_end(msg, nl_freq);
11741
11742	/* After */
11743	nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
11744	if (!nl_freq)
11745		goto nla_put_failure;
11746	if (nl80211_msg_put_channel(msg, channel_after, false))
11747		goto nla_put_failure;
11748	nla_nest_end(msg, nl_freq);
11749
11750	genlmsg_end(msg, hdr);
11751
11752	rcu_read_lock();
11753	genlmsg_multicast_allns(&nl80211_fam, msg, 0,
11754				NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
11755	rcu_read_unlock();
11756
11757	return;
11758
11759nla_put_failure:
11760	genlmsg_cancel(msg, hdr);
11761	nlmsg_free(msg);
11762}
11763
11764static void nl80211_send_remain_on_chan_event(
11765	int cmd, struct cfg80211_registered_device *rdev,
11766	struct wireless_dev *wdev, u64 cookie,
11767	struct ieee80211_channel *chan,
11768	unsigned int duration, gfp_t gfp)
11769{
11770	struct sk_buff *msg;
11771	void *hdr;
11772
11773	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11774	if (!msg)
11775		return;
11776
11777	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11778	if (!hdr) {
11779		nlmsg_free(msg);
11780		return;
11781	}
11782
11783	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11784	    (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
11785					 wdev->netdev->ifindex)) ||
11786	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
11787	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq) ||
11788	    nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
11789			NL80211_CHAN_NO_HT) ||
11790	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie))
11791		goto nla_put_failure;
11792
11793	if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL &&
11794	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration))
11795		goto nla_put_failure;
11796
11797	genlmsg_end(msg, hdr);
11798
11799	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11800				NL80211_MCGRP_MLME, gfp);
11801	return;
11802
11803 nla_put_failure:
11804	genlmsg_cancel(msg, hdr);
11805	nlmsg_free(msg);
11806}
11807
11808void cfg80211_ready_on_channel(struct wireless_dev *wdev, u64 cookie,
11809			       struct ieee80211_channel *chan,
11810			       unsigned int duration, gfp_t gfp)
11811{
11812	struct wiphy *wiphy = wdev->wiphy;
11813	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11814
11815	trace_cfg80211_ready_on_channel(wdev, cookie, chan, duration);
11816	nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
11817					  rdev, wdev, cookie, chan,
11818					  duration, gfp);
11819}
11820EXPORT_SYMBOL(cfg80211_ready_on_channel);
11821
11822void cfg80211_remain_on_channel_expired(struct wireless_dev *wdev, u64 cookie,
11823					struct ieee80211_channel *chan,
11824					gfp_t gfp)
11825{
11826	struct wiphy *wiphy = wdev->wiphy;
11827	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11828
11829	trace_cfg80211_ready_on_channel_expired(wdev, cookie, chan);
11830	nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
11831					  rdev, wdev, cookie, chan, 0, gfp);
11832}
11833EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
11834
11835void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
11836		      struct station_info *sinfo, gfp_t gfp)
11837{
11838	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
11839	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11840	struct sk_buff *msg;
11841
11842	trace_cfg80211_new_sta(dev, mac_addr, sinfo);
11843
11844	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11845	if (!msg)
11846		return;
11847
11848	if (nl80211_send_station(msg, NL80211_CMD_NEW_STATION, 0, 0, 0,
11849				 rdev, dev, mac_addr, sinfo) < 0) {
11850		nlmsg_free(msg);
11851		return;
11852	}
11853
11854	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11855				NL80211_MCGRP_MLME, gfp);
11856}
11857EXPORT_SYMBOL(cfg80211_new_sta);
11858
11859void cfg80211_del_sta_sinfo(struct net_device *dev, const u8 *mac_addr,
11860			    struct station_info *sinfo, gfp_t gfp)
11861{
11862	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
11863	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11864	struct sk_buff *msg;
11865	struct station_info empty_sinfo = {};
11866
11867	if (!sinfo)
11868		sinfo = &empty_sinfo;
11869
11870	trace_cfg80211_del_sta(dev, mac_addr);
11871
11872	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
11873	if (!msg)
11874		return;
11875
11876	if (nl80211_send_station(msg, NL80211_CMD_DEL_STATION, 0, 0, 0,
11877				 rdev, dev, mac_addr, sinfo) < 0) {
11878		nlmsg_free(msg);
11879		return;
11880	}
11881
11882	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11883				NL80211_MCGRP_MLME, gfp);
11884}
11885EXPORT_SYMBOL(cfg80211_del_sta_sinfo);
11886
11887void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
11888			  enum nl80211_connect_failed_reason reason,
11889			  gfp_t gfp)
11890{
11891	struct wiphy *wiphy = dev->ieee80211_ptr->wiphy;
11892	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
11893	struct sk_buff *msg;
11894	void *hdr;
11895
11896	msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
11897	if (!msg)
11898		return;
11899
11900	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONN_FAILED);
11901	if (!hdr) {
11902		nlmsg_free(msg);
11903		return;
11904	}
11905
11906	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11907	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
11908	    nla_put_u32(msg, NL80211_ATTR_CONN_FAILED_REASON, reason))
11909		goto nla_put_failure;
11910
11911	genlmsg_end(msg, hdr);
11912
11913	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11914				NL80211_MCGRP_MLME, gfp);
11915	return;
11916
11917 nla_put_failure:
11918	genlmsg_cancel(msg, hdr);
11919	nlmsg_free(msg);
11920}
11921EXPORT_SYMBOL(cfg80211_conn_failed);
11922
11923static bool __nl80211_unexpected_frame(struct net_device *dev, u8 cmd,
11924				       const u8 *addr, gfp_t gfp)
11925{
11926	struct wireless_dev *wdev = dev->ieee80211_ptr;
11927	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
11928	struct sk_buff *msg;
11929	void *hdr;
11930	u32 nlportid = ACCESS_ONCE(wdev->ap_unexpected_nlportid);
11931
11932	if (!nlportid)
11933		return false;
11934
11935	msg = nlmsg_new(100, gfp);
11936	if (!msg)
11937		return true;
11938
11939	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
11940	if (!hdr) {
11941		nlmsg_free(msg);
11942		return true;
11943	}
11944
11945	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
11946	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
11947	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
11948		goto nla_put_failure;
11949
11950	genlmsg_end(msg, hdr);
11951	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
11952	return true;
11953
11954 nla_put_failure:
11955	genlmsg_cancel(msg, hdr);
11956	nlmsg_free(msg);
11957	return true;
11958}
11959
11960bool cfg80211_rx_spurious_frame(struct net_device *dev,
11961				const u8 *addr, gfp_t gfp)
11962{
11963	struct wireless_dev *wdev = dev->ieee80211_ptr;
11964	bool ret;
11965
11966	trace_cfg80211_rx_spurious_frame(dev, addr);
11967
11968	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11969		    wdev->iftype != NL80211_IFTYPE_P2P_GO)) {
11970		trace_cfg80211_return_bool(false);
11971		return false;
11972	}
11973	ret = __nl80211_unexpected_frame(dev, NL80211_CMD_UNEXPECTED_FRAME,
11974					 addr, gfp);
11975	trace_cfg80211_return_bool(ret);
11976	return ret;
11977}
11978EXPORT_SYMBOL(cfg80211_rx_spurious_frame);
11979
11980bool cfg80211_rx_unexpected_4addr_frame(struct net_device *dev,
11981					const u8 *addr, gfp_t gfp)
11982{
11983	struct wireless_dev *wdev = dev->ieee80211_ptr;
11984	bool ret;
11985
11986	trace_cfg80211_rx_unexpected_4addr_frame(dev, addr);
11987
11988	if (WARN_ON(wdev->iftype != NL80211_IFTYPE_AP &&
11989		    wdev->iftype != NL80211_IFTYPE_P2P_GO &&
11990		    wdev->iftype != NL80211_IFTYPE_AP_VLAN)) {
11991		trace_cfg80211_return_bool(false);
11992		return false;
11993	}
11994	ret = __nl80211_unexpected_frame(dev,
11995					 NL80211_CMD_UNEXPECTED_4ADDR_FRAME,
11996					 addr, gfp);
11997	trace_cfg80211_return_bool(ret);
11998	return ret;
11999}
12000EXPORT_SYMBOL(cfg80211_rx_unexpected_4addr_frame);
12001
12002int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
12003		      struct wireless_dev *wdev, u32 nlportid,
12004		      int freq, int sig_dbm,
12005		      const u8 *buf, size_t len, u32 flags, gfp_t gfp)
12006{
12007	struct net_device *netdev = wdev->netdev;
12008	struct sk_buff *msg;
12009	void *hdr;
12010
12011	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12012	if (!msg)
12013		return -ENOMEM;
12014
12015	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12016	if (!hdr) {
12017		nlmsg_free(msg);
12018		return -ENOMEM;
12019	}
12020
12021	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12022	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12023					netdev->ifindex)) ||
12024	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12025	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
12026	    (sig_dbm &&
12027	     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12028	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12029	    (flags &&
12030	     nla_put_u32(msg, NL80211_ATTR_RXMGMT_FLAGS, flags)))
12031		goto nla_put_failure;
12032
12033	genlmsg_end(msg, hdr);
12034
12035	return genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12036
12037 nla_put_failure:
12038	genlmsg_cancel(msg, hdr);
12039	nlmsg_free(msg);
12040	return -ENOBUFS;
12041}
12042
12043void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
12044			     const u8 *buf, size_t len, bool ack, gfp_t gfp)
12045{
12046	struct wiphy *wiphy = wdev->wiphy;
12047	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12048	struct net_device *netdev = wdev->netdev;
12049	struct sk_buff *msg;
12050	void *hdr;
12051
12052	trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
12053
12054	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12055	if (!msg)
12056		return;
12057
12058	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
12059	if (!hdr) {
12060		nlmsg_free(msg);
12061		return;
12062	}
12063
12064	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12065	    (netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12066				   netdev->ifindex)) ||
12067	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
12068	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
12069	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12070	    (ack && nla_put_flag(msg, NL80211_ATTR_ACK)))
12071		goto nla_put_failure;
12072
12073	genlmsg_end(msg, hdr);
12074
12075	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12076				NL80211_MCGRP_MLME, gfp);
12077	return;
12078
12079 nla_put_failure:
12080	genlmsg_cancel(msg, hdr);
12081	nlmsg_free(msg);
12082}
12083EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
12084
12085static struct sk_buff *cfg80211_prepare_cqm(struct net_device *dev,
12086					    const char *mac, gfp_t gfp)
12087{
12088	struct wireless_dev *wdev = dev->ieee80211_ptr;
12089	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12090	struct sk_buff *msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12091	void **cb;
12092
12093	if (!msg)
12094		return NULL;
12095
12096	cb = (void **)msg->cb;
12097
12098	cb[0] = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
12099	if (!cb[0]) {
12100		nlmsg_free(msg);
12101		return NULL;
12102	}
12103
12104	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12105	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
12106		goto nla_put_failure;
12107
12108	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
12109		goto nla_put_failure;
12110
12111	cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
12112	if (!cb[1])
12113		goto nla_put_failure;
12114
12115	cb[2] = rdev;
12116
12117	return msg;
12118 nla_put_failure:
12119	nlmsg_free(msg);
12120	return NULL;
12121}
12122
12123static void cfg80211_send_cqm(struct sk_buff *msg, gfp_t gfp)
12124{
12125	void **cb = (void **)msg->cb;
12126	struct cfg80211_registered_device *rdev = cb[2];
12127
12128	nla_nest_end(msg, cb[1]);
12129	genlmsg_end(msg, cb[0]);
12130
12131	memset(msg->cb, 0, sizeof(msg->cb));
12132
12133	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12134				NL80211_MCGRP_MLME, gfp);
12135}
12136
12137void cfg80211_cqm_rssi_notify(struct net_device *dev,
12138			      enum nl80211_cqm_rssi_threshold_event rssi_event,
12139			      gfp_t gfp)
12140{
12141	struct sk_buff *msg;
12142
12143	trace_cfg80211_cqm_rssi_notify(dev, rssi_event);
12144
12145	if (WARN_ON(rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW &&
12146		    rssi_event != NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH))
12147		return;
12148
12149	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12150	if (!msg)
12151		return;
12152
12153	if (nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
12154			rssi_event))
12155		goto nla_put_failure;
12156
12157	cfg80211_send_cqm(msg, gfp);
12158
12159	return;
12160
12161 nla_put_failure:
12162	nlmsg_free(msg);
12163}
12164EXPORT_SYMBOL(cfg80211_cqm_rssi_notify);
12165
12166void cfg80211_cqm_txe_notify(struct net_device *dev,
12167			     const u8 *peer, u32 num_packets,
12168			     u32 rate, u32 intvl, gfp_t gfp)
12169{
12170	struct sk_buff *msg;
12171
12172	msg = cfg80211_prepare_cqm(dev, peer, gfp);
12173	if (!msg)
12174		return;
12175
12176	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_PKTS, num_packets))
12177		goto nla_put_failure;
12178
12179	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_RATE, rate))
12180		goto nla_put_failure;
12181
12182	if (nla_put_u32(msg, NL80211_ATTR_CQM_TXE_INTVL, intvl))
12183		goto nla_put_failure;
12184
12185	cfg80211_send_cqm(msg, gfp);
12186	return;
12187
12188 nla_put_failure:
12189	nlmsg_free(msg);
12190}
12191EXPORT_SYMBOL(cfg80211_cqm_txe_notify);
12192
12193void cfg80211_cqm_pktloss_notify(struct net_device *dev,
12194				 const u8 *peer, u32 num_packets, gfp_t gfp)
12195{
12196	struct sk_buff *msg;
12197
12198	trace_cfg80211_cqm_pktloss_notify(dev, peer, num_packets);
12199
12200	msg = cfg80211_prepare_cqm(dev, peer, gfp);
12201	if (!msg)
12202		return;
12203
12204	if (nla_put_u32(msg, NL80211_ATTR_CQM_PKT_LOSS_EVENT, num_packets))
12205		goto nla_put_failure;
12206
12207	cfg80211_send_cqm(msg, gfp);
12208	return;
12209
12210 nla_put_failure:
12211	nlmsg_free(msg);
12212}
12213EXPORT_SYMBOL(cfg80211_cqm_pktloss_notify);
12214
12215void cfg80211_cqm_beacon_loss_notify(struct net_device *dev, gfp_t gfp)
12216{
12217	struct sk_buff *msg;
12218
12219	msg = cfg80211_prepare_cqm(dev, NULL, gfp);
12220	if (!msg)
12221		return;
12222
12223	if (nla_put_flag(msg, NL80211_ATTR_CQM_BEACON_LOSS_EVENT))
12224		goto nla_put_failure;
12225
12226	cfg80211_send_cqm(msg, gfp);
12227	return;
12228
12229 nla_put_failure:
12230	nlmsg_free(msg);
12231}
12232EXPORT_SYMBOL(cfg80211_cqm_beacon_loss_notify);
12233
12234static void nl80211_gtk_rekey_notify(struct cfg80211_registered_device *rdev,
12235				     struct net_device *netdev, const u8 *bssid,
12236				     const u8 *replay_ctr, gfp_t gfp)
12237{
12238	struct sk_buff *msg;
12239	struct nlattr *rekey_attr;
12240	void *hdr;
12241
12242	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12243	if (!msg)
12244		return;
12245
12246	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_REKEY_OFFLOAD);
12247	if (!hdr) {
12248		nlmsg_free(msg);
12249		return;
12250	}
12251
12252	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12253	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12254	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
12255		goto nla_put_failure;
12256
12257	rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
12258	if (!rekey_attr)
12259		goto nla_put_failure;
12260
12261	if (nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR,
12262		    NL80211_REPLAY_CTR_LEN, replay_ctr))
12263		goto nla_put_failure;
12264
12265	nla_nest_end(msg, rekey_attr);
12266
12267	genlmsg_end(msg, hdr);
12268
12269	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12270				NL80211_MCGRP_MLME, gfp);
12271	return;
12272
12273 nla_put_failure:
12274	genlmsg_cancel(msg, hdr);
12275	nlmsg_free(msg);
12276}
12277
12278void cfg80211_gtk_rekey_notify(struct net_device *dev, const u8 *bssid,
12279			       const u8 *replay_ctr, gfp_t gfp)
12280{
12281	struct wireless_dev *wdev = dev->ieee80211_ptr;
12282	struct wiphy *wiphy = wdev->wiphy;
12283	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12284
12285	trace_cfg80211_gtk_rekey_notify(dev, bssid);
12286	nl80211_gtk_rekey_notify(rdev, dev, bssid, replay_ctr, gfp);
12287}
12288EXPORT_SYMBOL(cfg80211_gtk_rekey_notify);
12289
12290static void
12291nl80211_pmksa_candidate_notify(struct cfg80211_registered_device *rdev,
12292			       struct net_device *netdev, int index,
12293			       const u8 *bssid, bool preauth, gfp_t gfp)
12294{
12295	struct sk_buff *msg;
12296	struct nlattr *attr;
12297	void *hdr;
12298
12299	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12300	if (!msg)
12301		return;
12302
12303	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PMKSA_CANDIDATE);
12304	if (!hdr) {
12305		nlmsg_free(msg);
12306		return;
12307	}
12308
12309	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12310	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12311		goto nla_put_failure;
12312
12313	attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
12314	if (!attr)
12315		goto nla_put_failure;
12316
12317	if (nla_put_u32(msg, NL80211_PMKSA_CANDIDATE_INDEX, index) ||
12318	    nla_put(msg, NL80211_PMKSA_CANDIDATE_BSSID, ETH_ALEN, bssid) ||
12319	    (preauth &&
12320	     nla_put_flag(msg, NL80211_PMKSA_CANDIDATE_PREAUTH)))
12321		goto nla_put_failure;
12322
12323	nla_nest_end(msg, attr);
12324
12325	genlmsg_end(msg, hdr);
12326
12327	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12328				NL80211_MCGRP_MLME, gfp);
12329	return;
12330
12331 nla_put_failure:
12332	genlmsg_cancel(msg, hdr);
12333	nlmsg_free(msg);
12334}
12335
12336void cfg80211_pmksa_candidate_notify(struct net_device *dev, int index,
12337				     const u8 *bssid, bool preauth, gfp_t gfp)
12338{
12339	struct wireless_dev *wdev = dev->ieee80211_ptr;
12340	struct wiphy *wiphy = wdev->wiphy;
12341	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12342
12343	trace_cfg80211_pmksa_candidate_notify(dev, index, bssid, preauth);
12344	nl80211_pmksa_candidate_notify(rdev, dev, index, bssid, preauth, gfp);
12345}
12346EXPORT_SYMBOL(cfg80211_pmksa_candidate_notify);
12347
12348static void nl80211_ch_switch_notify(struct cfg80211_registered_device *rdev,
12349				     struct net_device *netdev,
12350				     struct cfg80211_chan_def *chandef,
12351				     gfp_t gfp,
12352				     enum nl80211_commands notif,
12353				     u8 count)
12354{
12355	struct sk_buff *msg;
12356	void *hdr;
12357
12358	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12359	if (!msg)
12360		return;
12361
12362	hdr = nl80211hdr_put(msg, 0, 0, 0, notif);
12363	if (!hdr) {
12364		nlmsg_free(msg);
12365		return;
12366	}
12367
12368	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
12369		goto nla_put_failure;
12370
12371	if (nl80211_send_chandef(msg, chandef))
12372		goto nla_put_failure;
12373
12374	if ((notif == NL80211_CMD_CH_SWITCH_STARTED_NOTIFY) &&
12375	    (nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT, count)))
12376			goto nla_put_failure;
12377
12378	genlmsg_end(msg, hdr);
12379
12380	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12381				NL80211_MCGRP_MLME, gfp);
12382	return;
12383
12384 nla_put_failure:
12385	genlmsg_cancel(msg, hdr);
12386	nlmsg_free(msg);
12387}
12388
12389void cfg80211_ch_switch_notify(struct net_device *dev,
12390			       struct cfg80211_chan_def *chandef)
12391{
12392	struct wireless_dev *wdev = dev->ieee80211_ptr;
12393	struct wiphy *wiphy = wdev->wiphy;
12394	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12395
12396	ASSERT_WDEV_LOCK(wdev);
12397
12398	trace_cfg80211_ch_switch_notify(dev, chandef);
12399
12400	wdev->chandef = *chandef;
12401	wdev->preset_chandef = *chandef;
12402	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12403				 NL80211_CMD_CH_SWITCH_NOTIFY, 0);
12404}
12405EXPORT_SYMBOL(cfg80211_ch_switch_notify);
12406
12407void cfg80211_ch_switch_started_notify(struct net_device *dev,
12408				       struct cfg80211_chan_def *chandef,
12409				       u8 count)
12410{
12411	struct wireless_dev *wdev = dev->ieee80211_ptr;
12412	struct wiphy *wiphy = wdev->wiphy;
12413	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12414
12415	trace_cfg80211_ch_switch_started_notify(dev, chandef);
12416
12417	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
12418				 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY, count);
12419}
12420EXPORT_SYMBOL(cfg80211_ch_switch_started_notify);
12421
12422void
12423nl80211_radar_notify(struct cfg80211_registered_device *rdev,
12424		     const struct cfg80211_chan_def *chandef,
12425		     enum nl80211_radar_event event,
12426		     struct net_device *netdev, gfp_t gfp)
12427{
12428	struct sk_buff *msg;
12429	void *hdr;
12430
12431	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12432	if (!msg)
12433		return;
12434
12435	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_RADAR_DETECT);
12436	if (!hdr) {
12437		nlmsg_free(msg);
12438		return;
12439	}
12440
12441	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx))
12442		goto nla_put_failure;
12443
12444	/* NOP and radar events don't need a netdev parameter */
12445	if (netdev) {
12446		struct wireless_dev *wdev = netdev->ieee80211_ptr;
12447
12448		if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12449		    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12450			goto nla_put_failure;
12451	}
12452
12453	if (nla_put_u32(msg, NL80211_ATTR_RADAR_EVENT, event))
12454		goto nla_put_failure;
12455
12456	if (nl80211_send_chandef(msg, chandef))
12457		goto nla_put_failure;
12458
12459	genlmsg_end(msg, hdr);
12460
12461	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12462				NL80211_MCGRP_MLME, gfp);
12463	return;
12464
12465 nla_put_failure:
12466	genlmsg_cancel(msg, hdr);
12467	nlmsg_free(msg);
12468}
12469
12470void cfg80211_probe_status(struct net_device *dev, const u8 *addr,
12471			   u64 cookie, bool acked, gfp_t gfp)
12472{
12473	struct wireless_dev *wdev = dev->ieee80211_ptr;
12474	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12475	struct sk_buff *msg;
12476	void *hdr;
12477
12478	trace_cfg80211_probe_status(dev, addr, cookie, acked);
12479
12480	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12481
12482	if (!msg)
12483		return;
12484
12485	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PROBE_CLIENT);
12486	if (!hdr) {
12487		nlmsg_free(msg);
12488		return;
12489	}
12490
12491	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12492	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12493	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
12494	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie) ||
12495	    (acked && nla_put_flag(msg, NL80211_ATTR_ACK)))
12496		goto nla_put_failure;
12497
12498	genlmsg_end(msg, hdr);
12499
12500	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12501				NL80211_MCGRP_MLME, gfp);
12502	return;
12503
12504 nla_put_failure:
12505	genlmsg_cancel(msg, hdr);
12506	nlmsg_free(msg);
12507}
12508EXPORT_SYMBOL(cfg80211_probe_status);
12509
12510void cfg80211_report_obss_beacon(struct wiphy *wiphy,
12511				 const u8 *frame, size_t len,
12512				 int freq, int sig_dbm)
12513{
12514	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12515	struct sk_buff *msg;
12516	void *hdr;
12517	struct cfg80211_beacon_registration *reg;
12518
12519	trace_cfg80211_report_obss_beacon(wiphy, frame, len, freq, sig_dbm);
12520
12521	spin_lock_bh(&rdev->beacon_registrations_lock);
12522	list_for_each_entry(reg, &rdev->beacon_registrations, list) {
12523		msg = nlmsg_new(len + 100, GFP_ATOMIC);
12524		if (!msg) {
12525			spin_unlock_bh(&rdev->beacon_registrations_lock);
12526			return;
12527		}
12528
12529		hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
12530		if (!hdr)
12531			goto nla_put_failure;
12532
12533		if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12534		    (freq &&
12535		     nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
12536		    (sig_dbm &&
12537		     nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) ||
12538		    nla_put(msg, NL80211_ATTR_FRAME, len, frame))
12539			goto nla_put_failure;
12540
12541		genlmsg_end(msg, hdr);
12542
12543		genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, reg->nlportid);
12544	}
12545	spin_unlock_bh(&rdev->beacon_registrations_lock);
12546	return;
12547
12548 nla_put_failure:
12549	spin_unlock_bh(&rdev->beacon_registrations_lock);
12550	if (hdr)
12551		genlmsg_cancel(msg, hdr);
12552	nlmsg_free(msg);
12553}
12554EXPORT_SYMBOL(cfg80211_report_obss_beacon);
12555
12556#ifdef CONFIG_PM
12557static int cfg80211_net_detect_results(struct sk_buff *msg,
12558				       struct cfg80211_wowlan_wakeup *wakeup)
12559{
12560	struct cfg80211_wowlan_nd_info *nd = wakeup->net_detect;
12561	struct nlattr *nl_results, *nl_match, *nl_freqs;
12562	int i, j;
12563
12564	nl_results = nla_nest_start(
12565		msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
12566	if (!nl_results)
12567		return -EMSGSIZE;
12568
12569	for (i = 0; i < nd->n_matches; i++) {
12570		struct cfg80211_wowlan_nd_match *match = nd->matches[i];
12571
12572		nl_match = nla_nest_start(msg, i);
12573		if (!nl_match)
12574			break;
12575
12576		/* The SSID attribute is optional in nl80211, but for
12577		 * simplicity reasons it's always present in the
12578		 * cfg80211 structure.  If a driver can't pass the
12579		 * SSID, that needs to be changed.  A zero length SSID
12580		 * is still a valid SSID (wildcard), so it cannot be
12581		 * used for this purpose.
12582		 */
12583		if (nla_put(msg, NL80211_ATTR_SSID, match->ssid.ssid_len,
12584			    match->ssid.ssid)) {
12585			nla_nest_cancel(msg, nl_match);
12586			goto out;
12587		}
12588
12589		if (match->n_channels) {
12590			nl_freqs = nla_nest_start(
12591				msg, NL80211_ATTR_SCAN_FREQUENCIES);
12592			if (!nl_freqs) {
12593				nla_nest_cancel(msg, nl_match);
12594				goto out;
12595			}
12596
12597			for (j = 0; j < match->n_channels; j++) {
12598				if (nla_put_u32(msg, j, match->channels[j])) {
12599					nla_nest_cancel(msg, nl_freqs);
12600					nla_nest_cancel(msg, nl_match);
12601					goto out;
12602				}
12603			}
12604
12605			nla_nest_end(msg, nl_freqs);
12606		}
12607
12608		nla_nest_end(msg, nl_match);
12609	}
12610
12611out:
12612	nla_nest_end(msg, nl_results);
12613	return 0;
12614}
12615
12616void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
12617				   struct cfg80211_wowlan_wakeup *wakeup,
12618				   gfp_t gfp)
12619{
12620	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12621	struct sk_buff *msg;
12622	void *hdr;
12623	int size = 200;
12624
12625	trace_cfg80211_report_wowlan_wakeup(wdev->wiphy, wdev, wakeup);
12626
12627	if (wakeup)
12628		size += wakeup->packet_present_len;
12629
12630	msg = nlmsg_new(size, gfp);
12631	if (!msg)
12632		return;
12633
12634	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_SET_WOWLAN);
12635	if (!hdr)
12636		goto free_msg;
12637
12638	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12639	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12640		goto free_msg;
12641
12642	if (wdev->netdev && nla_put_u32(msg, NL80211_ATTR_IFINDEX,
12643					wdev->netdev->ifindex))
12644		goto free_msg;
12645
12646	if (wakeup) {
12647		struct nlattr *reasons;
12648
12649		reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
12650		if (!reasons)
12651			goto free_msg;
12652
12653		if (wakeup->disconnect &&
12654		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT))
12655			goto free_msg;
12656		if (wakeup->magic_pkt &&
12657		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT))
12658			goto free_msg;
12659		if (wakeup->gtk_rekey_failure &&
12660		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE))
12661			goto free_msg;
12662		if (wakeup->eap_identity_req &&
12663		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST))
12664			goto free_msg;
12665		if (wakeup->four_way_handshake &&
12666		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE))
12667			goto free_msg;
12668		if (wakeup->rfkill_release &&
12669		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))
12670			goto free_msg;
12671
12672		if (wakeup->pattern_idx >= 0 &&
12673		    nla_put_u32(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
12674				wakeup->pattern_idx))
12675			goto free_msg;
12676
12677		if (wakeup->tcp_match &&
12678		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
12679			goto free_msg;
12680
12681		if (wakeup->tcp_connlost &&
12682		    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
12683			goto free_msg;
12684
12685		if (wakeup->tcp_nomoretokens &&
12686		    nla_put_flag(msg,
12687				 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
12688			goto free_msg;
12689
12690		if (wakeup->packet) {
12691			u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
12692			u32 len_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211_LEN;
12693
12694			if (!wakeup->packet_80211) {
12695				pkt_attr =
12696					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023;
12697				len_attr =
12698					NL80211_WOWLAN_TRIG_WAKEUP_PKT_8023_LEN;
12699			}
12700
12701			if (wakeup->packet_len &&
12702			    nla_put_u32(msg, len_attr, wakeup->packet_len))
12703				goto free_msg;
12704
12705			if (nla_put(msg, pkt_attr, wakeup->packet_present_len,
12706				    wakeup->packet))
12707				goto free_msg;
12708		}
12709
12710		if (wakeup->net_detect &&
12711		    cfg80211_net_detect_results(msg, wakeup))
12712				goto free_msg;
12713
12714		nla_nest_end(msg, reasons);
12715	}
12716
12717	genlmsg_end(msg, hdr);
12718
12719	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12720				NL80211_MCGRP_MLME, gfp);
12721	return;
12722
12723 free_msg:
12724	nlmsg_free(msg);
12725}
12726EXPORT_SYMBOL(cfg80211_report_wowlan_wakeup);
12727#endif
12728
12729void cfg80211_tdls_oper_request(struct net_device *dev, const u8 *peer,
12730				enum nl80211_tdls_operation oper,
12731				u16 reason_code, gfp_t gfp)
12732{
12733	struct wireless_dev *wdev = dev->ieee80211_ptr;
12734	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
12735	struct sk_buff *msg;
12736	void *hdr;
12737
12738	trace_cfg80211_tdls_oper_request(wdev->wiphy, dev, peer, oper,
12739					 reason_code);
12740
12741	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12742	if (!msg)
12743		return;
12744
12745	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_TDLS_OPER);
12746	if (!hdr) {
12747		nlmsg_free(msg);
12748		return;
12749	}
12750
12751	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12752	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
12753	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, oper) ||
12754	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer) ||
12755	    (reason_code > 0 &&
12756	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code)))
12757		goto nla_put_failure;
12758
12759	genlmsg_end(msg, hdr);
12760
12761	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12762				NL80211_MCGRP_MLME, gfp);
12763	return;
12764
12765 nla_put_failure:
12766	genlmsg_cancel(msg, hdr);
12767	nlmsg_free(msg);
12768}
12769EXPORT_SYMBOL(cfg80211_tdls_oper_request);
12770
12771static int nl80211_netlink_notify(struct notifier_block * nb,
12772				  unsigned long state,
12773				  void *_notify)
12774{
12775	struct netlink_notify *notify = _notify;
12776	struct cfg80211_registered_device *rdev;
12777	struct wireless_dev *wdev;
12778	struct cfg80211_beacon_registration *reg, *tmp;
12779
12780	if (state != NETLINK_URELEASE || notify->protocol != NETLINK_GENERIC)
12781		return NOTIFY_DONE;
12782
12783	rcu_read_lock();
12784
12785	list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) {
12786		bool schedule_destroy_work = false;
12787		bool schedule_scan_stop = false;
12788		struct cfg80211_sched_scan_request *sched_scan_req =
12789			rcu_dereference(rdev->sched_scan_req);
12790
12791		if (sched_scan_req && notify->portid &&
12792		    sched_scan_req->owner_nlportid == notify->portid)
12793			schedule_scan_stop = true;
12794
12795		list_for_each_entry_rcu(wdev, &rdev->wdev_list, list) {
12796			cfg80211_mlme_unregister_socket(wdev, notify->portid);
12797
12798			if (wdev->owner_nlportid == notify->portid)
12799				schedule_destroy_work = true;
12800		}
12801
12802		spin_lock_bh(&rdev->beacon_registrations_lock);
12803		list_for_each_entry_safe(reg, tmp, &rdev->beacon_registrations,
12804					 list) {
12805			if (reg->nlportid == notify->portid) {
12806				list_del(&reg->list);
12807				kfree(reg);
12808				break;
12809			}
12810		}
12811		spin_unlock_bh(&rdev->beacon_registrations_lock);
12812
12813		if (schedule_destroy_work) {
12814			struct cfg80211_iface_destroy *destroy;
12815
12816			destroy = kzalloc(sizeof(*destroy), GFP_ATOMIC);
12817			if (destroy) {
12818				destroy->nlportid = notify->portid;
12819				spin_lock(&rdev->destroy_list_lock);
12820				list_add(&destroy->list, &rdev->destroy_list);
12821				spin_unlock(&rdev->destroy_list_lock);
12822				schedule_work(&rdev->destroy_work);
12823			}
12824		} else if (schedule_scan_stop) {
12825			sched_scan_req->owner_nlportid = 0;
12826
12827			if (rdev->ops->sched_scan_stop &&
12828			    rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
12829				schedule_work(&rdev->sched_scan_stop_wk);
12830		}
12831	}
12832
12833	rcu_read_unlock();
12834
12835	/*
12836	 * It is possible that the user space process that is controlling the
12837	 * indoor setting disappeared, so notify the regulatory core.
12838	 */
12839	regulatory_netlink_notify(notify->portid);
12840	return NOTIFY_OK;
12841}
12842
12843static struct notifier_block nl80211_netlink_notifier = {
12844	.notifier_call = nl80211_netlink_notify,
12845};
12846
12847void cfg80211_ft_event(struct net_device *netdev,
12848		       struct cfg80211_ft_event_params *ft_event)
12849{
12850	struct wiphy *wiphy = netdev->ieee80211_ptr->wiphy;
12851	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12852	struct sk_buff *msg;
12853	void *hdr;
12854
12855	trace_cfg80211_ft_event(wiphy, netdev, ft_event);
12856
12857	if (!ft_event->target_ap)
12858		return;
12859
12860	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12861	if (!msg)
12862		return;
12863
12864	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
12865	if (!hdr)
12866		goto out;
12867
12868	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12869	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
12870	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
12871		goto out;
12872
12873	if (ft_event->ies &&
12874	    nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
12875		goto out;
12876	if (ft_event->ric_ies &&
12877	    nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
12878		    ft_event->ric_ies))
12879		goto out;
12880
12881	genlmsg_end(msg, hdr);
12882
12883	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
12884				NL80211_MCGRP_MLME, GFP_KERNEL);
12885	return;
12886 out:
12887	nlmsg_free(msg);
12888}
12889EXPORT_SYMBOL(cfg80211_ft_event);
12890
12891void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
12892{
12893	struct cfg80211_registered_device *rdev;
12894	struct sk_buff *msg;
12895	void *hdr;
12896	u32 nlportid;
12897
12898	rdev = wiphy_to_rdev(wdev->wiphy);
12899	if (!rdev->crit_proto_nlportid)
12900		return;
12901
12902	nlportid = rdev->crit_proto_nlportid;
12903	rdev->crit_proto_nlportid = 0;
12904
12905	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
12906	if (!msg)
12907		return;
12908
12909	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
12910	if (!hdr)
12911		goto nla_put_failure;
12912
12913	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12914	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12915		goto nla_put_failure;
12916
12917	genlmsg_end(msg, hdr);
12918
12919	genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
12920	return;
12921
12922 nla_put_failure:
12923	if (hdr)
12924		genlmsg_cancel(msg, hdr);
12925	nlmsg_free(msg);
12926
12927}
12928EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
12929
12930void nl80211_send_ap_stopped(struct wireless_dev *wdev)
12931{
12932	struct wiphy *wiphy = wdev->wiphy;
12933	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
12934	struct sk_buff *msg;
12935	void *hdr;
12936
12937	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
12938	if (!msg)
12939		return;
12940
12941	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_STOP_AP);
12942	if (!hdr)
12943		goto out;
12944
12945	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
12946	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex) ||
12947	    nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
12948		goto out;
12949
12950	genlmsg_end(msg, hdr);
12951
12952	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(wiphy), msg, 0,
12953				NL80211_MCGRP_MLME, GFP_KERNEL);
12954	return;
12955 out:
12956	nlmsg_free(msg);
12957}
12958
12959/* initialisation/exit functions */
12960
12961int nl80211_init(void)
12962{
12963	int err;
12964
12965	err = genl_register_family_with_ops_groups(&nl80211_fam, nl80211_ops,
12966						   nl80211_mcgrps);
12967	if (err)
12968		return err;
12969
12970	err = netlink_register_notifier(&nl80211_netlink_notifier);
12971	if (err)
12972		goto err_out;
12973
12974	return 0;
12975 err_out:
12976	genl_unregister_family(&nl80211_fam);
12977	return err;
12978}
12979
12980void nl80211_exit(void)
12981{
12982	netlink_unregister_notifier(&nl80211_netlink_notifier);
12983	genl_unregister_family(&nl80211_fam);
12984}
12985