cfg80211/mac80211: allow registering for and sending action frames
[linux-2.6.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/list.h>
11 #include <linux/if_ether.h>
12 #include <linux/ieee80211.h>
13 #include <linux/nl80211.h>
14 #include <linux/rtnetlink.h>
15 #include <linux/netlink.h>
16 #include <linux/etherdevice.h>
17 #include <net/net_namespace.h>
18 #include <net/genetlink.h>
19 #include <net/cfg80211.h>
20 #include <net/sock.h>
21 #include "core.h"
22 #include "nl80211.h"
23 #include "reg.h"
24
25 /* the netlink family */
26 static struct genl_family nl80211_fam = {
27         .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
28         .name = "nl80211",      /* have users key off the name instead */
29         .hdrsize = 0,           /* no private header */
30         .version = 1,           /* no particular meaning now */
31         .maxattr = NL80211_ATTR_MAX,
32         .netnsok = true,
33 };
34
35 /* internal helper: get rdev and dev */
36 static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
37                                        struct cfg80211_registered_device **rdev,
38                                        struct net_device **dev)
39 {
40         struct nlattr **attrs = info->attrs;
41         int ifindex;
42
43         if (!attrs[NL80211_ATTR_IFINDEX])
44                 return -EINVAL;
45
46         ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
47         *dev = dev_get_by_index(genl_info_net(info), ifindex);
48         if (!*dev)
49                 return -ENODEV;
50
51         *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex);
52         if (IS_ERR(*rdev)) {
53                 dev_put(*dev);
54                 return PTR_ERR(*rdev);
55         }
56
57         return 0;
58 }
59
60 /* policy for the attributes */
61 static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
62         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
63         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
64                                       .len = 20-1 },
65         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
66         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
67         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
68         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
69         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
70         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
71         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
72         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
73
74         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
75         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
76         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
77
78         [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
79         [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
80
81         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
82         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
83                                     .len = WLAN_MAX_KEY_LEN },
84         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
85         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
86         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
87         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
88
89         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
90         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
91         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
92                                        .len = IEEE80211_MAX_DATA_LEN },
93         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
94                                        .len = IEEE80211_MAX_DATA_LEN },
95         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
96         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
97         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
98         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
99                                                .len = NL80211_MAX_SUPP_RATES },
100         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
101         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
102         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
103         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
104                                 .len = IEEE80211_MAX_MESH_ID_LEN },
105         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
106
107         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
108         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
109
110         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
111         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
112         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
113         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
114                                            .len = NL80211_MAX_SUPP_RATES },
115
116         [NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED },
117
118         [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
119                                          .len = NL80211_HT_CAPABILITY_LEN },
120
121         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
122         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
123                               .len = IEEE80211_MAX_DATA_LEN },
124         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
125         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
126
127         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
128                                 .len = IEEE80211_MAX_SSID_LEN },
129         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
130         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
131         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
132         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
133         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
134         [NL80211_ATTR_STA_FLAGS2] = {
135                 .len = sizeof(struct nl80211_sta_flag_update),
136         },
137         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
138         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
139         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
140         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
141         [NL80211_ATTR_PID] = { .type = NLA_U32 },
142         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
143         [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
144                                  .len = WLAN_PMKID_LEN },
145         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
146         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
147         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
148         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
149                                  .len = IEEE80211_MAX_DATA_LEN },
150         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
151 };
152
153 /* policy for the attributes */
154 static struct nla_policy
155 nl80211_key_policy[NL80211_KEY_MAX + 1] __read_mostly = {
156         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
157         [NL80211_KEY_IDX] = { .type = NLA_U8 },
158         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
159         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
160         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
161         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
162 };
163
164 /* ifidx get helper */
165 static int nl80211_get_ifidx(struct netlink_callback *cb)
166 {
167         int res;
168
169         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
170                           nl80211_fam.attrbuf, nl80211_fam.maxattr,
171                           nl80211_policy);
172         if (res)
173                 return res;
174
175         if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
176                 return -EINVAL;
177
178         res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
179         if (!res)
180                 return -EINVAL;
181         return res;
182 }
183
184 /* IE validation */
185 static bool is_valid_ie_attr(const struct nlattr *attr)
186 {
187         const u8 *pos;
188         int len;
189
190         if (!attr)
191                 return true;
192
193         pos = nla_data(attr);
194         len = nla_len(attr);
195
196         while (len) {
197                 u8 elemlen;
198
199                 if (len < 2)
200                         return false;
201                 len -= 2;
202
203                 elemlen = pos[1];
204                 if (elemlen > len)
205                         return false;
206
207                 len -= elemlen;
208                 pos += 2 + elemlen;
209         }
210
211         return true;
212 }
213
214 /* message building helper */
215 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
216                                    int flags, u8 cmd)
217 {
218         /* since there is no private header just add the generic one */
219         return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
220 }
221
222 static int nl80211_msg_put_channel(struct sk_buff *msg,
223                                    struct ieee80211_channel *chan)
224 {
225         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
226                     chan->center_freq);
227
228         if (chan->flags & IEEE80211_CHAN_DISABLED)
229                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
230         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
231                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
232         if (chan->flags & IEEE80211_CHAN_NO_IBSS)
233                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
234         if (chan->flags & IEEE80211_CHAN_RADAR)
235                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
236
237         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
238                     DBM_TO_MBM(chan->max_power));
239
240         return 0;
241
242  nla_put_failure:
243         return -ENOBUFS;
244 }
245
246 /* netlink command implementations */
247
248 struct key_parse {
249         struct key_params p;
250         int idx;
251         bool def, defmgmt;
252 };
253
254 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
255 {
256         struct nlattr *tb[NL80211_KEY_MAX + 1];
257         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
258                                    nl80211_key_policy);
259         if (err)
260                 return err;
261
262         k->def = !!tb[NL80211_KEY_DEFAULT];
263         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
264
265         if (tb[NL80211_KEY_IDX])
266                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
267
268         if (tb[NL80211_KEY_DATA]) {
269                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
270                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
271         }
272
273         if (tb[NL80211_KEY_SEQ]) {
274                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
275                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
276         }
277
278         if (tb[NL80211_KEY_CIPHER])
279                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
280
281         return 0;
282 }
283
284 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
285 {
286         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
287                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
288                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
289         }
290
291         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
292                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
293                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
294         }
295
296         if (info->attrs[NL80211_ATTR_KEY_IDX])
297                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
298
299         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
300                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
301
302         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
303         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
304
305         return 0;
306 }
307
308 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
309 {
310         int err;
311
312         memset(k, 0, sizeof(*k));
313         k->idx = -1;
314
315         if (info->attrs[NL80211_ATTR_KEY])
316                 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
317         else
318                 err = nl80211_parse_key_old(info, k);
319
320         if (err)
321                 return err;
322
323         if (k->def && k->defmgmt)
324                 return -EINVAL;
325
326         if (k->idx != -1) {
327                 if (k->defmgmt) {
328                         if (k->idx < 4 || k->idx > 5)
329                                 return -EINVAL;
330                 } else if (k->def) {
331                         if (k->idx < 0 || k->idx > 3)
332                                 return -EINVAL;
333                 } else {
334                         if (k->idx < 0 || k->idx > 5)
335                                 return -EINVAL;
336                 }
337         }
338
339         return 0;
340 }
341
342 static struct cfg80211_cached_keys *
343 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
344                        struct nlattr *keys)
345 {
346         struct key_parse parse;
347         struct nlattr *key;
348         struct cfg80211_cached_keys *result;
349         int rem, err, def = 0;
350
351         result = kzalloc(sizeof(*result), GFP_KERNEL);
352         if (!result)
353                 return ERR_PTR(-ENOMEM);
354
355         result->def = -1;
356         result->defmgmt = -1;
357
358         nla_for_each_nested(key, keys, rem) {
359                 memset(&parse, 0, sizeof(parse));
360                 parse.idx = -1;
361
362                 err = nl80211_parse_key_new(key, &parse);
363                 if (err)
364                         goto error;
365                 err = -EINVAL;
366                 if (!parse.p.key)
367                         goto error;
368                 if (parse.idx < 0 || parse.idx > 4)
369                         goto error;
370                 if (parse.def) {
371                         if (def)
372                                 goto error;
373                         def = 1;
374                         result->def = parse.idx;
375                 } else if (parse.defmgmt)
376                         goto error;
377                 err = cfg80211_validate_key_settings(rdev, &parse.p,
378                                                      parse.idx, NULL);
379                 if (err)
380                         goto error;
381                 result->params[parse.idx].cipher = parse.p.cipher;
382                 result->params[parse.idx].key_len = parse.p.key_len;
383                 result->params[parse.idx].key = result->data[parse.idx];
384                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
385         }
386
387         return result;
388  error:
389         kfree(result);
390         return ERR_PTR(err);
391 }
392
393 static int nl80211_key_allowed(struct wireless_dev *wdev)
394 {
395         ASSERT_WDEV_LOCK(wdev);
396
397         if (!netif_running(wdev->netdev))
398                 return -ENETDOWN;
399
400         switch (wdev->iftype) {
401         case NL80211_IFTYPE_AP:
402         case NL80211_IFTYPE_AP_VLAN:
403                 break;
404         case NL80211_IFTYPE_ADHOC:
405                 if (!wdev->current_bss)
406                         return -ENOLINK;
407                 break;
408         case NL80211_IFTYPE_STATION:
409                 if (wdev->sme_state != CFG80211_SME_CONNECTED)
410                         return -ENOLINK;
411                 break;
412         default:
413                 return -EINVAL;
414         }
415
416         return 0;
417 }
418
419 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
420                               struct cfg80211_registered_device *dev)
421 {
422         void *hdr;
423         struct nlattr *nl_bands, *nl_band;
424         struct nlattr *nl_freqs, *nl_freq;
425         struct nlattr *nl_rates, *nl_rate;
426         struct nlattr *nl_modes;
427         struct nlattr *nl_cmds;
428         enum ieee80211_band band;
429         struct ieee80211_channel *chan;
430         struct ieee80211_rate *rate;
431         int i;
432         u16 ifmodes = dev->wiphy.interface_modes;
433
434         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
435         if (!hdr)
436                 return -1;
437
438         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
439         NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
440
441         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
442                     cfg80211_rdev_list_generation);
443
444         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
445                    dev->wiphy.retry_short);
446         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
447                    dev->wiphy.retry_long);
448         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
449                     dev->wiphy.frag_threshold);
450         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
451                     dev->wiphy.rts_threshold);
452         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
453                     dev->wiphy.coverage_class);
454
455         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
456                    dev->wiphy.max_scan_ssids);
457         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
458                     dev->wiphy.max_scan_ie_len);
459
460         NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
461                 sizeof(u32) * dev->wiphy.n_cipher_suites,
462                 dev->wiphy.cipher_suites);
463
464         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
465                    dev->wiphy.max_num_pmkids);
466
467         nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES);
468         if (!nl_modes)
469                 goto nla_put_failure;
470
471         i = 0;
472         while (ifmodes) {
473                 if (ifmodes & 1)
474                         NLA_PUT_FLAG(msg, i);
475                 ifmodes >>= 1;
476                 i++;
477         }
478
479         nla_nest_end(msg, nl_modes);
480
481         nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
482         if (!nl_bands)
483                 goto nla_put_failure;
484
485         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
486                 if (!dev->wiphy.bands[band])
487                         continue;
488
489                 nl_band = nla_nest_start(msg, band);
490                 if (!nl_band)
491                         goto nla_put_failure;
492
493                 /* add HT info */
494                 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
495                         NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
496                                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
497                                 &dev->wiphy.bands[band]->ht_cap.mcs);
498                         NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
499                                 dev->wiphy.bands[band]->ht_cap.cap);
500                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
501                                 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
502                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
503                                 dev->wiphy.bands[band]->ht_cap.ampdu_density);
504                 }
505
506                 /* add frequencies */
507                 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
508                 if (!nl_freqs)
509                         goto nla_put_failure;
510
511                 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
512                         nl_freq = nla_nest_start(msg, i);
513                         if (!nl_freq)
514                                 goto nla_put_failure;
515
516                         chan = &dev->wiphy.bands[band]->channels[i];
517
518                         if (nl80211_msg_put_channel(msg, chan))
519                                 goto nla_put_failure;
520
521                         nla_nest_end(msg, nl_freq);
522                 }
523
524                 nla_nest_end(msg, nl_freqs);
525
526                 /* add bitrates */
527                 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
528                 if (!nl_rates)
529                         goto nla_put_failure;
530
531                 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
532                         nl_rate = nla_nest_start(msg, i);
533                         if (!nl_rate)
534                                 goto nla_put_failure;
535
536                         rate = &dev->wiphy.bands[band]->bitrates[i];
537                         NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
538                                     rate->bitrate);
539                         if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
540                                 NLA_PUT_FLAG(msg,
541                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
542
543                         nla_nest_end(msg, nl_rate);
544                 }
545
546                 nla_nest_end(msg, nl_rates);
547
548                 nla_nest_end(msg, nl_band);
549         }
550         nla_nest_end(msg, nl_bands);
551
552         nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
553         if (!nl_cmds)
554                 goto nla_put_failure;
555
556         i = 0;
557 #define CMD(op, n)                                              \
558          do {                                                   \
559                 if (dev->ops->op) {                             \
560                         i++;                                    \
561                         NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
562                 }                                               \
563         } while (0)
564
565         CMD(add_virtual_intf, NEW_INTERFACE);
566         CMD(change_virtual_intf, SET_INTERFACE);
567         CMD(add_key, NEW_KEY);
568         CMD(add_beacon, NEW_BEACON);
569         CMD(add_station, NEW_STATION);
570         CMD(add_mpath, NEW_MPATH);
571         CMD(set_mesh_params, SET_MESH_PARAMS);
572         CMD(change_bss, SET_BSS);
573         CMD(auth, AUTHENTICATE);
574         CMD(assoc, ASSOCIATE);
575         CMD(deauth, DEAUTHENTICATE);
576         CMD(disassoc, DISASSOCIATE);
577         CMD(join_ibss, JOIN_IBSS);
578         CMD(set_pmksa, SET_PMKSA);
579         CMD(del_pmksa, DEL_PMKSA);
580         CMD(flush_pmksa, FLUSH_PMKSA);
581         CMD(remain_on_channel, REMAIN_ON_CHANNEL);
582         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
583         CMD(action, ACTION);
584         if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
585                 i++;
586                 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
587         }
588
589 #undef CMD
590
591         if (dev->ops->connect || dev->ops->auth) {
592                 i++;
593                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
594         }
595
596         if (dev->ops->disconnect || dev->ops->deauth) {
597                 i++;
598                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
599         }
600
601         nla_nest_end(msg, nl_cmds);
602
603         return genlmsg_end(msg, hdr);
604
605  nla_put_failure:
606         genlmsg_cancel(msg, hdr);
607         return -EMSGSIZE;
608 }
609
610 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
611 {
612         int idx = 0;
613         int start = cb->args[0];
614         struct cfg80211_registered_device *dev;
615
616         mutex_lock(&cfg80211_mutex);
617         list_for_each_entry(dev, &cfg80211_rdev_list, list) {
618                 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
619                         continue;
620                 if (++idx <= start)
621                         continue;
622                 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
623                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
624                                        dev) < 0) {
625                         idx--;
626                         break;
627                 }
628         }
629         mutex_unlock(&cfg80211_mutex);
630
631         cb->args[0] = idx;
632
633         return skb->len;
634 }
635
636 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
637 {
638         struct sk_buff *msg;
639         struct cfg80211_registered_device *dev;
640
641         dev = cfg80211_get_dev_from_info(info);
642         if (IS_ERR(dev))
643                 return PTR_ERR(dev);
644
645         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
646         if (!msg)
647                 goto out_err;
648
649         if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0)
650                 goto out_free;
651
652         cfg80211_unlock_rdev(dev);
653
654         return genlmsg_reply(msg, info);
655
656  out_free:
657         nlmsg_free(msg);
658  out_err:
659         cfg80211_unlock_rdev(dev);
660         return -ENOBUFS;
661 }
662
663 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
664         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
665         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
666         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
667         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
668         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
669 };
670
671 static int parse_txq_params(struct nlattr *tb[],
672                             struct ieee80211_txq_params *txq_params)
673 {
674         if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
675             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
676             !tb[NL80211_TXQ_ATTR_AIFS])
677                 return -EINVAL;
678
679         txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
680         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
681         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
682         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
683         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
684
685         return 0;
686 }
687
688 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
689 {
690         struct cfg80211_registered_device *rdev;
691         int result = 0, rem_txq_params = 0;
692         struct nlattr *nl_txq_params;
693         u32 changed;
694         u8 retry_short = 0, retry_long = 0;
695         u32 frag_threshold = 0, rts_threshold = 0;
696         u8 coverage_class = 0;
697
698         rtnl_lock();
699
700         mutex_lock(&cfg80211_mutex);
701
702         rdev = __cfg80211_rdev_from_info(info);
703         if (IS_ERR(rdev)) {
704                 mutex_unlock(&cfg80211_mutex);
705                 result = PTR_ERR(rdev);
706                 goto unlock;
707         }
708
709         mutex_lock(&rdev->mtx);
710
711         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
712                 result = cfg80211_dev_rename(
713                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
714
715         mutex_unlock(&cfg80211_mutex);
716
717         if (result)
718                 goto bad_res;
719
720         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
721                 struct ieee80211_txq_params txq_params;
722                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
723
724                 if (!rdev->ops->set_txq_params) {
725                         result = -EOPNOTSUPP;
726                         goto bad_res;
727                 }
728
729                 nla_for_each_nested(nl_txq_params,
730                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
731                                     rem_txq_params) {
732                         nla_parse(tb, NL80211_TXQ_ATTR_MAX,
733                                   nla_data(nl_txq_params),
734                                   nla_len(nl_txq_params),
735                                   txq_params_policy);
736                         result = parse_txq_params(tb, &txq_params);
737                         if (result)
738                                 goto bad_res;
739
740                         result = rdev->ops->set_txq_params(&rdev->wiphy,
741                                                            &txq_params);
742                         if (result)
743                                 goto bad_res;
744                 }
745         }
746
747         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
748                 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
749                 u32 freq;
750
751                 result = -EINVAL;
752
753                 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
754                         channel_type = nla_get_u32(info->attrs[
755                                            NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
756                         if (channel_type != NL80211_CHAN_NO_HT &&
757                             channel_type != NL80211_CHAN_HT20 &&
758                             channel_type != NL80211_CHAN_HT40PLUS &&
759                             channel_type != NL80211_CHAN_HT40MINUS)
760                                 goto bad_res;
761                 }
762
763                 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
764
765                 mutex_lock(&rdev->devlist_mtx);
766                 result = rdev_set_freq(rdev, NULL, freq, channel_type);
767                 mutex_unlock(&rdev->devlist_mtx);
768                 if (result)
769                         goto bad_res;
770         }
771
772         changed = 0;
773
774         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
775                 retry_short = nla_get_u8(
776                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
777                 if (retry_short == 0) {
778                         result = -EINVAL;
779                         goto bad_res;
780                 }
781                 changed |= WIPHY_PARAM_RETRY_SHORT;
782         }
783
784         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
785                 retry_long = nla_get_u8(
786                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
787                 if (retry_long == 0) {
788                         result = -EINVAL;
789                         goto bad_res;
790                 }
791                 changed |= WIPHY_PARAM_RETRY_LONG;
792         }
793
794         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
795                 frag_threshold = nla_get_u32(
796                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
797                 if (frag_threshold < 256) {
798                         result = -EINVAL;
799                         goto bad_res;
800                 }
801                 if (frag_threshold != (u32) -1) {
802                         /*
803                          * Fragments (apart from the last one) are required to
804                          * have even length. Make the fragmentation code
805                          * simpler by stripping LSB should someone try to use
806                          * odd threshold value.
807                          */
808                         frag_threshold &= ~0x1;
809                 }
810                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
811         }
812
813         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
814                 rts_threshold = nla_get_u32(
815                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
816                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
817         }
818
819         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
820                 coverage_class = nla_get_u8(
821                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
822                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
823         }
824
825         if (changed) {
826                 u8 old_retry_short, old_retry_long;
827                 u32 old_frag_threshold, old_rts_threshold;
828                 u8 old_coverage_class;
829
830                 if (!rdev->ops->set_wiphy_params) {
831                         result = -EOPNOTSUPP;
832                         goto bad_res;
833                 }
834
835                 old_retry_short = rdev->wiphy.retry_short;
836                 old_retry_long = rdev->wiphy.retry_long;
837                 old_frag_threshold = rdev->wiphy.frag_threshold;
838                 old_rts_threshold = rdev->wiphy.rts_threshold;
839                 old_coverage_class = rdev->wiphy.coverage_class;
840
841                 if (changed & WIPHY_PARAM_RETRY_SHORT)
842                         rdev->wiphy.retry_short = retry_short;
843                 if (changed & WIPHY_PARAM_RETRY_LONG)
844                         rdev->wiphy.retry_long = retry_long;
845                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
846                         rdev->wiphy.frag_threshold = frag_threshold;
847                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
848                         rdev->wiphy.rts_threshold = rts_threshold;
849                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
850                         rdev->wiphy.coverage_class = coverage_class;
851
852                 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
853                 if (result) {
854                         rdev->wiphy.retry_short = old_retry_short;
855                         rdev->wiphy.retry_long = old_retry_long;
856                         rdev->wiphy.frag_threshold = old_frag_threshold;
857                         rdev->wiphy.rts_threshold = old_rts_threshold;
858                         rdev->wiphy.coverage_class = old_coverage_class;
859                 }
860         }
861
862  bad_res:
863         mutex_unlock(&rdev->mtx);
864  unlock:
865         rtnl_unlock();
866         return result;
867 }
868
869
870 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
871                               struct cfg80211_registered_device *rdev,
872                               struct net_device *dev)
873 {
874         void *hdr;
875
876         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
877         if (!hdr)
878                 return -1;
879
880         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
881         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
882         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
883         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
884
885         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
886                     rdev->devlist_generation ^
887                         (cfg80211_rdev_list_generation << 2));
888
889         return genlmsg_end(msg, hdr);
890
891  nla_put_failure:
892         genlmsg_cancel(msg, hdr);
893         return -EMSGSIZE;
894 }
895
896 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
897 {
898         int wp_idx = 0;
899         int if_idx = 0;
900         int wp_start = cb->args[0];
901         int if_start = cb->args[1];
902         struct cfg80211_registered_device *rdev;
903         struct wireless_dev *wdev;
904
905         mutex_lock(&cfg80211_mutex);
906         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
907                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
908                         continue;
909                 if (wp_idx < wp_start) {
910                         wp_idx++;
911                         continue;
912                 }
913                 if_idx = 0;
914
915                 mutex_lock(&rdev->devlist_mtx);
916                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
917                         if (if_idx < if_start) {
918                                 if_idx++;
919                                 continue;
920                         }
921                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
922                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
923                                                rdev, wdev->netdev) < 0) {
924                                 mutex_unlock(&rdev->devlist_mtx);
925                                 goto out;
926                         }
927                         if_idx++;
928                 }
929                 mutex_unlock(&rdev->devlist_mtx);
930
931                 wp_idx++;
932         }
933  out:
934         mutex_unlock(&cfg80211_mutex);
935
936         cb->args[0] = wp_idx;
937         cb->args[1] = if_idx;
938
939         return skb->len;
940 }
941
942 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
943 {
944         struct sk_buff *msg;
945         struct cfg80211_registered_device *dev;
946         struct net_device *netdev;
947         int err;
948
949         err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev);
950         if (err)
951                 return err;
952
953         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
954         if (!msg)
955                 goto out_err;
956
957         if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
958                                dev, netdev) < 0)
959                 goto out_free;
960
961         dev_put(netdev);
962         cfg80211_unlock_rdev(dev);
963
964         return genlmsg_reply(msg, info);
965
966  out_free:
967         nlmsg_free(msg);
968  out_err:
969         dev_put(netdev);
970         cfg80211_unlock_rdev(dev);
971         return -ENOBUFS;
972 }
973
974 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
975         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
976         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
977         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
978         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
979         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
980 };
981
982 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
983 {
984         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
985         int flag;
986
987         *mntrflags = 0;
988
989         if (!nla)
990                 return -EINVAL;
991
992         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
993                              nla, mntr_flags_policy))
994                 return -EINVAL;
995
996         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
997                 if (flags[flag])
998                         *mntrflags |= (1<<flag);
999
1000         return 0;
1001 }
1002
1003 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1004                                struct net_device *netdev, u8 use_4addr,
1005                                enum nl80211_iftype iftype)
1006 {
1007         if (!use_4addr) {
1008                 if (netdev && netdev->br_port)
1009                         return -EBUSY;
1010                 return 0;
1011         }
1012
1013         switch (iftype) {
1014         case NL80211_IFTYPE_AP_VLAN:
1015                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1016                         return 0;
1017                 break;
1018         case NL80211_IFTYPE_STATION:
1019                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1020                         return 0;
1021                 break;
1022         default:
1023                 break;
1024         }
1025
1026         return -EOPNOTSUPP;
1027 }
1028
1029 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1030 {
1031         struct cfg80211_registered_device *rdev;
1032         struct vif_params params;
1033         int err;
1034         enum nl80211_iftype otype, ntype;
1035         struct net_device *dev;
1036         u32 _flags, *flags = NULL;
1037         bool change = false;
1038
1039         memset(&params, 0, sizeof(params));
1040
1041         rtnl_lock();
1042
1043         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1044         if (err)
1045                 goto unlock_rtnl;
1046
1047         otype = ntype = dev->ieee80211_ptr->iftype;
1048
1049         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1050                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1051                 if (otype != ntype)
1052                         change = true;
1053                 if (ntype > NL80211_IFTYPE_MAX) {
1054                         err = -EINVAL;
1055                         goto unlock;
1056                 }
1057         }
1058
1059         if (info->attrs[NL80211_ATTR_MESH_ID]) {
1060                 if (ntype != NL80211_IFTYPE_MESH_POINT) {
1061                         err = -EINVAL;
1062                         goto unlock;
1063                 }
1064                 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
1065                 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1066                 change = true;
1067         }
1068
1069         if (info->attrs[NL80211_ATTR_4ADDR]) {
1070                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1071                 change = true;
1072                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1073                 if (err)
1074                         goto unlock;
1075         } else {
1076                 params.use_4addr = -1;
1077         }
1078
1079         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1080                 if (ntype != NL80211_IFTYPE_MONITOR) {
1081                         err = -EINVAL;
1082                         goto unlock;
1083                 }
1084                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1085                                           &_flags);
1086                 if (err)
1087                         goto unlock;
1088
1089                 flags = &_flags;
1090                 change = true;
1091         }
1092
1093         if (change)
1094                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1095         else
1096                 err = 0;
1097
1098         if (!err && params.use_4addr != -1)
1099                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1100
1101  unlock:
1102         dev_put(dev);
1103         cfg80211_unlock_rdev(rdev);
1104  unlock_rtnl:
1105         rtnl_unlock();
1106         return err;
1107 }
1108
1109 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1110 {
1111         struct cfg80211_registered_device *rdev;
1112         struct vif_params params;
1113         int err;
1114         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1115         u32 flags;
1116
1117         memset(&params, 0, sizeof(params));
1118
1119         if (!info->attrs[NL80211_ATTR_IFNAME])
1120                 return -EINVAL;
1121
1122         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1123                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1124                 if (type > NL80211_IFTYPE_MAX)
1125                         return -EINVAL;
1126         }
1127
1128         rtnl_lock();
1129
1130         rdev = cfg80211_get_dev_from_info(info);
1131         if (IS_ERR(rdev)) {
1132                 err = PTR_ERR(rdev);
1133                 goto unlock_rtnl;
1134         }
1135
1136         if (!rdev->ops->add_virtual_intf ||
1137             !(rdev->wiphy.interface_modes & (1 << type))) {
1138                 err = -EOPNOTSUPP;
1139                 goto unlock;
1140         }
1141
1142         if (type == NL80211_IFTYPE_MESH_POINT &&
1143             info->attrs[NL80211_ATTR_MESH_ID]) {
1144                 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
1145                 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1146         }
1147
1148         if (info->attrs[NL80211_ATTR_4ADDR]) {
1149                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1150                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1151                 if (err)
1152                         goto unlock;
1153         }
1154
1155         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1156                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1157                                   &flags);
1158         err = rdev->ops->add_virtual_intf(&rdev->wiphy,
1159                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1160                 type, err ? NULL : &flags, &params);
1161
1162  unlock:
1163         cfg80211_unlock_rdev(rdev);
1164  unlock_rtnl:
1165         rtnl_unlock();
1166         return err;
1167 }
1168
1169 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1170 {
1171         struct cfg80211_registered_device *rdev;
1172         int err;
1173         struct net_device *dev;
1174
1175         rtnl_lock();
1176
1177         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1178         if (err)
1179                 goto unlock_rtnl;
1180
1181         if (!rdev->ops->del_virtual_intf) {
1182                 err = -EOPNOTSUPP;
1183                 goto out;
1184         }
1185
1186         err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1187
1188  out:
1189         cfg80211_unlock_rdev(rdev);
1190         dev_put(dev);
1191  unlock_rtnl:
1192         rtnl_unlock();
1193         return err;
1194 }
1195
1196 struct get_key_cookie {
1197         struct sk_buff *msg;
1198         int error;
1199         int idx;
1200 };
1201
1202 static void get_key_callback(void *c, struct key_params *params)
1203 {
1204         struct nlattr *key;
1205         struct get_key_cookie *cookie = c;
1206
1207         if (params->key)
1208                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1209                         params->key_len, params->key);
1210
1211         if (params->seq)
1212                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1213                         params->seq_len, params->seq);
1214
1215         if (params->cipher)
1216                 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1217                             params->cipher);
1218
1219         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1220         if (!key)
1221                 goto nla_put_failure;
1222
1223         if (params->key)
1224                 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1225                         params->key_len, params->key);
1226
1227         if (params->seq)
1228                 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1229                         params->seq_len, params->seq);
1230
1231         if (params->cipher)
1232                 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1233                             params->cipher);
1234
1235         NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1236
1237         nla_nest_end(cookie->msg, key);
1238
1239         return;
1240  nla_put_failure:
1241         cookie->error = 1;
1242 }
1243
1244 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1245 {
1246         struct cfg80211_registered_device *rdev;
1247         int err;
1248         struct net_device *dev;
1249         u8 key_idx = 0;
1250         u8 *mac_addr = NULL;
1251         struct get_key_cookie cookie = {
1252                 .error = 0,
1253         };
1254         void *hdr;
1255         struct sk_buff *msg;
1256
1257         if (info->attrs[NL80211_ATTR_KEY_IDX])
1258                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1259
1260         if (key_idx > 5)
1261                 return -EINVAL;
1262
1263         if (info->attrs[NL80211_ATTR_MAC])
1264                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1265
1266         rtnl_lock();
1267
1268         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1269         if (err)
1270                 goto unlock_rtnl;
1271
1272         if (!rdev->ops->get_key) {
1273                 err = -EOPNOTSUPP;
1274                 goto out;
1275         }
1276
1277         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1278         if (!msg) {
1279                 err = -ENOMEM;
1280                 goto out;
1281         }
1282
1283         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1284                              NL80211_CMD_NEW_KEY);
1285
1286         if (IS_ERR(hdr)) {
1287                 err = PTR_ERR(hdr);
1288                 goto free_msg;
1289         }
1290
1291         cookie.msg = msg;
1292         cookie.idx = key_idx;
1293
1294         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1295         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1296         if (mac_addr)
1297                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1298
1299         err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr,
1300                                 &cookie, get_key_callback);
1301
1302         if (err)
1303                 goto free_msg;
1304
1305         if (cookie.error)
1306                 goto nla_put_failure;
1307
1308         genlmsg_end(msg, hdr);
1309         err = genlmsg_reply(msg, info);
1310         goto out;
1311
1312  nla_put_failure:
1313         err = -ENOBUFS;
1314  free_msg:
1315         nlmsg_free(msg);
1316  out:
1317         cfg80211_unlock_rdev(rdev);
1318         dev_put(dev);
1319  unlock_rtnl:
1320         rtnl_unlock();
1321
1322         return err;
1323 }
1324
1325 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1326 {
1327         struct cfg80211_registered_device *rdev;
1328         struct key_parse key;
1329         int err;
1330         struct net_device *dev;
1331         int (*func)(struct wiphy *wiphy, struct net_device *netdev,
1332                     u8 key_index);
1333
1334         err = nl80211_parse_key(info, &key);
1335         if (err)
1336                 return err;
1337
1338         if (key.idx < 0)
1339                 return -EINVAL;
1340
1341         /* only support setting default key */
1342         if (!key.def && !key.defmgmt)
1343                 return -EINVAL;
1344
1345         rtnl_lock();
1346
1347         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1348         if (err)
1349                 goto unlock_rtnl;
1350
1351         if (key.def)
1352                 func = rdev->ops->set_default_key;
1353         else
1354                 func = rdev->ops->set_default_mgmt_key;
1355
1356         if (!func) {
1357                 err = -EOPNOTSUPP;
1358                 goto out;
1359         }
1360
1361         wdev_lock(dev->ieee80211_ptr);
1362         err = nl80211_key_allowed(dev->ieee80211_ptr);
1363         if (!err)
1364                 err = func(&rdev->wiphy, dev, key.idx);
1365
1366 #ifdef CONFIG_CFG80211_WEXT
1367         if (!err) {
1368                 if (func == rdev->ops->set_default_key)
1369                         dev->ieee80211_ptr->wext.default_key = key.idx;
1370                 else
1371                         dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1372         }
1373 #endif
1374         wdev_unlock(dev->ieee80211_ptr);
1375
1376  out:
1377         cfg80211_unlock_rdev(rdev);
1378         dev_put(dev);
1379
1380  unlock_rtnl:
1381         rtnl_unlock();
1382
1383         return err;
1384 }
1385
1386 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1387 {
1388         struct cfg80211_registered_device *rdev;
1389         int err;
1390         struct net_device *dev;
1391         struct key_parse key;
1392         u8 *mac_addr = NULL;
1393
1394         err = nl80211_parse_key(info, &key);
1395         if (err)
1396                 return err;
1397
1398         if (!key.p.key)
1399                 return -EINVAL;
1400
1401         if (info->attrs[NL80211_ATTR_MAC])
1402                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1403
1404         rtnl_lock();
1405
1406         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1407         if (err)
1408                 goto unlock_rtnl;
1409
1410         if (!rdev->ops->add_key) {
1411                 err = -EOPNOTSUPP;
1412                 goto out;
1413         }
1414
1415         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) {
1416                 err = -EINVAL;
1417                 goto out;
1418         }
1419
1420         wdev_lock(dev->ieee80211_ptr);
1421         err = nl80211_key_allowed(dev->ieee80211_ptr);
1422         if (!err)
1423                 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
1424                                          mac_addr, &key.p);
1425         wdev_unlock(dev->ieee80211_ptr);
1426
1427  out:
1428         cfg80211_unlock_rdev(rdev);
1429         dev_put(dev);
1430  unlock_rtnl:
1431         rtnl_unlock();
1432
1433         return err;
1434 }
1435
1436 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1437 {
1438         struct cfg80211_registered_device *rdev;
1439         int err;
1440         struct net_device *dev;
1441         u8 *mac_addr = NULL;
1442         struct key_parse key;
1443
1444         err = nl80211_parse_key(info, &key);
1445         if (err)
1446                 return err;
1447
1448         if (info->attrs[NL80211_ATTR_MAC])
1449                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1450
1451         rtnl_lock();
1452
1453         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1454         if (err)
1455                 goto unlock_rtnl;
1456
1457         if (!rdev->ops->del_key) {
1458                 err = -EOPNOTSUPP;
1459                 goto out;
1460         }
1461
1462         wdev_lock(dev->ieee80211_ptr);
1463         err = nl80211_key_allowed(dev->ieee80211_ptr);
1464         if (!err)
1465                 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr);
1466
1467 #ifdef CONFIG_CFG80211_WEXT
1468         if (!err) {
1469                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
1470                         dev->ieee80211_ptr->wext.default_key = -1;
1471                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
1472                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
1473         }
1474 #endif
1475         wdev_unlock(dev->ieee80211_ptr);
1476
1477  out:
1478         cfg80211_unlock_rdev(rdev);
1479         dev_put(dev);
1480
1481  unlock_rtnl:
1482         rtnl_unlock();
1483
1484         return err;
1485 }
1486
1487 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1488 {
1489         int (*call)(struct wiphy *wiphy, struct net_device *dev,
1490                     struct beacon_parameters *info);
1491         struct cfg80211_registered_device *rdev;
1492         int err;
1493         struct net_device *dev;
1494         struct beacon_parameters params;
1495         int haveinfo = 0;
1496
1497         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]))
1498                 return -EINVAL;
1499
1500         rtnl_lock();
1501
1502         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1503         if (err)
1504                 goto unlock_rtnl;
1505
1506         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1507                 err = -EOPNOTSUPP;
1508                 goto out;
1509         }
1510
1511         switch (info->genlhdr->cmd) {
1512         case NL80211_CMD_NEW_BEACON:
1513                 /* these are required for NEW_BEACON */
1514                 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
1515                     !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
1516                     !info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1517                         err = -EINVAL;
1518                         goto out;
1519                 }
1520
1521                 call = rdev->ops->add_beacon;
1522                 break;
1523         case NL80211_CMD_SET_BEACON:
1524                 call = rdev->ops->set_beacon;
1525                 break;
1526         default:
1527                 WARN_ON(1);
1528                 err = -EOPNOTSUPP;
1529                 goto out;
1530         }
1531
1532         if (!call) {
1533                 err = -EOPNOTSUPP;
1534                 goto out;
1535         }
1536
1537         memset(&params, 0, sizeof(params));
1538
1539         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
1540                 params.interval =
1541                     nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
1542                 haveinfo = 1;
1543         }
1544
1545         if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
1546                 params.dtim_period =
1547                     nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
1548                 haveinfo = 1;
1549         }
1550
1551         if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1552                 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1553                 params.head_len =
1554                     nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1555                 haveinfo = 1;
1556         }
1557
1558         if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
1559                 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1560                 params.tail_len =
1561                     nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1562                 haveinfo = 1;
1563         }
1564
1565         if (!haveinfo) {
1566                 err = -EINVAL;
1567                 goto out;
1568         }
1569
1570         err = call(&rdev->wiphy, dev, &params);
1571
1572  out:
1573         cfg80211_unlock_rdev(rdev);
1574         dev_put(dev);
1575  unlock_rtnl:
1576         rtnl_unlock();
1577
1578         return err;
1579 }
1580
1581 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
1582 {
1583         struct cfg80211_registered_device *rdev;
1584         int err;
1585         struct net_device *dev;
1586
1587         rtnl_lock();
1588
1589         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1590         if (err)
1591                 goto unlock_rtnl;
1592
1593         if (!rdev->ops->del_beacon) {
1594                 err = -EOPNOTSUPP;
1595                 goto out;
1596         }
1597
1598         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1599                 err = -EOPNOTSUPP;
1600                 goto out;
1601         }
1602         err = rdev->ops->del_beacon(&rdev->wiphy, dev);
1603
1604  out:
1605         cfg80211_unlock_rdev(rdev);
1606         dev_put(dev);
1607  unlock_rtnl:
1608         rtnl_unlock();
1609
1610         return err;
1611 }
1612
1613 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
1614         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
1615         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
1616         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
1617         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
1618 };
1619
1620 static int parse_station_flags(struct genl_info *info,
1621                                struct station_parameters *params)
1622 {
1623         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
1624         struct nlattr *nla;
1625         int flag;
1626
1627         /*
1628          * Try parsing the new attribute first so userspace
1629          * can specify both for older kernels.
1630          */
1631         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
1632         if (nla) {
1633                 struct nl80211_sta_flag_update *sta_flags;
1634
1635                 sta_flags = nla_data(nla);
1636                 params->sta_flags_mask = sta_flags->mask;
1637                 params->sta_flags_set = sta_flags->set;
1638                 if ((params->sta_flags_mask |
1639                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
1640                         return -EINVAL;
1641                 return 0;
1642         }
1643
1644         /* if present, parse the old attribute */
1645
1646         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
1647         if (!nla)
1648                 return 0;
1649
1650         if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
1651                              nla, sta_flags_policy))
1652                 return -EINVAL;
1653
1654         params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1;
1655         params->sta_flags_mask &= ~1;
1656
1657         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
1658                 if (flags[flag])
1659                         params->sta_flags_set |= (1<<flag);
1660
1661         return 0;
1662 }
1663
1664 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
1665                                 int flags, struct net_device *dev,
1666                                 const u8 *mac_addr, struct station_info *sinfo)
1667 {
1668         void *hdr;
1669         struct nlattr *sinfoattr, *txrate;
1670         u16 bitrate;
1671
1672         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
1673         if (!hdr)
1674                 return -1;
1675
1676         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1677         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1678
1679         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
1680
1681         sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
1682         if (!sinfoattr)
1683                 goto nla_put_failure;
1684         if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
1685                 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
1686                             sinfo->inactive_time);
1687         if (sinfo->filled & STATION_INFO_RX_BYTES)
1688                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
1689                             sinfo->rx_bytes);
1690         if (sinfo->filled & STATION_INFO_TX_BYTES)
1691                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
1692                             sinfo->tx_bytes);
1693         if (sinfo->filled & STATION_INFO_LLID)
1694                 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
1695                             sinfo->llid);
1696         if (sinfo->filled & STATION_INFO_PLID)
1697                 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
1698                             sinfo->plid);
1699         if (sinfo->filled & STATION_INFO_PLINK_STATE)
1700                 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
1701                             sinfo->plink_state);
1702         if (sinfo->filled & STATION_INFO_SIGNAL)
1703                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
1704                            sinfo->signal);
1705         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
1706                 txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE);
1707                 if (!txrate)
1708                         goto nla_put_failure;
1709
1710                 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
1711                 bitrate = cfg80211_calculate_bitrate(&sinfo->txrate);
1712                 if (bitrate > 0)
1713                         NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
1714
1715                 if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS)
1716                         NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS,
1717                                     sinfo->txrate.mcs);
1718                 if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
1719                         NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
1720                 if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI)
1721                         NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
1722
1723                 nla_nest_end(msg, txrate);
1724         }
1725         if (sinfo->filled & STATION_INFO_RX_PACKETS)
1726                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
1727                             sinfo->rx_packets);
1728         if (sinfo->filled & STATION_INFO_TX_PACKETS)
1729                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
1730                             sinfo->tx_packets);
1731         nla_nest_end(msg, sinfoattr);
1732
1733         return genlmsg_end(msg, hdr);
1734
1735  nla_put_failure:
1736         genlmsg_cancel(msg, hdr);
1737         return -EMSGSIZE;
1738 }
1739
1740 static int nl80211_dump_station(struct sk_buff *skb,
1741                                 struct netlink_callback *cb)
1742 {
1743         struct station_info sinfo;
1744         struct cfg80211_registered_device *dev;
1745         struct net_device *netdev;
1746         u8 mac_addr[ETH_ALEN];
1747         int ifidx = cb->args[0];
1748         int sta_idx = cb->args[1];
1749         int err;
1750
1751         if (!ifidx)
1752                 ifidx = nl80211_get_ifidx(cb);
1753         if (ifidx < 0)
1754                 return ifidx;
1755
1756         rtnl_lock();
1757
1758         netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1759         if (!netdev) {
1760                 err = -ENODEV;
1761                 goto out_rtnl;
1762         }
1763
1764         dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
1765         if (IS_ERR(dev)) {
1766                 err = PTR_ERR(dev);
1767                 goto out_rtnl;
1768         }
1769
1770         if (!dev->ops->dump_station) {
1771                 err = -EOPNOTSUPP;
1772                 goto out_err;
1773         }
1774
1775         while (1) {
1776                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
1777                                              mac_addr, &sinfo);
1778                 if (err == -ENOENT)
1779                         break;
1780                 if (err)
1781                         goto out_err;
1782
1783                 if (nl80211_send_station(skb,
1784                                 NETLINK_CB(cb->skb).pid,
1785                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1786                                 netdev, mac_addr,
1787                                 &sinfo) < 0)
1788                         goto out;
1789
1790                 sta_idx++;
1791         }
1792
1793
1794  out:
1795         cb->args[1] = sta_idx;
1796         err = skb->len;
1797  out_err:
1798         cfg80211_unlock_rdev(dev);
1799  out_rtnl:
1800         rtnl_unlock();
1801
1802         return err;
1803 }
1804
1805 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
1806 {
1807         struct cfg80211_registered_device *rdev;
1808         int err;
1809         struct net_device *dev;
1810         struct station_info sinfo;
1811         struct sk_buff *msg;
1812         u8 *mac_addr = NULL;
1813
1814         memset(&sinfo, 0, sizeof(sinfo));
1815
1816         if (!info->attrs[NL80211_ATTR_MAC])
1817                 return -EINVAL;
1818
1819         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1820
1821         rtnl_lock();
1822
1823         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1824         if (err)
1825                 goto out_rtnl;
1826
1827         if (!rdev->ops->get_station) {
1828                 err = -EOPNOTSUPP;
1829                 goto out;
1830         }
1831
1832         err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
1833         if (err)
1834                 goto out;
1835
1836         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1837         if (!msg)
1838                 goto out;
1839
1840         if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
1841                                  dev, mac_addr, &sinfo) < 0)
1842                 goto out_free;
1843
1844         err = genlmsg_reply(msg, info);
1845         goto out;
1846
1847  out_free:
1848         nlmsg_free(msg);
1849  out:
1850         cfg80211_unlock_rdev(rdev);
1851         dev_put(dev);
1852  out_rtnl:
1853         rtnl_unlock();
1854
1855         return err;
1856 }
1857
1858 /*
1859  * Get vlan interface making sure it is running and on the right wiphy.
1860  */
1861 static int get_vlan(struct genl_info *info,
1862                     struct cfg80211_registered_device *rdev,
1863                     struct net_device **vlan)
1864 {
1865         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
1866         *vlan = NULL;
1867
1868         if (vlanattr) {
1869                 *vlan = dev_get_by_index(genl_info_net(info),
1870                                          nla_get_u32(vlanattr));
1871                 if (!*vlan)
1872                         return -ENODEV;
1873                 if (!(*vlan)->ieee80211_ptr)
1874                         return -EINVAL;
1875                 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
1876                         return -EINVAL;
1877                 if (!netif_running(*vlan))
1878                         return -ENETDOWN;
1879         }
1880         return 0;
1881 }
1882
1883 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
1884 {
1885         struct cfg80211_registered_device *rdev;
1886         int err;
1887         struct net_device *dev;
1888         struct station_parameters params;
1889         u8 *mac_addr = NULL;
1890
1891         memset(&params, 0, sizeof(params));
1892
1893         params.listen_interval = -1;
1894
1895         if (info->attrs[NL80211_ATTR_STA_AID])
1896                 return -EINVAL;
1897
1898         if (!info->attrs[NL80211_ATTR_MAC])
1899                 return -EINVAL;
1900
1901         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1902
1903         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
1904                 params.supported_rates =
1905                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1906                 params.supported_rates_len =
1907                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1908         }
1909
1910         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
1911                 params.listen_interval =
1912                     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
1913
1914         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
1915                 params.ht_capa =
1916                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
1917
1918         if (parse_station_flags(info, &params))
1919                 return -EINVAL;
1920
1921         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
1922                 params.plink_action =
1923                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
1924
1925         rtnl_lock();
1926
1927         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1928         if (err)
1929                 goto out_rtnl;
1930
1931         err = get_vlan(info, rdev, &params.vlan);
1932         if (err)
1933                 goto out;
1934
1935         /* validate settings */
1936         err = 0;
1937
1938         switch (dev->ieee80211_ptr->iftype) {
1939         case NL80211_IFTYPE_AP:
1940         case NL80211_IFTYPE_AP_VLAN:
1941                 /* disallow mesh-specific things */
1942                 if (params.plink_action)
1943                         err = -EINVAL;
1944                 break;
1945         case NL80211_IFTYPE_STATION:
1946                 /* disallow everything but AUTHORIZED flag */
1947                 if (params.plink_action)
1948                         err = -EINVAL;
1949                 if (params.vlan)
1950                         err = -EINVAL;
1951                 if (params.supported_rates)
1952                         err = -EINVAL;
1953                 if (params.ht_capa)
1954                         err = -EINVAL;
1955                 if (params.listen_interval >= 0)
1956                         err = -EINVAL;
1957                 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
1958                         err = -EINVAL;
1959                 break;
1960         case NL80211_IFTYPE_MESH_POINT:
1961                 /* disallow things mesh doesn't support */
1962                 if (params.vlan)
1963                         err = -EINVAL;
1964                 if (params.ht_capa)
1965                         err = -EINVAL;
1966                 if (params.listen_interval >= 0)
1967                         err = -EINVAL;
1968                 if (params.supported_rates)
1969                         err = -EINVAL;
1970                 if (params.sta_flags_mask)
1971                         err = -EINVAL;
1972                 break;
1973         default:
1974                 err = -EINVAL;
1975         }
1976
1977         if (err)
1978                 goto out;
1979
1980         if (!rdev->ops->change_station) {
1981                 err = -EOPNOTSUPP;
1982                 goto out;
1983         }
1984
1985         err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
1986
1987  out:
1988         if (params.vlan)
1989                 dev_put(params.vlan);
1990         cfg80211_unlock_rdev(rdev);
1991         dev_put(dev);
1992  out_rtnl:
1993         rtnl_unlock();
1994
1995         return err;
1996 }
1997
1998 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1999 {
2000         struct cfg80211_registered_device *rdev;
2001         int err;
2002         struct net_device *dev;
2003         struct station_parameters params;
2004         u8 *mac_addr = NULL;
2005
2006         memset(&params, 0, sizeof(params));
2007
2008         if (!info->attrs[NL80211_ATTR_MAC])
2009                 return -EINVAL;
2010
2011         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2012                 return -EINVAL;
2013
2014         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2015                 return -EINVAL;
2016
2017         if (!info->attrs[NL80211_ATTR_STA_AID])
2018                 return -EINVAL;
2019
2020         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2021         params.supported_rates =
2022                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2023         params.supported_rates_len =
2024                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2025         params.listen_interval =
2026                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2027
2028         params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2029         if (!params.aid || params.aid > IEEE80211_MAX_AID)
2030                 return -EINVAL;
2031
2032         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2033                 params.ht_capa =
2034                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2035
2036         if (parse_station_flags(info, &params))
2037                 return -EINVAL;
2038
2039         rtnl_lock();
2040
2041         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2042         if (err)
2043                 goto out_rtnl;
2044
2045         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2046             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) {
2047                 err = -EINVAL;
2048                 goto out;
2049         }
2050
2051         err = get_vlan(info, rdev, &params.vlan);
2052         if (err)
2053                 goto out;
2054
2055         /* validate settings */
2056         err = 0;
2057
2058         if (!rdev->ops->add_station) {
2059                 err = -EOPNOTSUPP;
2060                 goto out;
2061         }
2062
2063         if (!netif_running(dev)) {
2064                 err = -ENETDOWN;
2065                 goto out;
2066         }
2067
2068         err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2069
2070  out:
2071         if (params.vlan)
2072                 dev_put(params.vlan);
2073         cfg80211_unlock_rdev(rdev);
2074         dev_put(dev);
2075  out_rtnl:
2076         rtnl_unlock();
2077
2078         return err;
2079 }
2080
2081 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2082 {
2083         struct cfg80211_registered_device *rdev;
2084         int err;
2085         struct net_device *dev;
2086         u8 *mac_addr = NULL;
2087
2088         if (info->attrs[NL80211_ATTR_MAC])
2089                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2090
2091         rtnl_lock();
2092
2093         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2094         if (err)
2095                 goto out_rtnl;
2096
2097         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2098             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) {
2099                 err = -EINVAL;
2100                 goto out;
2101         }
2102
2103         if (!rdev->ops->del_station) {
2104                 err = -EOPNOTSUPP;
2105                 goto out;
2106         }
2107
2108         err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2109
2110  out:
2111         cfg80211_unlock_rdev(rdev);
2112         dev_put(dev);
2113  out_rtnl:
2114         rtnl_unlock();
2115
2116         return err;
2117 }
2118
2119 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2120                                 int flags, struct net_device *dev,
2121                                 u8 *dst, u8 *next_hop,
2122                                 struct mpath_info *pinfo)
2123 {
2124         void *hdr;
2125         struct nlattr *pinfoattr;
2126
2127         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2128         if (!hdr)
2129                 return -1;
2130
2131         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2132         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2133         NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2134
2135         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2136
2137         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2138         if (!pinfoattr)
2139                 goto nla_put_failure;
2140         if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2141                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2142                             pinfo->frame_qlen);
2143         if (pinfo->filled & MPATH_INFO_SN)
2144                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2145                             pinfo->sn);
2146         if (pinfo->filled & MPATH_INFO_METRIC)
2147                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2148                             pinfo->metric);
2149         if (pinfo->filled & MPATH_INFO_EXPTIME)
2150                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2151                             pinfo->exptime);
2152         if (pinfo->filled & MPATH_INFO_FLAGS)
2153                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2154                             pinfo->flags);
2155         if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2156                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2157                             pinfo->discovery_timeout);
2158         if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2159                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2160                             pinfo->discovery_retries);
2161
2162         nla_nest_end(msg, pinfoattr);
2163
2164         return genlmsg_end(msg, hdr);
2165
2166  nla_put_failure:
2167         genlmsg_cancel(msg, hdr);
2168         return -EMSGSIZE;
2169 }
2170
2171 static int nl80211_dump_mpath(struct sk_buff *skb,
2172                               struct netlink_callback *cb)
2173 {
2174         struct mpath_info pinfo;
2175         struct cfg80211_registered_device *dev;
2176         struct net_device *netdev;
2177         u8 dst[ETH_ALEN];
2178         u8 next_hop[ETH_ALEN];
2179         int ifidx = cb->args[0];
2180         int path_idx = cb->args[1];
2181         int err;
2182
2183         if (!ifidx)
2184                 ifidx = nl80211_get_ifidx(cb);
2185         if (ifidx < 0)
2186                 return ifidx;
2187
2188         rtnl_lock();
2189
2190         netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2191         if (!netdev) {
2192                 err = -ENODEV;
2193                 goto out_rtnl;
2194         }
2195
2196         dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
2197         if (IS_ERR(dev)) {
2198                 err = PTR_ERR(dev);
2199                 goto out_rtnl;
2200         }
2201
2202         if (!dev->ops->dump_mpath) {
2203                 err = -EOPNOTSUPP;
2204                 goto out_err;
2205         }
2206
2207         if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2208                 err = -EOPNOTSUPP;
2209                 goto out_err;
2210         }
2211
2212         while (1) {
2213                 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2214                                            dst, next_hop, &pinfo);
2215                 if (err == -ENOENT)
2216                         break;
2217                 if (err)
2218                         goto out_err;
2219
2220                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2221                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
2222                                        netdev, dst, next_hop,
2223                                        &pinfo) < 0)
2224                         goto out;
2225
2226                 path_idx++;
2227         }
2228
2229
2230  out:
2231         cb->args[1] = path_idx;
2232         err = skb->len;
2233  out_err:
2234         cfg80211_unlock_rdev(dev);
2235  out_rtnl:
2236         rtnl_unlock();
2237
2238         return err;
2239 }
2240
2241 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2242 {
2243         struct cfg80211_registered_device *rdev;
2244         int err;
2245         struct net_device *dev;
2246         struct mpath_info pinfo;
2247         struct sk_buff *msg;
2248         u8 *dst = NULL;
2249         u8 next_hop[ETH_ALEN];
2250
2251         memset(&pinfo, 0, sizeof(pinfo));
2252
2253         if (!info->attrs[NL80211_ATTR_MAC])
2254                 return -EINVAL;
2255
2256         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2257
2258         rtnl_lock();
2259
2260         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2261         if (err)
2262                 goto out_rtnl;
2263
2264         if (!rdev->ops->get_mpath) {
2265                 err = -EOPNOTSUPP;
2266                 goto out;
2267         }
2268
2269         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2270                 err = -EOPNOTSUPP;
2271                 goto out;
2272         }
2273
2274         err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2275         if (err)
2276                 goto out;
2277
2278         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2279         if (!msg)
2280                 goto out;
2281
2282         if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2283                                  dev, dst, next_hop, &pinfo) < 0)
2284                 goto out_free;
2285
2286         err = genlmsg_reply(msg, info);
2287         goto out;
2288
2289  out_free:
2290         nlmsg_free(msg);
2291  out:
2292         cfg80211_unlock_rdev(rdev);
2293         dev_put(dev);
2294  out_rtnl:
2295         rtnl_unlock();
2296
2297         return err;
2298 }
2299
2300 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
2301 {
2302         struct cfg80211_registered_device *rdev;
2303         int err;
2304         struct net_device *dev;
2305         u8 *dst = NULL;
2306         u8 *next_hop = NULL;
2307
2308         if (!info->attrs[NL80211_ATTR_MAC])
2309                 return -EINVAL;
2310
2311         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2312                 return -EINVAL;
2313
2314         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2315         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2316
2317         rtnl_lock();
2318
2319         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2320         if (err)
2321                 goto out_rtnl;
2322
2323         if (!rdev->ops->change_mpath) {
2324                 err = -EOPNOTSUPP;
2325                 goto out;
2326         }
2327
2328         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2329                 err = -EOPNOTSUPP;
2330                 goto out;
2331         }
2332
2333         if (!netif_running(dev)) {
2334                 err = -ENETDOWN;
2335                 goto out;
2336         }
2337
2338         err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
2339
2340  out:
2341         cfg80211_unlock_rdev(rdev);
2342         dev_put(dev);
2343  out_rtnl:
2344         rtnl_unlock();
2345
2346         return err;
2347 }
2348 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
2349 {
2350         struct cfg80211_registered_device *rdev;
2351         int err;
2352         struct net_device *dev;
2353         u8 *dst = NULL;
2354         u8 *next_hop = NULL;
2355
2356         if (!info->attrs[NL80211_ATTR_MAC])
2357                 return -EINVAL;
2358
2359         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2360                 return -EINVAL;
2361
2362         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2363         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2364
2365         rtnl_lock();
2366
2367         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2368         if (err)
2369                 goto out_rtnl;
2370
2371         if (!rdev->ops->add_mpath) {
2372                 err = -EOPNOTSUPP;
2373                 goto out;
2374         }
2375
2376         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2377                 err = -EOPNOTSUPP;
2378                 goto out;
2379         }
2380
2381         if (!netif_running(dev)) {
2382                 err = -ENETDOWN;
2383                 goto out;
2384         }
2385
2386         err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
2387
2388  out:
2389         cfg80211_unlock_rdev(rdev);
2390         dev_put(dev);
2391  out_rtnl:
2392         rtnl_unlock();
2393
2394         return err;
2395 }
2396
2397 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
2398 {
2399         struct cfg80211_registered_device *rdev;
2400         int err;
2401         struct net_device *dev;
2402         u8 *dst = NULL;
2403
2404         if (info->attrs[NL80211_ATTR_MAC])
2405                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2406
2407         rtnl_lock();
2408
2409         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2410         if (err)
2411                 goto out_rtnl;
2412
2413         if (!rdev->ops->del_mpath) {
2414                 err = -EOPNOTSUPP;
2415                 goto out;
2416         }
2417
2418         err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
2419
2420  out:
2421         cfg80211_unlock_rdev(rdev);
2422         dev_put(dev);
2423  out_rtnl:
2424         rtnl_unlock();
2425
2426         return err;
2427 }
2428
2429 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2430 {
2431         struct cfg80211_registered_device *rdev;
2432         int err;
2433         struct net_device *dev;
2434         struct bss_parameters params;
2435
2436         memset(&params, 0, sizeof(params));
2437         /* default to not changing parameters */
2438         params.use_cts_prot = -1;
2439         params.use_short_preamble = -1;
2440         params.use_short_slot_time = -1;
2441
2442         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
2443                 params.use_cts_prot =
2444                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
2445         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
2446                 params.use_short_preamble =
2447                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
2448         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
2449                 params.use_short_slot_time =
2450                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
2451         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
2452                 params.basic_rates =
2453                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2454                 params.basic_rates_len =
2455                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2456         }
2457
2458         rtnl_lock();
2459
2460         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2461         if (err)
2462                 goto out_rtnl;
2463
2464         if (!rdev->ops->change_bss) {
2465                 err = -EOPNOTSUPP;
2466                 goto out;
2467         }
2468
2469         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
2470                 err = -EOPNOTSUPP;
2471                 goto out;
2472         }
2473
2474         err = rdev->ops->change_bss(&rdev->wiphy, dev, &params);
2475
2476  out:
2477         cfg80211_unlock_rdev(rdev);
2478         dev_put(dev);
2479  out_rtnl:
2480         rtnl_unlock();
2481
2482         return err;
2483 }
2484
2485 static const struct nla_policy
2486         reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2487         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
2488         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
2489         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
2490         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
2491         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
2492         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
2493 };
2494
2495 static int parse_reg_rule(struct nlattr *tb[],
2496         struct ieee80211_reg_rule *reg_rule)
2497 {
2498         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
2499         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
2500
2501         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2502                 return -EINVAL;
2503         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2504                 return -EINVAL;
2505         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2506                 return -EINVAL;
2507         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2508                 return -EINVAL;
2509         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2510                 return -EINVAL;
2511
2512         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2513
2514         freq_range->start_freq_khz =
2515                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2516         freq_range->end_freq_khz =
2517                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2518         freq_range->max_bandwidth_khz =
2519                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2520
2521         power_rule->max_eirp =
2522                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2523
2524         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2525                 power_rule->max_antenna_gain =
2526                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2527
2528         return 0;
2529 }
2530
2531 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2532 {
2533         int r;
2534         char *data = NULL;
2535
2536         /*
2537          * You should only get this when cfg80211 hasn't yet initialized
2538          * completely when built-in to the kernel right between the time
2539          * window between nl80211_init() and regulatory_init(), if that is
2540          * even possible.
2541          */
2542         mutex_lock(&cfg80211_mutex);
2543         if (unlikely(!cfg80211_regdomain)) {
2544                 mutex_unlock(&cfg80211_mutex);
2545                 return -EINPROGRESS;
2546         }
2547         mutex_unlock(&cfg80211_mutex);
2548
2549         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2550                 return -EINVAL;
2551
2552         data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2553
2554         r = regulatory_hint_user(data);
2555
2556         return r;
2557 }
2558
2559 static int nl80211_get_mesh_params(struct sk_buff *skb,
2560         struct genl_info *info)
2561 {
2562         struct cfg80211_registered_device *rdev;
2563         struct mesh_config cur_params;
2564         int err;
2565         struct net_device *dev;
2566         void *hdr;
2567         struct nlattr *pinfoattr;
2568         struct sk_buff *msg;
2569
2570         rtnl_lock();
2571
2572         /* Look up our device */
2573         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2574         if (err)
2575                 goto out_rtnl;
2576
2577         if (!rdev->ops->get_mesh_params) {
2578                 err = -EOPNOTSUPP;
2579                 goto out;
2580         }
2581
2582         /* Get the mesh params */
2583         err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params);
2584         if (err)
2585                 goto out;
2586
2587         /* Draw up a netlink message to send back */
2588         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2589         if (!msg) {
2590                 err = -ENOBUFS;
2591                 goto out;
2592         }
2593         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2594                              NL80211_CMD_GET_MESH_PARAMS);
2595         if (!hdr)
2596                 goto nla_put_failure;
2597         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS);
2598         if (!pinfoattr)
2599                 goto nla_put_failure;
2600         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2601         NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2602                         cur_params.dot11MeshRetryTimeout);
2603         NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2604                         cur_params.dot11MeshConfirmTimeout);
2605         NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2606                         cur_params.dot11MeshHoldingTimeout);
2607         NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2608                         cur_params.dot11MeshMaxPeerLinks);
2609         NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2610                         cur_params.dot11MeshMaxRetries);
2611         NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2612                         cur_params.dot11MeshTTL);
2613         NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2614                         cur_params.auto_open_plinks);
2615         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2616                         cur_params.dot11MeshHWMPmaxPREQretries);
2617         NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2618                         cur_params.path_refresh_time);
2619         NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2620                         cur_params.min_discovery_timeout);
2621         NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2622                         cur_params.dot11MeshHWMPactivePathTimeout);
2623         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2624                         cur_params.dot11MeshHWMPpreqMinInterval);
2625         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2626                         cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2627         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
2628                         cur_params.dot11MeshHWMPRootMode);
2629         nla_nest_end(msg, pinfoattr);
2630         genlmsg_end(msg, hdr);
2631         err = genlmsg_reply(msg, info);
2632         goto out;
2633
2634  nla_put_failure:
2635         genlmsg_cancel(msg, hdr);
2636         err = -EMSGSIZE;
2637  out:
2638         /* Cleanup */
2639         cfg80211_unlock_rdev(rdev);
2640         dev_put(dev);
2641  out_rtnl:
2642         rtnl_unlock();
2643
2644         return err;
2645 }
2646
2647 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
2648 do {\
2649         if (table[attr_num]) {\
2650                 cfg.param = nla_fn(table[attr_num]); \
2651                 mask |= (1 << (attr_num - 1)); \
2652         } \
2653 } while (0);\
2654
2655 static struct nla_policy
2656 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] __read_mostly = {
2657         [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2658         [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2659         [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2660         [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2661         [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2662         [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2663         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2664
2665         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2666         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2667         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2668         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2669         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2670         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2671 };
2672
2673 static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2674 {
2675         int err;
2676         u32 mask;
2677         struct cfg80211_registered_device *rdev;
2678         struct net_device *dev;
2679         struct mesh_config cfg;
2680         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
2681         struct nlattr *parent_attr;
2682
2683         parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS];
2684         if (!parent_attr)
2685                 return -EINVAL;
2686         if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
2687                         parent_attr, nl80211_meshconf_params_policy))
2688                 return -EINVAL;
2689
2690         rtnl_lock();
2691
2692         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2693         if (err)
2694                 goto out_rtnl;
2695
2696         if (!rdev->ops->set_mesh_params) {
2697                 err = -EOPNOTSUPP;
2698                 goto out;
2699         }
2700
2701         /* This makes sure that there aren't more than 32 mesh config
2702          * parameters (otherwise our bitfield scheme would not work.) */
2703         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
2704
2705         /* Fill in the params struct */
2706         mask = 0;
2707         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
2708                         mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
2709         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
2710                         mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
2711         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
2712                         mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
2713         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
2714                         mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
2715         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
2716                         mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
2717         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
2718                         mask, NL80211_MESHCONF_TTL, nla_get_u8);
2719         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
2720                         mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
2721         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
2722                         mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2723                         nla_get_u8);
2724         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
2725                         mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
2726         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
2727                         mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2728                         nla_get_u16);
2729         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
2730                         mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2731                         nla_get_u32);
2732         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
2733                         mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2734                         nla_get_u16);
2735         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2736                         dot11MeshHWMPnetDiameterTraversalTime,
2737                         mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2738                         nla_get_u16);
2739         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2740                         dot11MeshHWMPRootMode, mask,
2741                         NL80211_MESHCONF_HWMP_ROOTMODE,
2742                         nla_get_u8);
2743
2744         /* Apply changes */
2745         err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask);
2746
2747  out:
2748         /* cleanup */
2749         cfg80211_unlock_rdev(rdev);
2750         dev_put(dev);
2751  out_rtnl:
2752         rtnl_unlock();
2753
2754         return err;
2755 }
2756
2757 #undef FILL_IN_MESH_PARAM_IF_SET
2758
2759 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
2760 {
2761         struct sk_buff *msg;
2762         void *hdr = NULL;
2763         struct nlattr *nl_reg_rules;
2764         unsigned int i;
2765         int err = -EINVAL;
2766
2767         mutex_lock(&cfg80211_mutex);
2768
2769         if (!cfg80211_regdomain)
2770                 goto out;
2771
2772         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2773         if (!msg) {
2774                 err = -ENOBUFS;
2775                 goto out;
2776         }
2777
2778         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2779                              NL80211_CMD_GET_REG);
2780         if (!hdr)
2781                 goto nla_put_failure;
2782
2783         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
2784                 cfg80211_regdomain->alpha2);
2785
2786         nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
2787         if (!nl_reg_rules)
2788                 goto nla_put_failure;
2789
2790         for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
2791                 struct nlattr *nl_reg_rule;
2792                 const struct ieee80211_reg_rule *reg_rule;
2793                 const struct ieee80211_freq_range *freq_range;
2794                 const struct ieee80211_power_rule *power_rule;
2795
2796                 reg_rule = &cfg80211_regdomain->reg_rules[i];
2797                 freq_range = &reg_rule->freq_range;
2798                 power_rule = &reg_rule->power_rule;
2799
2800                 nl_reg_rule = nla_nest_start(msg, i);
2801                 if (!nl_reg_rule)
2802                         goto nla_put_failure;
2803
2804                 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
2805                         reg_rule->flags);
2806                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
2807                         freq_range->start_freq_khz);
2808                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
2809                         freq_range->end_freq_khz);
2810                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
2811                         freq_range->max_bandwidth_khz);
2812                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
2813                         power_rule->max_antenna_gain);
2814                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
2815                         power_rule->max_eirp);
2816
2817                 nla_nest_end(msg, nl_reg_rule);
2818         }
2819
2820         nla_nest_end(msg, nl_reg_rules);
2821
2822         genlmsg_end(msg, hdr);
2823         err = genlmsg_reply(msg, info);
2824         goto out;
2825
2826 nla_put_failure:
2827         genlmsg_cancel(msg, hdr);
2828         err = -EMSGSIZE;
2829 out:
2830         mutex_unlock(&cfg80211_mutex);
2831         return err;
2832 }
2833
2834 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
2835 {
2836         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
2837         struct nlattr *nl_reg_rule;
2838         char *alpha2 = NULL;
2839         int rem_reg_rules = 0, r = 0;
2840         u32 num_rules = 0, rule_idx = 0, size_of_regd;
2841         struct ieee80211_regdomain *rd = NULL;
2842
2843         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2844                 return -EINVAL;
2845
2846         if (!info->attrs[NL80211_ATTR_REG_RULES])
2847                 return -EINVAL;
2848
2849         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2850
2851         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
2852                         rem_reg_rules) {
2853                 num_rules++;
2854                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
2855                         return -EINVAL;
2856         }
2857
2858         mutex_lock(&cfg80211_mutex);
2859
2860         if (!reg_is_valid_request(alpha2)) {
2861                 r = -EINVAL;
2862                 goto bad_reg;
2863         }
2864
2865         size_of_regd = sizeof(struct ieee80211_regdomain) +
2866                 (num_rules * sizeof(struct ieee80211_reg_rule));
2867
2868         rd = kzalloc(size_of_regd, GFP_KERNEL);
2869         if (!rd) {
2870                 r = -ENOMEM;
2871                 goto bad_reg;
2872         }
2873
2874         rd->n_reg_rules = num_rules;
2875         rd->alpha2[0] = alpha2[0];
2876         rd->alpha2[1] = alpha2[1];
2877
2878         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
2879                         rem_reg_rules) {
2880                 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
2881                         nla_data(nl_reg_rule), nla_len(nl_reg_rule),
2882                         reg_rule_policy);
2883                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
2884                 if (r)
2885                         goto bad_reg;
2886
2887                 rule_idx++;
2888
2889                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
2890                         r = -EINVAL;
2891                         goto bad_reg;
2892                 }
2893         }
2894
2895         BUG_ON(rule_idx != num_rules);
2896
2897         r = set_regdom(rd);
2898
2899         mutex_unlock(&cfg80211_mutex);
2900
2901         return r;
2902
2903  bad_reg:
2904         mutex_unlock(&cfg80211_mutex);
2905         kfree(rd);
2906         return r;
2907 }
2908
2909 static int validate_scan_freqs(struct nlattr *freqs)
2910 {
2911         struct nlattr *attr1, *attr2;
2912         int n_channels = 0, tmp1, tmp2;
2913
2914         nla_for_each_nested(attr1, freqs, tmp1) {
2915                 n_channels++;
2916                 /*
2917                  * Some hardware has a limited channel list for
2918                  * scanning, and it is pretty much nonsensical
2919                  * to scan for a channel twice, so disallow that
2920                  * and don't require drivers to check that the
2921                  * channel list they get isn't longer than what
2922                  * they can scan, as long as they can scan all
2923                  * the channels they registered at once.
2924                  */
2925                 nla_for_each_nested(attr2, freqs, tmp2)
2926                         if (attr1 != attr2 &&
2927                             nla_get_u32(attr1) == nla_get_u32(attr2))
2928                                 return 0;
2929         }
2930
2931         return n_channels;
2932 }
2933
2934 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
2935 {
2936         struct cfg80211_registered_device *rdev;
2937         struct net_device *dev;
2938         struct cfg80211_scan_request *request;
2939         struct cfg80211_ssid *ssid;
2940         struct ieee80211_channel *channel;
2941         struct nlattr *attr;
2942         struct wiphy *wiphy;
2943         int err, tmp, n_ssids = 0, n_channels, i;
2944         enum ieee80211_band band;
2945         size_t ie_len;
2946
2947         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
2948                 return -EINVAL;
2949
2950         rtnl_lock();
2951
2952         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2953         if (err)
2954                 goto out_rtnl;
2955
2956         wiphy = &rdev->wiphy;
2957
2958         if (!rdev->ops->scan) {
2959                 err = -EOPNOTSUPP;
2960                 goto out;
2961         }
2962
2963         if (!netif_running(dev)) {
2964                 err = -ENETDOWN;
2965                 goto out;
2966         }
2967
2968         if (rdev->scan_req) {
2969                 err = -EBUSY;
2970                 goto out;
2971         }
2972
2973         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
2974                 n_channels = validate_scan_freqs(
2975                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
2976                 if (!n_channels) {
2977                         err = -EINVAL;
2978                         goto out;
2979                 }
2980         } else {
2981                 n_channels = 0;
2982
2983                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
2984                         if (wiphy->bands[band])
2985                                 n_channels += wiphy->bands[band]->n_channels;
2986         }
2987
2988         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
2989                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
2990                         n_ssids++;
2991
2992         if (n_ssids > wiphy->max_scan_ssids) {
2993                 err = -EINVAL;
2994                 goto out;
2995         }
2996
2997         if (info->attrs[NL80211_ATTR_IE])
2998                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2999         else
3000                 ie_len = 0;
3001
3002         if (ie_len > wiphy->max_scan_ie_len) {
3003                 err = -EINVAL;
3004                 goto out;
3005         }
3006
3007         request = kzalloc(sizeof(*request)
3008                         + sizeof(*ssid) * n_ssids
3009                         + sizeof(channel) * n_channels
3010                         + ie_len, GFP_KERNEL);
3011         if (!request) {
3012                 err = -ENOMEM;
3013                 goto out;
3014         }
3015
3016         if (n_ssids)
3017                 request->ssids = (void *)&request->channels[n_channels];
3018         request->n_ssids = n_ssids;
3019         if (ie_len) {
3020                 if (request->ssids)
3021                         request->ie = (void *)(request->ssids + n_ssids);
3022                 else
3023                         request->ie = (void *)(request->channels + n_channels);
3024         }
3025
3026         i = 0;
3027         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3028                 /* user specified, bail out if channel not found */
3029                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3030                         struct ieee80211_channel *chan;
3031
3032                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3033
3034                         if (!chan) {
3035                                 err = -EINVAL;
3036                                 goto out_free;
3037                         }
3038
3039                         /* ignore disabled channels */
3040                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3041                                 continue;
3042
3043                         request->channels[i] = chan;
3044                         i++;
3045                 }
3046         } else {
3047                 /* all channels */
3048                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3049                         int j;
3050                         if (!wiphy->bands[band])
3051                                 continue;
3052                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3053                                 struct ieee80211_channel *chan;
3054
3055                                 chan = &wiphy->bands[band]->channels[j];
3056
3057                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3058                                         continue;
3059
3060                                 request->channels[i] = chan;
3061                                 i++;
3062                         }
3063                 }
3064         }
3065
3066         if (!i) {
3067                 err = -EINVAL;
3068                 goto out_free;
3069         }
3070
3071         request->n_channels = i;
3072
3073         i = 0;
3074         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3075                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3076                         if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
3077                                 err = -EINVAL;
3078                                 goto out_free;
3079                         }
3080                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3081                         request->ssids[i].ssid_len = nla_len(attr);
3082                         i++;
3083                 }
3084         }
3085
3086         if (info->attrs[NL80211_ATTR_IE]) {
3087                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3088                 memcpy((void *)request->ie,
3089                        nla_data(info->attrs[NL80211_ATTR_IE]),
3090                        request->ie_len);
3091         }
3092
3093         request->dev = dev;
3094         request->wiphy = &rdev->wiphy;
3095
3096         rdev->scan_req = request;
3097         err = rdev->ops->scan(&rdev->wiphy, dev, request);
3098
3099         if (!err) {
3100                 nl80211_send_scan_start(rdev, dev);
3101                 dev_hold(dev);
3102         }
3103
3104  out_free:
3105         if (err) {
3106                 rdev->scan_req = NULL;
3107                 kfree(request);
3108         }
3109  out:
3110         cfg80211_unlock_rdev(rdev);
3111         dev_put(dev);
3112  out_rtnl:
3113         rtnl_unlock();
3114
3115         return err;
3116 }
3117
3118 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags,
3119                             struct cfg80211_registered_device *rdev,
3120                             struct wireless_dev *wdev,
3121                             struct cfg80211_internal_bss *intbss)
3122 {
3123         struct cfg80211_bss *res = &intbss->pub;
3124         void *hdr;
3125         struct nlattr *bss;
3126         int i;
3127
3128         ASSERT_WDEV_LOCK(wdev);
3129
3130         hdr = nl80211hdr_put(msg, pid, seq, flags,
3131                              NL80211_CMD_NEW_SCAN_RESULTS);
3132         if (!hdr)
3133                 return -1;
3134
3135         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
3136         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
3137
3138         bss = nla_nest_start(msg, NL80211_ATTR_BSS);
3139         if (!bss)
3140                 goto nla_put_failure;
3141         if (!is_zero_ether_addr(res->bssid))
3142                 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
3143         if (res->information_elements && res->len_information_elements)
3144                 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3145                         res->len_information_elements,
3146                         res->information_elements);
3147         if (res->beacon_ies && res->len_beacon_ies &&
3148             res->beacon_ies != res->information_elements)
3149                 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
3150                         res->len_beacon_ies, res->beacon_ies);
3151         if (res->tsf)
3152                 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3153         if (res->beacon_interval)
3154                 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3155         NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3156         NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3157         NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
3158                 jiffies_to_msecs(jiffies - intbss->ts));
3159
3160         switch (rdev->wiphy.signal_type) {
3161         case CFG80211_SIGNAL_TYPE_MBM:
3162                 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
3163                 break;
3164         case CFG80211_SIGNAL_TYPE_UNSPEC:
3165                 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
3166                 break;
3167         default:
3168                 break;
3169         }
3170
3171         switch (wdev->iftype) {
3172         case NL80211_IFTYPE_STATION:
3173                 if (intbss == wdev->current_bss)
3174                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3175                                     NL80211_BSS_STATUS_ASSOCIATED);
3176                 else for (i = 0; i < MAX_AUTH_BSSES; i++) {
3177                         if (intbss != wdev->auth_bsses[i])
3178                                 continue;
3179                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3180                                     NL80211_BSS_STATUS_AUTHENTICATED);
3181                         break;
3182                 }
3183                 break;
3184         case NL80211_IFTYPE_ADHOC:
3185                 if (intbss == wdev->current_bss)
3186                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3187                                     NL80211_BSS_STATUS_IBSS_JOINED);
3188                 break;
3189         default:
3190                 break;
3191         }
3192
3193         nla_nest_end(msg, bss);
3194
3195         return genlmsg_end(msg, hdr);
3196
3197  nla_put_failure:
3198         genlmsg_cancel(msg, hdr);
3199         return -EMSGSIZE;
3200 }
3201
3202 static int nl80211_dump_scan(struct sk_buff *skb,
3203                              struct netlink_callback *cb)
3204 {
3205         struct cfg80211_registered_device *rdev;
3206         struct net_device *dev;
3207         struct cfg80211_internal_bss *scan;
3208         struct wireless_dev *wdev;
3209         int ifidx = cb->args[0];
3210         int start = cb->args[1], idx = 0;
3211         int err;
3212
3213         if (!ifidx)
3214                 ifidx = nl80211_get_ifidx(cb);
3215         if (ifidx < 0)
3216                 return ifidx;
3217         cb->args[0] = ifidx;
3218
3219         dev = dev_get_by_index(sock_net(skb->sk), ifidx);
3220         if (!dev)
3221                 return -ENODEV;
3222
3223         rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3224         if (IS_ERR(rdev)) {
3225                 err = PTR_ERR(rdev);
3226                 goto out_put_netdev;
3227         }
3228
3229         wdev = dev->ieee80211_ptr;
3230
3231         wdev_lock(wdev);
3232         spin_lock_bh(&rdev->bss_lock);
3233         cfg80211_bss_expire(rdev);
3234
3235         list_for_each_entry(scan, &rdev->bss_list, list) {
3236                 if (++idx <= start)
3237                         continue;
3238                 if (nl80211_send_bss(skb,
3239                                 NETLINK_CB(cb->skb).pid,
3240                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3241                                 rdev, wdev, scan) < 0) {
3242                         idx--;
3243                         goto out;
3244                 }
3245         }
3246
3247  out:
3248         spin_unlock_bh(&rdev->bss_lock);
3249         wdev_unlock(wdev);
3250
3251         cb->args[1] = idx;
3252         err = skb->len;
3253         cfg80211_unlock_rdev(rdev);
3254  out_put_netdev:
3255         dev_put(dev);
3256
3257         return err;
3258 }
3259
3260 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
3261                                 int flags, struct net_device *dev,
3262                                 struct survey_info *survey)
3263 {
3264         void *hdr;
3265         struct nlattr *infoattr;
3266
3267         /* Survey without a channel doesn't make sense */
3268         if (!survey->channel)
3269                 return -EINVAL;
3270
3271         hdr = nl80211hdr_put(msg, pid, seq, flags,
3272                              NL80211_CMD_NEW_SURVEY_RESULTS);
3273         if (!hdr)
3274                 return -ENOMEM;
3275
3276         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3277
3278         infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
3279         if (!infoattr)
3280                 goto nla_put_failure;
3281
3282         NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
3283                     survey->channel->center_freq);
3284         if (survey->filled & SURVEY_INFO_NOISE_DBM)
3285                 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
3286                             survey->noise);
3287
3288         nla_nest_end(msg, infoattr);
3289
3290         return genlmsg_end(msg, hdr);
3291
3292  nla_put_failure:
3293         genlmsg_cancel(msg, hdr);
3294         return -EMSGSIZE;
3295 }
3296
3297 static int nl80211_dump_survey(struct sk_buff *skb,
3298                         struct netlink_callback *cb)
3299 {
3300         struct survey_info survey;
3301         struct cfg80211_registered_device *dev;
3302         struct net_device *netdev;
3303         int ifidx = cb->args[0];
3304         int survey_idx = cb->args[1];
3305         int res;
3306
3307         if (!ifidx)
3308                 ifidx = nl80211_get_ifidx(cb);
3309         if (ifidx < 0)
3310                 return ifidx;
3311         cb->args[0] = ifidx;
3312
3313         rtnl_lock();
3314
3315         netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3316         if (!netdev) {
3317                 res = -ENODEV;
3318                 goto out_rtnl;
3319         }
3320
3321         dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3322         if (IS_ERR(dev)) {
3323                 res = PTR_ERR(dev);
3324                 goto out_rtnl;
3325         }
3326
3327         if (!dev->ops->dump_survey) {
3328                 res = -EOPNOTSUPP;
3329                 goto out_err;
3330         }
3331
3332         while (1) {
3333                 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
3334                                             &survey);
3335                 if (res == -ENOENT)
3336                         break;
3337                 if (res)
3338                         goto out_err;
3339
3340                 if (nl80211_send_survey(skb,
3341                                 NETLINK_CB(cb->skb).pid,
3342                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3343                                 netdev,
3344                                 &survey) < 0)
3345                         goto out;
3346                 survey_idx++;
3347         }
3348
3349  out:
3350         cb->args[1] = survey_idx;
3351         res = skb->len;
3352  out_err:
3353         cfg80211_unlock_rdev(dev);
3354  out_rtnl:
3355         rtnl_unlock();
3356
3357         return res;
3358 }
3359
3360 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3361 {
3362         return auth_type <= NL80211_AUTHTYPE_MAX;
3363 }
3364
3365 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
3366 {
3367         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
3368                                   NL80211_WPA_VERSION_2));
3369 }
3370
3371 static bool nl80211_valid_akm_suite(u32 akm)
3372 {
3373         return akm == WLAN_AKM_SUITE_8021X ||
3374                 akm == WLAN_AKM_SUITE_PSK;
3375 }
3376
3377 static bool nl80211_valid_cipher_suite(u32 cipher)
3378 {
3379         return cipher == WLAN_CIPHER_SUITE_WEP40 ||
3380                 cipher == WLAN_CIPHER_SUITE_WEP104 ||
3381                 cipher == WLAN_CIPHER_SUITE_TKIP ||
3382                 cipher == WLAN_CIPHER_SUITE_CCMP ||
3383                 cipher == WLAN_CIPHER_SUITE_AES_CMAC;
3384 }
3385
3386
3387 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
3388 {
3389         struct cfg80211_registered_device *rdev;
3390         struct net_device *dev;
3391         struct ieee80211_channel *chan;
3392         const u8 *bssid, *ssid, *ie = NULL;
3393         int err, ssid_len, ie_len = 0;
3394         enum nl80211_auth_type auth_type;
3395         struct key_parse key;
3396
3397         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3398                 return -EINVAL;
3399
3400         if (!info->attrs[NL80211_ATTR_MAC])
3401                 return -EINVAL;
3402
3403         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
3404                 return -EINVAL;
3405
3406         if (!info->attrs[NL80211_ATTR_SSID])
3407                 return -EINVAL;
3408
3409         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
3410                 return -EINVAL;
3411
3412         err = nl80211_parse_key(info, &key);
3413         if (err)
3414                 return err;
3415
3416         if (key.idx >= 0) {
3417                 if (!key.p.key || !key.p.key_len)
3418                         return -EINVAL;
3419                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
3420                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
3421                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
3422                      key.p.key_len != WLAN_KEY_LEN_WEP104))
3423                         return -EINVAL;
3424                 if (key.idx > 4)
3425                         return -EINVAL;
3426         } else {
3427                 key.p.key_len = 0;
3428                 key.p.key = NULL;
3429         }
3430
3431         rtnl_lock();
3432
3433         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3434         if (err)
3435                 goto unlock_rtnl;
3436
3437         if (!rdev->ops->auth) {
3438                 err = -EOPNOTSUPP;
3439                 goto out;
3440         }
3441
3442         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3443                 err = -EOPNOTSUPP;
3444                 goto out;
3445         }
3446
3447         if (!netif_running(dev)) {
3448                 err = -ENETDOWN;
3449                 goto out;
3450         }
3451
3452         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3453         chan = ieee80211_get_channel(&rdev->wiphy,
3454                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3455         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3456                 err = -EINVAL;
3457                 goto out;
3458         }
3459
3460         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3461         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3462
3463         if (info->attrs[NL80211_ATTR_IE]) {
3464                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3465                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3466         }
3467
3468         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
3469         if (!nl80211_valid_auth_type(auth_type)) {
3470                 err = -EINVAL;
3471                 goto out;
3472         }
3473
3474         err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
3475                                  ssid, ssid_len, ie, ie_len,
3476                                  key.p.key, key.p.key_len, key.idx);
3477
3478 out:
3479         cfg80211_unlock_rdev(rdev);
3480         dev_put(dev);
3481 unlock_rtnl:
3482         rtnl_unlock();
3483         return err;
3484 }
3485
3486 static int nl80211_crypto_settings(struct genl_info *info,
3487                                    struct cfg80211_crypto_settings *settings,
3488                                    int cipher_limit)
3489 {
3490         memset(settings, 0, sizeof(*settings));
3491
3492         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
3493
3494         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
3495                 void *data;
3496                 int len, i;
3497
3498                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3499                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3500                 settings->n_ciphers_pairwise = len / sizeof(u32);
3501
3502                 if (len % sizeof(u32))
3503                         return -EINVAL;
3504
3505                 if (settings->n_ciphers_pairwise > cipher_limit)
3506                         return -EINVAL;
3507
3508                 memcpy(settings->ciphers_pairwise, data, len);
3509
3510                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3511                         if (!nl80211_valid_cipher_suite(
3512                                         settings->ciphers_pairwise[i]))
3513                                 return -EINVAL;
3514         }
3515
3516         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
3517                 settings->cipher_group =
3518                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
3519                 if (!nl80211_valid_cipher_suite(settings->cipher_group))
3520                         return -EINVAL;
3521         }
3522
3523         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
3524                 settings->wpa_versions =
3525                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
3526                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
3527                         return -EINVAL;
3528         }
3529
3530         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
3531                 void *data;
3532                 int len, i;
3533
3534                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
3535                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
3536                 settings->n_akm_suites = len / sizeof(u32);
3537
3538                 if (len % sizeof(u32))
3539                         return -EINVAL;
3540
3541                 memcpy(settings->akm_suites, data, len);
3542
3543                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3544                         if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
3545                                 return -EINVAL;
3546         }
3547
3548         return 0;
3549 }
3550
3551 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
3552 {
3553         struct cfg80211_registered_device *rdev;
3554         struct net_device *dev;
3555         struct wireless_dev *wdev;
3556         struct cfg80211_crypto_settings crypto;
3557         struct ieee80211_channel *chan, *fixedchan;
3558         const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
3559         int err, ssid_len, ie_len = 0;
3560         bool use_mfp = false;
3561
3562         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3563                 return -EINVAL;
3564
3565         if (!info->attrs[NL80211_ATTR_MAC] ||
3566             !info->attrs[NL80211_ATTR_SSID] ||
3567             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
3568                 return -EINVAL;
3569
3570         rtnl_lock();
3571
3572         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3573         if (err)
3574                 goto unlock_rtnl;
3575
3576         if (!rdev->ops->assoc) {
3577                 err = -EOPNOTSUPP;
3578                 goto out;
3579         }
3580
3581         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3582                 err = -EOPNOTSUPP;
3583                 goto out;
3584         }
3585
3586         if (!netif_running(dev)) {
3587                 err = -ENETDOWN;
3588                 goto out;
3589         }
3590
3591         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3592
3593         chan = ieee80211_get_channel(&rdev->wiphy,
3594                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3595         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3596                 err = -EINVAL;
3597                 goto out;
3598         }
3599
3600         mutex_lock(&rdev->devlist_mtx);
3601         wdev = dev->ieee80211_ptr;
3602         fixedchan = rdev_fixed_channel(rdev, wdev);
3603         if (fixedchan && chan != fixedchan) {
3604                 err = -EBUSY;
3605                 mutex_unlock(&rdev->devlist_mtx);
3606                 goto out;
3607         }
3608         mutex_unlock(&rdev->devlist_mtx);
3609
3610         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3611         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3612
3613         if (info->attrs[NL80211_ATTR_IE]) {
3614                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3615                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3616         }
3617
3618         if (info->attrs[NL80211_ATTR_USE_MFP]) {
3619                 enum nl80211_mfp mfp =
3620                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
3621                 if (mfp == NL80211_MFP_REQUIRED)
3622                         use_mfp = true;
3623                 else if (mfp != NL80211_MFP_NO) {
3624                         err = -EINVAL;
3625                         goto out;
3626                 }
3627         }
3628
3629         if (info->attrs[NL80211_ATTR_PREV_BSSID])
3630                 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
3631
3632         err = nl80211_crypto_settings(info, &crypto, 1);
3633         if (!err)
3634                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
3635                                           ssid, ssid_len, ie, ie_len, use_mfp,
3636                                           &crypto);
3637
3638 out:
3639         cfg80211_unlock_rdev(rdev);
3640         dev_put(dev);
3641 unlock_rtnl:
3642         rtnl_unlock();
3643         return err;
3644 }
3645
3646 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
3647 {
3648         struct cfg80211_registered_device *rdev;
3649         struct net_device *dev;
3650         const u8 *ie = NULL, *bssid;
3651         int err, ie_len = 0;
3652         u16 reason_code;
3653
3654         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3655                 return -EINVAL;
3656
3657         if (!info->attrs[NL80211_ATTR_MAC])
3658                 return -EINVAL;
3659
3660         if (!info->attrs[NL80211_ATTR_REASON_CODE])
3661                 return -EINVAL;
3662
3663         rtnl_lock();
3664
3665         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3666         if (err)
3667                 goto unlock_rtnl;
3668
3669         if (!rdev->ops->deauth) {
3670                 err = -EOPNOTSUPP;
3671                 goto out;
3672         }
3673
3674         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3675                 err = -EOPNOTSUPP;
3676                 goto out;
3677         }
3678
3679         if (!netif_running(dev)) {
3680                 err = -ENETDOWN;
3681                 goto out;
3682         }
3683
3684         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3685
3686         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3687         if (reason_code == 0) {
3688                 /* Reason Code 0 is reserved */
3689                 err = -EINVAL;
3690                 goto out;
3691         }
3692
3693         if (info->attrs[NL80211_ATTR_IE]) {
3694                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3695                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3696         }
3697
3698         err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code);
3699
3700 out:
3701         cfg80211_unlock_rdev(rdev);
3702         dev_put(dev);
3703 unlock_rtnl:
3704         rtnl_unlock();
3705         return err;
3706 }
3707
3708 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
3709 {
3710         struct cfg80211_registered_device *rdev;
3711         struct net_device *dev;
3712         const u8 *ie = NULL, *bssid;
3713         int err, ie_len = 0;
3714         u16 reason_code;
3715
3716         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3717                 return -EINVAL;
3718
3719         if (!info->attrs[NL80211_ATTR_MAC])
3720                 return -EINVAL;
3721
3722         if (!info->attrs[NL80211_ATTR_REASON_CODE])
3723                 return -EINVAL;
3724
3725         rtnl_lock();
3726
3727         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3728         if (err)
3729                 goto unlock_rtnl;
3730
3731         if (!rdev->ops->disassoc) {
3732                 err = -EOPNOTSUPP;
3733                 goto out;
3734         }
3735
3736         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3737                 err = -EOPNOTSUPP;
3738                 goto out;
3739         }
3740
3741         if (!netif_running(dev)) {
3742                 err = -ENETDOWN;
3743                 goto out;
3744         }
3745
3746         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3747
3748         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3749         if (reason_code == 0) {
3750                 /* Reason Code 0 is reserved */
3751                 err = -EINVAL;
3752                 goto out;
3753         }
3754
3755         if (info->attrs[NL80211_ATTR_IE]) {
3756                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3757                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3758         }
3759
3760         err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code);
3761
3762 out:
3763         cfg80211_unlock_rdev(rdev);
3764         dev_put(dev);
3765 unlock_rtnl:
3766         rtnl_unlock();
3767         return err;
3768 }
3769
3770 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
3771 {
3772         struct cfg80211_registered_device *rdev;
3773         struct net_device *dev;
3774         struct cfg80211_ibss_params ibss;
3775         struct wiphy *wiphy;
3776         struct cfg80211_cached_keys *connkeys = NULL;
3777         int err;
3778
3779         memset(&ibss, 0, sizeof(ibss));
3780
3781         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3782                 return -EINVAL;
3783
3784         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
3785             !info->attrs[NL80211_ATTR_SSID] ||
3786             !nla_len(info->attrs[NL80211_ATTR_SSID]))
3787                 return -EINVAL;
3788
3789         ibss.beacon_interval = 100;
3790
3791         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
3792                 ibss.beacon_interval =
3793                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3794                 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
3795                         return -EINVAL;
3796         }
3797
3798         rtnl_lock();
3799
3800         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3801         if (err)
3802                 goto unlock_rtnl;
3803
3804         if (!rdev->ops->join_ibss) {
3805                 err = -EOPNOTSUPP;
3806                 goto out;
3807         }
3808
3809         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
3810                 err = -EOPNOTSUPP;
3811                 goto out;
3812         }
3813
3814         if (!netif_running(dev)) {
3815                 err = -ENETDOWN;
3816                 goto out;
3817         }
3818
3819         wiphy = &rdev->wiphy;
3820
3821         if (info->attrs[NL80211_ATTR_MAC])
3822                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3823         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3824         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3825
3826         if (info->attrs[NL80211_ATTR_IE]) {
3827                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3828                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3829         }
3830
3831         ibss.channel = ieee80211_get_channel(wiphy,
3832                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3833         if (!ibss.channel ||
3834             ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
3835             ibss.channel->flags & IEEE80211_CHAN_DISABLED) {
3836                 err = -EINVAL;
3837                 goto out;
3838         }
3839
3840         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
3841         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3842
3843         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
3844                 connkeys = nl80211_parse_connkeys(rdev,
3845                                         info->attrs[NL80211_ATTR_KEYS]);
3846                 if (IS_ERR(connkeys)) {
3847                         err = PTR_ERR(connkeys);
3848                         connkeys = NULL;
3849                         goto out;
3850                 }
3851         }
3852
3853         err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
3854
3855 out:
3856         cfg80211_unlock_rdev(rdev);
3857         dev_put(dev);
3858 unlock_rtnl:
3859         if (err)
3860                 kfree(connkeys);
3861         rtnl_unlock();
3862         return err;
3863 }
3864
3865 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
3866 {
3867         struct cfg80211_registered_device *rdev;
3868         struct net_device *dev;
3869         int err;
3870
3871         rtnl_lock();
3872
3873         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3874         if (err)
3875                 goto unlock_rtnl;
3876
3877         if (!rdev->ops->leave_ibss) {
3878                 err = -EOPNOTSUPP;
3879                 goto out;
3880         }
3881
3882         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
3883                 err = -EOPNOTSUPP;
3884                 goto out;
3885         }
3886
3887         if (!netif_running(dev)) {
3888                 err = -ENETDOWN;
3889                 goto out;
3890         }
3891
3892         err = cfg80211_leave_ibss(rdev, dev, false);
3893
3894 out:
3895         cfg80211_unlock_rdev(rdev);
3896         dev_put(dev);
3897 unlock_rtnl:
3898         rtnl_unlock();
3899         return err;
3900 }
3901
3902 #ifdef CONFIG_NL80211_TESTMODE
3903 static struct genl_multicast_group nl80211_testmode_mcgrp = {
3904         .name = "testmode",
3905 };
3906
3907 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
3908 {
3909         struct cfg80211_registered_device *rdev;
3910         int err;
3911
3912         if (!info->attrs[NL80211_ATTR_TESTDATA])
3913                 return -EINVAL;
3914
3915         rtnl_lock();
3916
3917         rdev = cfg80211_get_dev_from_info(info);
3918         if (IS_ERR(rdev)) {
3919                 err = PTR_ERR(rdev);
3920                 goto unlock_rtnl;
3921         }
3922
3923         err = -EOPNOTSUPP;
3924         if (rdev->ops->testmode_cmd) {
3925                 rdev->testmode_info = info;
3926                 err = rdev->ops->testmode_cmd(&rdev->wiphy,
3927                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
3928                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
3929                 rdev->testmode_info = NULL;
3930         }
3931
3932         cfg80211_unlock_rdev(rdev);
3933
3934  unlock_rtnl:
3935         rtnl_unlock();
3936         return err;
3937 }
3938
3939 static struct sk_buff *
3940 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
3941                               int approxlen, u32 pid, u32 seq, gfp_t gfp)
3942 {
3943         struct sk_buff *skb;
3944         void *hdr;
3945         struct nlattr *data;
3946
3947         skb = nlmsg_new(approxlen + 100, gfp);
3948         if (!skb)
3949                 return NULL;
3950
3951         hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
3952         if (!hdr) {
3953                 kfree_skb(skb);
3954                 return NULL;
3955         }
3956
3957         NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
3958         data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
3959
3960         ((void **)skb->cb)[0] = rdev;
3961         ((void **)skb->cb)[1] = hdr;
3962         ((void **)skb->cb)[2] = data;
3963
3964         return skb;
3965
3966  nla_put_failure:
3967         kfree_skb(skb);
3968         return NULL;
3969 }
3970
3971 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
3972                                                   int approxlen)
3973 {
3974         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
3975
3976         if (WARN_ON(!rdev->testmode_info))
3977                 return NULL;
3978
3979         return __cfg80211_testmode_alloc_skb(rdev, approxlen,
3980                                 rdev->testmode_info->snd_pid,
3981                                 rdev->testmode_info->snd_seq,
3982                                 GFP_KERNEL);
3983 }
3984 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
3985
3986 int cfg80211_testmode_reply(struct sk_buff *skb)
3987 {
3988         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
3989         void *hdr = ((void **)skb->cb)[1];
3990         struct nlattr *data = ((void **)skb->cb)[2];
3991
3992         if (WARN_ON(!rdev->testmode_info)) {
3993                 kfree_skb(skb);
3994                 return -EINVAL;
3995         }
3996
3997         nla_nest_end(skb, data);
3998         genlmsg_end(skb, hdr);
3999         return genlmsg_reply(skb, rdev->testmode_info);
4000 }
4001 EXPORT_SYMBOL(cfg80211_testmode_reply);
4002
4003 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
4004                                                   int approxlen, gfp_t gfp)
4005 {
4006         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4007
4008         return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
4009 }
4010 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
4011
4012 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
4013 {
4014         void *hdr = ((void **)skb->cb)[1];
4015         struct nlattr *data = ((void **)skb->cb)[2];
4016
4017         nla_nest_end(skb, data);
4018         genlmsg_end(skb, hdr);
4019         genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
4020 }
4021 EXPORT_SYMBOL(cfg80211_testmode_event);
4022 #endif
4023
4024 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
4025 {
4026         struct cfg80211_registered_device *rdev;
4027         struct net_device *dev;
4028         struct cfg80211_connect_params connect;
4029         struct wiphy *wiphy;
4030         struct cfg80211_cached_keys *connkeys = NULL;
4031         int err;
4032
4033         memset(&connect, 0, sizeof(connect));
4034
4035         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4036                 return -EINVAL;
4037
4038         if (!info->attrs[NL80211_ATTR_SSID] ||
4039             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4040                 return -EINVAL;
4041
4042         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4043                 connect.auth_type =
4044                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4045                 if (!nl80211_valid_auth_type(connect.auth_type))
4046                         return -EINVAL;
4047         } else
4048                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4049
4050         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
4051
4052         err = nl80211_crypto_settings(info, &connect.crypto,
4053                                       NL80211_MAX_NR_CIPHER_SUITES);
4054         if (err)
4055                 return err;
4056         rtnl_lock();
4057
4058         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4059         if (err)
4060                 goto unlock_rtnl;
4061
4062         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4063                 err = -EOPNOTSUPP;
4064                 goto out;
4065         }
4066
4067         if (!netif_running(dev)) {
4068                 err = -ENETDOWN;
4069                 goto out;
4070         }
4071
4072         wiphy = &rdev->wiphy;
4073
4074         if (info->attrs[NL80211_ATTR_MAC])
4075                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4076         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4077         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4078
4079         if (info->attrs[NL80211_ATTR_IE]) {
4080                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4081                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4082         }
4083
4084         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4085                 connect.channel =
4086                         ieee80211_get_channel(wiphy,
4087                             nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4088                 if (!connect.channel ||
4089                     connect.channel->flags & IEEE80211_CHAN_DISABLED) {
4090                         err = -EINVAL;
4091                         goto out;
4092                 }
4093         }
4094
4095         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4096                 connkeys = nl80211_parse_connkeys(rdev,
4097                                         info->attrs[NL80211_ATTR_KEYS]);
4098                 if (IS_ERR(connkeys)) {
4099                         err = PTR_ERR(connkeys);
4100                         connkeys = NULL;
4101                         goto out;
4102                 }
4103         }
4104
4105         err = cfg80211_connect(rdev, dev, &connect, connkeys);
4106
4107 out:
4108         cfg80211_unlock_rdev(rdev);
4109         dev_put(dev);
4110 unlock_rtnl:
4111         if (err)
4112                 kfree(connkeys);
4113         rtnl_unlock();
4114         return err;
4115 }
4116
4117 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
4118 {
4119         struct cfg80211_registered_device *rdev;
4120         struct net_device *dev;
4121         int err;
4122         u16 reason;
4123
4124         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4125                 reason = WLAN_REASON_DEAUTH_LEAVING;
4126         else
4127                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4128
4129         if (reason == 0)
4130                 return -EINVAL;
4131
4132         rtnl_lock();
4133
4134         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4135         if (err)
4136                 goto unlock_rtnl;
4137
4138         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4139                 err = -EOPNOTSUPP;
4140                 goto out;
4141         }
4142
4143         if (!netif_running(dev)) {
4144                 err = -ENETDOWN;
4145                 goto out;
4146         }
4147
4148         err = cfg80211_disconnect(rdev, dev, reason, true);
4149
4150 out:
4151         cfg80211_unlock_rdev(rdev);
4152         dev_put(dev);
4153 unlock_rtnl:
4154         rtnl_unlock();
4155         return err;
4156 }
4157
4158 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4159 {
4160         struct cfg80211_registered_device *rdev;
4161         struct net *net;
4162         int err;
4163         u32 pid;
4164
4165         if (!info->attrs[NL80211_ATTR_PID])
4166                 return -EINVAL;
4167
4168         pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
4169
4170         rtnl_lock();
4171
4172         rdev = cfg80211_get_dev_from_info(info);
4173         if (IS_ERR(rdev)) {
4174                 err = PTR_ERR(rdev);
4175                 goto out_rtnl;
4176         }
4177
4178         net = get_net_ns_by_pid(pid);
4179         if (IS_ERR(net)) {
4180                 err = PTR_ERR(net);
4181                 goto out;
4182         }
4183
4184         err = 0;
4185
4186         /* check if anything to do */
4187         if (net_eq(wiphy_net(&rdev->wiphy), net))
4188                 goto out_put_net;
4189
4190         err = cfg80211_switch_netns(rdev, net);
4191  out_put_net:
4192         put_net(net);
4193  out:
4194         cfg80211_unlock_rdev(rdev);
4195  out_rtnl:
4196         rtnl_unlock();
4197         return err;
4198 }
4199
4200 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
4201 {
4202         struct cfg80211_registered_device *rdev;
4203         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
4204                         struct cfg80211_pmksa *pmksa) = NULL;
4205         int err;
4206         struct net_device *dev;
4207         struct cfg80211_pmksa pmksa;
4208
4209         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
4210
4211         if (!info->attrs[NL80211_ATTR_MAC])
4212                 return -EINVAL;
4213
4214         if (!info->attrs[NL80211_ATTR_PMKID])
4215                 return -EINVAL;
4216
4217         rtnl_lock();
4218
4219         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4220         if (err)
4221                 goto out_rtnl;
4222
4223         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
4224         pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4225
4226         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4227                 err = -EOPNOTSUPP;
4228                 goto out;
4229         }
4230
4231         switch (info->genlhdr->cmd) {
4232         case NL80211_CMD_SET_PMKSA:
4233                 rdev_ops = rdev->ops->set_pmksa;
4234                 break;
4235         case NL80211_CMD_DEL_PMKSA:
4236                 rdev_ops = rdev->ops->del_pmksa;
4237                 break;
4238         default:
4239                 WARN_ON(1);
4240                 break;
4241         }
4242
4243         if (!rdev_ops) {
4244                 err = -EOPNOTSUPP;
4245                 goto out;
4246         }
4247
4248         err = rdev_ops(&rdev->wiphy, dev, &pmksa);
4249
4250  out:
4251         cfg80211_unlock_rdev(rdev);
4252         dev_put(dev);
4253  out_rtnl:
4254         rtnl_unlock();
4255
4256         return err;
4257 }
4258
4259 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4260 {
4261         struct cfg80211_registered_device *rdev;
4262         int err;
4263         struct net_device *dev;
4264
4265         rtnl_lock();
4266
4267         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4268         if (err)
4269                 goto out_rtnl;
4270
4271         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4272                 err = -EOPNOTSUPP;
4273                 goto out;
4274         }
4275
4276         if (!rdev->ops->flush_pmksa) {
4277                 err = -EOPNOTSUPP;
4278                 goto out;
4279         }
4280
4281         err = rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4282
4283  out:
4284         cfg80211_unlock_rdev(rdev);
4285         dev_put(dev);
4286  out_rtnl:
4287         rtnl_unlock();
4288
4289         return err;
4290
4291 }
4292
4293 static int nl80211_remain_on_channel(struct sk_buff *skb,
4294                                      struct genl_info *info)
4295 {
4296         struct cfg80211_registered_device *rdev;
4297         struct net_device *dev;
4298         struct ieee80211_channel *chan;
4299         struct sk_buff *msg;
4300         void *hdr;
4301         u64 cookie;
4302         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4303         u32 freq, duration;
4304         int err;
4305
4306         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4307             !info->attrs[NL80211_ATTR_DURATION])
4308                 return -EINVAL;
4309
4310         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4311
4312         /*
4313          * We should be on that channel for at least one jiffie,
4314          * and more than 5 seconds seems excessive.
4315          */
4316         if (!duration || !msecs_to_jiffies(duration) || duration > 5000)
4317                 return -EINVAL;
4318
4319         rtnl_lock();
4320
4321         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4322         if (err)
4323                 goto unlock_rtnl;
4324
4325         if (!rdev->ops->remain_on_channel) {
4326                 err = -EOPNOTSUPP;
4327                 goto out;
4328         }
4329
4330         if (!netif_running(dev)) {
4331                 err = -ENETDOWN;
4332                 goto out;
4333         }
4334
4335         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4336                 channel_type = nla_get_u32(
4337                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4338                 if (channel_type != NL80211_CHAN_NO_HT &&
4339                     channel_type != NL80211_CHAN_HT20 &&
4340                     channel_type != NL80211_CHAN_HT40PLUS &&
4341                     channel_type != NL80211_CHAN_HT40MINUS)
4342                         err = -EINVAL;
4343                         goto out;
4344         }
4345
4346         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4347         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4348         if (chan == NULL) {
4349                 err = -EINVAL;
4350                 goto out;
4351         }
4352
4353         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4354         if (!msg) {
4355                 err = -ENOMEM;
4356                 goto out;
4357         }
4358
4359         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4360                              NL80211_CMD_REMAIN_ON_CHANNEL);
4361
4362         if (IS_ERR(hdr)) {
4363                 err = PTR_ERR(hdr);
4364                 goto free_msg;
4365         }
4366
4367         err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
4368                                            channel_type, duration, &cookie);
4369
4370         if (err)
4371                 goto free_msg;
4372
4373         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4374
4375         genlmsg_end(msg, hdr);
4376         err = genlmsg_reply(msg, info);
4377         goto out;
4378
4379  nla_put_failure:
4380         err = -ENOBUFS;
4381  free_msg:
4382         nlmsg_free(msg);
4383  out:
4384         cfg80211_unlock_rdev(rdev);
4385         dev_put(dev);
4386  unlock_rtnl:
4387         rtnl_unlock();
4388         return err;
4389 }
4390
4391 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
4392                                             struct genl_info *info)
4393 {
4394         struct cfg80211_registered_device *rdev;
4395         struct net_device *dev;
4396         u64 cookie;
4397         int err;
4398
4399         if (!info->attrs[NL80211_ATTR_COOKIE])
4400                 return -EINVAL;
4401
4402         rtnl_lock();
4403
4404         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4405         if (err)
4406                 goto unlock_rtnl;
4407
4408         if (!rdev->ops->cancel_remain_on_channel) {
4409                 err = -EOPNOTSUPP;
4410                 goto out;
4411         }
4412
4413         if (!netif_running(dev)) {
4414                 err = -ENETDOWN;
4415                 goto out;
4416         }
4417
4418         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
4419
4420         err = rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
4421
4422  out:
4423         cfg80211_unlock_rdev(rdev);
4424         dev_put(dev);
4425  unlock_rtnl:
4426         rtnl_unlock();
4427         return err;
4428 }
4429
4430 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4431                            u8 *rates, u8 rates_len)
4432 {
4433         u8 i;
4434         u32 mask = 0;
4435
4436         for (i = 0; i < rates_len; i++) {
4437                 int rate = (rates[i] & 0x7f) * 5;
4438                 int ridx;
4439                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4440                         struct ieee80211_rate *srate =
4441                                 &sband->bitrates[ridx];
4442                         if (rate == srate->bitrate) {
4443                                 mask |= 1 << ridx;
4444                                 break;
4445                         }
4446                 }
4447                 if (ridx == sband->n_bitrates)
4448                         return 0; /* rate not found */
4449         }
4450
4451         return mask;
4452 }
4453
4454 static struct nla_policy
4455 nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] __read_mostly = {
4456         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4457                                     .len = NL80211_MAX_SUPP_RATES },
4458 };
4459
4460 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
4461                                        struct genl_info *info)
4462 {
4463         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4464         struct cfg80211_registered_device *rdev;
4465         struct cfg80211_bitrate_mask mask;
4466         int err, rem, i;
4467         struct net_device *dev;
4468         struct nlattr *tx_rates;
4469         struct ieee80211_supported_band *sband;
4470
4471         if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
4472                 return -EINVAL;
4473
4474         rtnl_lock();
4475
4476         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4477         if (err)
4478                 goto unlock_rtnl;
4479
4480         if (!rdev->ops->set_bitrate_mask) {
4481                 err = -EOPNOTSUPP;
4482                 goto unlock;
4483         }
4484
4485         memset(&mask, 0, sizeof(mask));
4486         /* Default to all rates enabled */
4487         for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
4488                 sband = rdev->wiphy.bands[i];
4489                 mask.control[i].legacy =
4490                         sband ? (1 << sband->n_bitrates) - 1 : 0;
4491         }
4492
4493         /*
4494          * The nested attribute uses enum nl80211_band as the index. This maps
4495          * directly to the enum ieee80211_band values used in cfg80211.
4496          */
4497         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
4498         {
4499                 enum ieee80211_band band = nla_type(tx_rates);
4500                 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
4501                         err = -EINVAL;
4502                         goto unlock;
4503                 }
4504                 sband = rdev->wiphy.bands[band];
4505                 if (sband == NULL) {
4506                         err = -EINVAL;
4507                         goto unlock;
4508                 }
4509                 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
4510                           nla_len(tx_rates), nl80211_txattr_policy);
4511                 if (tb[NL80211_TXRATE_LEGACY]) {
4512                         mask.control[band].legacy = rateset_to_mask(
4513                                 sband,
4514                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
4515                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
4516                         if (mask.control[band].legacy == 0) {
4517                                 err = -EINVAL;
4518                                 goto unlock;
4519                         }
4520                 }
4521         }
4522
4523         err = rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
4524
4525  unlock:
4526         dev_put(dev);
4527         cfg80211_unlock_rdev(rdev);
4528  unlock_rtnl:
4529         rtnl_unlock();
4530         return err;
4531 }
4532
4533 static int nl80211_register_action(struct sk_buff *skb, struct genl_info *info)
4534 {
4535         struct cfg80211_registered_device *rdev;
4536         struct net_device *dev;
4537         int err;
4538
4539         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
4540                 return -EINVAL;
4541
4542         if (nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]) < 1)
4543                 return -EINVAL;
4544
4545         rtnl_lock();
4546
4547         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4548         if (err)
4549                 goto unlock_rtnl;
4550
4551         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4552                 err = -EOPNOTSUPP;
4553                 goto out;
4554         }
4555
4556         /* not much point in registering if we can't reply */
4557         if (!rdev->ops->action) {
4558                 err = -EOPNOTSUPP;
4559                 goto out;
4560         }
4561
4562         err = cfg80211_mlme_register_action(dev->ieee80211_ptr, info->snd_pid,
4563                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
4564                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
4565  out:
4566         cfg80211_unlock_rdev(rdev);
4567         dev_put(dev);
4568  unlock_rtnl:
4569         rtnl_unlock();
4570         return err;
4571 }
4572
4573 static int nl80211_action(struct sk_buff *skb, struct genl_info *info)
4574 {
4575         struct cfg80211_registered_device *rdev;
4576         struct net_device *dev;
4577         struct ieee80211_channel *chan;
4578         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4579         u32 freq;
4580         int err;
4581         void *hdr;
4582         u64 cookie;
4583         struct sk_buff *msg;
4584
4585         if (!info->attrs[NL80211_ATTR_FRAME] ||
4586             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4587                 return -EINVAL;
4588
4589         rtnl_lock();
4590
4591         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4592         if (err)
4593                 goto unlock_rtnl;
4594
4595         if (!rdev->ops->action) {
4596                 err = -EOPNOTSUPP;
4597                 goto out;
4598         }
4599
4600         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4601                 err = -EOPNOTSUPP;
4602                 goto out;
4603         }
4604
4605         if (!netif_running(dev)) {
4606                 err = -ENETDOWN;
4607                 goto out;
4608         }
4609
4610         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4611                 channel_type = nla_get_u32(
4612                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4613                 if (channel_type != NL80211_CHAN_NO_HT &&
4614                     channel_type != NL80211_CHAN_HT20 &&
4615                     channel_type != NL80211_CHAN_HT40PLUS &&
4616                     channel_type != NL80211_CHAN_HT40MINUS)
4617                         err = -EINVAL;
4618                         goto out;
4619         }
4620
4621         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4622         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4623         if (chan == NULL) {
4624                 err = -EINVAL;
4625                 goto out;
4626         }
4627
4628         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4629         if (!msg) {
4630                 err = -ENOMEM;
4631                 goto out;
4632         }
4633
4634         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4635                              NL80211_CMD_ACTION);
4636
4637         if (IS_ERR(hdr)) {
4638                 err = PTR_ERR(hdr);
4639                 goto free_msg;
4640         }
4641         err = cfg80211_mlme_action(rdev, dev, chan, channel_type,
4642                                    nla_data(info->attrs[NL80211_ATTR_FRAME]),
4643                                    nla_len(info->attrs[NL80211_ATTR_FRAME]),
4644                                    &cookie);
4645         if (err)
4646                 goto free_msg;
4647
4648         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4649
4650         genlmsg_end(msg, hdr);
4651         err = genlmsg_reply(msg, info);
4652         goto out;
4653
4654  nla_put_failure:
4655         err = -ENOBUFS;
4656  free_msg:
4657         nlmsg_free(msg);
4658  out:
4659         cfg80211_unlock_rdev(rdev);
4660         dev_put(dev);
4661 unlock_rtnl:
4662         rtnl_unlock();
4663         return err;
4664 }
4665
4666 static struct genl_ops nl80211_ops[] = {
4667         {
4668                 .cmd = NL80211_CMD_GET_WIPHY,
4669                 .doit = nl80211_get_wiphy,
4670                 .dumpit = nl80211_dump_wiphy,
4671                 .policy = nl80211_policy,
4672                 /* can be retrieved by unprivileged users */
4673         },
4674         {
4675                 .cmd = NL80211_CMD_SET_WIPHY,
4676                 .doit = nl80211_set_wiphy,
4677                 .policy = nl80211_policy,
4678                 .flags = GENL_ADMIN_PERM,
4679         },
4680         {
4681                 .cmd = NL80211_CMD_GET_INTERFACE,
4682                 .doit = nl80211_get_interface,
4683                 .dumpit = nl80211_dump_interface,
4684                 .policy = nl80211_policy,
4685                 /* can be retrieved by unprivileged users */
4686         },
4687         {
4688                 .cmd = NL80211_CMD_SET_INTERFACE,
4689                 .doit = nl80211_set_interface,
4690                 .policy = nl80211_policy,
4691                 .flags = GENL_ADMIN_PERM,
4692         },
4693         {
4694                 .cmd = NL80211_CMD_NEW_INTERFACE,
4695                 .doit = nl80211_new_interface,
4696                 .policy = nl80211_policy,
4697                 .flags = GENL_ADMIN_PERM,
4698         },
4699         {
4700                 .cmd = NL80211_CMD_DEL_INTERFACE,
4701                 .doit = nl80211_del_interface,
4702                 .policy = nl80211_policy,
4703                 .flags = GENL_ADMIN_PERM,
4704         },
4705         {
4706                 .cmd = NL80211_CMD_GET_KEY,
4707                 .doit = nl80211_get_key,
4708                 .policy = nl80211_policy,
4709                 .flags = GENL_ADMIN_PERM,
4710         },
4711         {
4712                 .cmd = NL80211_CMD_SET_KEY,
4713                 .doit = nl80211_set_key,
4714                 .policy = nl80211_policy,
4715                 .flags = GENL_ADMIN_PERM,
4716         },
4717         {
4718                 .cmd = NL80211_CMD_NEW_KEY,
4719                 .doit = nl80211_new_key,
4720                 .policy = nl80211_policy,
4721                 .flags = GENL_ADMIN_PERM,
4722         },
4723         {
4724                 .cmd = NL80211_CMD_DEL_KEY,
4725                 .doit = nl80211_del_key,
4726                 .policy = nl80211_policy,
4727                 .flags = GENL_ADMIN_PERM,
4728         },
4729         {
4730                 .cmd = NL80211_CMD_SET_BEACON,
4731                 .policy = nl80211_policy,
4732                 .flags = GENL_ADMIN_PERM,
4733                 .doit = nl80211_addset_beacon,
4734         },
4735         {
4736                 .cmd = NL80211_CMD_NEW_BEACON,
4737                 .policy = nl80211_policy,
4738                 .flags = GENL_ADMIN_PERM,
4739                 .doit = nl80211_addset_beacon,
4740         },
4741         {
4742                 .cmd = NL80211_CMD_DEL_BEACON,
4743                 .policy = nl80211_policy,
4744                 .flags = GENL_ADMIN_PERM,
4745                 .doit = nl80211_del_beacon,
4746         },
4747         {
4748                 .cmd = NL80211_CMD_GET_STATION,
4749                 .doit = nl80211_get_station,
4750                 .dumpit = nl80211_dump_station,
4751                 .policy = nl80211_policy,
4752         },
4753         {
4754                 .cmd = NL80211_CMD_SET_STATION,
4755                 .doit = nl80211_set_station,
4756                 .policy = nl80211_policy,
4757                 .flags = GENL_ADMIN_PERM,
4758         },
4759         {
4760                 .cmd = NL80211_CMD_NEW_STATION,
4761                 .doit = nl80211_new_station,
4762                 .policy = nl80211_policy,
4763                 .flags = GENL_ADMIN_PERM,
4764         },
4765         {
4766                 .cmd = NL80211_CMD_DEL_STATION,
4767                 .doit = nl80211_del_station,
4768                 .policy = nl80211_policy,
4769                 .flags = GENL_ADMIN_PERM,
4770         },
4771         {
4772                 .cmd = NL80211_CMD_GET_MPATH,
4773                 .doit = nl80211_get_mpath,
4774                 .dumpit = nl80211_dump_mpath,
4775                 .policy = nl80211_policy,
4776                 .flags = GENL_ADMIN_PERM,
4777         },
4778         {
4779                 .cmd = NL80211_CMD_SET_MPATH,
4780                 .doit = nl80211_set_mpath,
4781                 .policy = nl80211_policy,
4782                 .flags = GENL_ADMIN_PERM,
4783         },
4784         {
4785                 .cmd = NL80211_CMD_NEW_MPATH,
4786                 .doit = nl80211_new_mpath,
4787                 .policy = nl80211_policy,
4788                 .flags = GENL_ADMIN_PERM,
4789         },
4790         {
4791                 .cmd = NL80211_CMD_DEL_MPATH,
4792                 .doit = nl80211_del_mpath,
4793                 .policy = nl80211_policy,
4794                 .flags = GENL_ADMIN_PERM,
4795         },
4796         {
4797                 .cmd = NL80211_CMD_SET_BSS,
4798                 .doit = nl80211_set_bss,
4799                 .policy = nl80211_policy,
4800                 .flags = GENL_ADMIN_PERM,
4801         },
4802         {
4803                 .cmd = NL80211_CMD_GET_REG,
4804                 .doit = nl80211_get_reg,
4805                 .policy = nl80211_policy,
4806                 /* can be retrieved by unprivileged users */
4807         },
4808         {
4809                 .cmd = NL80211_CMD_SET_REG,
4810                 .doit = nl80211_set_reg,
4811                 .policy = nl80211_policy,
4812                 .flags = GENL_ADMIN_PERM,
4813         },
4814         {
4815                 .cmd = NL80211_CMD_REQ_SET_REG,
4816                 .doit = nl80211_req_set_reg,
4817                 .policy = nl80211_policy,
4818                 .flags = GENL_ADMIN_PERM,
4819         },
4820         {
4821                 .cmd = NL80211_CMD_GET_MESH_PARAMS,
4822                 .doit = nl80211_get_mesh_params,
4823                 .policy = nl80211_policy,
4824                 /* can be retrieved by unprivileged users */
4825         },
4826         {
4827                 .cmd = NL80211_CMD_SET_MESH_PARAMS,
4828                 .doit = nl80211_set_mesh_params,
4829                 .policy = nl80211_policy,
4830                 .flags = GENL_ADMIN_PERM,
4831         },
4832         {
4833                 .cmd = NL80211_CMD_TRIGGER_SCAN,
4834                 .doit = nl80211_trigger_scan,
4835                 .policy = nl80211_policy,
4836                 .flags = GENL_ADMIN_PERM,
4837         },
4838         {
4839                 .cmd = NL80211_CMD_GET_SCAN,
4840                 .policy = nl80211_policy,
4841                 .dumpit = nl80211_dump_scan,
4842         },
4843         {
4844                 .cmd = NL80211_CMD_AUTHENTICATE,
4845                 .doit = nl80211_authenticate,
4846                 .policy = nl80211_policy,
4847                 .flags = GENL_ADMIN_PERM,
4848         },
4849         {
4850                 .cmd = NL80211_CMD_ASSOCIATE,
4851                 .doit = nl80211_associate,
4852                 .policy = nl80211_policy,
4853                 .flags = GENL_ADMIN_PERM,
4854         },
4855         {
4856                 .cmd = NL80211_CMD_DEAUTHENTICATE,
4857                 .doit = nl80211_deauthenticate,
4858                 .policy = nl80211_policy,
4859                 .flags = GENL_ADMIN_PERM,
4860         },
4861         {
4862                 .cmd = NL80211_CMD_DISASSOCIATE,
4863                 .doit = nl80211_disassociate,
4864                 .policy = nl80211_policy,
4865                 .flags = GENL_ADMIN_PERM,
4866         },
4867         {
4868                 .cmd = NL80211_CMD_JOIN_IBSS,
4869                 .doit = nl80211_join_ibss,
4870                 .policy = nl80211_policy,
4871                 .flags = GENL_ADMIN_PERM,
4872         },
4873         {
4874                 .cmd = NL80211_CMD_LEAVE_IBSS,
4875                 .doit = nl80211_leave_ibss,
4876                 .policy = nl80211_policy,
4877                 .flags = GENL_ADMIN_PERM,
4878         },
4879 #ifdef CONFIG_NL80211_TESTMODE
4880         {
4881                 .cmd = NL80211_CMD_TESTMODE,
4882                 .doit = nl80211_testmode_do,
4883                 .policy = nl80211_policy,
4884                 .flags = GENL_ADMIN_PERM,
4885         },
4886 #endif
4887         {
4888                 .cmd = NL80211_CMD_CONNECT,
4889                 .doit = nl80211_connect,
4890                 .policy = nl80211_policy,
4891                 .flags = GENL_ADMIN_PERM,
4892         },
4893         {
4894                 .cmd = NL80211_CMD_DISCONNECT,
4895                 .doit = nl80211_disconnect,
4896                 .policy = nl80211_policy,
4897                 .flags = GENL_ADMIN_PERM,
4898         },
4899         {
4900                 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
4901                 .doit = nl80211_wiphy_netns,
4902                 .policy = nl80211_policy,
4903                 .flags = GENL_ADMIN_PERM,
4904         },
4905         {
4906                 .cmd = NL80211_CMD_GET_SURVEY,
4907                 .policy = nl80211_policy,
4908                 .dumpit = nl80211_dump_survey,
4909         },
4910         {
4911                 .cmd = NL80211_CMD_SET_PMKSA,
4912                 .doit = nl80211_setdel_pmksa,
4913                 .policy = nl80211_policy,
4914                 .flags = GENL_ADMIN_PERM,
4915         },
4916         {
4917                 .cmd = NL80211_CMD_DEL_PMKSA,
4918                 .doit = nl80211_setdel_pmksa,
4919                 .policy = nl80211_policy,
4920                 .flags = GENL_ADMIN_PERM,
4921         },
4922         {
4923                 .cmd = NL80211_CMD_FLUSH_PMKSA,
4924                 .doit = nl80211_flush_pmksa,
4925                 .policy = nl80211_policy,
4926                 .flags = GENL_ADMIN_PERM,
4927         },
4928         {
4929                 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
4930                 .doit = nl80211_remain_on_channel,
4931                 .policy = nl80211_policy,
4932                 .flags = GENL_ADMIN_PERM,
4933         },
4934         {
4935                 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
4936                 .doit = nl80211_cancel_remain_on_channel,
4937                 .policy = nl80211_policy,
4938                 .flags = GENL_ADMIN_PERM,
4939         },
4940         {
4941                 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
4942                 .doit = nl80211_set_tx_bitrate_mask,
4943                 .policy = nl80211_policy,
4944                 .flags = GENL_ADMIN_PERM,
4945         },
4946         {
4947                 .cmd = NL80211_CMD_REGISTER_ACTION,
4948                 .doit = nl80211_register_action,
4949                 .policy = nl80211_policy,
4950                 .flags = GENL_ADMIN_PERM,
4951         },
4952         {
4953                 .cmd = NL80211_CMD_ACTION,
4954                 .doit = nl80211_action,
4955                 .policy = nl80211_policy,
4956                 .flags = GENL_ADMIN_PERM,
4957         },
4958 };
4959
4960 static struct genl_multicast_group nl80211_mlme_mcgrp = {
4961         .name = "mlme",
4962 };
4963
4964 /* multicast groups */
4965 static struct genl_multicast_group nl80211_config_mcgrp = {
4966         .name = "config",
4967 };
4968 static struct genl_multicast_group nl80211_scan_mcgrp = {
4969         .name = "scan",
4970 };
4971 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
4972         .name = "regulatory",
4973 };
4974
4975 /* notification functions */
4976
4977 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
4978 {
4979         struct sk_buff *msg;
4980
4981         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4982         if (!msg)
4983                 return;
4984
4985         if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
4986                 nlmsg_free(msg);
4987                 return;
4988         }
4989
4990         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4991                                 nl80211_config_mcgrp.id, GFP_KERNEL);
4992 }
4993
4994 static int nl80211_add_scan_req(struct sk_buff *msg,
4995                                 struct cfg80211_registered_device *rdev)
4996 {
4997         struct cfg80211_scan_request *req = rdev->scan_req;
4998         struct nlattr *nest;
4999         int i;
5000
5001         ASSERT_RDEV_LOCK(rdev);
5002
5003         if (WARN_ON(!req))
5004                 return 0;
5005
5006         nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
5007         if (!nest)
5008                 goto nla_put_failure;
5009         for (i = 0; i < req->n_ssids; i++)
5010                 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid);
5011         nla_nest_end(msg, nest);
5012
5013         nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
5014         if (!nest)
5015                 goto nla_put_failure;
5016         for (i = 0; i < req->n_channels; i++)
5017                 NLA_PUT_U32(msg, i, req->channels[i]->center_freq);
5018         nla_nest_end(msg, nest);
5019
5020         if (req->ie)
5021                 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie);
5022
5023         return 0;
5024  nla_put_failure:
5025         return -ENOBUFS;
5026 }
5027
5028 static int nl80211_send_scan_msg(struct sk_buff *msg,
5029                                  struct cfg80211_registered_device *rdev,
5030                                  struct net_device *netdev,
5031                                  u32 pid, u32 seq, int flags,
5032                                  u32 cmd)
5033 {
5034         void *hdr;
5035
5036         hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
5037         if (!hdr)
5038                 return -1;
5039
5040         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5041         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5042
5043         /* ignore errors and send incomplete event anyway */
5044         nl80211_add_scan_req(msg, rdev);
5045
5046         return genlmsg_end(msg, hdr);
5047
5048  nla_put_failure:
5049         genlmsg_cancel(msg, hdr);
5050         return -EMSGSIZE;
5051 }
5052
5053 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
5054                              struct net_device *netdev)
5055 {
5056         struct sk_buff *msg;
5057
5058         msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
5059         if (!msg)
5060                 return;
5061
5062         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5063                                   NL80211_CMD_TRIGGER_SCAN) < 0) {
5064                 nlmsg_free(msg);
5065                 return;
5066         }
5067
5068         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5069                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5070 }
5071
5072 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
5073                             struct net_device *netdev)
5074 {
5075         struct sk_buff *msg;
5076
5077         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5078         if (!msg)
5079                 return;
5080
5081         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5082                                   NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
5083                 nlmsg_free(msg);
5084                 return;
5085         }
5086
5087         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5088                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5089 }
5090
5091 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
5092                                struct net_device *netdev)
5093 {
5094         struct sk_buff *msg;
5095
5096         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5097         if (!msg)
5098                 return;
5099
5100         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5101                                   NL80211_CMD_SCAN_ABORTED) < 0) {
5102                 nlmsg_free(msg);
5103                 return;
5104         }
5105
5106         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5107                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5108 }
5109
5110 /*
5111  * This can happen on global regulatory changes or device specific settings
5112  * based on custom world regulatory domains.
5113  */
5114 void nl80211_send_reg_change_event(struct regulatory_request *request)
5115 {
5116         struct sk_buff *msg;
5117         void *hdr;
5118
5119         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5120         if (!msg)
5121                 return;
5122
5123         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
5124         if (!hdr) {
5125                 nlmsg_free(msg);
5126                 return;
5127         }
5128
5129         /* Userspace can always count this one always being set */
5130         NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator);
5131
5132         if (request->alpha2[0] == '0' && request->alpha2[1] == '0')
5133                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5134                            NL80211_REGDOM_TYPE_WORLD);
5135         else if (request->alpha2[0] == '9' && request->alpha2[1] == '9')
5136                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5137                            NL80211_REGDOM_TYPE_CUSTOM_WORLD);
5138         else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
5139                  request->intersect)
5140                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5141                            NL80211_REGDOM_TYPE_INTERSECTION);
5142         else {
5143                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5144                            NL80211_REGDOM_TYPE_COUNTRY);
5145                 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2);
5146         }
5147
5148         if (wiphy_idx_valid(request->wiphy_idx))
5149                 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
5150
5151         if (genlmsg_end(msg, hdr) < 0) {
5152                 nlmsg_free(msg);
5153                 return;
5154         }
5155
5156         rcu_read_lock();
5157         genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
5158                                 GFP_ATOMIC);
5159         rcu_read_unlock();
5160
5161         return;
5162
5163 nla_put_failure:
5164         genlmsg_cancel(msg, hdr);
5165         nlmsg_free(msg);
5166 }
5167
5168 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
5169                                     struct net_device *netdev,
5170                                     const u8 *buf, size_t len,
5171                                     enum nl80211_commands cmd, gfp_t gfp)
5172 {
5173         struct sk_buff *msg;
5174         void *hdr;
5175
5176         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5177         if (!msg)
5178                 return;
5179
5180         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5181         if (!hdr) {
5182                 nlmsg_free(msg);
5183                 return;
5184         }
5185
5186         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5187         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5188         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
5189
5190         if (genlmsg_end(msg, hdr) < 0) {
5191                 nlmsg_free(msg);
5192                 return;
5193         }
5194
5195         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5196                                 nl80211_mlme_mcgrp.id, gfp);
5197         return;
5198
5199  nla_put_failure:
5200         genlmsg_cancel(msg, hdr);
5201         nlmsg_free(msg);
5202 }
5203
5204 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
5205                           struct net_device *netdev, const u8 *buf,
5206                           size_t len, gfp_t gfp)
5207 {
5208         nl80211_send_mlme_event(rdev, netdev, buf, len,
5209                                 NL80211_CMD_AUTHENTICATE, gfp);
5210 }
5211
5212 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
5213                            struct net_device *netdev, const u8 *buf,
5214                            size_t len, gfp_t gfp)
5215 {
5216         nl80211_send_mlme_event(rdev, netdev, buf, len,
5217                                 NL80211_CMD_ASSOCIATE, gfp);
5218 }
5219
5220 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
5221                          struct net_device *netdev, const u8 *buf,
5222                          size_t len, gfp_t gfp)
5223 {
5224         nl80211_send_mlme_event(rdev, netdev, buf, len,
5225                                 NL80211_CMD_DEAUTHENTICATE, gfp);
5226 }
5227
5228 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
5229                            struct net_device *netdev, const u8 *buf,
5230                            size_t len, gfp_t gfp)
5231 {
5232         nl80211_send_mlme_event(rdev, netdev, buf, len,
5233                                 NL80211_CMD_DISASSOCIATE, gfp);
5234 }
5235
5236 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
5237                                       struct net_device *netdev, int cmd,
5238                                       const u8 *addr, gfp_t gfp)
5239 {
5240         struct sk_buff *msg;
5241         void *hdr;
5242
5243         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5244         if (!msg)
5245                 return;
5246
5247         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5248         if (!hdr) {
5249                 nlmsg_free(msg);
5250                 return;
5251         }
5252
5253         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5254         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5255         NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT);
5256         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5257
5258         if (genlmsg_end(msg, hdr) < 0) {
5259                 nlmsg_free(msg);
5260                 return;
5261         }
5262
5263         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5264                                 nl80211_mlme_mcgrp.id, gfp);
5265         return;
5266
5267  nla_put_failure:
5268         genlmsg_cancel(msg, hdr);
5269         nlmsg_free(msg);
5270 }
5271
5272 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
5273                                struct net_device *netdev, const u8 *addr,
5274                                gfp_t gfp)
5275 {
5276         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
5277                                   addr, gfp);
5278 }
5279
5280 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
5281                                 struct net_device *netdev, const u8 *addr,
5282                                 gfp_t gfp)
5283 {
5284         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
5285                                   addr, gfp);
5286 }
5287
5288 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
5289                                  struct net_device *netdev, const u8 *bssid,
5290                                  const u8 *req_ie, size_t req_ie_len,
5291                                  const u8 *resp_ie, size_t resp_ie_len,
5292                                  u16 status, gfp_t gfp)
5293 {
5294         struct sk_buff *msg;
5295         void *hdr;
5296
5297         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5298         if (!msg)
5299                 return;
5300
5301         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
5302         if (!hdr) {
5303                 nlmsg_free(msg);
5304                 return;
5305         }
5306
5307         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5308         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5309         if (bssid)
5310                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5311         NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status);
5312         if (req_ie)
5313                 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
5314         if (resp_ie)
5315                 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
5316
5317         if (genlmsg_end(msg, hdr) < 0) {
5318                 nlmsg_free(msg);
5319                 return;
5320         }
5321
5322         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5323                                 nl80211_mlme_mcgrp.id, gfp);
5324         return;
5325
5326  nla_put_failure:
5327         genlmsg_cancel(msg, hdr);
5328         nlmsg_free(msg);
5329
5330 }
5331
5332 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
5333                          struct net_device *netdev, const u8 *bssid,
5334                          const u8 *req_ie, size_t req_ie_len,
5335                          const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
5336 {
5337         struct sk_buff *msg;
5338         void *hdr;
5339
5340         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5341         if (!msg)
5342                 return;
5343
5344         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
5345         if (!hdr) {
5346                 nlmsg_free(msg);
5347                 return;
5348         }
5349
5350         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5351         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5352         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5353         if (req_ie)
5354                 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
5355         if (resp_ie)
5356                 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
5357
5358         if (genlmsg_end(msg, hdr) < 0) {
5359                 nlmsg_free(msg);
5360                 return;
5361         }
5362
5363         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5364                                 nl80211_mlme_mcgrp.id, gfp);
5365         return;
5366
5367  nla_put_failure:
5368         genlmsg_cancel(msg, hdr);
5369         nlmsg_free(msg);
5370
5371 }
5372
5373 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
5374                                struct net_device *netdev, u16 reason,
5375                                const u8 *ie, size_t ie_len, bool from_ap)
5376 {
5377         struct sk_buff *msg;
5378         void *hdr;
5379
5380         msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
5381         if (!msg)
5382                 return;
5383
5384         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
5385         if (!hdr) {
5386                 nlmsg_free(msg);
5387                 return;
5388         }
5389
5390         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5391         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5392         if (from_ap && reason)
5393                 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason);
5394         if (from_ap)
5395                 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP);
5396         if (ie)
5397                 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie);
5398
5399         if (genlmsg_end(msg, hdr) < 0) {
5400                 nlmsg_free(msg);
5401                 return;
5402         }
5403
5404         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5405                                 nl80211_mlme_mcgrp.id, GFP_KERNEL);
5406         return;
5407
5408  nla_put_failure:
5409         genlmsg_cancel(msg, hdr);
5410         nlmsg_free(msg);
5411
5412 }
5413
5414 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
5415                              struct net_device *netdev, const u8 *bssid,
5416                              gfp_t gfp)
5417 {
5418         struct sk_buff *msg;
5419         void *hdr;
5420
5421         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5422         if (!msg)
5423                 return;
5424
5425         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
5426         if (!hdr) {
5427                 nlmsg_free(msg);
5428                 return;
5429         }
5430
5431         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5432         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5433         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5434
5435         if (genlmsg_end(msg, hdr) < 0) {
5436                 nlmsg_free(msg);
5437                 return;
5438         }
5439
5440         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5441                                 nl80211_mlme_mcgrp.id, gfp);
5442         return;
5443
5444  nla_put_failure:
5445         genlmsg_cancel(msg, hdr);
5446         nlmsg_free(msg);
5447 }
5448
5449 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
5450                                  struct net_device *netdev, const u8 *addr,
5451                                  enum nl80211_key_type key_type, int key_id,
5452                                  const u8 *tsc, gfp_t gfp)
5453 {
5454         struct sk_buff *msg;
5455         void *hdr;
5456
5457         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5458         if (!msg)
5459                 return;
5460
5461         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
5462         if (!hdr) {
5463                 nlmsg_free(msg);
5464                 return;
5465         }
5466
5467         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5468         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5469         if (addr)
5470                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5471         NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type);
5472         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id);
5473         if (tsc)
5474                 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc);
5475
5476         if (genlmsg_end(msg, hdr) < 0) {
5477                 nlmsg_free(msg);
5478                 return;
5479         }
5480
5481         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5482                                 nl80211_mlme_mcgrp.id, gfp);
5483         return;
5484
5485  nla_put_failure:
5486         genlmsg_cancel(msg, hdr);
5487         nlmsg_free(msg);
5488 }
5489
5490 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
5491                                     struct ieee80211_channel *channel_before,
5492                                     struct ieee80211_channel *channel_after)
5493 {
5494         struct sk_buff *msg;
5495         void *hdr;
5496         struct nlattr *nl_freq;
5497
5498         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
5499         if (!msg)
5500                 return;
5501
5502         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
5503         if (!hdr) {
5504                 nlmsg_free(msg);
5505                 return;
5506         }
5507
5508         /*
5509          * Since we are applying the beacon hint to a wiphy we know its
5510          * wiphy_idx is valid
5511          */
5512         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy));
5513
5514         /* Before */
5515         nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
5516         if (!nl_freq)
5517                 goto nla_put_failure;
5518         if (nl80211_msg_put_channel(msg, channel_before))
5519                 goto nla_put_failure;
5520         nla_nest_end(msg, nl_freq);
5521
5522         /* After */
5523         nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
5524         if (!nl_freq)
5525                 goto nla_put_failure;
5526         if (nl80211_msg_put_channel(msg, channel_after))
5527                 goto nla_put_failure;
5528         nla_nest_end(msg, nl_freq);
5529
5530         if (genlmsg_end(msg, hdr) < 0) {
5531                 nlmsg_free(msg);
5532                 return;
5533         }
5534
5535         rcu_read_lock();
5536         genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
5537                                 GFP_ATOMIC);
5538         rcu_read_unlock();
5539
5540         return;
5541
5542 nla_put_failure:
5543         genlmsg_cancel(msg, hdr);
5544         nlmsg_free(msg);
5545 }
5546
5547 static void nl80211_send_remain_on_chan_event(
5548         int cmd, struct cfg80211_registered_device *rdev,
5549         struct net_device *netdev, u64 cookie,
5550         struct ieee80211_channel *chan,
5551         enum nl80211_channel_type channel_type,
5552         unsigned int duration, gfp_t gfp)
5553 {
5554         struct sk_buff *msg;
5555         void *hdr;
5556
5557         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5558         if (!msg)
5559                 return;
5560
5561         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5562         if (!hdr) {
5563                 nlmsg_free(msg);
5564                 return;
5565         }
5566
5567         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5568         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5569         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq);
5570         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type);
5571         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5572
5573         if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL)
5574                 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
5575
5576         if (genlmsg_end(msg, hdr) < 0) {
5577                 nlmsg_free(msg);
5578                 return;
5579         }
5580
5581         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5582                                 nl80211_mlme_mcgrp.id, gfp);
5583         return;
5584
5585  nla_put_failure:
5586         genlmsg_cancel(msg, hdr);
5587         nlmsg_free(msg);
5588 }
5589
5590 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
5591                                     struct net_device *netdev, u64 cookie,
5592                                     struct ieee80211_channel *chan,
5593                                     enum nl80211_channel_type channel_type,
5594                                     unsigned int duration, gfp_t gfp)
5595 {
5596         nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
5597                                           rdev, netdev, cookie, chan,
5598                                           channel_type, duration, gfp);
5599 }
5600
5601 void nl80211_send_remain_on_channel_cancel(
5602         struct cfg80211_registered_device *rdev, struct net_device *netdev,
5603         u64 cookie, struct ieee80211_channel *chan,
5604         enum nl80211_channel_type channel_type, gfp_t gfp)
5605 {
5606         nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
5607                                           rdev, netdev, cookie, chan,
5608                                           channel_type, 0, gfp);
5609 }
5610
5611 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
5612                             struct net_device *dev, const u8 *mac_addr,
5613                             struct station_info *sinfo, gfp_t gfp)
5614 {
5615         struct sk_buff *msg;
5616
5617         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5618         if (!msg)
5619                 return;
5620
5621         if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) {
5622                 nlmsg_free(msg);
5623                 return;
5624         }
5625
5626         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5627                                 nl80211_mlme_mcgrp.id, gfp);
5628 }
5629
5630 int nl80211_send_action(struct cfg80211_registered_device *rdev,
5631                         struct net_device *netdev, u32 nlpid,
5632                         int freq, const u8 *buf, size_t len, gfp_t gfp)
5633 {
5634         struct sk_buff *msg;
5635         void *hdr;
5636         int err;
5637
5638         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5639         if (!msg)
5640                 return -ENOMEM;
5641
5642         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION);
5643         if (!hdr) {
5644                 nlmsg_free(msg);
5645                 return -ENOMEM;
5646         }
5647
5648         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5649         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5650         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
5651         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
5652
5653         err = genlmsg_end(msg, hdr);
5654         if (err < 0) {
5655                 nlmsg_free(msg);
5656                 return err;
5657         }
5658
5659         err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
5660         if (err < 0)
5661                 return err;
5662         return 0;
5663
5664  nla_put_failure:
5665         genlmsg_cancel(msg, hdr);
5666         nlmsg_free(msg);
5667         return -ENOBUFS;
5668 }
5669
5670 void nl80211_send_action_tx_status(struct cfg80211_registered_device *rdev,
5671                                    struct net_device *netdev, u64 cookie,
5672                                    const u8 *buf, size_t len, bool ack,
5673                                    gfp_t gfp)
5674 {
5675         struct sk_buff *msg;
5676         void *hdr;
5677
5678         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5679         if (!msg)
5680                 return;
5681
5682         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION_TX_STATUS);
5683         if (!hdr) {
5684                 nlmsg_free(msg);
5685                 return;
5686         }
5687
5688         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5689         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5690         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
5691         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5692         if (ack)
5693                 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK);
5694
5695         if (genlmsg_end(msg, hdr) < 0) {
5696                 nlmsg_free(msg);
5697                 return;
5698         }
5699
5700         genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
5701         return;
5702
5703  nla_put_failure:
5704         genlmsg_cancel(msg, hdr);
5705         nlmsg_free(msg);
5706 }
5707
5708 static int nl80211_netlink_notify(struct notifier_block * nb,
5709                                   unsigned long state,
5710                                   void *_notify)
5711 {
5712         struct netlink_notify *notify = _notify;
5713         struct cfg80211_registered_device *rdev;
5714         struct wireless_dev *wdev;
5715
5716         if (state != NETLINK_URELEASE)
5717                 return NOTIFY_DONE;
5718
5719         rcu_read_lock();
5720
5721         list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list)
5722                 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list)
5723                         cfg80211_mlme_unregister_actions(wdev, notify->pid);
5724
5725         rcu_read_unlock();
5726
5727         return NOTIFY_DONE;
5728 }
5729
5730 static struct notifier_block nl80211_netlink_notifier = {
5731         .notifier_call = nl80211_netlink_notify,
5732 };
5733
5734 /* initialisation/exit functions */
5735
5736 int nl80211_init(void)
5737 {
5738         int err;
5739
5740         err = genl_register_family_with_ops(&nl80211_fam,
5741                 nl80211_ops, ARRAY_SIZE(nl80211_ops));
5742         if (err)
5743                 return err;
5744
5745         err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
5746         if (err)
5747                 goto err_out;
5748
5749         err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
5750         if (err)
5751                 goto err_out;
5752
5753         err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
5754         if (err)
5755                 goto err_out;
5756
5757         err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
5758         if (err)
5759                 goto err_out;
5760
5761 #ifdef CONFIG_NL80211_TESTMODE
5762         err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
5763         if (err)
5764                 goto err_out;
5765 #endif
5766
5767         err = netlink_register_notifier(&nl80211_netlink_notifier);
5768         if (err)
5769                 goto err_out;
5770
5771         return 0;
5772  err_out:
5773         genl_unregister_family(&nl80211_fam);
5774         return err;
5775 }
5776
5777 void nl80211_exit(void)
5778 {
5779         netlink_unregister_notifier(&nl80211_netlink_notifier);
5780         genl_unregister_family(&nl80211_fam);
5781 }