ath9k_htc: Inform stack about tx ack status
[linux-2.6.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25
26 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
27                             struct genl_info *info);
28 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
29                               struct genl_info *info);
30
31 /* the netlink family */
32 static struct genl_family nl80211_fam = {
33         .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
34         .name = "nl80211",      /* have users key off the name instead */
35         .hdrsize = 0,           /* no private header */
36         .version = 1,           /* no particular meaning now */
37         .maxattr = NL80211_ATTR_MAX,
38         .netnsok = true,
39         .pre_doit = nl80211_pre_doit,
40         .post_doit = nl80211_post_doit,
41 };
42
43 /* internal helper: get rdev and dev */
44 static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
45                                        struct cfg80211_registered_device **rdev,
46                                        struct net_device **dev)
47 {
48         struct nlattr **attrs = info->attrs;
49         int ifindex;
50
51         if (!attrs[NL80211_ATTR_IFINDEX])
52                 return -EINVAL;
53
54         ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
55         *dev = dev_get_by_index(genl_info_net(info), ifindex);
56         if (!*dev)
57                 return -ENODEV;
58
59         *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex);
60         if (IS_ERR(*rdev)) {
61                 dev_put(*dev);
62                 return PTR_ERR(*rdev);
63         }
64
65         return 0;
66 }
67
68 /* policy for the attributes */
69 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
70         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
71         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
72                                       .len = 20-1 },
73         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
74         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
75         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
76         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
77         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
78         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
79         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
80         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
81
82         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
83         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
84         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
85
86         [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
87         [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
88
89         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
90         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
91                                     .len = WLAN_MAX_KEY_LEN },
92         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
93         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
94         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
95         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
96         [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
97
98         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
99         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
100         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
101                                        .len = IEEE80211_MAX_DATA_LEN },
102         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
103                                        .len = IEEE80211_MAX_DATA_LEN },
104         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
105         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
106         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
107         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
108                                                .len = NL80211_MAX_SUPP_RATES },
109         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
110         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
111         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
112         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
113                                 .len = IEEE80211_MAX_MESH_ID_LEN },
114         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
115
116         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
117         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
118
119         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
120         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
121         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
122         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
123                                            .len = NL80211_MAX_SUPP_RATES },
124         [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
125
126         [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
127         [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
128
129         [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
130                                          .len = NL80211_HT_CAPABILITY_LEN },
131
132         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
133         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
134                               .len = IEEE80211_MAX_DATA_LEN },
135         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
136         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
137
138         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
139                                 .len = IEEE80211_MAX_SSID_LEN },
140         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
141         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
142         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
143         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
144         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
145         [NL80211_ATTR_STA_FLAGS2] = {
146                 .len = sizeof(struct nl80211_sta_flag_update),
147         },
148         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
149         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
150         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
151         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
152         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
153         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
154         [NL80211_ATTR_PID] = { .type = NLA_U32 },
155         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
156         [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
157                                  .len = WLAN_PMKID_LEN },
158         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
159         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
160         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
161         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
162                                  .len = IEEE80211_MAX_DATA_LEN },
163         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
164         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
165         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
166         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
167         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
168         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
169         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
170         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
171         [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
172         [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
173         [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
174         [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
175         [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
176         [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
177         [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
178         [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
179         [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
180 };
181
182 /* policy for the key attributes */
183 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
184         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
185         [NL80211_KEY_IDX] = { .type = NLA_U8 },
186         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
187         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
188         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
189         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
190         [NL80211_KEY_TYPE] = { .type = NLA_U32 },
191         [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
192 };
193
194 /* policy for the key default flags */
195 static const struct nla_policy
196 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
197         [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
198         [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
199 };
200
201 /* policy for WoWLAN attributes */
202 static const struct nla_policy
203 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
204         [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
205         [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
206         [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
207         [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
208 };
209
210 /* policy for GTK rekey offload attributes */
211 static const struct nla_policy
212 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
213         [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
214         [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
215         [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
216 };
217
218 /* ifidx get helper */
219 static int nl80211_get_ifidx(struct netlink_callback *cb)
220 {
221         int res;
222
223         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
224                           nl80211_fam.attrbuf, nl80211_fam.maxattr,
225                           nl80211_policy);
226         if (res)
227                 return res;
228
229         if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
230                 return -EINVAL;
231
232         res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
233         if (!res)
234                 return -EINVAL;
235         return res;
236 }
237
238 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
239                                        struct netlink_callback *cb,
240                                        struct cfg80211_registered_device **rdev,
241                                        struct net_device **dev)
242 {
243         int ifidx = cb->args[0];
244         int err;
245
246         if (!ifidx)
247                 ifidx = nl80211_get_ifidx(cb);
248         if (ifidx < 0)
249                 return ifidx;
250
251         cb->args[0] = ifidx;
252
253         rtnl_lock();
254
255         *dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
256         if (!*dev) {
257                 err = -ENODEV;
258                 goto out_rtnl;
259         }
260
261         *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
262         if (IS_ERR(*rdev)) {
263                 err = PTR_ERR(*rdev);
264                 goto out_rtnl;
265         }
266
267         return 0;
268  out_rtnl:
269         rtnl_unlock();
270         return err;
271 }
272
273 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
274 {
275         cfg80211_unlock_rdev(rdev);
276         rtnl_unlock();
277 }
278
279 /* IE validation */
280 static bool is_valid_ie_attr(const struct nlattr *attr)
281 {
282         const u8 *pos;
283         int len;
284
285         if (!attr)
286                 return true;
287
288         pos = nla_data(attr);
289         len = nla_len(attr);
290
291         while (len) {
292                 u8 elemlen;
293
294                 if (len < 2)
295                         return false;
296                 len -= 2;
297
298                 elemlen = pos[1];
299                 if (elemlen > len)
300                         return false;
301
302                 len -= elemlen;
303                 pos += 2 + elemlen;
304         }
305
306         return true;
307 }
308
309 /* message building helper */
310 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
311                                    int flags, u8 cmd)
312 {
313         /* since there is no private header just add the generic one */
314         return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
315 }
316
317 static int nl80211_msg_put_channel(struct sk_buff *msg,
318                                    struct ieee80211_channel *chan)
319 {
320         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
321                     chan->center_freq);
322
323         if (chan->flags & IEEE80211_CHAN_DISABLED)
324                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
325         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
326                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
327         if (chan->flags & IEEE80211_CHAN_NO_IBSS)
328                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
329         if (chan->flags & IEEE80211_CHAN_RADAR)
330                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
331
332         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
333                     DBM_TO_MBM(chan->max_power));
334
335         return 0;
336
337  nla_put_failure:
338         return -ENOBUFS;
339 }
340
341 /* netlink command implementations */
342
343 struct key_parse {
344         struct key_params p;
345         int idx;
346         int type;
347         bool def, defmgmt;
348         bool def_uni, def_multi;
349 };
350
351 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
352 {
353         struct nlattr *tb[NL80211_KEY_MAX + 1];
354         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
355                                    nl80211_key_policy);
356         if (err)
357                 return err;
358
359         k->def = !!tb[NL80211_KEY_DEFAULT];
360         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
361
362         if (k->def) {
363                 k->def_uni = true;
364                 k->def_multi = true;
365         }
366         if (k->defmgmt)
367                 k->def_multi = true;
368
369         if (tb[NL80211_KEY_IDX])
370                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
371
372         if (tb[NL80211_KEY_DATA]) {
373                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
374                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
375         }
376
377         if (tb[NL80211_KEY_SEQ]) {
378                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
379                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
380         }
381
382         if (tb[NL80211_KEY_CIPHER])
383                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
384
385         if (tb[NL80211_KEY_TYPE]) {
386                 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
387                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
388                         return -EINVAL;
389         }
390
391         if (tb[NL80211_KEY_DEFAULT_TYPES]) {
392                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
393                 int err = nla_parse_nested(kdt,
394                                            NUM_NL80211_KEY_DEFAULT_TYPES - 1,
395                                            tb[NL80211_KEY_DEFAULT_TYPES],
396                                            nl80211_key_default_policy);
397                 if (err)
398                         return err;
399
400                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
401                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
402         }
403
404         return 0;
405 }
406
407 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
408 {
409         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
410                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
411                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
412         }
413
414         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
415                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
416                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
417         }
418
419         if (info->attrs[NL80211_ATTR_KEY_IDX])
420                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
421
422         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
423                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
424
425         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
426         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
427
428         if (k->def) {
429                 k->def_uni = true;
430                 k->def_multi = true;
431         }
432         if (k->defmgmt)
433                 k->def_multi = true;
434
435         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
436                 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
437                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
438                         return -EINVAL;
439         }
440
441         if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
442                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
443                 int err = nla_parse_nested(
444                                 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
445                                 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
446                                 nl80211_key_default_policy);
447                 if (err)
448                         return err;
449
450                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
451                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
452         }
453
454         return 0;
455 }
456
457 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
458 {
459         int err;
460
461         memset(k, 0, sizeof(*k));
462         k->idx = -1;
463         k->type = -1;
464
465         if (info->attrs[NL80211_ATTR_KEY])
466                 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
467         else
468                 err = nl80211_parse_key_old(info, k);
469
470         if (err)
471                 return err;
472
473         if (k->def && k->defmgmt)
474                 return -EINVAL;
475
476         if (k->defmgmt) {
477                 if (k->def_uni || !k->def_multi)
478                         return -EINVAL;
479         }
480
481         if (k->idx != -1) {
482                 if (k->defmgmt) {
483                         if (k->idx < 4 || k->idx > 5)
484                                 return -EINVAL;
485                 } else if (k->def) {
486                         if (k->idx < 0 || k->idx > 3)
487                                 return -EINVAL;
488                 } else {
489                         if (k->idx < 0 || k->idx > 5)
490                                 return -EINVAL;
491                 }
492         }
493
494         return 0;
495 }
496
497 static struct cfg80211_cached_keys *
498 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
499                        struct nlattr *keys)
500 {
501         struct key_parse parse;
502         struct nlattr *key;
503         struct cfg80211_cached_keys *result;
504         int rem, err, def = 0;
505
506         result = kzalloc(sizeof(*result), GFP_KERNEL);
507         if (!result)
508                 return ERR_PTR(-ENOMEM);
509
510         result->def = -1;
511         result->defmgmt = -1;
512
513         nla_for_each_nested(key, keys, rem) {
514                 memset(&parse, 0, sizeof(parse));
515                 parse.idx = -1;
516
517                 err = nl80211_parse_key_new(key, &parse);
518                 if (err)
519                         goto error;
520                 err = -EINVAL;
521                 if (!parse.p.key)
522                         goto error;
523                 if (parse.idx < 0 || parse.idx > 4)
524                         goto error;
525                 if (parse.def) {
526                         if (def)
527                                 goto error;
528                         def = 1;
529                         result->def = parse.idx;
530                         if (!parse.def_uni || !parse.def_multi)
531                                 goto error;
532                 } else if (parse.defmgmt)
533                         goto error;
534                 err = cfg80211_validate_key_settings(rdev, &parse.p,
535                                                      parse.idx, false, NULL);
536                 if (err)
537                         goto error;
538                 result->params[parse.idx].cipher = parse.p.cipher;
539                 result->params[parse.idx].key_len = parse.p.key_len;
540                 result->params[parse.idx].key = result->data[parse.idx];
541                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
542         }
543
544         return result;
545  error:
546         kfree(result);
547         return ERR_PTR(err);
548 }
549
550 static int nl80211_key_allowed(struct wireless_dev *wdev)
551 {
552         ASSERT_WDEV_LOCK(wdev);
553
554         switch (wdev->iftype) {
555         case NL80211_IFTYPE_AP:
556         case NL80211_IFTYPE_AP_VLAN:
557         case NL80211_IFTYPE_P2P_GO:
558         case NL80211_IFTYPE_MESH_POINT:
559                 break;
560         case NL80211_IFTYPE_ADHOC:
561                 if (!wdev->current_bss)
562                         return -ENOLINK;
563                 break;
564         case NL80211_IFTYPE_STATION:
565         case NL80211_IFTYPE_P2P_CLIENT:
566                 if (wdev->sme_state != CFG80211_SME_CONNECTED)
567                         return -ENOLINK;
568                 break;
569         default:
570                 return -EINVAL;
571         }
572
573         return 0;
574 }
575
576 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
577 {
578         struct nlattr *nl_modes = nla_nest_start(msg, attr);
579         int i;
580
581         if (!nl_modes)
582                 goto nla_put_failure;
583
584         i = 0;
585         while (ifmodes) {
586                 if (ifmodes & 1)
587                         NLA_PUT_FLAG(msg, i);
588                 ifmodes >>= 1;
589                 i++;
590         }
591
592         nla_nest_end(msg, nl_modes);
593         return 0;
594
595 nla_put_failure:
596         return -ENOBUFS;
597 }
598
599 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
600                                           struct sk_buff *msg)
601 {
602         struct nlattr *nl_combis;
603         int i, j;
604
605         nl_combis = nla_nest_start(msg,
606                                 NL80211_ATTR_INTERFACE_COMBINATIONS);
607         if (!nl_combis)
608                 goto nla_put_failure;
609
610         for (i = 0; i < wiphy->n_iface_combinations; i++) {
611                 const struct ieee80211_iface_combination *c;
612                 struct nlattr *nl_combi, *nl_limits;
613
614                 c = &wiphy->iface_combinations[i];
615
616                 nl_combi = nla_nest_start(msg, i + 1);
617                 if (!nl_combi)
618                         goto nla_put_failure;
619
620                 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
621                 if (!nl_limits)
622                         goto nla_put_failure;
623
624                 for (j = 0; j < c->n_limits; j++) {
625                         struct nlattr *nl_limit;
626
627                         nl_limit = nla_nest_start(msg, j + 1);
628                         if (!nl_limit)
629                                 goto nla_put_failure;
630                         NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX,
631                                     c->limits[j].max);
632                         if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
633                                                 c->limits[j].types))
634                                 goto nla_put_failure;
635                         nla_nest_end(msg, nl_limit);
636                 }
637
638                 nla_nest_end(msg, nl_limits);
639
640                 if (c->beacon_int_infra_match)
641                         NLA_PUT_FLAG(msg,
642                                 NL80211_IFACE_COMB_STA_AP_BI_MATCH);
643                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
644                             c->num_different_channels);
645                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM,
646                             c->max_interfaces);
647
648                 nla_nest_end(msg, nl_combi);
649         }
650
651         nla_nest_end(msg, nl_combis);
652
653         return 0;
654 nla_put_failure:
655         return -ENOBUFS;
656 }
657
658 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
659                               struct cfg80211_registered_device *dev)
660 {
661         void *hdr;
662         struct nlattr *nl_bands, *nl_band;
663         struct nlattr *nl_freqs, *nl_freq;
664         struct nlattr *nl_rates, *nl_rate;
665         struct nlattr *nl_cmds;
666         enum ieee80211_band band;
667         struct ieee80211_channel *chan;
668         struct ieee80211_rate *rate;
669         int i;
670         const struct ieee80211_txrx_stypes *mgmt_stypes =
671                                 dev->wiphy.mgmt_stypes;
672
673         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
674         if (!hdr)
675                 return -1;
676
677         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
678         NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
679
680         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
681                     cfg80211_rdev_list_generation);
682
683         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
684                    dev->wiphy.retry_short);
685         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
686                    dev->wiphy.retry_long);
687         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
688                     dev->wiphy.frag_threshold);
689         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
690                     dev->wiphy.rts_threshold);
691         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
692                     dev->wiphy.coverage_class);
693         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
694                    dev->wiphy.max_scan_ssids);
695         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
696                     dev->wiphy.max_scan_ie_len);
697
698         if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)
699                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN);
700         if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)
701                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
702
703         NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
704                 sizeof(u32) * dev->wiphy.n_cipher_suites,
705                 dev->wiphy.cipher_suites);
706
707         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
708                    dev->wiphy.max_num_pmkids);
709
710         if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL)
711                 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE);
712
713         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
714                     dev->wiphy.available_antennas_tx);
715         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
716                     dev->wiphy.available_antennas_rx);
717
718         if ((dev->wiphy.available_antennas_tx ||
719              dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
720                 u32 tx_ant = 0, rx_ant = 0;
721                 int res;
722                 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
723                 if (!res) {
724                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant);
725                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant);
726                 }
727         }
728
729         if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
730                                 dev->wiphy.interface_modes))
731                 goto nla_put_failure;
732
733         nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
734         if (!nl_bands)
735                 goto nla_put_failure;
736
737         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
738                 if (!dev->wiphy.bands[band])
739                         continue;
740
741                 nl_band = nla_nest_start(msg, band);
742                 if (!nl_band)
743                         goto nla_put_failure;
744
745                 /* add HT info */
746                 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
747                         NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
748                                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
749                                 &dev->wiphy.bands[band]->ht_cap.mcs);
750                         NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
751                                 dev->wiphy.bands[band]->ht_cap.cap);
752                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
753                                 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
754                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
755                                 dev->wiphy.bands[band]->ht_cap.ampdu_density);
756                 }
757
758                 /* add frequencies */
759                 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
760                 if (!nl_freqs)
761                         goto nla_put_failure;
762
763                 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
764                         nl_freq = nla_nest_start(msg, i);
765                         if (!nl_freq)
766                                 goto nla_put_failure;
767
768                         chan = &dev->wiphy.bands[band]->channels[i];
769
770                         if (nl80211_msg_put_channel(msg, chan))
771                                 goto nla_put_failure;
772
773                         nla_nest_end(msg, nl_freq);
774                 }
775
776                 nla_nest_end(msg, nl_freqs);
777
778                 /* add bitrates */
779                 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
780                 if (!nl_rates)
781                         goto nla_put_failure;
782
783                 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
784                         nl_rate = nla_nest_start(msg, i);
785                         if (!nl_rate)
786                                 goto nla_put_failure;
787
788                         rate = &dev->wiphy.bands[band]->bitrates[i];
789                         NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
790                                     rate->bitrate);
791                         if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
792                                 NLA_PUT_FLAG(msg,
793                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
794
795                         nla_nest_end(msg, nl_rate);
796                 }
797
798                 nla_nest_end(msg, nl_rates);
799
800                 nla_nest_end(msg, nl_band);
801         }
802         nla_nest_end(msg, nl_bands);
803
804         nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
805         if (!nl_cmds)
806                 goto nla_put_failure;
807
808         i = 0;
809 #define CMD(op, n)                                              \
810          do {                                                   \
811                 if (dev->ops->op) {                             \
812                         i++;                                    \
813                         NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
814                 }                                               \
815         } while (0)
816
817         CMD(add_virtual_intf, NEW_INTERFACE);
818         CMD(change_virtual_intf, SET_INTERFACE);
819         CMD(add_key, NEW_KEY);
820         CMD(add_beacon, NEW_BEACON);
821         CMD(add_station, NEW_STATION);
822         CMD(add_mpath, NEW_MPATH);
823         CMD(update_mesh_config, SET_MESH_CONFIG);
824         CMD(change_bss, SET_BSS);
825         CMD(auth, AUTHENTICATE);
826         CMD(assoc, ASSOCIATE);
827         CMD(deauth, DEAUTHENTICATE);
828         CMD(disassoc, DISASSOCIATE);
829         CMD(join_ibss, JOIN_IBSS);
830         CMD(join_mesh, JOIN_MESH);
831         CMD(set_pmksa, SET_PMKSA);
832         CMD(del_pmksa, DEL_PMKSA);
833         CMD(flush_pmksa, FLUSH_PMKSA);
834         CMD(remain_on_channel, REMAIN_ON_CHANNEL);
835         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
836         CMD(mgmt_tx, FRAME);
837         CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
838         if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
839                 i++;
840                 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
841         }
842         CMD(set_channel, SET_CHANNEL);
843         CMD(set_wds_peer, SET_WDS_PEER);
844         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
845                 CMD(sched_scan_start, START_SCHED_SCAN);
846
847 #undef CMD
848
849         if (dev->ops->connect || dev->ops->auth) {
850                 i++;
851                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
852         }
853
854         if (dev->ops->disconnect || dev->ops->deauth) {
855                 i++;
856                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
857         }
858
859         nla_nest_end(msg, nl_cmds);
860
861         if (dev->ops->remain_on_channel)
862                 NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
863                             dev->wiphy.max_remain_on_channel_duration);
864
865         /* for now at least assume all drivers have it */
866         if (dev->ops->mgmt_tx)
867                 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
868
869         if (mgmt_stypes) {
870                 u16 stypes;
871                 struct nlattr *nl_ftypes, *nl_ifs;
872                 enum nl80211_iftype ift;
873
874                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
875                 if (!nl_ifs)
876                         goto nla_put_failure;
877
878                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
879                         nl_ftypes = nla_nest_start(msg, ift);
880                         if (!nl_ftypes)
881                                 goto nla_put_failure;
882                         i = 0;
883                         stypes = mgmt_stypes[ift].tx;
884                         while (stypes) {
885                                 if (stypes & 1)
886                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
887                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
888                                 stypes >>= 1;
889                                 i++;
890                         }
891                         nla_nest_end(msg, nl_ftypes);
892                 }
893
894                 nla_nest_end(msg, nl_ifs);
895
896                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
897                 if (!nl_ifs)
898                         goto nla_put_failure;
899
900                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
901                         nl_ftypes = nla_nest_start(msg, ift);
902                         if (!nl_ftypes)
903                                 goto nla_put_failure;
904                         i = 0;
905                         stypes = mgmt_stypes[ift].rx;
906                         while (stypes) {
907                                 if (stypes & 1)
908                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
909                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
910                                 stypes >>= 1;
911                                 i++;
912                         }
913                         nla_nest_end(msg, nl_ftypes);
914                 }
915                 nla_nest_end(msg, nl_ifs);
916         }
917
918         if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
919                 struct nlattr *nl_wowlan;
920
921                 nl_wowlan = nla_nest_start(msg,
922                                 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
923                 if (!nl_wowlan)
924                         goto nla_put_failure;
925
926                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY)
927                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
928                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT)
929                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
930                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT)
931                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
932                 if (dev->wiphy.wowlan.n_patterns) {
933                         struct nl80211_wowlan_pattern_support pat = {
934                                 .max_patterns = dev->wiphy.wowlan.n_patterns,
935                                 .min_pattern_len =
936                                         dev->wiphy.wowlan.pattern_min_len,
937                                 .max_pattern_len =
938                                         dev->wiphy.wowlan.pattern_max_len,
939                         };
940                         NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
941                                 sizeof(pat), &pat);
942                 }
943
944                 nla_nest_end(msg, nl_wowlan);
945         }
946
947         if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
948                                 dev->wiphy.software_iftypes))
949                 goto nla_put_failure;
950
951         if (nl80211_put_iface_combinations(&dev->wiphy, msg))
952                 goto nla_put_failure;
953
954         return genlmsg_end(msg, hdr);
955
956  nla_put_failure:
957         genlmsg_cancel(msg, hdr);
958         return -EMSGSIZE;
959 }
960
961 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
962 {
963         int idx = 0;
964         int start = cb->args[0];
965         struct cfg80211_registered_device *dev;
966
967         mutex_lock(&cfg80211_mutex);
968         list_for_each_entry(dev, &cfg80211_rdev_list, list) {
969                 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
970                         continue;
971                 if (++idx <= start)
972                         continue;
973                 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
974                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
975                                        dev) < 0) {
976                         idx--;
977                         break;
978                 }
979         }
980         mutex_unlock(&cfg80211_mutex);
981
982         cb->args[0] = idx;
983
984         return skb->len;
985 }
986
987 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
988 {
989         struct sk_buff *msg;
990         struct cfg80211_registered_device *dev = info->user_ptr[0];
991
992         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
993         if (!msg)
994                 return -ENOMEM;
995
996         if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
997                 nlmsg_free(msg);
998                 return -ENOBUFS;
999         }
1000
1001         return genlmsg_reply(msg, info);
1002 }
1003
1004 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1005         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
1006         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
1007         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
1008         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
1009         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
1010 };
1011
1012 static int parse_txq_params(struct nlattr *tb[],
1013                             struct ieee80211_txq_params *txq_params)
1014 {
1015         if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1016             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1017             !tb[NL80211_TXQ_ATTR_AIFS])
1018                 return -EINVAL;
1019
1020         txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
1021         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1022         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1023         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1024         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1025
1026         return 0;
1027 }
1028
1029 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1030 {
1031         /*
1032          * You can only set the channel explicitly for AP, mesh
1033          * and WDS type interfaces; all others have their channel
1034          * managed via their respective "establish a connection"
1035          * command (connect, join, ...)
1036          *
1037          * Monitors are special as they are normally slaved to
1038          * whatever else is going on, so they behave as though
1039          * you tried setting the wiphy channel itself.
1040          */
1041         return !wdev ||
1042                 wdev->iftype == NL80211_IFTYPE_AP ||
1043                 wdev->iftype == NL80211_IFTYPE_WDS ||
1044                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1045                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1046                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1047 }
1048
1049 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1050                                  struct wireless_dev *wdev,
1051                                  struct genl_info *info)
1052 {
1053         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1054         u32 freq;
1055         int result;
1056
1057         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1058                 return -EINVAL;
1059
1060         if (!nl80211_can_set_dev_channel(wdev))
1061                 return -EOPNOTSUPP;
1062
1063         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1064                 channel_type = nla_get_u32(info->attrs[
1065                                    NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1066                 if (channel_type != NL80211_CHAN_NO_HT &&
1067                     channel_type != NL80211_CHAN_HT20 &&
1068                     channel_type != NL80211_CHAN_HT40PLUS &&
1069                     channel_type != NL80211_CHAN_HT40MINUS)
1070                         return -EINVAL;
1071         }
1072
1073         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1074
1075         mutex_lock(&rdev->devlist_mtx);
1076         if (wdev) {
1077                 wdev_lock(wdev);
1078                 result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
1079                 wdev_unlock(wdev);
1080         } else {
1081                 result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
1082         }
1083         mutex_unlock(&rdev->devlist_mtx);
1084
1085         return result;
1086 }
1087
1088 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1089 {
1090         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1091         struct net_device *netdev = info->user_ptr[1];
1092
1093         return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1094 }
1095
1096 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1097 {
1098         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1099         struct net_device *dev = info->user_ptr[1];
1100         struct wireless_dev *wdev = dev->ieee80211_ptr;
1101         const u8 *bssid;
1102
1103         if (!info->attrs[NL80211_ATTR_MAC])
1104                 return -EINVAL;
1105
1106         if (netif_running(dev))
1107                 return -EBUSY;
1108
1109         if (!rdev->ops->set_wds_peer)
1110                 return -EOPNOTSUPP;
1111
1112         if (wdev->iftype != NL80211_IFTYPE_WDS)
1113                 return -EOPNOTSUPP;
1114
1115         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1116         return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1117 }
1118
1119
1120 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1121 {
1122         struct cfg80211_registered_device *rdev;
1123         struct net_device *netdev = NULL;
1124         struct wireless_dev *wdev;
1125         int result = 0, rem_txq_params = 0;
1126         struct nlattr *nl_txq_params;
1127         u32 changed;
1128         u8 retry_short = 0, retry_long = 0;
1129         u32 frag_threshold = 0, rts_threshold = 0;
1130         u8 coverage_class = 0;
1131
1132         /*
1133          * Try to find the wiphy and netdev. Normally this
1134          * function shouldn't need the netdev, but this is
1135          * done for backward compatibility -- previously
1136          * setting the channel was done per wiphy, but now
1137          * it is per netdev. Previous userland like hostapd
1138          * also passed a netdev to set_wiphy, so that it is
1139          * possible to let that go to the right netdev!
1140          */
1141         mutex_lock(&cfg80211_mutex);
1142
1143         if (info->attrs[NL80211_ATTR_IFINDEX]) {
1144                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1145
1146                 netdev = dev_get_by_index(genl_info_net(info), ifindex);
1147                 if (netdev && netdev->ieee80211_ptr) {
1148                         rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1149                         mutex_lock(&rdev->mtx);
1150                 } else
1151                         netdev = NULL;
1152         }
1153
1154         if (!netdev) {
1155                 rdev = __cfg80211_rdev_from_info(info);
1156                 if (IS_ERR(rdev)) {
1157                         mutex_unlock(&cfg80211_mutex);
1158                         return PTR_ERR(rdev);
1159                 }
1160                 wdev = NULL;
1161                 netdev = NULL;
1162                 result = 0;
1163
1164                 mutex_lock(&rdev->mtx);
1165         } else if (netif_running(netdev) &&
1166                    nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1167                 wdev = netdev->ieee80211_ptr;
1168         else
1169                 wdev = NULL;
1170
1171         /*
1172          * end workaround code, by now the rdev is available
1173          * and locked, and wdev may or may not be NULL.
1174          */
1175
1176         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1177                 result = cfg80211_dev_rename(
1178                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1179
1180         mutex_unlock(&cfg80211_mutex);
1181
1182         if (result)
1183                 goto bad_res;
1184
1185         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1186                 struct ieee80211_txq_params txq_params;
1187                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1188
1189                 if (!rdev->ops->set_txq_params) {
1190                         result = -EOPNOTSUPP;
1191                         goto bad_res;
1192                 }
1193
1194                 nla_for_each_nested(nl_txq_params,
1195                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1196                                     rem_txq_params) {
1197                         nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1198                                   nla_data(nl_txq_params),
1199                                   nla_len(nl_txq_params),
1200                                   txq_params_policy);
1201                         result = parse_txq_params(tb, &txq_params);
1202                         if (result)
1203                                 goto bad_res;
1204
1205                         result = rdev->ops->set_txq_params(&rdev->wiphy,
1206                                                            &txq_params);
1207                         if (result)
1208                                 goto bad_res;
1209                 }
1210         }
1211
1212         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1213                 result = __nl80211_set_channel(rdev, wdev, info);
1214                 if (result)
1215                         goto bad_res;
1216         }
1217
1218         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1219                 enum nl80211_tx_power_setting type;
1220                 int idx, mbm = 0;
1221
1222                 if (!rdev->ops->set_tx_power) {
1223                         result = -EOPNOTSUPP;
1224                         goto bad_res;
1225                 }
1226
1227                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1228                 type = nla_get_u32(info->attrs[idx]);
1229
1230                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1231                     (type != NL80211_TX_POWER_AUTOMATIC)) {
1232                         result = -EINVAL;
1233                         goto bad_res;
1234                 }
1235
1236                 if (type != NL80211_TX_POWER_AUTOMATIC) {
1237                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1238                         mbm = nla_get_u32(info->attrs[idx]);
1239                 }
1240
1241                 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1242                 if (result)
1243                         goto bad_res;
1244         }
1245
1246         if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1247             info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1248                 u32 tx_ant, rx_ant;
1249                 if ((!rdev->wiphy.available_antennas_tx &&
1250                      !rdev->wiphy.available_antennas_rx) ||
1251                     !rdev->ops->set_antenna) {
1252                         result = -EOPNOTSUPP;
1253                         goto bad_res;
1254                 }
1255
1256                 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1257                 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1258
1259                 /* reject antenna configurations which don't match the
1260                  * available antenna masks, except for the "all" mask */
1261                 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1262                     (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1263                         result = -EINVAL;
1264                         goto bad_res;
1265                 }
1266
1267                 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1268                 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1269
1270                 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1271                 if (result)
1272                         goto bad_res;
1273         }
1274
1275         changed = 0;
1276
1277         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1278                 retry_short = nla_get_u8(
1279                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1280                 if (retry_short == 0) {
1281                         result = -EINVAL;
1282                         goto bad_res;
1283                 }
1284                 changed |= WIPHY_PARAM_RETRY_SHORT;
1285         }
1286
1287         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1288                 retry_long = nla_get_u8(
1289                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1290                 if (retry_long == 0) {
1291                         result = -EINVAL;
1292                         goto bad_res;
1293                 }
1294                 changed |= WIPHY_PARAM_RETRY_LONG;
1295         }
1296
1297         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1298                 frag_threshold = nla_get_u32(
1299                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1300                 if (frag_threshold < 256) {
1301                         result = -EINVAL;
1302                         goto bad_res;
1303                 }
1304                 if (frag_threshold != (u32) -1) {
1305                         /*
1306                          * Fragments (apart from the last one) are required to
1307                          * have even length. Make the fragmentation code
1308                          * simpler by stripping LSB should someone try to use
1309                          * odd threshold value.
1310                          */
1311                         frag_threshold &= ~0x1;
1312                 }
1313                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1314         }
1315
1316         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1317                 rts_threshold = nla_get_u32(
1318                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1319                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
1320         }
1321
1322         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1323                 coverage_class = nla_get_u8(
1324                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1325                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
1326         }
1327
1328         if (changed) {
1329                 u8 old_retry_short, old_retry_long;
1330                 u32 old_frag_threshold, old_rts_threshold;
1331                 u8 old_coverage_class;
1332
1333                 if (!rdev->ops->set_wiphy_params) {
1334                         result = -EOPNOTSUPP;
1335                         goto bad_res;
1336                 }
1337
1338                 old_retry_short = rdev->wiphy.retry_short;
1339                 old_retry_long = rdev->wiphy.retry_long;
1340                 old_frag_threshold = rdev->wiphy.frag_threshold;
1341                 old_rts_threshold = rdev->wiphy.rts_threshold;
1342                 old_coverage_class = rdev->wiphy.coverage_class;
1343
1344                 if (changed & WIPHY_PARAM_RETRY_SHORT)
1345                         rdev->wiphy.retry_short = retry_short;
1346                 if (changed & WIPHY_PARAM_RETRY_LONG)
1347                         rdev->wiphy.retry_long = retry_long;
1348                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1349                         rdev->wiphy.frag_threshold = frag_threshold;
1350                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1351                         rdev->wiphy.rts_threshold = rts_threshold;
1352                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1353                         rdev->wiphy.coverage_class = coverage_class;
1354
1355                 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1356                 if (result) {
1357                         rdev->wiphy.retry_short = old_retry_short;
1358                         rdev->wiphy.retry_long = old_retry_long;
1359                         rdev->wiphy.frag_threshold = old_frag_threshold;
1360                         rdev->wiphy.rts_threshold = old_rts_threshold;
1361                         rdev->wiphy.coverage_class = old_coverage_class;
1362                 }
1363         }
1364
1365  bad_res:
1366         mutex_unlock(&rdev->mtx);
1367         if (netdev)
1368                 dev_put(netdev);
1369         return result;
1370 }
1371
1372
1373 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1374                               struct cfg80211_registered_device *rdev,
1375                               struct net_device *dev)
1376 {
1377         void *hdr;
1378
1379         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1380         if (!hdr)
1381                 return -1;
1382
1383         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1384         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1385         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1386         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1387
1388         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1389                     rdev->devlist_generation ^
1390                         (cfg80211_rdev_list_generation << 2));
1391
1392         return genlmsg_end(msg, hdr);
1393
1394  nla_put_failure:
1395         genlmsg_cancel(msg, hdr);
1396         return -EMSGSIZE;
1397 }
1398
1399 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1400 {
1401         int wp_idx = 0;
1402         int if_idx = 0;
1403         int wp_start = cb->args[0];
1404         int if_start = cb->args[1];
1405         struct cfg80211_registered_device *rdev;
1406         struct wireless_dev *wdev;
1407
1408         mutex_lock(&cfg80211_mutex);
1409         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1410                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1411                         continue;
1412                 if (wp_idx < wp_start) {
1413                         wp_idx++;
1414                         continue;
1415                 }
1416                 if_idx = 0;
1417
1418                 mutex_lock(&rdev->devlist_mtx);
1419                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
1420                         if (if_idx < if_start) {
1421                                 if_idx++;
1422                                 continue;
1423                         }
1424                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1425                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
1426                                                rdev, wdev->netdev) < 0) {
1427                                 mutex_unlock(&rdev->devlist_mtx);
1428                                 goto out;
1429                         }
1430                         if_idx++;
1431                 }
1432                 mutex_unlock(&rdev->devlist_mtx);
1433
1434                 wp_idx++;
1435         }
1436  out:
1437         mutex_unlock(&cfg80211_mutex);
1438
1439         cb->args[0] = wp_idx;
1440         cb->args[1] = if_idx;
1441
1442         return skb->len;
1443 }
1444
1445 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1446 {
1447         struct sk_buff *msg;
1448         struct cfg80211_registered_device *dev = info->user_ptr[0];
1449         struct net_device *netdev = info->user_ptr[1];
1450
1451         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1452         if (!msg)
1453                 return -ENOMEM;
1454
1455         if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1456                                dev, netdev) < 0) {
1457                 nlmsg_free(msg);
1458                 return -ENOBUFS;
1459         }
1460
1461         return genlmsg_reply(msg, info);
1462 }
1463
1464 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1465         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1466         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1467         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1468         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1469         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1470 };
1471
1472 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1473 {
1474         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1475         int flag;
1476
1477         *mntrflags = 0;
1478
1479         if (!nla)
1480                 return -EINVAL;
1481
1482         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1483                              nla, mntr_flags_policy))
1484                 return -EINVAL;
1485
1486         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1487                 if (flags[flag])
1488                         *mntrflags |= (1<<flag);
1489
1490         return 0;
1491 }
1492
1493 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1494                                struct net_device *netdev, u8 use_4addr,
1495                                enum nl80211_iftype iftype)
1496 {
1497         if (!use_4addr) {
1498                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1499                         return -EBUSY;
1500                 return 0;
1501         }
1502
1503         switch (iftype) {
1504         case NL80211_IFTYPE_AP_VLAN:
1505                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1506                         return 0;
1507                 break;
1508         case NL80211_IFTYPE_STATION:
1509                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1510                         return 0;
1511                 break;
1512         default:
1513                 break;
1514         }
1515
1516         return -EOPNOTSUPP;
1517 }
1518
1519 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1520 {
1521         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1522         struct vif_params params;
1523         int err;
1524         enum nl80211_iftype otype, ntype;
1525         struct net_device *dev = info->user_ptr[1];
1526         u32 _flags, *flags = NULL;
1527         bool change = false;
1528
1529         memset(&params, 0, sizeof(params));
1530
1531         otype = ntype = dev->ieee80211_ptr->iftype;
1532
1533         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1534                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1535                 if (otype != ntype)
1536                         change = true;
1537                 if (ntype > NL80211_IFTYPE_MAX)
1538                         return -EINVAL;
1539         }
1540
1541         if (info->attrs[NL80211_ATTR_MESH_ID]) {
1542                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1543
1544                 if (ntype != NL80211_IFTYPE_MESH_POINT)
1545                         return -EINVAL;
1546                 if (netif_running(dev))
1547                         return -EBUSY;
1548
1549                 wdev_lock(wdev);
1550                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1551                              IEEE80211_MAX_MESH_ID_LEN);
1552                 wdev->mesh_id_up_len =
1553                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1554                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1555                        wdev->mesh_id_up_len);
1556                 wdev_unlock(wdev);
1557         }
1558
1559         if (info->attrs[NL80211_ATTR_4ADDR]) {
1560                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1561                 change = true;
1562                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1563                 if (err)
1564                         return err;
1565         } else {
1566                 params.use_4addr = -1;
1567         }
1568
1569         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1570                 if (ntype != NL80211_IFTYPE_MONITOR)
1571                         return -EINVAL;
1572                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1573                                           &_flags);
1574                 if (err)
1575                         return err;
1576
1577                 flags = &_flags;
1578                 change = true;
1579         }
1580
1581         if (change)
1582                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1583         else
1584                 err = 0;
1585
1586         if (!err && params.use_4addr != -1)
1587                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1588
1589         return err;
1590 }
1591
1592 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1593 {
1594         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1595         struct vif_params params;
1596         struct net_device *dev;
1597         int err;
1598         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1599         u32 flags;
1600
1601         memset(&params, 0, sizeof(params));
1602
1603         if (!info->attrs[NL80211_ATTR_IFNAME])
1604                 return -EINVAL;
1605
1606         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1607                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1608                 if (type > NL80211_IFTYPE_MAX)
1609                         return -EINVAL;
1610         }
1611
1612         if (!rdev->ops->add_virtual_intf ||
1613             !(rdev->wiphy.interface_modes & (1 << type)))
1614                 return -EOPNOTSUPP;
1615
1616         if (info->attrs[NL80211_ATTR_4ADDR]) {
1617                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1618                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1619                 if (err)
1620                         return err;
1621         }
1622
1623         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1624                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1625                                   &flags);
1626         dev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1627                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1628                 type, err ? NULL : &flags, &params);
1629         if (IS_ERR(dev))
1630                 return PTR_ERR(dev);
1631
1632         if (type == NL80211_IFTYPE_MESH_POINT &&
1633             info->attrs[NL80211_ATTR_MESH_ID]) {
1634                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1635
1636                 wdev_lock(wdev);
1637                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1638                              IEEE80211_MAX_MESH_ID_LEN);
1639                 wdev->mesh_id_up_len =
1640                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1641                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1642                        wdev->mesh_id_up_len);
1643                 wdev_unlock(wdev);
1644         }
1645
1646         return 0;
1647 }
1648
1649 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1650 {
1651         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1652         struct net_device *dev = info->user_ptr[1];
1653
1654         if (!rdev->ops->del_virtual_intf)
1655                 return -EOPNOTSUPP;
1656
1657         return rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1658 }
1659
1660 struct get_key_cookie {
1661         struct sk_buff *msg;
1662         int error;
1663         int idx;
1664 };
1665
1666 static void get_key_callback(void *c, struct key_params *params)
1667 {
1668         struct nlattr *key;
1669         struct get_key_cookie *cookie = c;
1670
1671         if (params->key)
1672                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1673                         params->key_len, params->key);
1674
1675         if (params->seq)
1676                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1677                         params->seq_len, params->seq);
1678
1679         if (params->cipher)
1680                 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1681                             params->cipher);
1682
1683         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1684         if (!key)
1685                 goto nla_put_failure;
1686
1687         if (params->key)
1688                 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1689                         params->key_len, params->key);
1690
1691         if (params->seq)
1692                 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1693                         params->seq_len, params->seq);
1694
1695         if (params->cipher)
1696                 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1697                             params->cipher);
1698
1699         NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1700
1701         nla_nest_end(cookie->msg, key);
1702
1703         return;
1704  nla_put_failure:
1705         cookie->error = 1;
1706 }
1707
1708 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1709 {
1710         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1711         int err;
1712         struct net_device *dev = info->user_ptr[1];
1713         u8 key_idx = 0;
1714         const u8 *mac_addr = NULL;
1715         bool pairwise;
1716         struct get_key_cookie cookie = {
1717                 .error = 0,
1718         };
1719         void *hdr;
1720         struct sk_buff *msg;
1721
1722         if (info->attrs[NL80211_ATTR_KEY_IDX])
1723                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1724
1725         if (key_idx > 5)
1726                 return -EINVAL;
1727
1728         if (info->attrs[NL80211_ATTR_MAC])
1729                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1730
1731         pairwise = !!mac_addr;
1732         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
1733                 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1734                 if (kt >= NUM_NL80211_KEYTYPES)
1735                         return -EINVAL;
1736                 if (kt != NL80211_KEYTYPE_GROUP &&
1737                     kt != NL80211_KEYTYPE_PAIRWISE)
1738                         return -EINVAL;
1739                 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
1740         }
1741
1742         if (!rdev->ops->get_key)
1743                 return -EOPNOTSUPP;
1744
1745         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1746         if (!msg)
1747                 return -ENOMEM;
1748
1749         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1750                              NL80211_CMD_NEW_KEY);
1751         if (IS_ERR(hdr))
1752                 return PTR_ERR(hdr);
1753
1754         cookie.msg = msg;
1755         cookie.idx = key_idx;
1756
1757         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1758         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1759         if (mac_addr)
1760                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1761
1762         if (pairwise && mac_addr &&
1763             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1764                 return -ENOENT;
1765
1766         err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
1767                                  mac_addr, &cookie, get_key_callback);
1768
1769         if (err)
1770                 goto free_msg;
1771
1772         if (cookie.error)
1773                 goto nla_put_failure;
1774
1775         genlmsg_end(msg, hdr);
1776         return genlmsg_reply(msg, info);
1777
1778  nla_put_failure:
1779         err = -ENOBUFS;
1780  free_msg:
1781         nlmsg_free(msg);
1782         return err;
1783 }
1784
1785 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1786 {
1787         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1788         struct key_parse key;
1789         int err;
1790         struct net_device *dev = info->user_ptr[1];
1791
1792         err = nl80211_parse_key(info, &key);
1793         if (err)
1794                 return err;
1795
1796         if (key.idx < 0)
1797                 return -EINVAL;
1798
1799         /* only support setting default key */
1800         if (!key.def && !key.defmgmt)
1801                 return -EINVAL;
1802
1803         wdev_lock(dev->ieee80211_ptr);
1804
1805         if (key.def) {
1806                 if (!rdev->ops->set_default_key) {
1807                         err = -EOPNOTSUPP;
1808                         goto out;
1809                 }
1810
1811                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1812                 if (err)
1813                         goto out;
1814
1815                 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
1816                                                  key.def_uni, key.def_multi);
1817
1818                 if (err)
1819                         goto out;
1820
1821 #ifdef CONFIG_CFG80211_WEXT
1822                 dev->ieee80211_ptr->wext.default_key = key.idx;
1823 #endif
1824         } else {
1825                 if (key.def_uni || !key.def_multi) {
1826                         err = -EINVAL;
1827                         goto out;
1828                 }
1829
1830                 if (!rdev->ops->set_default_mgmt_key) {
1831                         err = -EOPNOTSUPP;
1832                         goto out;
1833                 }
1834
1835                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1836                 if (err)
1837                         goto out;
1838
1839                 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
1840                                                       dev, key.idx);
1841                 if (err)
1842                         goto out;
1843
1844 #ifdef CONFIG_CFG80211_WEXT
1845                 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1846 #endif
1847         }
1848
1849  out:
1850         wdev_unlock(dev->ieee80211_ptr);
1851
1852         return err;
1853 }
1854
1855 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1856 {
1857         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1858         int err;
1859         struct net_device *dev = info->user_ptr[1];
1860         struct key_parse key;
1861         const u8 *mac_addr = NULL;
1862
1863         err = nl80211_parse_key(info, &key);
1864         if (err)
1865                 return err;
1866
1867         if (!key.p.key)
1868                 return -EINVAL;
1869
1870         if (info->attrs[NL80211_ATTR_MAC])
1871                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1872
1873         if (key.type == -1) {
1874                 if (mac_addr)
1875                         key.type = NL80211_KEYTYPE_PAIRWISE;
1876                 else
1877                         key.type = NL80211_KEYTYPE_GROUP;
1878         }
1879
1880         /* for now */
1881         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
1882             key.type != NL80211_KEYTYPE_GROUP)
1883                 return -EINVAL;
1884
1885         if (!rdev->ops->add_key)
1886                 return -EOPNOTSUPP;
1887
1888         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
1889                                            key.type == NL80211_KEYTYPE_PAIRWISE,
1890                                            mac_addr))
1891                 return -EINVAL;
1892
1893         wdev_lock(dev->ieee80211_ptr);
1894         err = nl80211_key_allowed(dev->ieee80211_ptr);
1895         if (!err)
1896                 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
1897                                          key.type == NL80211_KEYTYPE_PAIRWISE,
1898                                          mac_addr, &key.p);
1899         wdev_unlock(dev->ieee80211_ptr);
1900
1901         return err;
1902 }
1903
1904 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1905 {
1906         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1907         int err;
1908         struct net_device *dev = info->user_ptr[1];
1909         u8 *mac_addr = NULL;
1910         struct key_parse key;
1911
1912         err = nl80211_parse_key(info, &key);
1913         if (err)
1914                 return err;
1915
1916         if (info->attrs[NL80211_ATTR_MAC])
1917                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1918
1919         if (key.type == -1) {
1920                 if (mac_addr)
1921                         key.type = NL80211_KEYTYPE_PAIRWISE;
1922                 else
1923                         key.type = NL80211_KEYTYPE_GROUP;
1924         }
1925
1926         /* for now */
1927         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
1928             key.type != NL80211_KEYTYPE_GROUP)
1929                 return -EINVAL;
1930
1931         if (!rdev->ops->del_key)
1932                 return -EOPNOTSUPP;
1933
1934         wdev_lock(dev->ieee80211_ptr);
1935         err = nl80211_key_allowed(dev->ieee80211_ptr);
1936
1937         if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
1938             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1939                 err = -ENOENT;
1940
1941         if (!err)
1942                 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
1943                                          key.type == NL80211_KEYTYPE_PAIRWISE,
1944                                          mac_addr);
1945
1946 #ifdef CONFIG_CFG80211_WEXT
1947         if (!err) {
1948                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
1949                         dev->ieee80211_ptr->wext.default_key = -1;
1950                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
1951                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
1952         }
1953 #endif
1954         wdev_unlock(dev->ieee80211_ptr);
1955
1956         return err;
1957 }
1958
1959 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1960 {
1961         int (*call)(struct wiphy *wiphy, struct net_device *dev,
1962                     struct beacon_parameters *info);
1963         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1964         struct net_device *dev = info->user_ptr[1];
1965         struct wireless_dev *wdev = dev->ieee80211_ptr;
1966         struct beacon_parameters params;
1967         int haveinfo = 0, err;
1968
1969         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]))
1970                 return -EINVAL;
1971
1972         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1973             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
1974                 return -EOPNOTSUPP;
1975
1976         memset(&params, 0, sizeof(params));
1977
1978         switch (info->genlhdr->cmd) {
1979         case NL80211_CMD_NEW_BEACON:
1980                 /* these are required for NEW_BEACON */
1981                 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
1982                     !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
1983                     !info->attrs[NL80211_ATTR_BEACON_HEAD])
1984                         return -EINVAL;
1985
1986                 params.interval =
1987                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
1988                 params.dtim_period =
1989                         nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
1990
1991                 err = cfg80211_validate_beacon_int(rdev, params.interval);
1992                 if (err)
1993                         return err;
1994
1995                 call = rdev->ops->add_beacon;
1996                 break;
1997         case NL80211_CMD_SET_BEACON:
1998                 call = rdev->ops->set_beacon;
1999                 break;
2000         default:
2001                 WARN_ON(1);
2002                 return -EOPNOTSUPP;
2003         }
2004
2005         if (!call)
2006                 return -EOPNOTSUPP;
2007
2008         if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2009                 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2010                 params.head_len =
2011                     nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2012                 haveinfo = 1;
2013         }
2014
2015         if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2016                 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2017                 params.tail_len =
2018                     nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2019                 haveinfo = 1;
2020         }
2021
2022         if (!haveinfo)
2023                 return -EINVAL;
2024
2025         err = call(&rdev->wiphy, dev, &params);
2026         if (!err && params.interval)
2027                 wdev->beacon_interval = params.interval;
2028         return err;
2029 }
2030
2031 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
2032 {
2033         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2034         struct net_device *dev = info->user_ptr[1];
2035         struct wireless_dev *wdev = dev->ieee80211_ptr;
2036         int err;
2037
2038         if (!rdev->ops->del_beacon)
2039                 return -EOPNOTSUPP;
2040
2041         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2042             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2043                 return -EOPNOTSUPP;
2044
2045         err = rdev->ops->del_beacon(&rdev->wiphy, dev);
2046         if (!err)
2047                 wdev->beacon_interval = 0;
2048         return err;
2049 }
2050
2051 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2052         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2053         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2054         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2055         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2056         [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2057 };
2058
2059 static int parse_station_flags(struct genl_info *info,
2060                                struct station_parameters *params)
2061 {
2062         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2063         struct nlattr *nla;
2064         int flag;
2065
2066         /*
2067          * Try parsing the new attribute first so userspace
2068          * can specify both for older kernels.
2069          */
2070         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2071         if (nla) {
2072                 struct nl80211_sta_flag_update *sta_flags;
2073
2074                 sta_flags = nla_data(nla);
2075                 params->sta_flags_mask = sta_flags->mask;
2076                 params->sta_flags_set = sta_flags->set;
2077                 if ((params->sta_flags_mask |
2078                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2079                         return -EINVAL;
2080                 return 0;
2081         }
2082
2083         /* if present, parse the old attribute */
2084
2085         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2086         if (!nla)
2087                 return 0;
2088
2089         if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2090                              nla, sta_flags_policy))
2091                 return -EINVAL;
2092
2093         params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1;
2094         params->sta_flags_mask &= ~1;
2095
2096         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
2097                 if (flags[flag])
2098                         params->sta_flags_set |= (1<<flag);
2099
2100         return 0;
2101 }
2102
2103 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2104                                  int attr)
2105 {
2106         struct nlattr *rate;
2107         u16 bitrate;
2108
2109         rate = nla_nest_start(msg, attr);
2110         if (!rate)
2111                 goto nla_put_failure;
2112
2113         /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2114         bitrate = cfg80211_calculate_bitrate(info);
2115         if (bitrate > 0)
2116                 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
2117
2118         if (info->flags & RATE_INFO_FLAGS_MCS)
2119                 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs);
2120         if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
2121                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
2122         if (info->flags & RATE_INFO_FLAGS_SHORT_GI)
2123                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
2124
2125         nla_nest_end(msg, rate);
2126         return true;
2127
2128 nla_put_failure:
2129         return false;
2130 }
2131
2132 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2133                                 int flags, struct net_device *dev,
2134                                 const u8 *mac_addr, struct station_info *sinfo)
2135 {
2136         void *hdr;
2137         struct nlattr *sinfoattr, *bss_param;
2138
2139         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2140         if (!hdr)
2141                 return -1;
2142
2143         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2144         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
2145
2146         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
2147
2148         sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2149         if (!sinfoattr)
2150                 goto nla_put_failure;
2151         if (sinfo->filled & STATION_INFO_CONNECTED_TIME)
2152                 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2153                             sinfo->connected_time);
2154         if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
2155                 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2156                             sinfo->inactive_time);
2157         if (sinfo->filled & STATION_INFO_RX_BYTES)
2158                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
2159                             sinfo->rx_bytes);
2160         if (sinfo->filled & STATION_INFO_TX_BYTES)
2161                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
2162                             sinfo->tx_bytes);
2163         if (sinfo->filled & STATION_INFO_LLID)
2164                 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
2165                             sinfo->llid);
2166         if (sinfo->filled & STATION_INFO_PLID)
2167                 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
2168                             sinfo->plid);
2169         if (sinfo->filled & STATION_INFO_PLINK_STATE)
2170                 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
2171                             sinfo->plink_state);
2172         if (sinfo->filled & STATION_INFO_SIGNAL)
2173                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
2174                            sinfo->signal);
2175         if (sinfo->filled & STATION_INFO_SIGNAL_AVG)
2176                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2177                            sinfo->signal_avg);
2178         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2179                 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2180                                           NL80211_STA_INFO_TX_BITRATE))
2181                         goto nla_put_failure;
2182         }
2183         if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2184                 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2185                                           NL80211_STA_INFO_RX_BITRATE))
2186                         goto nla_put_failure;
2187         }
2188         if (sinfo->filled & STATION_INFO_RX_PACKETS)
2189                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
2190                             sinfo->rx_packets);
2191         if (sinfo->filled & STATION_INFO_TX_PACKETS)
2192                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
2193                             sinfo->tx_packets);
2194         if (sinfo->filled & STATION_INFO_TX_RETRIES)
2195                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES,
2196                             sinfo->tx_retries);
2197         if (sinfo->filled & STATION_INFO_TX_FAILED)
2198                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED,
2199                             sinfo->tx_failed);
2200         if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2201                 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2202                 if (!bss_param)
2203                         goto nla_put_failure;
2204
2205                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT)
2206                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT);
2207                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE)
2208                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE);
2209                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME)
2210                         NLA_PUT_FLAG(msg,
2211                                      NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME);
2212                 NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2213                            sinfo->bss_param.dtim_period);
2214                 NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2215                             sinfo->bss_param.beacon_interval);
2216
2217                 nla_nest_end(msg, bss_param);
2218         }
2219         nla_nest_end(msg, sinfoattr);
2220
2221         return genlmsg_end(msg, hdr);
2222
2223  nla_put_failure:
2224         genlmsg_cancel(msg, hdr);
2225         return -EMSGSIZE;
2226 }
2227
2228 static int nl80211_dump_station(struct sk_buff *skb,
2229                                 struct netlink_callback *cb)
2230 {
2231         struct station_info sinfo;
2232         struct cfg80211_registered_device *dev;
2233         struct net_device *netdev;
2234         u8 mac_addr[ETH_ALEN];
2235         int sta_idx = cb->args[1];
2236         int err;
2237
2238         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2239         if (err)
2240                 return err;
2241
2242         if (!dev->ops->dump_station) {
2243                 err = -EOPNOTSUPP;
2244                 goto out_err;
2245         }
2246
2247         while (1) {
2248                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2249                                              mac_addr, &sinfo);
2250                 if (err == -ENOENT)
2251                         break;
2252                 if (err)
2253                         goto out_err;
2254
2255                 if (nl80211_send_station(skb,
2256                                 NETLINK_CB(cb->skb).pid,
2257                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2258                                 netdev, mac_addr,
2259                                 &sinfo) < 0)
2260                         goto out;
2261
2262                 sta_idx++;
2263         }
2264
2265
2266  out:
2267         cb->args[1] = sta_idx;
2268         err = skb->len;
2269  out_err:
2270         nl80211_finish_netdev_dump(dev);
2271
2272         return err;
2273 }
2274
2275 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2276 {
2277         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2278         struct net_device *dev = info->user_ptr[1];
2279         struct station_info sinfo;
2280         struct sk_buff *msg;
2281         u8 *mac_addr = NULL;
2282         int err;
2283
2284         memset(&sinfo, 0, sizeof(sinfo));
2285
2286         if (!info->attrs[NL80211_ATTR_MAC])
2287                 return -EINVAL;
2288
2289         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2290
2291         if (!rdev->ops->get_station)
2292                 return -EOPNOTSUPP;
2293
2294         err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2295         if (err)
2296                 return err;
2297
2298         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2299         if (!msg)
2300                 return -ENOMEM;
2301
2302         if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2303                                  dev, mac_addr, &sinfo) < 0) {
2304                 nlmsg_free(msg);
2305                 return -ENOBUFS;
2306         }
2307
2308         return genlmsg_reply(msg, info);
2309 }
2310
2311 /*
2312  * Get vlan interface making sure it is running and on the right wiphy.
2313  */
2314 static int get_vlan(struct genl_info *info,
2315                     struct cfg80211_registered_device *rdev,
2316                     struct net_device **vlan)
2317 {
2318         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2319         *vlan = NULL;
2320
2321         if (vlanattr) {
2322                 *vlan = dev_get_by_index(genl_info_net(info),
2323                                          nla_get_u32(vlanattr));
2324                 if (!*vlan)
2325                         return -ENODEV;
2326                 if (!(*vlan)->ieee80211_ptr)
2327                         return -EINVAL;
2328                 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
2329                         return -EINVAL;
2330                 if (!netif_running(*vlan))
2331                         return -ENETDOWN;
2332         }
2333         return 0;
2334 }
2335
2336 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2337 {
2338         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2339         int err;
2340         struct net_device *dev = info->user_ptr[1];
2341         struct station_parameters params;
2342         u8 *mac_addr = NULL;
2343
2344         memset(&params, 0, sizeof(params));
2345
2346         params.listen_interval = -1;
2347         params.plink_state = -1;
2348
2349         if (info->attrs[NL80211_ATTR_STA_AID])
2350                 return -EINVAL;
2351
2352         if (!info->attrs[NL80211_ATTR_MAC])
2353                 return -EINVAL;
2354
2355         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2356
2357         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2358                 params.supported_rates =
2359                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2360                 params.supported_rates_len =
2361                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2362         }
2363
2364         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2365                 params.listen_interval =
2366                     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2367
2368         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2369                 params.ht_capa =
2370                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2371
2372         if (parse_station_flags(info, &params))
2373                 return -EINVAL;
2374
2375         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2376                 params.plink_action =
2377                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2378
2379         if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
2380                 params.plink_state =
2381                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
2382
2383         err = get_vlan(info, rdev, &params.vlan);
2384         if (err)
2385                 goto out;
2386
2387         /* validate settings */
2388         err = 0;
2389
2390         switch (dev->ieee80211_ptr->iftype) {
2391         case NL80211_IFTYPE_AP:
2392         case NL80211_IFTYPE_AP_VLAN:
2393         case NL80211_IFTYPE_P2P_GO:
2394                 /* disallow mesh-specific things */
2395                 if (params.plink_action)
2396                         err = -EINVAL;
2397                 break;
2398         case NL80211_IFTYPE_P2P_CLIENT:
2399         case NL80211_IFTYPE_STATION:
2400                 /* disallow everything but AUTHORIZED flag */
2401                 if (params.plink_action)
2402                         err = -EINVAL;
2403                 if (params.vlan)
2404                         err = -EINVAL;
2405                 if (params.supported_rates)
2406                         err = -EINVAL;
2407                 if (params.ht_capa)
2408                         err = -EINVAL;
2409                 if (params.listen_interval >= 0)
2410                         err = -EINVAL;
2411                 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2412                         err = -EINVAL;
2413                 break;
2414         case NL80211_IFTYPE_MESH_POINT:
2415                 /* disallow things mesh doesn't support */
2416                 if (params.vlan)
2417                         err = -EINVAL;
2418                 if (params.ht_capa)
2419                         err = -EINVAL;
2420                 if (params.listen_interval >= 0)
2421                         err = -EINVAL;
2422                 if (params.sta_flags_mask &
2423                                 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2424                                   BIT(NL80211_STA_FLAG_MFP) |
2425                                   BIT(NL80211_STA_FLAG_AUTHORIZED)))
2426                         err = -EINVAL;
2427                 break;
2428         default:
2429                 err = -EINVAL;
2430         }
2431
2432         if (err)
2433                 goto out;
2434
2435         if (!rdev->ops->change_station) {
2436                 err = -EOPNOTSUPP;
2437                 goto out;
2438         }
2439
2440         err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2441
2442  out:
2443         if (params.vlan)
2444                 dev_put(params.vlan);
2445
2446         return err;
2447 }
2448
2449 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2450 {
2451         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2452         int err;
2453         struct net_device *dev = info->user_ptr[1];
2454         struct station_parameters params;
2455         u8 *mac_addr = NULL;
2456
2457         memset(&params, 0, sizeof(params));
2458
2459         if (!info->attrs[NL80211_ATTR_MAC])
2460                 return -EINVAL;
2461
2462         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2463                 return -EINVAL;
2464
2465         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2466                 return -EINVAL;
2467
2468         if (!info->attrs[NL80211_ATTR_STA_AID])
2469                 return -EINVAL;
2470
2471         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2472         params.supported_rates =
2473                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2474         params.supported_rates_len =
2475                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2476         params.listen_interval =
2477                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2478
2479         params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2480         if (!params.aid || params.aid > IEEE80211_MAX_AID)
2481                 return -EINVAL;
2482
2483         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2484                 params.ht_capa =
2485                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2486
2487         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2488                 params.plink_action =
2489                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2490
2491         if (parse_station_flags(info, &params))
2492                 return -EINVAL;
2493
2494         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2495             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2496             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2497             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2498                 return -EINVAL;
2499
2500         err = get_vlan(info, rdev, &params.vlan);
2501         if (err)
2502                 goto out;
2503
2504         /* validate settings */
2505         err = 0;
2506
2507         if (!rdev->ops->add_station) {
2508                 err = -EOPNOTSUPP;
2509                 goto out;
2510         }
2511
2512         err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2513
2514  out:
2515         if (params.vlan)
2516                 dev_put(params.vlan);
2517         return err;
2518 }
2519
2520 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2521 {
2522         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2523         struct net_device *dev = info->user_ptr[1];
2524         u8 *mac_addr = NULL;
2525
2526         if (info->attrs[NL80211_ATTR_MAC])
2527                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2528
2529         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2530             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2531             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2532             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2533                 return -EINVAL;
2534
2535         if (!rdev->ops->del_station)
2536                 return -EOPNOTSUPP;
2537
2538         return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2539 }
2540
2541 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2542                                 int flags, struct net_device *dev,
2543                                 u8 *dst, u8 *next_hop,
2544                                 struct mpath_info *pinfo)
2545 {
2546         void *hdr;
2547         struct nlattr *pinfoattr;
2548
2549         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2550         if (!hdr)
2551                 return -1;
2552
2553         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2554         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2555         NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2556
2557         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2558
2559         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2560         if (!pinfoattr)
2561                 goto nla_put_failure;
2562         if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2563                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2564                             pinfo->frame_qlen);
2565         if (pinfo->filled & MPATH_INFO_SN)
2566                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2567                             pinfo->sn);
2568         if (pinfo->filled & MPATH_INFO_METRIC)
2569                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2570                             pinfo->metric);
2571         if (pinfo->filled & MPATH_INFO_EXPTIME)
2572                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2573                             pinfo->exptime);
2574         if (pinfo->filled & MPATH_INFO_FLAGS)
2575                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2576                             pinfo->flags);
2577         if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2578                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2579                             pinfo->discovery_timeout);
2580         if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2581                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2582                             pinfo->discovery_retries);
2583
2584         nla_nest_end(msg, pinfoattr);
2585
2586         return genlmsg_end(msg, hdr);
2587
2588  nla_put_failure:
2589         genlmsg_cancel(msg, hdr);
2590         return -EMSGSIZE;
2591 }
2592
2593 static int nl80211_dump_mpath(struct sk_buff *skb,
2594                               struct netlink_callback *cb)
2595 {
2596         struct mpath_info pinfo;
2597         struct cfg80211_registered_device *dev;
2598         struct net_device *netdev;
2599         u8 dst[ETH_ALEN];
2600         u8 next_hop[ETH_ALEN];
2601         int path_idx = cb->args[1];
2602         int err;
2603
2604         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2605         if (err)
2606                 return err;
2607
2608         if (!dev->ops->dump_mpath) {
2609                 err = -EOPNOTSUPP;
2610                 goto out_err;
2611         }
2612
2613         if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2614                 err = -EOPNOTSUPP;
2615                 goto out_err;
2616         }
2617
2618         while (1) {
2619                 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2620                                            dst, next_hop, &pinfo);
2621                 if (err == -ENOENT)
2622                         break;
2623                 if (err)
2624                         goto out_err;
2625
2626                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2627                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
2628                                        netdev, dst, next_hop,
2629                                        &pinfo) < 0)
2630                         goto out;
2631
2632                 path_idx++;
2633         }
2634
2635
2636  out:
2637         cb->args[1] = path_idx;
2638         err = skb->len;
2639  out_err:
2640         nl80211_finish_netdev_dump(dev);
2641         return err;
2642 }
2643
2644 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2645 {
2646         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2647         int err;
2648         struct net_device *dev = info->user_ptr[1];
2649         struct mpath_info pinfo;
2650         struct sk_buff *msg;
2651         u8 *dst = NULL;
2652         u8 next_hop[ETH_ALEN];
2653
2654         memset(&pinfo, 0, sizeof(pinfo));
2655
2656         if (!info->attrs[NL80211_ATTR_MAC])
2657                 return -EINVAL;
2658
2659         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2660
2661         if (!rdev->ops->get_mpath)
2662                 return -EOPNOTSUPP;
2663
2664         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2665                 return -EOPNOTSUPP;
2666
2667         err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2668         if (err)
2669                 return err;
2670
2671         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2672         if (!msg)
2673                 return -ENOMEM;
2674
2675         if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2676                                  dev, dst, next_hop, &pinfo) < 0) {
2677                 nlmsg_free(msg);
2678                 return -ENOBUFS;
2679         }
2680
2681         return genlmsg_reply(msg, info);
2682 }
2683
2684 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
2685 {
2686         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2687         struct net_device *dev = info->user_ptr[1];
2688         u8 *dst = NULL;
2689         u8 *next_hop = NULL;
2690
2691         if (!info->attrs[NL80211_ATTR_MAC])
2692                 return -EINVAL;
2693
2694         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2695                 return -EINVAL;
2696
2697         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2698         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2699
2700         if (!rdev->ops->change_mpath)
2701                 return -EOPNOTSUPP;
2702
2703         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2704                 return -EOPNOTSUPP;
2705
2706         return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
2707 }
2708
2709 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
2710 {
2711         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2712         struct net_device *dev = info->user_ptr[1];
2713         u8 *dst = NULL;
2714         u8 *next_hop = NULL;
2715
2716         if (!info->attrs[NL80211_ATTR_MAC])
2717                 return -EINVAL;
2718
2719         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2720                 return -EINVAL;
2721
2722         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2723         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2724
2725         if (!rdev->ops->add_mpath)
2726                 return -EOPNOTSUPP;
2727
2728         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2729                 return -EOPNOTSUPP;
2730
2731         return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
2732 }
2733
2734 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
2735 {
2736         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2737         struct net_device *dev = info->user_ptr[1];
2738         u8 *dst = NULL;
2739
2740         if (info->attrs[NL80211_ATTR_MAC])
2741                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2742
2743         if (!rdev->ops->del_mpath)
2744                 return -EOPNOTSUPP;
2745
2746         return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
2747 }
2748
2749 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2750 {
2751         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2752         struct net_device *dev = info->user_ptr[1];
2753         struct bss_parameters params;
2754
2755         memset(&params, 0, sizeof(params));
2756         /* default to not changing parameters */
2757         params.use_cts_prot = -1;
2758         params.use_short_preamble = -1;
2759         params.use_short_slot_time = -1;
2760         params.ap_isolate = -1;
2761         params.ht_opmode = -1;
2762
2763         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
2764                 params.use_cts_prot =
2765                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
2766         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
2767                 params.use_short_preamble =
2768                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
2769         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
2770                 params.use_short_slot_time =
2771                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
2772         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
2773                 params.basic_rates =
2774                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2775                 params.basic_rates_len =
2776                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2777         }
2778         if (info->attrs[NL80211_ATTR_AP_ISOLATE])
2779                 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
2780         if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
2781                 params.ht_opmode =
2782                         nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
2783
2784         if (!rdev->ops->change_bss)
2785                 return -EOPNOTSUPP;
2786
2787         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2788             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2789                 return -EOPNOTSUPP;
2790
2791         return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
2792 }
2793
2794 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2795         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
2796         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
2797         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
2798         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
2799         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
2800         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
2801 };
2802
2803 static int parse_reg_rule(struct nlattr *tb[],
2804         struct ieee80211_reg_rule *reg_rule)
2805 {
2806         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
2807         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
2808
2809         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2810                 return -EINVAL;
2811         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2812                 return -EINVAL;
2813         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2814                 return -EINVAL;
2815         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2816                 return -EINVAL;
2817         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2818                 return -EINVAL;
2819
2820         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2821
2822         freq_range->start_freq_khz =
2823                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2824         freq_range->end_freq_khz =
2825                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2826         freq_range->max_bandwidth_khz =
2827                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2828
2829         power_rule->max_eirp =
2830                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2831
2832         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2833                 power_rule->max_antenna_gain =
2834                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2835
2836         return 0;
2837 }
2838
2839 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2840 {
2841         int r;
2842         char *data = NULL;
2843
2844         /*
2845          * You should only get this when cfg80211 hasn't yet initialized
2846          * completely when built-in to the kernel right between the time
2847          * window between nl80211_init() and regulatory_init(), if that is
2848          * even possible.
2849          */
2850         mutex_lock(&cfg80211_mutex);
2851         if (unlikely(!cfg80211_regdomain)) {
2852                 mutex_unlock(&cfg80211_mutex);
2853                 return -EINPROGRESS;
2854         }
2855         mutex_unlock(&cfg80211_mutex);
2856
2857         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2858                 return -EINVAL;
2859
2860         data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2861
2862         r = regulatory_hint_user(data);
2863
2864         return r;
2865 }
2866
2867 static int nl80211_get_mesh_config(struct sk_buff *skb,
2868                                    struct genl_info *info)
2869 {
2870         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2871         struct net_device *dev = info->user_ptr[1];
2872         struct wireless_dev *wdev = dev->ieee80211_ptr;
2873         struct mesh_config cur_params;
2874         int err = 0;
2875         void *hdr;
2876         struct nlattr *pinfoattr;
2877         struct sk_buff *msg;
2878
2879         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
2880                 return -EOPNOTSUPP;
2881
2882         if (!rdev->ops->get_mesh_config)
2883                 return -EOPNOTSUPP;
2884
2885         wdev_lock(wdev);
2886         /* If not connected, get default parameters */
2887         if (!wdev->mesh_id_len)
2888                 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
2889         else
2890                 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
2891                                                  &cur_params);
2892         wdev_unlock(wdev);
2893
2894         if (err)
2895                 return err;
2896
2897         /* Draw up a netlink message to send back */
2898         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2899         if (!msg)
2900                 return -ENOMEM;
2901         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2902                              NL80211_CMD_GET_MESH_CONFIG);
2903         if (!hdr)
2904                 goto out;
2905         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
2906         if (!pinfoattr)
2907                 goto nla_put_failure;
2908         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2909         NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2910                         cur_params.dot11MeshRetryTimeout);
2911         NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2912                         cur_params.dot11MeshConfirmTimeout);
2913         NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2914                         cur_params.dot11MeshHoldingTimeout);
2915         NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2916                         cur_params.dot11MeshMaxPeerLinks);
2917         NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2918                         cur_params.dot11MeshMaxRetries);
2919         NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2920                         cur_params.dot11MeshTTL);
2921         NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL,
2922                         cur_params.element_ttl);
2923         NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2924                         cur_params.auto_open_plinks);
2925         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2926                         cur_params.dot11MeshHWMPmaxPREQretries);
2927         NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2928                         cur_params.path_refresh_time);
2929         NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2930                         cur_params.min_discovery_timeout);
2931         NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2932                         cur_params.dot11MeshHWMPactivePathTimeout);
2933         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2934                         cur_params.dot11MeshHWMPpreqMinInterval);
2935         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2936                         cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2937         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
2938                         cur_params.dot11MeshHWMPRootMode);
2939         nla_nest_end(msg, pinfoattr);
2940         genlmsg_end(msg, hdr);
2941         return genlmsg_reply(msg, info);
2942
2943  nla_put_failure:
2944         genlmsg_cancel(msg, hdr);
2945  out:
2946         nlmsg_free(msg);
2947         return -ENOBUFS;
2948 }
2949
2950 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
2951         [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2952         [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2953         [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2954         [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2955         [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2956         [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2957         [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
2958         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2959
2960         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2961         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2962         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2963         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2964         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2965         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2966 };
2967
2968 static const struct nla_policy
2969         nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
2970         [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
2971         [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
2972         [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
2973         [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
2974                 .len = IEEE80211_MAX_DATA_LEN },
2975         [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
2976 };
2977
2978 static int nl80211_parse_mesh_config(struct genl_info *info,
2979                                      struct mesh_config *cfg,
2980                                      u32 *mask_out)
2981 {
2982         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
2983         u32 mask = 0;
2984
2985 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
2986 do {\
2987         if (table[attr_num]) {\
2988                 cfg->param = nla_fn(table[attr_num]); \
2989                 mask |= (1 << (attr_num - 1)); \
2990         } \
2991 } while (0);\
2992
2993
2994         if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
2995                 return -EINVAL;
2996         if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
2997                              info->attrs[NL80211_ATTR_MESH_CONFIG],
2998                              nl80211_meshconf_params_policy))
2999                 return -EINVAL;
3000
3001         /* This makes sure that there aren't more than 32 mesh config
3002          * parameters (otherwise our bitfield scheme would not work.) */
3003         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3004
3005         /* Fill in the params struct */
3006         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3007                         mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
3008         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3009                         mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
3010         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3011                         mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
3012         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3013                         mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
3014         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3015                         mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
3016         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3017                         mask, NL80211_MESHCONF_TTL, nla_get_u8);
3018         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3019                         mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
3020         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3021                         mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
3022         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3023                         mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3024                         nla_get_u8);
3025         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3026                         mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
3027         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3028                         mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3029                         nla_get_u16);
3030         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
3031                         mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3032                         nla_get_u32);
3033         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3034                         mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3035                         nla_get_u16);
3036         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3037                         dot11MeshHWMPnetDiameterTraversalTime,
3038                         mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3039                         nla_get_u16);
3040         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3041                         dot11MeshHWMPRootMode, mask,
3042                         NL80211_MESHCONF_HWMP_ROOTMODE,
3043                         nla_get_u8);
3044         if (mask_out)
3045                 *mask_out = mask;
3046
3047         return 0;
3048
3049 #undef FILL_IN_MESH_PARAM_IF_SET
3050 }
3051
3052 static int nl80211_parse_mesh_setup(struct genl_info *info,
3053                                      struct mesh_setup *setup)
3054 {
3055         struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3056
3057         if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3058                 return -EINVAL;
3059         if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3060                              info->attrs[NL80211_ATTR_MESH_SETUP],
3061                              nl80211_mesh_setup_params_policy))
3062                 return -EINVAL;
3063
3064         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3065                 setup->path_sel_proto =
3066                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3067                  IEEE80211_PATH_PROTOCOL_VENDOR :
3068                  IEEE80211_PATH_PROTOCOL_HWMP;
3069
3070         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3071                 setup->path_metric =
3072                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3073                  IEEE80211_PATH_METRIC_VENDOR :
3074                  IEEE80211_PATH_METRIC_AIRTIME;
3075
3076
3077         if (tb[NL80211_MESH_SETUP_IE]) {
3078                 struct nlattr *ieattr =
3079                         tb[NL80211_MESH_SETUP_IE];
3080                 if (!is_valid_ie_attr(ieattr))
3081                         return -EINVAL;
3082                 setup->ie = nla_data(ieattr);
3083                 setup->ie_len = nla_len(ieattr);
3084         }
3085         setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3086         setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3087
3088         return 0;
3089 }
3090
3091 static int nl80211_update_mesh_config(struct sk_buff *skb,
3092                                       struct genl_info *info)
3093 {
3094         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3095         struct net_device *dev = info->user_ptr[1];
3096         struct wireless_dev *wdev = dev->ieee80211_ptr;
3097         struct mesh_config cfg;
3098         u32 mask;
3099         int err;
3100
3101         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3102                 return -EOPNOTSUPP;
3103
3104         if (!rdev->ops->update_mesh_config)
3105                 return -EOPNOTSUPP;
3106
3107         err = nl80211_parse_mesh_config(info, &cfg, &mask);
3108         if (err)
3109                 return err;
3110
3111         wdev_lock(wdev);
3112         if (!wdev->mesh_id_len)
3113                 err = -ENOLINK;
3114
3115         if (!err)
3116                 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3117                                                     mask, &cfg);
3118
3119         wdev_unlock(wdev);
3120
3121         return err;
3122 }
3123
3124 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3125 {
3126         struct sk_buff *msg;
3127         void *hdr = NULL;
3128         struct nlattr *nl_reg_rules;
3129         unsigned int i;
3130         int err = -EINVAL;
3131
3132         mutex_lock(&cfg80211_mutex);
3133
3134         if (!cfg80211_regdomain)
3135                 goto out;
3136
3137         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3138         if (!msg) {
3139                 err = -ENOBUFS;
3140                 goto out;
3141         }
3142
3143         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3144                              NL80211_CMD_GET_REG);
3145         if (!hdr)
3146                 goto put_failure;
3147
3148         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
3149                 cfg80211_regdomain->alpha2);
3150
3151         nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3152         if (!nl_reg_rules)
3153                 goto nla_put_failure;
3154
3155         for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
3156                 struct nlattr *nl_reg_rule;
3157                 const struct ieee80211_reg_rule *reg_rule;
3158                 const struct ieee80211_freq_range *freq_range;
3159                 const struct ieee80211_power_rule *power_rule;
3160
3161                 reg_rule = &cfg80211_regdomain->reg_rules[i];
3162                 freq_range = &reg_rule->freq_range;
3163                 power_rule = &reg_rule->power_rule;
3164
3165                 nl_reg_rule = nla_nest_start(msg, i);
3166                 if (!nl_reg_rule)
3167                         goto nla_put_failure;
3168
3169                 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3170                         reg_rule->flags);
3171                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
3172                         freq_range->start_freq_khz);
3173                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
3174                         freq_range->end_freq_khz);
3175                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3176                         freq_range->max_bandwidth_khz);
3177                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3178                         power_rule->max_antenna_gain);
3179                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3180                         power_rule->max_eirp);
3181
3182                 nla_nest_end(msg, nl_reg_rule);
3183         }
3184
3185         nla_nest_end(msg, nl_reg_rules);
3186
3187         genlmsg_end(msg, hdr);
3188         err = genlmsg_reply(msg, info);
3189         goto out;
3190
3191 nla_put_failure:
3192         genlmsg_cancel(msg, hdr);
3193 put_failure:
3194         nlmsg_free(msg);
3195         err = -EMSGSIZE;
3196 out:
3197         mutex_unlock(&cfg80211_mutex);
3198         return err;
3199 }
3200
3201 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3202 {
3203         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3204         struct nlattr *nl_reg_rule;
3205         char *alpha2 = NULL;
3206         int rem_reg_rules = 0, r = 0;
3207         u32 num_rules = 0, rule_idx = 0, size_of_regd;
3208         struct ieee80211_regdomain *rd = NULL;
3209
3210         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3211                 return -EINVAL;
3212
3213         if (!info->attrs[NL80211_ATTR_REG_RULES])
3214                 return -EINVAL;
3215
3216         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3217
3218         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3219                         rem_reg_rules) {
3220                 num_rules++;
3221                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3222                         return -EINVAL;
3223         }
3224
3225         mutex_lock(&cfg80211_mutex);
3226
3227         if (!reg_is_valid_request(alpha2)) {
3228                 r = -EINVAL;
3229                 goto bad_reg;
3230         }
3231
3232         size_of_regd = sizeof(struct ieee80211_regdomain) +
3233                 (num_rules * sizeof(struct ieee80211_reg_rule));
3234
3235         rd = kzalloc(size_of_regd, GFP_KERNEL);
3236         if (!rd) {
3237                 r = -ENOMEM;
3238                 goto bad_reg;
3239         }
3240
3241         rd->n_reg_rules = num_rules;
3242         rd->alpha2[0] = alpha2[0];
3243         rd->alpha2[1] = alpha2[1];
3244
3245         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3246                         rem_reg_rules) {
3247                 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3248                         nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3249                         reg_rule_policy);
3250                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3251                 if (r)
3252                         goto bad_reg;
3253
3254                 rule_idx++;
3255
3256                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3257                         r = -EINVAL;
3258                         goto bad_reg;
3259                 }
3260         }
3261
3262         BUG_ON(rule_idx != num_rules);
3263
3264         r = set_regdom(rd);
3265
3266         mutex_unlock(&cfg80211_mutex);
3267
3268         return r;
3269
3270  bad_reg:
3271         mutex_unlock(&cfg80211_mutex);
3272         kfree(rd);
3273         return r;
3274 }
3275
3276 static int validate_scan_freqs(struct nlattr *freqs)
3277 {
3278         struct nlattr *attr1, *attr2;
3279         int n_channels = 0, tmp1, tmp2;
3280
3281         nla_for_each_nested(attr1, freqs, tmp1) {
3282                 n_channels++;
3283                 /*
3284                  * Some hardware has a limited channel list for
3285                  * scanning, and it is pretty much nonsensical
3286                  * to scan for a channel twice, so disallow that
3287                  * and don't require drivers to check that the
3288                  * channel list they get isn't longer than what
3289                  * they can scan, as long as they can scan all
3290                  * the channels they registered at once.
3291                  */
3292                 nla_for_each_nested(attr2, freqs, tmp2)
3293                         if (attr1 != attr2 &&
3294                             nla_get_u32(attr1) == nla_get_u32(attr2))
3295                                 return 0;
3296         }
3297
3298         return n_channels;
3299 }
3300
3301 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3302 {
3303         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3304         struct net_device *dev = info->user_ptr[1];
3305         struct cfg80211_scan_request *request;
3306         struct nlattr *attr;
3307         struct wiphy *wiphy;
3308         int err, tmp, n_ssids = 0, n_channels, i;
3309         enum ieee80211_band band;
3310         size_t ie_len;
3311
3312         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3313                 return -EINVAL;
3314
3315         wiphy = &rdev->wiphy;
3316
3317         if (!rdev->ops->scan)
3318                 return -EOPNOTSUPP;
3319
3320         if (rdev->scan_req)
3321                 return -EBUSY;
3322
3323         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3324                 n_channels = validate_scan_freqs(
3325                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3326                 if (!n_channels)
3327                         return -EINVAL;
3328         } else {
3329                 n_channels = 0;
3330
3331                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3332                         if (wiphy->bands[band])
3333                                 n_channels += wiphy->bands[band]->n_channels;
3334         }
3335
3336         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3337                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3338                         n_ssids++;
3339
3340         if (n_ssids > wiphy->max_scan_ssids)
3341                 return -EINVAL;
3342
3343         if (info->attrs[NL80211_ATTR_IE])
3344                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3345         else
3346                 ie_len = 0;
3347
3348         if (ie_len > wiphy->max_scan_ie_len)
3349                 return -EINVAL;
3350
3351         request = kzalloc(sizeof(*request)
3352                         + sizeof(*request->ssids) * n_ssids
3353                         + sizeof(*request->channels) * n_channels
3354                         + ie_len, GFP_KERNEL);
3355         if (!request)
3356                 return -ENOMEM;
3357
3358         if (n_ssids)
3359                 request->ssids = (void *)&request->channels[n_channels];
3360         request->n_ssids = n_ssids;
3361         if (ie_len) {
3362                 if (request->ssids)
3363                         request->ie = (void *)(request->ssids + n_ssids);
3364                 else
3365                         request->ie = (void *)(request->channels + n_channels);
3366         }
3367
3368         i = 0;
3369         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3370                 /* user specified, bail out if channel not found */
3371                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3372                         struct ieee80211_channel *chan;
3373
3374                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3375
3376                         if (!chan) {
3377                                 err = -EINVAL;
3378                                 goto out_free;
3379                         }
3380
3381                         /* ignore disabled channels */
3382                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3383                                 continue;
3384
3385                         request->channels[i] = chan;
3386                         i++;
3387                 }
3388         } else {
3389                 /* all channels */
3390                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3391                         int j;
3392                         if (!wiphy->bands[band])
3393                                 continue;
3394                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3395                                 struct ieee80211_channel *chan;
3396
3397                                 chan = &wiphy->bands[band]->channels[j];
3398
3399                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3400                                         continue;
3401
3402                                 request->channels[i] = chan;
3403                                 i++;
3404                         }
3405                 }
3406         }
3407
3408         if (!i) {
3409                 err = -EINVAL;
3410                 goto out_free;
3411         }
3412
3413         request->n_channels = i;
3414
3415         i = 0;
3416         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3417                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3418                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3419                                 err = -EINVAL;
3420                                 goto out_free;
3421                         }
3422                         request->ssids[i].ssid_len = nla_len(attr);
3423                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3424                         i++;
3425                 }
3426         }
3427
3428         if (info->attrs[NL80211_ATTR_IE]) {
3429                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3430                 memcpy((void *)request->ie,
3431                        nla_data(info->attrs[NL80211_ATTR_IE]),
3432                        request->ie_len);
3433         }
3434
3435         request->dev = dev;
3436         request->wiphy = &rdev->wiphy;
3437
3438         rdev->scan_req = request;
3439         err = rdev->ops->scan(&rdev->wiphy, dev, request);
3440
3441         if (!err) {
3442                 nl80211_send_scan_start(rdev, dev);
3443                 dev_hold(dev);
3444         } else {
3445  out_free:
3446                 rdev->scan_req = NULL;
3447                 kfree(request);
3448         }
3449
3450         return err;
3451 }
3452
3453 static int nl80211_start_sched_scan(struct sk_buff *skb,
3454                                     struct genl_info *info)
3455 {
3456         struct cfg80211_sched_scan_request *request;
3457         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3458         struct net_device *dev = info->user_ptr[1];
3459         struct nlattr *attr;
3460         struct wiphy *wiphy;
3461         int err, tmp, n_ssids = 0, n_channels, i;
3462         u32 interval;
3463         enum ieee80211_band band;
3464         size_t ie_len;
3465
3466         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3467             !rdev->ops->sched_scan_start)
3468                 return -EOPNOTSUPP;
3469
3470         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3471                 return -EINVAL;
3472
3473         if (rdev->sched_scan_req)
3474                 return -EINPROGRESS;
3475
3476         if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
3477                 return -EINVAL;
3478
3479         interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
3480         if (interval == 0)
3481                 return -EINVAL;
3482
3483         wiphy = &rdev->wiphy;
3484
3485         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3486                 n_channels = validate_scan_freqs(
3487                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3488                 if (!n_channels)
3489                         return -EINVAL;
3490         } else {
3491                 n_channels = 0;
3492
3493                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3494                         if (wiphy->bands[band])
3495                                 n_channels += wiphy->bands[band]->n_channels;
3496         }
3497
3498         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3499                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3500                                     tmp)
3501                         n_ssids++;
3502
3503         if (n_ssids > wiphy->max_scan_ssids)
3504                 return -EINVAL;
3505
3506         if (info->attrs[NL80211_ATTR_IE])
3507                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3508         else
3509                 ie_len = 0;
3510
3511         if (ie_len > wiphy->max_scan_ie_len)
3512                 return -EINVAL;
3513
3514         request = kzalloc(sizeof(*request)
3515                         + sizeof(*request->ssids) * n_ssids
3516                         + sizeof(*request->channels) * n_channels
3517                         + ie_len, GFP_KERNEL);
3518         if (!request)
3519                 return -ENOMEM;
3520
3521         if (n_ssids)
3522                 request->ssids = (void *)&request->channels[n_channels];
3523         request->n_ssids = n_ssids;
3524         if (ie_len) {
3525                 if (request->ssids)
3526                         request->ie = (void *)(request->ssids + n_ssids);
3527                 else
3528                         request->ie = (void *)(request->channels + n_channels);
3529         }
3530
3531         i = 0;
3532         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3533                 /* user specified, bail out if channel not found */
3534                 nla_for_each_nested(attr,
3535                                     info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
3536                                     tmp) {
3537                         struct ieee80211_channel *chan;
3538
3539                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3540
3541                         if (!chan) {
3542                                 err = -EINVAL;
3543                                 goto out_free;
3544                         }
3545
3546                         /* ignore disabled channels */
3547                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3548                                 continue;
3549
3550                         request->channels[i] = chan;
3551                         i++;
3552                 }
3553         } else {
3554                 /* all channels */
3555                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3556                         int j;
3557                         if (!wiphy->bands[band])
3558                                 continue;
3559                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3560                                 struct ieee80211_channel *chan;
3561
3562                                 chan = &wiphy->bands[band]->channels[j];
3563
3564                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3565                                         continue;
3566
3567                                 request->channels[i] = chan;
3568                                 i++;
3569                         }
3570                 }
3571         }
3572
3573         if (!i) {
3574                 err = -EINVAL;
3575                 goto out_free;
3576         }
3577
3578         request->n_channels = i;
3579
3580         i = 0;
3581         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3582                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3583                                     tmp) {
3584                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3585                                 err = -EINVAL;
3586                                 goto out_free;
3587                         }
3588                         request->ssids[i].ssid_len = nla_len(attr);
3589                         memcpy(request->ssids[i].ssid, nla_data(attr),
3590                                nla_len(attr));
3591                         i++;
3592                 }
3593         }
3594
3595         if (info->attrs[NL80211_ATTR_IE]) {
3596                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3597                 memcpy((void *)request->ie,
3598                        nla_data(info->attrs[NL80211_ATTR_IE]),
3599                        request->ie_len);
3600         }
3601
3602         request->dev = dev;
3603         request->wiphy = &rdev->wiphy;
3604         request->interval = interval;
3605
3606         err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
3607         if (!err) {
3608                 rdev->sched_scan_req = request;
3609                 nl80211_send_sched_scan(rdev, dev,
3610                                         NL80211_CMD_START_SCHED_SCAN);
3611                 goto out;
3612         }
3613
3614 out_free:
3615         kfree(request);
3616 out:
3617         return err;
3618 }
3619
3620 static int nl80211_stop_sched_scan(struct sk_buff *skb,
3621                                    struct genl_info *info)
3622 {
3623         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3624
3625         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3626             !rdev->ops->sched_scan_stop)
3627                 return -EOPNOTSUPP;
3628
3629         return __cfg80211_stop_sched_scan(rdev, false);
3630 }
3631
3632 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
3633                             u32 seq, int flags,
3634                             struct cfg80211_registered_device *rdev,
3635                             struct wireless_dev *wdev,
3636                             struct cfg80211_internal_bss *intbss)
3637 {
3638         struct cfg80211_bss *res = &intbss->pub;
3639         void *hdr;
3640         struct nlattr *bss;
3641         int i;
3642
3643         ASSERT_WDEV_LOCK(wdev);
3644
3645         hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags,
3646                              NL80211_CMD_NEW_SCAN_RESULTS);
3647         if (!hdr)
3648                 return -1;
3649
3650         genl_dump_check_consistent(cb, hdr, &nl80211_fam);
3651
3652         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
3653         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
3654
3655         bss = nla_nest_start(msg, NL80211_ATTR_BSS);
3656         if (!bss)
3657                 goto nla_put_failure;
3658         if (!is_zero_ether_addr(res->bssid))
3659                 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
3660         if (res->information_elements && res->len_information_elements)
3661                 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3662                         res->len_information_elements,
3663                         res->information_elements);
3664         if (res->beacon_ies && res->len_beacon_ies &&
3665             res->beacon_ies != res->information_elements)
3666                 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
3667                         res->len_beacon_ies, res->beacon_ies);
3668         if (res->tsf)
3669                 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3670         if (res->beacon_interval)
3671                 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3672         NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3673         NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3674         NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
3675                 jiffies_to_msecs(jiffies - intbss->ts));
3676
3677         switch (rdev->wiphy.signal_type) {
3678         case CFG80211_SIGNAL_TYPE_MBM:
3679                 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
3680                 break;
3681         case CFG80211_SIGNAL_TYPE_UNSPEC:
3682                 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
3683                 break;
3684         default:
3685                 break;
3686         }
3687
3688         switch (wdev->iftype) {
3689         case NL80211_IFTYPE_P2P_CLIENT:
3690         case NL80211_IFTYPE_STATION:
3691                 if (intbss == wdev->current_bss)
3692                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3693                                     NL80211_BSS_STATUS_ASSOCIATED);
3694                 else for (i = 0; i < MAX_AUTH_BSSES; i++) {
3695                         if (intbss != wdev->auth_bsses[i])
3696                                 continue;
3697                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3698                                     NL80211_BSS_STATUS_AUTHENTICATED);
3699                         break;
3700                 }
3701                 break;
3702         case NL80211_IFTYPE_ADHOC:
3703                 if (intbss == wdev->current_bss)
3704                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3705                                     NL80211_BSS_STATUS_IBSS_JOINED);
3706                 break;
3707         default:
3708                 break;
3709         }
3710
3711         nla_nest_end(msg, bss);
3712
3713         return genlmsg_end(msg, hdr);
3714
3715  nla_put_failure:
3716         genlmsg_cancel(msg, hdr);
3717         return -EMSGSIZE;
3718 }
3719
3720 static int nl80211_dump_scan(struct sk_buff *skb,
3721                              struct netlink_callback *cb)
3722 {
3723         struct cfg80211_registered_device *rdev;
3724         struct net_device *dev;
3725         struct cfg80211_internal_bss *scan;
3726         struct wireless_dev *wdev;
3727         int start = cb->args[1], idx = 0;
3728         int err;
3729
3730         err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
3731         if (err)
3732                 return err;
3733
3734         wdev = dev->ieee80211_ptr;
3735
3736         wdev_lock(wdev);
3737         spin_lock_bh(&rdev->bss_lock);
3738         cfg80211_bss_expire(rdev);
3739
3740         cb->seq = rdev->bss_generation;
3741
3742         list_for_each_entry(scan, &rdev->bss_list, list) {
3743                 if (++idx <= start)
3744                         continue;
3745                 if (nl80211_send_bss(skb, cb,
3746                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3747                                 rdev, wdev, scan) < 0) {
3748                         idx--;
3749                         break;
3750                 }
3751         }
3752
3753         spin_unlock_bh(&rdev->bss_lock);
3754         wdev_unlock(wdev);
3755
3756         cb->args[1] = idx;
3757         nl80211_finish_netdev_dump(rdev);
3758
3759         return skb->len;
3760 }
3761
3762 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
3763                                 int flags, struct net_device *dev,
3764                                 struct survey_info *survey)
3765 {
3766         void *hdr;
3767         struct nlattr *infoattr;
3768
3769         hdr = nl80211hdr_put(msg, pid, seq, flags,
3770                              NL80211_CMD_NEW_SURVEY_RESULTS);
3771         if (!hdr)
3772                 return -ENOMEM;
3773
3774         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3775
3776         infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
3777         if (!infoattr)
3778                 goto nla_put_failure;
3779
3780         NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
3781                     survey->channel->center_freq);
3782         if (survey->filled & SURVEY_INFO_NOISE_DBM)
3783                 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
3784                             survey->noise);
3785         if (survey->filled & SURVEY_INFO_IN_USE)
3786                 NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE);
3787         if (survey->filled & SURVEY_INFO_CHANNEL_TIME)
3788                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
3789                             survey->channel_time);
3790         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
3791                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
3792                             survey->channel_time_busy);
3793         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
3794                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
3795                             survey->channel_time_ext_busy);
3796         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX)
3797                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
3798                             survey->channel_time_rx);
3799         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX)
3800                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
3801                             survey->channel_time_tx);
3802
3803         nla_nest_end(msg, infoattr);
3804
3805         return genlmsg_end(msg, hdr);
3806
3807  nla_put_failure:
3808         genlmsg_cancel(msg, hdr);
3809         return -EMSGSIZE;
3810 }
3811
3812 static int nl80211_dump_survey(struct sk_buff *skb,
3813                         struct netlink_callback *cb)
3814 {
3815         struct survey_info survey;
3816         struct cfg80211_registered_device *dev;
3817         struct net_device *netdev;
3818         int survey_idx = cb->args[1];
3819         int res;
3820
3821         res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3822         if (res)
3823                 return res;
3824
3825         if (!dev->ops->dump_survey) {
3826                 res = -EOPNOTSUPP;
3827                 goto out_err;
3828         }
3829
3830         while (1) {
3831                 struct ieee80211_channel *chan;
3832
3833                 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
3834                                             &survey);
3835                 if (res == -ENOENT)
3836                         break;
3837                 if (res)
3838                         goto out_err;
3839
3840                 /* Survey without a channel doesn't make sense */
3841                 if (!survey.channel) {
3842                         res = -EINVAL;
3843                         goto out;
3844                 }
3845
3846                 chan = ieee80211_get_channel(&dev->wiphy,
3847                                              survey.channel->center_freq);
3848                 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
3849                         survey_idx++;
3850                         continue;
3851                 }
3852
3853                 if (nl80211_send_survey(skb,
3854                                 NETLINK_CB(cb->skb).pid,
3855                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3856                                 netdev,
3857                                 &survey) < 0)
3858                         goto out;
3859                 survey_idx++;
3860         }
3861
3862  out:
3863         cb->args[1] = survey_idx;
3864         res = skb->len;
3865  out_err:
3866         nl80211_finish_netdev_dump(dev);
3867         return res;
3868 }
3869
3870 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3871 {
3872         return auth_type <= NL80211_AUTHTYPE_MAX;
3873 }
3874
3875 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
3876 {
3877         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
3878                                   NL80211_WPA_VERSION_2));
3879 }
3880
3881 static bool nl80211_valid_akm_suite(u32 akm)
3882 {
3883         return akm == WLAN_AKM_SUITE_8021X ||
3884                 akm == WLAN_AKM_SUITE_PSK;
3885 }
3886
3887 static bool nl80211_valid_cipher_suite(u32 cipher)
3888 {
3889         return cipher == WLAN_CIPHER_SUITE_WEP40 ||
3890                 cipher == WLAN_CIPHER_SUITE_WEP104 ||
3891                 cipher == WLAN_CIPHER_SUITE_TKIP ||
3892                 cipher == WLAN_CIPHER_SUITE_CCMP ||
3893                 cipher == WLAN_CIPHER_SUITE_AES_CMAC;
3894 }
3895
3896
3897 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
3898 {
3899         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3900         struct net_device *dev = info->user_ptr[1];
3901         struct ieee80211_channel *chan;
3902         const u8 *bssid, *ssid, *ie = NULL;
3903         int err, ssid_len, ie_len = 0;
3904         enum nl80211_auth_type auth_type;
3905         struct key_parse key;
3906         bool local_state_change;
3907
3908         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3909                 return -EINVAL;
3910
3911         if (!info->attrs[NL80211_ATTR_MAC])
3912                 return -EINVAL;
3913
3914         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
3915                 return -EINVAL;
3916
3917         if (!info->attrs[NL80211_ATTR_SSID])
3918                 return -EINVAL;
3919
3920         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
3921                 return -EINVAL;
3922
3923         err = nl80211_parse_key(info, &key);
3924         if (err)
3925                 return err;
3926
3927         if (key.idx >= 0) {
3928                 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
3929                         return -EINVAL;
3930                 if (!key.p.key || !key.p.key_len)
3931                         return -EINVAL;
3932                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
3933                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
3934                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
3935                      key.p.key_len != WLAN_KEY_LEN_WEP104))
3936                         return -EINVAL;
3937                 if (key.idx > 4)
3938                         return -EINVAL;
3939         } else {
3940                 key.p.key_len = 0;
3941                 key.p.key = NULL;
3942         }
3943
3944         if (key.idx >= 0) {
3945                 int i;
3946                 bool ok = false;
3947                 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
3948                         if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
3949                                 ok = true;
3950                                 break;
3951                         }
3952                 }
3953                 if (!ok)
3954                         return -EINVAL;
3955         }
3956
3957         if (!rdev->ops->auth)
3958                 return -EOPNOTSUPP;
3959
3960         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3961             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
3962                 return -EOPNOTSUPP;
3963
3964         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3965         chan = ieee80211_get_channel(&rdev->wiphy,
3966                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3967         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
3968                 return -EINVAL;
3969
3970         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3971         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3972
3973         if (info->attrs[NL80211_ATTR_IE]) {
3974                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3975                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3976         }
3977
3978         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
3979         if (!nl80211_valid_auth_type(auth_type))
3980                 return -EINVAL;
3981
3982         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3983
3984         return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
3985                                   ssid, ssid_len, ie, ie_len,
3986                                   key.p.key, key.p.key_len, key.idx,
3987                                   local_state_change);
3988 }
3989
3990 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
3991                                    struct genl_info *info,
3992                                    struct cfg80211_crypto_settings *settings,
3993                                    int cipher_limit)
3994 {
3995         memset(settings, 0, sizeof(*settings));
3996
3997         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
3998
3999         if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
4000                 u16 proto;
4001                 proto = nla_get_u16(
4002                         info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
4003                 settings->control_port_ethertype = cpu_to_be16(proto);
4004                 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
4005                     proto != ETH_P_PAE)
4006                         return -EINVAL;
4007                 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
4008                         settings->control_port_no_encrypt = true;
4009         } else
4010                 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
4011
4012         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
4013                 void *data;
4014                 int len, i;
4015
4016                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4017                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4018                 settings->n_ciphers_pairwise = len / sizeof(u32);
4019
4020                 if (len % sizeof(u32))
4021                         return -EINVAL;
4022
4023                 if (settings->n_ciphers_pairwise > cipher_limit)
4024                         return -EINVAL;
4025
4026                 memcpy(settings->ciphers_pairwise, data, len);
4027
4028                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
4029                         if (!nl80211_valid_cipher_suite(
4030                                         settings->ciphers_pairwise[i]))
4031                                 return -EINVAL;
4032         }
4033
4034         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
4035                 settings->cipher_group =
4036                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
4037                 if (!nl80211_valid_cipher_suite(settings->cipher_group))
4038                         return -EINVAL;
4039         }
4040
4041         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
4042                 settings->wpa_versions =
4043                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
4044                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
4045                         return -EINVAL;
4046         }
4047
4048         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
4049                 void *data;
4050                 int len, i;
4051
4052                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
4053                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
4054                 settings->n_akm_suites = len / sizeof(u32);
4055
4056                 if (len % sizeof(u32))
4057                         return -EINVAL;
4058
4059                 memcpy(settings->akm_suites, data, len);
4060
4061                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
4062                         if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
4063                                 return -EINVAL;
4064         }
4065
4066         return 0;
4067 }
4068
4069 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
4070 {
4071         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4072         struct net_device *dev = info->user_ptr[1];
4073         struct cfg80211_crypto_settings crypto;
4074         struct ieee80211_channel *chan;
4075         const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
4076         int err, ssid_len, ie_len = 0;
4077         bool use_mfp = false;
4078
4079         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4080                 return -EINVAL;
4081
4082         if (!info->attrs[NL80211_ATTR_MAC] ||
4083             !info->attrs[NL80211_ATTR_SSID] ||
4084             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4085                 return -EINVAL;
4086
4087         if (!rdev->ops->assoc)
4088                 return -EOPNOTSUPP;
4089
4090         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4091             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4092                 return -EOPNOTSUPP;
4093
4094         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4095
4096         chan = ieee80211_get_channel(&rdev->wiphy,
4097                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4098         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4099                 return -EINVAL;
4100
4101         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4102         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4103
4104         if (info->attrs[NL80211_ATTR_IE]) {
4105                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4106                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4107         }
4108
4109         if (info->attrs[NL80211_ATTR_USE_MFP]) {
4110                 enum nl80211_mfp mfp =
4111                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
4112                 if (mfp == NL80211_MFP_REQUIRED)
4113                         use_mfp = true;
4114                 else if (mfp != NL80211_MFP_NO)
4115                         return -EINVAL;
4116         }
4117
4118         if (info->attrs[NL80211_ATTR_PREV_BSSID])
4119                 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
4120
4121         err = nl80211_crypto_settings(rdev, info, &crypto, 1);
4122         if (!err)
4123                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
4124                                           ssid, ssid_len, ie, ie_len, use_mfp,
4125                                           &crypto);
4126
4127         return err;
4128 }
4129
4130 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
4131 {
4132         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4133         struct net_device *dev = info->user_ptr[1];
4134         const u8 *ie = NULL, *bssid;
4135         int ie_len = 0;
4136         u16 reason_code;
4137         bool local_state_change;
4138
4139         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4140                 return -EINVAL;
4141
4142         if (!info->attrs[NL80211_ATTR_MAC])
4143                 return -EINVAL;
4144
4145         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4146                 return -EINVAL;
4147
4148         if (!rdev->ops->deauth)
4149                 return -EOPNOTSUPP;
4150
4151         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4152             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4153                 return -EOPNOTSUPP;
4154
4155         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4156
4157         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4158         if (reason_code == 0) {
4159                 /* Reason Code 0 is reserved */
4160                 return -EINVAL;
4161         }
4162
4163         if (info->attrs[NL80211_ATTR_IE]) {
4164                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4165                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4166         }
4167
4168         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4169
4170         return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
4171                                     local_state_change);
4172 }
4173
4174 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
4175 {
4176         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4177         struct net_device *dev = info->user_ptr[1];
4178         const u8 *ie = NULL, *bssid;
4179         int ie_len = 0;
4180         u16 reason_code;
4181         bool local_state_change;
4182
4183         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4184                 return -EINVAL;
4185
4186         if (!info->attrs[NL80211_ATTR_MAC])
4187                 return -EINVAL;
4188
4189         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4190                 return -EINVAL;
4191
4192         if (!rdev->ops->disassoc)
4193                 return -EOPNOTSUPP;
4194
4195         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4196             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4197                 return -EOPNOTSUPP;
4198
4199         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4200
4201         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4202         if (reason_code == 0) {
4203                 /* Reason Code 0 is reserved */
4204                 return -EINVAL;
4205         }
4206
4207         if (info->attrs[NL80211_ATTR_IE]) {
4208                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4209                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4210         }
4211
4212         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4213
4214         return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
4215                                       local_state_change);
4216 }
4217
4218 static bool
4219 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
4220                          int mcast_rate[IEEE80211_NUM_BANDS],
4221                          int rateval)
4222 {
4223         struct wiphy *wiphy = &rdev->wiphy;
4224         bool found = false;
4225         int band, i;
4226
4227         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4228                 struct ieee80211_supported_band *sband;
4229
4230                 sband = wiphy->bands[band];
4231                 if (!sband)
4232                         continue;
4233
4234                 for (i = 0; i < sband->n_bitrates; i++) {
4235                         if (sband->bitrates[i].bitrate == rateval) {
4236                                 mcast_rate[band] = i + 1;
4237                                 found = true;
4238                                 break;
4239                         }
4240                 }
4241         }
4242
4243         return found;
4244 }
4245
4246 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
4247 {
4248         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4249         struct net_device *dev = info->user_ptr[1];
4250         struct cfg80211_ibss_params ibss;
4251         struct wiphy *wiphy;
4252         struct cfg80211_cached_keys *connkeys = NULL;
4253         int err;
4254
4255         memset(&ibss, 0, sizeof(ibss));
4256
4257         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4258                 return -EINVAL;
4259
4260         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4261             !info->attrs[NL80211_ATTR_SSID] ||
4262             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4263                 return -EINVAL;
4264
4265         ibss.beacon_interval = 100;
4266
4267         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
4268                 ibss.beacon_interval =
4269                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4270                 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
4271                         return -EINVAL;
4272         }
4273
4274         if (!rdev->ops->join_ibss)
4275                 return -EOPNOTSUPP;
4276
4277         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4278                 return -EOPNOTSUPP;
4279
4280         wiphy = &rdev->wiphy;
4281
4282         if (info->attrs[NL80211_ATTR_MAC])
4283                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4284         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4285         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4286
4287         if (info->attrs[NL80211_ATTR_IE]) {
4288                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4289                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4290         }
4291
4292         ibss.channel = ieee80211_get_channel(wiphy,
4293                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4294         if (!ibss.channel ||
4295             ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4296             ibss.channel->flags & IEEE80211_CHAN_DISABLED)
4297                 return -EINVAL;
4298
4299         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4300         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4301
4302         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4303                 u8 *rates =
4304                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4305                 int n_rates =
4306                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4307                 struct ieee80211_supported_band *sband =
4308                         wiphy->bands[ibss.channel->band];
4309                 int i, j;
4310
4311                 if (n_rates == 0)
4312                         return -EINVAL;
4313
4314                 for (i = 0; i < n_rates; i++) {
4315                         int rate = (rates[i] & 0x7f) * 5;
4316                         bool found = false;
4317
4318                         for (j = 0; j < sband->n_bitrates; j++) {
4319                                 if (sband->bitrates[j].bitrate == rate) {
4320                                         found = true;
4321                                         ibss.basic_rates |= BIT(j);
4322                                         break;
4323                                 }
4324                         }
4325                         if (!found)
4326                                 return -EINVAL;
4327                 }
4328         }
4329
4330         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
4331             !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
4332                         nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
4333                 return -EINVAL;
4334
4335         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4336                 connkeys = nl80211_parse_connkeys(rdev,
4337                                         info->attrs[NL80211_ATTR_KEYS]);
4338                 if (IS_ERR(connkeys))
4339                         return PTR_ERR(connkeys);
4340         }
4341
4342         err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4343         if (err)
4344                 kfree(connkeys);
4345         return err;
4346 }
4347
4348 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4349 {
4350         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4351         struct net_device *dev = info->user_ptr[1];
4352
4353         if (!rdev->ops->leave_ibss)
4354                 return -EOPNOTSUPP;
4355
4356         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4357                 return -EOPNOTSUPP;
4358
4359         return cfg80211_leave_ibss(rdev, dev, false);
4360 }
4361
4362 #ifdef CONFIG_NL80211_TESTMODE
4363 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4364         .name = "testmode",
4365 };
4366
4367 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4368 {
4369         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4370         int err;
4371
4372         if (!info->attrs[NL80211_ATTR_TESTDATA])
4373                 return -EINVAL;
4374
4375         err = -EOPNOTSUPP;
4376         if (rdev->ops->testmode_cmd) {
4377                 rdev->testmode_info = info;
4378                 err = rdev->ops->testmode_cmd(&rdev->wiphy,
4379                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4380                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4381                 rdev->testmode_info = NULL;
4382         }
4383
4384         return err;
4385 }
4386
4387 static int nl80211_testmode_dump(struct sk_buff *skb,
4388                                  struct netlink_callback *cb)
4389 {
4390         struct cfg80211_registered_device *dev;
4391         int err;
4392         long phy_idx;
4393         void *data = NULL;
4394         int data_len = 0;
4395
4396         if (cb->args[0]) {
4397                 /*
4398                  * 0 is a valid index, but not valid for args[0],
4399                  * so we need to offset by 1.
4400                  */
4401                 phy_idx = cb->args[0] - 1;
4402         } else {
4403                 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
4404                                   nl80211_fam.attrbuf, nl80211_fam.maxattr,
4405                                   nl80211_policy);
4406                 if (err)
4407                         return err;
4408                 if (!nl80211_fam.attrbuf[NL80211_ATTR_WIPHY])
4409                         return -EINVAL;
4410                 phy_idx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]);
4411                 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
4412                         cb->args[1] =
4413                                 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
4414         }
4415
4416         if (cb->args[1]) {
4417                 data = nla_data((void *)cb->args[1]);
4418                 data_len = nla_len((void *)cb->args[1]);
4419         }
4420
4421         mutex_lock(&cfg80211_mutex);
4422         dev = cfg80211_rdev_by_wiphy_idx(phy_idx);
4423         if (!dev) {
4424                 mutex_unlock(&cfg80211_mutex);
4425                 return -ENOENT;
4426         }
4427         cfg80211_lock_rdev(dev);
4428         mutex_unlock(&cfg80211_mutex);
4429
4430         if (!dev->ops->testmode_dump) {
4431                 err = -EOPNOTSUPP;
4432                 goto out_err;
4433         }
4434
4435         while (1) {
4436                 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid,
4437                                            cb->nlh->nlmsg_seq, NLM_F_MULTI,
4438                                            NL80211_CMD_TESTMODE);
4439                 struct nlattr *tmdata;
4440
4441                 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, dev->wiphy_idx) < 0) {
4442                         genlmsg_cancel(skb, hdr);
4443                         break;
4444                 }
4445
4446                 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4447                 if (!tmdata) {
4448                         genlmsg_cancel(skb, hdr);
4449                         break;
4450                 }
4451                 err = dev->ops->testmode_dump(&dev->wiphy, skb, cb,
4452                                               data, data_len);
4453                 nla_nest_end(skb, tmdata);
4454
4455                 if (err == -ENOBUFS || err == -ENOENT) {
4456                         genlmsg_cancel(skb, hdr);
4457                         break;
4458                 } else if (err) {
4459                         genlmsg_cancel(skb, hdr);
4460                         goto out_err;
4461                 }
4462
4463                 genlmsg_end(skb, hdr);
4464         }
4465
4466         err = skb->len;
4467         /* see above */
4468         cb->args[0] = phy_idx + 1;
4469  out_err:
4470         cfg80211_unlock_rdev(dev);
4471         return err;
4472 }
4473
4474 static struct sk_buff *
4475 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
4476                               int approxlen, u32 pid, u32 seq, gfp_t gfp)
4477 {
4478         struct sk_buff *skb;
4479         void *hdr;
4480         struct nlattr *data;
4481
4482         skb = nlmsg_new(approxlen + 100, gfp);
4483         if (!skb)
4484                 return NULL;
4485
4486         hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
4487         if (!hdr) {
4488                 kfree_skb(skb);
4489                 return NULL;
4490         }
4491
4492         NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4493         data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4494
4495         ((void **)skb->cb)[0] = rdev;
4496         ((void **)skb->cb)[1] = hdr;
4497         ((void **)skb->cb)[2] = data;
4498
4499         return skb;
4500
4501  nla_put_failure:
4502         kfree_skb(skb);
4503         return NULL;
4504 }
4505
4506 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
4507                                                   int approxlen)
4508 {
4509         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4510
4511         if (WARN_ON(!rdev->testmode_info))
4512                 return NULL;
4513
4514         return __cfg80211_testmode_alloc_skb(rdev, approxlen,
4515                                 rdev->testmode_info->snd_pid,
4516                                 rdev->testmode_info->snd_seq,
4517                                 GFP_KERNEL);
4518 }
4519 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
4520
4521 int cfg80211_testmode_reply(struct sk_buff *skb)
4522 {
4523         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
4524         void *hdr = ((void **)skb->cb)[1];
4525         struct nlattr *data = ((void **)skb->cb)[2];
4526
4527         if (WARN_ON(!rdev->testmode_info)) {
4528                 kfree_skb(skb);
4529                 return -EINVAL;
4530         }
4531
4532         nla_nest_end(skb, data);
4533         genlmsg_end(skb, hdr);
4534         return genlmsg_reply(skb, rdev->testmode_info);
4535 }
4536 EXPORT_SYMBOL(cfg80211_testmode_reply);
4537
4538 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
4539                                                   int approxlen, gfp_t gfp)
4540 {
4541         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4542
4543         return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
4544 }
4545 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
4546
4547 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
4548 {
4549         void *hdr = ((void **)skb->cb)[1];
4550         struct nlattr *data = ((void **)skb->cb)[2];
4551
4552         nla_nest_end(skb, data);
4553         genlmsg_end(skb, hdr);
4554         genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
4555 }
4556 EXPORT_SYMBOL(cfg80211_testmode_event);
4557 #endif
4558
4559 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
4560 {
4561         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4562         struct net_device *dev = info->user_ptr[1];
4563         struct cfg80211_connect_params connect;
4564         struct wiphy *wiphy;
4565         struct cfg80211_cached_keys *connkeys = NULL;
4566         int err;
4567
4568         memset(&connect, 0, sizeof(connect));
4569
4570         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4571                 return -EINVAL;
4572
4573         if (!info->attrs[NL80211_ATTR_SSID] ||
4574             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4575                 return -EINVAL;
4576
4577         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4578                 connect.auth_type =
4579                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4580                 if (!nl80211_valid_auth_type(connect.auth_type))
4581                         return -EINVAL;
4582         } else
4583                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4584
4585         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
4586
4587         err = nl80211_crypto_settings(rdev, info, &connect.crypto,
4588                                       NL80211_MAX_NR_CIPHER_SUITES);
4589         if (err)
4590                 return err;
4591
4592         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4593             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4594                 return -EOPNOTSUPP;
4595
4596         wiphy = &rdev->wiphy;
4597
4598         if (info->attrs[NL80211_ATTR_MAC])
4599                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4600         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4601         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4602
4603         if (info->attrs[NL80211_ATTR_IE]) {
4604                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4605                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4606         }
4607
4608         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4609                 connect.channel =
4610                         ieee80211_get_channel(wiphy,
4611                             nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4612                 if (!connect.channel ||
4613                     connect.channel->flags & IEEE80211_CHAN_DISABLED)
4614                         return -EINVAL;
4615         }
4616
4617         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4618                 connkeys = nl80211_parse_connkeys(rdev,
4619                                         info->attrs[NL80211_ATTR_KEYS]);
4620                 if (IS_ERR(connkeys))
4621                         return PTR_ERR(connkeys);
4622         }
4623
4624         err = cfg80211_connect(rdev, dev, &connect, connkeys);
4625         if (err)
4626                 kfree(connkeys);
4627         return err;
4628 }
4629
4630 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
4631 {
4632         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4633         struct net_device *dev = info->user_ptr[1];
4634         u16 reason;
4635
4636         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4637                 reason = WLAN_REASON_DEAUTH_LEAVING;
4638         else
4639                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4640
4641         if (reason == 0)
4642                 return -EINVAL;
4643
4644         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4645             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4646                 return -EOPNOTSUPP;
4647
4648         return cfg80211_disconnect(rdev, dev, reason, true);
4649 }
4650
4651 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4652 {
4653         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4654         struct net *net;
4655         int err;
4656         u32 pid;
4657
4658         if (!info->attrs[NL80211_ATTR_PID])
4659                 return -EINVAL;
4660
4661         pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
4662
4663         net = get_net_ns_by_pid(pid);
4664         if (IS_ERR(net))
4665                 return PTR_ERR(net);
4666
4667         err = 0;
4668
4669         /* check if anything to do */
4670         if (!net_eq(wiphy_net(&rdev->wiphy), net))
4671                 err = cfg80211_switch_netns(rdev, net);
4672
4673         put_net(net);
4674         return err;
4675 }
4676
4677 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
4678 {
4679         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4680         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
4681                         struct cfg80211_pmksa *pmksa) = NULL;
4682         struct net_device *dev = info->user_ptr[1];
4683         struct cfg80211_pmksa pmksa;
4684
4685         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
4686
4687         if (!info->attrs[NL80211_ATTR_MAC])
4688                 return -EINVAL;
4689
4690         if (!info->attrs[NL80211_ATTR_PMKID])
4691                 return -EINVAL;
4692
4693         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
4694         pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4695
4696         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4697             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4698                 return -EOPNOTSUPP;
4699
4700         switch (info->genlhdr->cmd) {
4701         case NL80211_CMD_SET_PMKSA:
4702                 rdev_ops = rdev->ops->set_pmksa;
4703                 break;
4704         case NL80211_CMD_DEL_PMKSA:
4705                 rdev_ops = rdev->ops->del_pmksa;
4706                 break;
4707         default:
4708                 WARN_ON(1);
4709                 break;
4710         }
4711
4712         if (!rdev_ops)
4713                 return -EOPNOTSUPP;
4714
4715         return rdev_ops(&rdev->wiphy, dev, &pmksa);
4716 }
4717
4718 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4719 {
4720         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4721         struct net_device *dev = info->user_ptr[1];
4722
4723         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4724             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4725                 return -EOPNOTSUPP;
4726
4727         if (!rdev->ops->flush_pmksa)
4728                 return -EOPNOTSUPP;
4729
4730         return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4731 }
4732
4733 static int nl80211_remain_on_channel(struct sk_buff *skb,
4734                                      struct genl_info *info)
4735 {
4736         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4737         struct net_device *dev = info->user_ptr[1];
4738         struct ieee80211_channel *chan;
4739         struct sk_buff *msg;
4740         void *hdr;
4741         u64 cookie;
4742         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4743         u32 freq, duration;
4744         int err;
4745
4746         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4747             !info->attrs[NL80211_ATTR_DURATION])
4748                 return -EINVAL;
4749
4750         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4751
4752         /*
4753          * We should be on that channel for at least one jiffie,
4754          * and more than 5 seconds seems excessive.
4755          */
4756         if (!duration || !msecs_to_jiffies(duration) ||
4757             duration > rdev->wiphy.max_remain_on_channel_duration)
4758                 return -EINVAL;
4759
4760         if (!rdev->ops->remain_on_channel)
4761                 return -EOPNOTSUPP;
4762
4763         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4764                 channel_type = nla_get_u32(
4765                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4766                 if (channel_type != NL80211_CHAN_NO_HT &&
4767                     channel_type != NL80211_CHAN_HT20 &&
4768                     channel_type != NL80211_CHAN_HT40PLUS &&
4769                     channel_type != NL80211_CHAN_HT40MINUS)
4770                         return -EINVAL;
4771         }
4772
4773         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4774         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4775         if (chan == NULL)
4776                 return -EINVAL;
4777
4778         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4779         if (!msg)
4780                 return -ENOMEM;
4781
4782         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4783                              NL80211_CMD_REMAIN_ON_CHANNEL);
4784
4785         if (IS_ERR(hdr)) {
4786                 err = PTR_ERR(hdr);
4787                 goto free_msg;
4788         }
4789
4790         err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
4791                                            channel_type, duration, &cookie);
4792
4793         if (err)
4794                 goto free_msg;
4795
4796         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4797
4798         genlmsg_end(msg, hdr);
4799
4800         return genlmsg_reply(msg, info);
4801
4802  nla_put_failure:
4803         err = -ENOBUFS;
4804  free_msg:
4805         nlmsg_free(msg);
4806         return err;
4807 }
4808
4809 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
4810                                             struct genl_info *info)
4811 {
4812         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4813         struct net_device *dev = info->user_ptr[1];
4814         u64 cookie;
4815
4816         if (!info->attrs[NL80211_ATTR_COOKIE])
4817                 return -EINVAL;
4818
4819         if (!rdev->ops->cancel_remain_on_channel)
4820                 return -EOPNOTSUPP;
4821
4822         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
4823
4824         return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
4825 }
4826
4827 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4828                            u8 *rates, u8 rates_len)
4829 {
4830         u8 i;
4831         u32 mask = 0;
4832
4833         for (i = 0; i < rates_len; i++) {
4834                 int rate = (rates[i] & 0x7f) * 5;
4835                 int ridx;
4836                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4837                         struct ieee80211_rate *srate =
4838                                 &sband->bitrates[ridx];
4839                         if (rate == srate->bitrate) {
4840                                 mask |= 1 << ridx;
4841                                 break;
4842                         }
4843                 }
4844                 if (ridx == sband->n_bitrates)
4845                         return 0; /* rate not found */
4846         }
4847
4848         return mask;
4849 }
4850
4851 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4852         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4853                                     .len = NL80211_MAX_SUPP_RATES },
4854 };
4855
4856 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
4857                                        struct genl_info *info)
4858 {
4859         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4860         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4861         struct cfg80211_bitrate_mask mask;
4862         int rem, i;
4863         struct net_device *dev = info->user_ptr[1];
4864         struct nlattr *tx_rates;
4865         struct ieee80211_supported_band *sband;
4866
4867         if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
4868                 return -EINVAL;
4869
4870         if (!rdev->ops->set_bitrate_mask)
4871                 return -EOPNOTSUPP;
4872
4873         memset(&mask, 0, sizeof(mask));
4874         /* Default to all rates enabled */
4875         for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
4876                 sband = rdev->wiphy.bands[i];
4877                 mask.control[i].legacy =
4878                         sband ? (1 << sband->n_bitrates) - 1 : 0;
4879         }
4880
4881         /*
4882          * The nested attribute uses enum nl80211_band as the index. This maps
4883          * directly to the enum ieee80211_band values used in cfg80211.
4884          */
4885         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
4886         {
4887                 enum ieee80211_band band = nla_type(tx_rates);
4888                 if (band < 0 || band >= IEEE80211_NUM_BANDS)
4889                         return -EINVAL;
4890                 sband = rdev->wiphy.bands[band];
4891                 if (sband == NULL)
4892                         return -EINVAL;
4893                 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
4894                           nla_len(tx_rates), nl80211_txattr_policy);
4895                 if (tb[NL80211_TXRATE_LEGACY]) {
4896                         mask.control[band].legacy = rateset_to_mask(
4897                                 sband,
4898                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
4899                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
4900                         if (mask.control[band].legacy == 0)
4901                                 return -EINVAL;
4902                 }
4903         }
4904
4905         return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
4906 }
4907
4908 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
4909 {
4910         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4911         struct net_device *dev = info->user_ptr[1];
4912         u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
4913
4914         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
4915                 return -EINVAL;
4916
4917         if (info->attrs[NL80211_ATTR_FRAME_TYPE])
4918                 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
4919
4920         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4921             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4922             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
4923             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4924             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4925             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4926             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4927                 return -EOPNOTSUPP;
4928
4929         /* not much point in registering if we can't reply */
4930         if (!rdev->ops->mgmt_tx)
4931                 return -EOPNOTSUPP;
4932
4933         return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
4934                         frame_type,
4935                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
4936                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
4937 }
4938
4939 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
4940 {
4941         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4942         struct net_device *dev = info->user_ptr[1];
4943         struct ieee80211_channel *chan;
4944         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4945         bool channel_type_valid = false;
4946         u32 freq;
4947         int err;
4948         void *hdr;
4949         u64 cookie;
4950         struct sk_buff *msg;
4951         unsigned int wait = 0;
4952         bool offchan;
4953
4954         if (!info->attrs[NL80211_ATTR_FRAME] ||
4955             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4956                 return -EINVAL;
4957
4958         if (!rdev->ops->mgmt_tx)
4959                 return -EOPNOTSUPP;
4960
4961         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4962             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4963             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
4964             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4965             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4966             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4967             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4968                 return -EOPNOTSUPP;
4969
4970         if (info->attrs[NL80211_ATTR_DURATION]) {
4971                 if (!rdev->ops->mgmt_tx_cancel_wait)
4972                         return -EINVAL;
4973                 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4974         }
4975
4976         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4977                 channel_type = nla_get_u32(
4978                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4979                 if (channel_type != NL80211_CHAN_NO_HT &&
4980                     channel_type != NL80211_CHAN_HT20 &&
4981                     channel_type != NL80211_CHAN_HT40PLUS &&
4982                     channel_type != NL80211_CHAN_HT40MINUS)
4983                         return -EINVAL;
4984                 channel_type_valid = true;
4985         }
4986
4987         offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
4988
4989         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4990         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4991         if (chan == NULL)
4992                 return -EINVAL;
4993
4994         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4995         if (!msg)
4996                 return -ENOMEM;
4997
4998         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4999                              NL80211_CMD_FRAME);
5000
5001         if (IS_ERR(hdr)) {
5002                 err = PTR_ERR(hdr);
5003                 goto free_msg;
5004         }
5005         err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type,
5006                                     channel_type_valid, wait,
5007                                     nla_data(info->attrs[NL80211_ATTR_FRAME]),
5008                                     nla_len(info->attrs[NL80211_ATTR_FRAME]),
5009                                     &cookie);
5010         if (err)
5011                 goto free_msg;
5012
5013         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5014
5015         genlmsg_end(msg, hdr);
5016         return genlmsg_reply(msg, info);
5017
5018  nla_put_failure:
5019         err = -ENOBUFS;
5020  free_msg:
5021         nlmsg_free(msg);
5022         return err;
5023 }
5024
5025 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
5026 {
5027         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5028         struct net_device *dev = info->user_ptr[1];
5029         u64 cookie;
5030
5031         if (!info->attrs[NL80211_ATTR_COOKIE])
5032                 return -EINVAL;
5033
5034         if (!rdev->ops->mgmt_tx_cancel_wait)
5035                 return -EOPNOTSUPP;
5036
5037         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5038             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5039             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5040             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5041             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5042             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5043                 return -EOPNOTSUPP;
5044
5045         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5046
5047         return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie);
5048 }
5049
5050 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
5051 {
5052         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5053         struct wireless_dev *wdev;
5054         struct net_device *dev = info->user_ptr[1];
5055         u8 ps_state;
5056         bool state;
5057         int err;
5058
5059         if (!info->attrs[NL80211_ATTR_PS_STATE])
5060                 return -EINVAL;
5061
5062         ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
5063
5064         if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
5065                 return -EINVAL;
5066
5067         wdev = dev->ieee80211_ptr;
5068
5069         if (!rdev->ops->set_power_mgmt)
5070                 return -EOPNOTSUPP;
5071
5072         state = (ps_state == NL80211_PS_ENABLED) ? true : false;
5073
5074         if (state == wdev->ps)
5075                 return 0;
5076
5077         err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state,
5078                                         wdev->ps_timeout);
5079         if (!err)
5080                 wdev->ps = state;
5081         return err;
5082 }
5083
5084 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5085 {
5086         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5087         enum nl80211_ps_state ps_state;
5088         struct wireless_dev *wdev;
5089         struct net_device *dev = info->user_ptr[1];
5090         struct sk_buff *msg;
5091         void *hdr;
5092         int err;
5093
5094         wdev = dev->ieee80211_ptr;
5095
5096         if (!rdev->ops->set_power_mgmt)
5097                 return -EOPNOTSUPP;
5098
5099         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5100         if (!msg)
5101                 return -ENOMEM;
5102
5103         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5104                              NL80211_CMD_GET_POWER_SAVE);
5105         if (!hdr) {
5106                 err = -ENOBUFS;
5107                 goto free_msg;
5108         }
5109
5110         if (wdev->ps)
5111                 ps_state = NL80211_PS_ENABLED;
5112         else
5113                 ps_state = NL80211_PS_DISABLED;
5114
5115         NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
5116
5117         genlmsg_end(msg, hdr);
5118         return genlmsg_reply(msg, info);
5119
5120  nla_put_failure:
5121         err = -ENOBUFS;
5122  free_msg:
5123         nlmsg_free(msg);
5124         return err;
5125 }
5126
5127 static struct nla_policy
5128 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5129         [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5130         [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5131         [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5132 };
5133
5134 static int nl80211_set_cqm_rssi(struct genl_info *info,
5135                                 s32 threshold, u32 hysteresis)
5136 {
5137         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5138         struct wireless_dev *wdev;
5139         struct net_device *dev = info->user_ptr[1];
5140
5141         if (threshold > 0)
5142                 return -EINVAL;
5143
5144         wdev = dev->ieee80211_ptr;
5145
5146         if (!rdev->ops->set_cqm_rssi_config)
5147                 return -EOPNOTSUPP;
5148
5149         if (wdev->iftype != NL80211_IFTYPE_STATION &&
5150             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
5151                 return -EOPNOTSUPP;
5152
5153         return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5154                                               threshold, hysteresis);
5155 }
5156
5157 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5158 {
5159         struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5160         struct nlattr *cqm;
5161         int err;
5162
5163         cqm = info->attrs[NL80211_ATTR_CQM];
5164         if (!cqm) {
5165                 err = -EINVAL;
5166                 goto out;
5167         }
5168
5169         err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5170                                nl80211_attr_cqm_policy);
5171         if (err)
5172                 goto out;
5173
5174         if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5175             attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5176                 s32 threshold;
5177                 u32 hysteresis;
5178                 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5179                 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5180                 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5181         } else
5182                 err = -EINVAL;
5183
5184 out:
5185         return err;
5186 }
5187
5188 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
5189 {
5190         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5191         struct net_device *dev = info->user_ptr[1];
5192         struct mesh_config cfg;
5193         struct mesh_setup setup;
5194         int err;
5195
5196         /* start with default */
5197         memcpy(&cfg, &default_mesh_config, sizeof(cfg));
5198         memcpy(&setup, &default_mesh_setup, sizeof(setup));
5199
5200         if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
5201                 /* and parse parameters if given */
5202                 err = nl80211_parse_mesh_config(info, &cfg, NULL);
5203                 if (err)
5204                         return err;
5205         }
5206
5207         if (!info->attrs[NL80211_ATTR_MESH_ID] ||
5208             !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
5209                 return -EINVAL;
5210
5211         setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
5212         setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5213
5214         if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
5215                 /* parse additional setup parameters if given */
5216                 err = nl80211_parse_mesh_setup(info, &setup);
5217                 if (err)
5218                         return err;
5219         }
5220
5221         return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
5222 }
5223
5224 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
5225 {
5226         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5227         struct net_device *dev = info->user_ptr[1];
5228
5229         return cfg80211_leave_mesh(rdev, dev);
5230 }
5231
5232 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
5233 {
5234         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5235         struct sk_buff *msg;
5236         void *hdr;
5237
5238         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5239                 return -EOPNOTSUPP;
5240
5241         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5242         if (!msg)
5243                 return -ENOMEM;
5244
5245         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5246                              NL80211_CMD_GET_WOWLAN);
5247         if (!hdr)
5248                 goto nla_put_failure;
5249
5250         if (rdev->wowlan) {
5251                 struct nlattr *nl_wowlan;
5252
5253                 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
5254                 if (!nl_wowlan)
5255                         goto nla_put_failure;
5256
5257                 if (rdev->wowlan->any)
5258                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
5259                 if (rdev->wowlan->disconnect)
5260                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
5261                 if (rdev->wowlan->magic_pkt)
5262                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
5263                 if (rdev->wowlan->n_patterns) {
5264                         struct nlattr *nl_pats, *nl_pat;
5265                         int i, pat_len;
5266
5267                         nl_pats = nla_nest_start(msg,
5268                                         NL80211_WOWLAN_TRIG_PKT_PATTERN);
5269                         if (!nl_pats)
5270                                 goto nla_put_failure;
5271
5272                         for (i = 0; i < rdev->wowlan->n_patterns; i++) {
5273                                 nl_pat = nla_nest_start(msg, i + 1);
5274                                 if (!nl_pat)
5275                                         goto nla_put_failure;
5276                                 pat_len = rdev->wowlan->patterns[i].pattern_len;
5277                                 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_MASK,
5278                                         DIV_ROUND_UP(pat_len, 8),
5279                                         rdev->wowlan->patterns[i].mask);
5280                                 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
5281                                         pat_len,
5282                                         rdev->wowlan->patterns[i].pattern);
5283                                 nla_nest_end(msg, nl_pat);
5284                         }
5285                         nla_nest_end(msg, nl_pats);
5286                 }
5287
5288                 nla_nest_end(msg, nl_wowlan);
5289         }
5290
5291         genlmsg_end(msg, hdr);
5292         return genlmsg_reply(msg, info);
5293
5294 nla_put_failure:
5295         nlmsg_free(msg);
5296         return -ENOBUFS;
5297 }
5298
5299 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
5300 {
5301         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5302         struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
5303         struct cfg80211_wowlan no_triggers = {};
5304         struct cfg80211_wowlan new_triggers = {};
5305         struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
5306         int err, i;
5307
5308         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5309                 return -EOPNOTSUPP;
5310
5311         if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS])
5312                 goto no_triggers;
5313
5314         err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
5315                         nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5316                         nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5317                         nl80211_wowlan_policy);
5318         if (err)
5319                 return err;
5320
5321         if (tb[NL80211_WOWLAN_TRIG_ANY]) {
5322                 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
5323                         return -EINVAL;
5324                 new_triggers.any = true;
5325         }
5326
5327         if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
5328                 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
5329                         return -EINVAL;
5330                 new_triggers.disconnect = true;
5331         }
5332
5333         if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
5334                 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
5335                         return -EINVAL;
5336                 new_triggers.magic_pkt = true;
5337         }
5338
5339         if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
5340                 struct nlattr *pat;
5341                 int n_patterns = 0;
5342                 int rem, pat_len, mask_len;
5343                 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
5344
5345                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
5346                                     rem)
5347                         n_patterns++;
5348                 if (n_patterns > wowlan->n_patterns)
5349                         return -EINVAL;
5350
5351                 new_triggers.patterns = kcalloc(n_patterns,
5352                                                 sizeof(new_triggers.patterns[0]),
5353                                                 GFP_KERNEL);
5354                 if (!new_triggers.patterns)
5355                         return -ENOMEM;
5356
5357                 new_triggers.n_patterns = n_patterns;
5358                 i = 0;
5359
5360                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
5361                                     rem) {
5362                         nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
5363                                   nla_data(pat), nla_len(pat), NULL);
5364                         err = -EINVAL;
5365                         if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
5366                             !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
5367                                 goto error;
5368                         pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
5369                         mask_len = DIV_ROUND_UP(pat_len, 8);
5370                         if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
5371                             mask_len)
5372                                 goto error;
5373                         if (pat_len > wowlan->pattern_max_len ||
5374                             pat_len < wowlan->pattern_min_len)
5375                                 goto error;
5376
5377                         new_triggers.patterns[i].mask =
5378                                 kmalloc(mask_len + pat_len, GFP_KERNEL);
5379                         if (!new_triggers.patterns[i].mask) {
5380                                 err = -ENOMEM;
5381                                 goto error;
5382                         }
5383                         new_triggers.patterns[i].pattern =
5384                                 new_triggers.patterns[i].mask + mask_len;
5385                         memcpy(new_triggers.patterns[i].mask,
5386                                nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
5387                                mask_len);
5388                         new_triggers.patterns[i].pattern_len = pat_len;
5389                         memcpy(new_triggers.patterns[i].pattern,
5390                                nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
5391                                pat_len);
5392                         i++;
5393                 }
5394         }
5395
5396         if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) {
5397                 struct cfg80211_wowlan *ntrig;
5398                 ntrig = kmemdup(&new_triggers, sizeof(new_triggers),
5399                                 GFP_KERNEL);
5400                 if (!ntrig) {
5401                         err = -ENOMEM;
5402                         goto error;
5403                 }
5404                 cfg80211_rdev_free_wowlan(rdev);
5405                 rdev->wowlan = ntrig;
5406         } else {
5407  no_triggers:
5408                 cfg80211_rdev_free_wowlan(rdev);
5409                 rdev->wowlan = NULL;
5410         }
5411
5412         return 0;
5413  error:
5414         for (i = 0; i < new_triggers.n_patterns; i++)
5415                 kfree(new_triggers.patterns[i].mask);
5416         kfree(new_triggers.patterns);
5417         return err;
5418 }
5419
5420 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
5421 {
5422         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5423         struct net_device *dev = info->user_ptr[1];
5424         struct wireless_dev *wdev = dev->ieee80211_ptr;
5425         struct nlattr *tb[NUM_NL80211_REKEY_DATA];
5426         struct cfg80211_gtk_rekey_data rekey_data;
5427         int err;
5428
5429         if (!info->attrs[NL80211_ATTR_REKEY_DATA])
5430                 return -EINVAL;
5431
5432         err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
5433                         nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
5434                         nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
5435                         nl80211_rekey_policy);
5436         if (err)
5437                 return err;
5438
5439         if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
5440                 return -ERANGE;
5441         if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
5442                 return -ERANGE;
5443         if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
5444                 return -ERANGE;
5445
5446         memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
5447                NL80211_KEK_LEN);
5448         memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
5449                NL80211_KCK_LEN);
5450         memcpy(rekey_data.replay_ctr,
5451                nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
5452                NL80211_REPLAY_CTR_LEN);
5453
5454         wdev_lock(wdev);
5455         if (!wdev->current_bss) {
5456                 err = -ENOTCONN;
5457                 goto out;
5458         }
5459
5460         if (!rdev->ops->set_rekey_data) {
5461                 err = -EOPNOTSUPP;
5462                 goto out;
5463         }
5464
5465         err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data);
5466  out:
5467         wdev_unlock(wdev);
5468         return err;
5469 }
5470
5471 #define NL80211_FLAG_NEED_WIPHY         0x01
5472 #define NL80211_FLAG_NEED_NETDEV        0x02
5473 #define NL80211_FLAG_NEED_RTNL          0x04
5474 #define NL80211_FLAG_CHECK_NETDEV_UP    0x08
5475 #define NL80211_FLAG_NEED_NETDEV_UP     (NL80211_FLAG_NEED_NETDEV |\
5476                                          NL80211_FLAG_CHECK_NETDEV_UP)
5477
5478 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
5479                             struct genl_info *info)
5480 {
5481         struct cfg80211_registered_device *rdev;
5482         struct net_device *dev;
5483         int err;
5484         bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
5485
5486         if (rtnl)
5487                 rtnl_lock();
5488
5489         if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
5490                 rdev = cfg80211_get_dev_from_info(info);
5491                 if (IS_ERR(rdev)) {
5492                         if (rtnl)
5493                                 rtnl_unlock();
5494                         return PTR_ERR(rdev);
5495                 }
5496                 info->user_ptr[0] = rdev;
5497         } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
5498                 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
5499                 if (err) {
5500                         if (rtnl)
5501                                 rtnl_unlock();
5502                         return err;
5503                 }
5504                 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
5505                     !netif_running(dev)) {
5506                         cfg80211_unlock_rdev(rdev);
5507                         dev_put(dev);
5508                         if (rtnl)
5509                                 rtnl_unlock();
5510                         return -ENETDOWN;
5511                 }
5512                 info->user_ptr[0] = rdev;
5513                 info->user_ptr[1] = dev;
5514         }
5515
5516         return 0;
5517 }
5518
5519 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
5520                               struct genl_info *info)
5521 {
5522         if (info->user_ptr[0])
5523                 cfg80211_unlock_rdev(info->user_ptr[0]);
5524         if (info->user_ptr[1])
5525                 dev_put(info->user_ptr[1]);
5526         if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
5527                 rtnl_unlock();
5528 }
5529
5530 static struct genl_ops nl80211_ops[] = {
5531         {
5532                 .cmd = NL80211_CMD_GET_WIPHY,
5533                 .doit = nl80211_get_wiphy,
5534                 .dumpit = nl80211_dump_wiphy,
5535                 .policy = nl80211_policy,
5536                 /* can be retrieved by unprivileged users */
5537                 .internal_flags = NL80211_FLAG_NEED_WIPHY,
5538         },
5539         {
5540                 .cmd = NL80211_CMD_SET_WIPHY,
5541                 .doit = nl80211_set_wiphy,
5542                 .policy = nl80211_policy,
5543                 .flags = GENL_ADMIN_PERM,
5544                 .internal_flags = NL80211_FLAG_NEED_RTNL,
5545         },
5546         {
5547                 .cmd = NL80211_CMD_GET_INTERFACE,
5548                 .doit = nl80211_get_interface,
5549                 .dumpit = nl80211_dump_interface,
5550                 .policy = nl80211_policy,
5551                 /* can be retrieved by unprivileged users */
5552                 .internal_flags = NL80211_FLAG_NEED_NETDEV,
5553         },
5554         {
5555                 .cmd = NL80211_CMD_SET_INTERFACE,
5556                 .doit = nl80211_set_interface,
5557                 .policy = nl80211_policy,
5558                 .flags = GENL_ADMIN_PERM,
5559                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5560                                   NL80211_FLAG_NEED_RTNL,
5561         },
5562         {
5563                 .cmd = NL80211_CMD_NEW_INTERFACE,
5564                 .doit = nl80211_new_interface,
5565                 .policy = nl80211_policy,
5566                 .flags = GENL_ADMIN_PERM,
5567                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5568                                   NL80211_FLAG_NEED_RTNL,
5569         },
5570         {
5571                 .cmd = NL80211_CMD_DEL_INTERFACE,
5572                 .doit = nl80211_del_interface,
5573                 .policy = nl80211_policy,
5574                 .flags = GENL_ADMIN_PERM,
5575                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5576                                   NL80211_FLAG_NEED_RTNL,
5577         },
5578         {
5579                 .cmd = NL80211_CMD_GET_KEY,
5580                 .doit = nl80211_get_key,
5581                 .policy = nl80211_policy,
5582                 .flags = GENL_ADMIN_PERM,
5583                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5584                                   NL80211_FLAG_NEED_RTNL,
5585         },
5586         {
5587                 .cmd = NL80211_CMD_SET_KEY,
5588                 .doit = nl80211_set_key,
5589                 .policy = nl80211_policy,
5590                 .flags = GENL_ADMIN_PERM,
5591                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5592                                   NL80211_FLAG_NEED_RTNL,
5593         },
5594         {
5595                 .cmd = NL80211_CMD_NEW_KEY,
5596                 .doit = nl80211_new_key,
5597                 .policy = nl80211_policy,
5598                 .flags = GENL_ADMIN_PERM,
5599                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5600                                   NL80211_FLAG_NEED_RTNL,
5601         },
5602         {
5603                 .cmd = NL80211_CMD_DEL_KEY,
5604                 .doit = nl80211_del_key,
5605                 .policy = nl80211_policy,
5606                 .flags = GENL_ADMIN_PERM,
5607                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5608                                   NL80211_FLAG_NEED_RTNL,
5609         },
5610         {
5611                 .cmd = NL80211_CMD_SET_BEACON,
5612                 .policy = nl80211_policy,
5613                 .flags = GENL_ADMIN_PERM,
5614                 .doit = nl80211_addset_beacon,
5615                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5616                                   NL80211_FLAG_NEED_RTNL,
5617         },
5618         {
5619                 .cmd = NL80211_CMD_NEW_BEACON,
5620                 .policy = nl80211_policy,
5621                 .flags = GENL_ADMIN_PERM,
5622                 .doit = nl80211_addset_beacon,
5623                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5624                                   NL80211_FLAG_NEED_RTNL,
5625         },
5626         {
5627                 .cmd = NL80211_CMD_DEL_BEACON,
5628                 .policy = nl80211_policy,
5629                 .flags = GENL_ADMIN_PERM,
5630                 .doit = nl80211_del_beacon,
5631                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5632                                   NL80211_FLAG_NEED_RTNL,
5633         },
5634         {
5635                 .cmd = NL80211_CMD_GET_STATION,
5636                 .doit = nl80211_get_station,
5637                 .dumpit = nl80211_dump_station,
5638                 .policy = nl80211_policy,
5639                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5640                                   NL80211_FLAG_NEED_RTNL,
5641         },
5642         {
5643                 .cmd = NL80211_CMD_SET_STATION,
5644                 .doit = nl80211_set_station,
5645                 .policy = nl80211_policy,
5646                 .flags = GENL_ADMIN_PERM,
5647                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5648                                   NL80211_FLAG_NEED_RTNL,
5649         },
5650         {
5651                 .cmd = NL80211_CMD_NEW_STATION,
5652                 .doit = nl80211_new_station,
5653                 .policy = nl80211_policy,
5654                 .flags = GENL_ADMIN_PERM,
5655                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5656                                   NL80211_FLAG_NEED_RTNL,
5657         },
5658         {
5659                 .cmd = NL80211_CMD_DEL_STATION,
5660                 .doit = nl80211_del_station,
5661                 .policy = nl80211_policy,
5662                 .flags = GENL_ADMIN_PERM,
5663                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5664                                   NL80211_FLAG_NEED_RTNL,
5665         },
5666         {
5667                 .cmd = NL80211_CMD_GET_MPATH,
5668                 .doit = nl80211_get_mpath,
5669                 .dumpit = nl80211_dump_mpath,
5670                 .policy = nl80211_policy,
5671                 .flags = GENL_ADMIN_PERM,
5672                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5673                                   NL80211_FLAG_NEED_RTNL,
5674         },
5675         {
5676                 .cmd = NL80211_CMD_SET_MPATH,
5677                 .doit = nl80211_set_mpath,
5678                 .policy = nl80211_policy,
5679                 .flags = GENL_ADMIN_PERM,
5680                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5681                                   NL80211_FLAG_NEED_RTNL,
5682         },
5683         {
5684                 .cmd = NL80211_CMD_NEW_MPATH,
5685                 .doit = nl80211_new_mpath,
5686                 .policy = nl80211_policy,
5687                 .flags = GENL_ADMIN_PERM,
5688                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5689                                   NL80211_FLAG_NEED_RTNL,
5690         },
5691         {
5692                 .cmd = NL80211_CMD_DEL_MPATH,
5693                 .doit = nl80211_del_mpath,
5694                 .policy = nl80211_policy,
5695                 .flags = GENL_ADMIN_PERM,
5696                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5697                                   NL80211_FLAG_NEED_RTNL,
5698         },
5699         {
5700                 .cmd = NL80211_CMD_SET_BSS,
5701                 .doit = nl80211_set_bss,
5702                 .policy = nl80211_policy,
5703                 .flags = GENL_ADMIN_PERM,
5704                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5705                                   NL80211_FLAG_NEED_RTNL,
5706         },
5707         {
5708                 .cmd = NL80211_CMD_GET_REG,
5709                 .doit = nl80211_get_reg,
5710                 .policy = nl80211_policy,
5711                 /* can be retrieved by unprivileged users */
5712         },
5713         {
5714                 .cmd = NL80211_CMD_SET_REG,
5715                 .doit = nl80211_set_reg,
5716                 .policy = nl80211_policy,
5717                 .flags = GENL_ADMIN_PERM,
5718         },
5719         {
5720                 .cmd = NL80211_CMD_REQ_SET_REG,
5721                 .doit = nl80211_req_set_reg,
5722                 .policy = nl80211_policy,
5723                 .flags = GENL_ADMIN_PERM,
5724         },
5725         {
5726                 .cmd = NL80211_CMD_GET_MESH_CONFIG,
5727                 .doit = nl80211_get_mesh_config,
5728                 .policy = nl80211_policy,
5729                 /* can be retrieved by unprivileged users */
5730                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5731                                   NL80211_FLAG_NEED_RTNL,
5732         },
5733         {
5734                 .cmd = NL80211_CMD_SET_MESH_CONFIG,
5735                 .doit = nl80211_update_mesh_config,
5736                 .policy = nl80211_policy,
5737                 .flags = GENL_ADMIN_PERM,
5738                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5739                                   NL80211_FLAG_NEED_RTNL,
5740         },
5741         {
5742                 .cmd = NL80211_CMD_TRIGGER_SCAN,
5743                 .doit = nl80211_trigger_scan,
5744                 .policy = nl80211_policy,
5745                 .flags = GENL_ADMIN_PERM,
5746                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5747                                   NL80211_FLAG_NEED_RTNL,
5748         },
5749         {
5750                 .cmd = NL80211_CMD_GET_SCAN,
5751                 .policy = nl80211_policy,
5752                 .dumpit = nl80211_dump_scan,
5753         },
5754         {
5755                 .cmd = NL80211_CMD_START_SCHED_SCAN,
5756                 .doit = nl80211_start_sched_scan,
5757                 .policy = nl80211_policy,
5758                 .flags = GENL_ADMIN_PERM,
5759                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5760                                   NL80211_FLAG_NEED_RTNL,
5761         },
5762         {
5763                 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
5764                 .doit = nl80211_stop_sched_scan,
5765                 .policy = nl80211_policy,
5766                 .flags = GENL_ADMIN_PERM,
5767                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5768                                   NL80211_FLAG_NEED_RTNL,
5769         },
5770         {
5771                 .cmd = NL80211_CMD_AUTHENTICATE,
5772                 .doit = nl80211_authenticate,
5773                 .policy = nl80211_policy,
5774                 .flags = GENL_ADMIN_PERM,
5775                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5776                                   NL80211_FLAG_NEED_RTNL,
5777         },
5778         {
5779                 .cmd = NL80211_CMD_ASSOCIATE,
5780                 .doit = nl80211_associate,
5781                 .policy = nl80211_policy,
5782                 .flags = GENL_ADMIN_PERM,
5783                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5784                                   NL80211_FLAG_NEED_RTNL,
5785         },
5786         {
5787                 .cmd = NL80211_CMD_DEAUTHENTICATE,
5788                 .doit = nl80211_deauthenticate,
5789                 .policy = nl80211_policy,
5790                 .flags = GENL_ADMIN_PERM,
5791                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5792                                   NL80211_FLAG_NEED_RTNL,
5793         },
5794         {
5795                 .cmd = NL80211_CMD_DISASSOCIATE,
5796                 .doit = nl80211_disassociate,
5797                 .policy = nl80211_policy,
5798                 .flags = GENL_ADMIN_PERM,
5799                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5800                                   NL80211_FLAG_NEED_RTNL,
5801         },
5802         {
5803                 .cmd = NL80211_CMD_JOIN_IBSS,
5804                 .doit = nl80211_join_ibss,
5805                 .policy = nl80211_policy,
5806                 .flags = GENL_ADMIN_PERM,
5807                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5808                                   NL80211_FLAG_NEED_RTNL,
5809         },
5810         {
5811                 .cmd = NL80211_CMD_LEAVE_IBSS,
5812                 .doit = nl80211_leave_ibss,
5813                 .policy = nl80211_policy,
5814                 .flags = GENL_ADMIN_PERM,
5815                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5816                                   NL80211_FLAG_NEED_RTNL,
5817         },
5818 #ifdef CONFIG_NL80211_TESTMODE
5819         {
5820                 .cmd = NL80211_CMD_TESTMODE,
5821                 .doit = nl80211_testmode_do,
5822                 .dumpit = nl80211_testmode_dump,
5823                 .policy = nl80211_policy,
5824                 .flags = GENL_ADMIN_PERM,
5825                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5826                                   NL80211_FLAG_NEED_RTNL,
5827         },
5828 #endif
5829         {
5830                 .cmd = NL80211_CMD_CONNECT,
5831                 .doit = nl80211_connect,
5832                 .policy = nl80211_policy,
5833                 .flags = GENL_ADMIN_PERM,
5834                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5835                                   NL80211_FLAG_NEED_RTNL,
5836         },
5837         {
5838                 .cmd = NL80211_CMD_DISCONNECT,
5839                 .doit = nl80211_disconnect,
5840                 .policy = nl80211_policy,
5841                 .flags = GENL_ADMIN_PERM,
5842                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5843                                   NL80211_FLAG_NEED_RTNL,
5844         },
5845         {
5846                 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
5847                 .doit = nl80211_wiphy_netns,
5848                 .policy = nl80211_policy,
5849                 .flags = GENL_ADMIN_PERM,
5850                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5851                                   NL80211_FLAG_NEED_RTNL,
5852         },
5853         {
5854                 .cmd = NL80211_CMD_GET_SURVEY,
5855                 .policy = nl80211_policy,
5856                 .dumpit = nl80211_dump_survey,
5857         },
5858         {
5859                 .cmd = NL80211_CMD_SET_PMKSA,
5860                 .doit = nl80211_setdel_pmksa,
5861                 .policy = nl80211_policy,
5862                 .flags = GENL_ADMIN_PERM,
5863                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5864                                   NL80211_FLAG_NEED_RTNL,
5865         },
5866         {
5867                 .cmd = NL80211_CMD_DEL_PMKSA,
5868                 .doit = nl80211_setdel_pmksa,
5869                 .policy = nl80211_policy,
5870                 .flags = GENL_ADMIN_PERM,
5871                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5872                                   NL80211_FLAG_NEED_RTNL,
5873         },
5874         {
5875                 .cmd = NL80211_CMD_FLUSH_PMKSA,
5876                 .doit = nl80211_flush_pmksa,
5877                 .policy = nl80211_policy,
5878                 .flags = GENL_ADMIN_PERM,
5879                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5880                                   NL80211_FLAG_NEED_RTNL,
5881         },
5882         {
5883                 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
5884                 .doit = nl80211_remain_on_channel,
5885                 .policy = nl80211_policy,
5886                 .flags = GENL_ADMIN_PERM,
5887                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5888                                   NL80211_FLAG_NEED_RTNL,
5889         },
5890         {
5891                 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
5892                 .doit = nl80211_cancel_remain_on_channel,
5893                 .policy = nl80211_policy,
5894                 .flags = GENL_ADMIN_PERM,
5895                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5896                                   NL80211_FLAG_NEED_RTNL,
5897         },
5898         {
5899                 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
5900                 .doit = nl80211_set_tx_bitrate_mask,
5901                 .policy = nl80211_policy,
5902                 .flags = GENL_ADMIN_PERM,
5903                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5904                                   NL80211_FLAG_NEED_RTNL,
5905         },
5906         {
5907                 .cmd = NL80211_CMD_REGISTER_FRAME,
5908                 .doit = nl80211_register_mgmt,
5909                 .policy = nl80211_policy,
5910                 .flags = GENL_ADMIN_PERM,
5911                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5912                                   NL80211_FLAG_NEED_RTNL,
5913         },
5914         {
5915                 .cmd = NL80211_CMD_FRAME,
5916                 .doit = nl80211_tx_mgmt,
5917                 .policy = nl80211_policy,
5918                 .flags = GENL_ADMIN_PERM,
5919                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5920                                   NL80211_FLAG_NEED_RTNL,
5921         },
5922         {
5923                 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
5924                 .doit = nl80211_tx_mgmt_cancel_wait,
5925                 .policy = nl80211_policy,
5926                 .flags = GENL_ADMIN_PERM,
5927                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5928                                   NL80211_FLAG_NEED_RTNL,
5929         },
5930         {
5931                 .cmd = NL80211_CMD_SET_POWER_SAVE,
5932                 .doit = nl80211_set_power_save,
5933                 .policy = nl80211_policy,
5934                 .flags = GENL_ADMIN_PERM,
5935                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5936                                   NL80211_FLAG_NEED_RTNL,
5937         },
5938         {
5939                 .cmd = NL80211_CMD_GET_POWER_SAVE,
5940                 .doit = nl80211_get_power_save,
5941                 .policy = nl80211_policy,
5942                 /* can be retrieved by unprivileged users */
5943                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5944                                   NL80211_FLAG_NEED_RTNL,
5945         },
5946         {
5947                 .cmd = NL80211_CMD_SET_CQM,