nl80211: Fix exit from nl80211_set_power_save
[linux-2.6.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25
26 /* the netlink family */
27 static struct genl_family nl80211_fam = {
28         .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
29         .name = "nl80211",      /* have users key off the name instead */
30         .hdrsize = 0,           /* no private header */
31         .version = 1,           /* no particular meaning now */
32         .maxattr = NL80211_ATTR_MAX,
33         .netnsok = true,
34 };
35
36 /* internal helper: get rdev and dev */
37 static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
38                                        struct cfg80211_registered_device **rdev,
39                                        struct net_device **dev)
40 {
41         struct nlattr **attrs = info->attrs;
42         int ifindex;
43
44         if (!attrs[NL80211_ATTR_IFINDEX])
45                 return -EINVAL;
46
47         ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
48         *dev = dev_get_by_index(genl_info_net(info), ifindex);
49         if (!*dev)
50                 return -ENODEV;
51
52         *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex);
53         if (IS_ERR(*rdev)) {
54                 dev_put(*dev);
55                 return PTR_ERR(*rdev);
56         }
57
58         return 0;
59 }
60
61 /* policy for the attributes */
62 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
63         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
64         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
65                                       .len = 20-1 },
66         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
67         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
68         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
69         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
70         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
71         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
72         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
73         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
74
75         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
76         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
77         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
78
79         [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
80         [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
81
82         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
83         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
84                                     .len = WLAN_MAX_KEY_LEN },
85         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
86         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
87         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
88         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
89
90         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
91         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
92         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
93                                        .len = IEEE80211_MAX_DATA_LEN },
94         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
95                                        .len = IEEE80211_MAX_DATA_LEN },
96         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
97         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
98         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
99         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
100                                                .len = NL80211_MAX_SUPP_RATES },
101         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
102         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
103         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
104         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
105                                 .len = IEEE80211_MAX_MESH_ID_LEN },
106         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
107
108         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
109         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
110
111         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
112         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
113         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
114         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
115                                            .len = NL80211_MAX_SUPP_RATES },
116
117         [NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED },
118
119         [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
120                                          .len = NL80211_HT_CAPABILITY_LEN },
121
122         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
123         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
124                               .len = IEEE80211_MAX_DATA_LEN },
125         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
126         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
127
128         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
129                                 .len = IEEE80211_MAX_SSID_LEN },
130         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
131         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
132         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
133         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
134         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
135         [NL80211_ATTR_STA_FLAGS2] = {
136                 .len = sizeof(struct nl80211_sta_flag_update),
137         },
138         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
139         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
140         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
141         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
142         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
143         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
144         [NL80211_ATTR_PID] = { .type = NLA_U32 },
145         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
146         [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
147                                  .len = WLAN_PMKID_LEN },
148         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
149         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
150         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
151         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
152                                  .len = IEEE80211_MAX_DATA_LEN },
153         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
154         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
155         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
156         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
157         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
158
159         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
160         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
161         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
162 };
163
164 /* policy for the attributes */
165 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
166         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
167         [NL80211_KEY_IDX] = { .type = NLA_U8 },
168         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
169         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
170         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
171         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
172 };
173
174 /* ifidx get helper */
175 static int nl80211_get_ifidx(struct netlink_callback *cb)
176 {
177         int res;
178
179         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
180                           nl80211_fam.attrbuf, nl80211_fam.maxattr,
181                           nl80211_policy);
182         if (res)
183                 return res;
184
185         if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
186                 return -EINVAL;
187
188         res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
189         if (!res)
190                 return -EINVAL;
191         return res;
192 }
193
194 /* IE validation */
195 static bool is_valid_ie_attr(const struct nlattr *attr)
196 {
197         const u8 *pos;
198         int len;
199
200         if (!attr)
201                 return true;
202
203         pos = nla_data(attr);
204         len = nla_len(attr);
205
206         while (len) {
207                 u8 elemlen;
208
209                 if (len < 2)
210                         return false;
211                 len -= 2;
212
213                 elemlen = pos[1];
214                 if (elemlen > len)
215                         return false;
216
217                 len -= elemlen;
218                 pos += 2 + elemlen;
219         }
220
221         return true;
222 }
223
224 /* message building helper */
225 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
226                                    int flags, u8 cmd)
227 {
228         /* since there is no private header just add the generic one */
229         return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
230 }
231
232 static int nl80211_msg_put_channel(struct sk_buff *msg,
233                                    struct ieee80211_channel *chan)
234 {
235         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
236                     chan->center_freq);
237
238         if (chan->flags & IEEE80211_CHAN_DISABLED)
239                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
240         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
241                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
242         if (chan->flags & IEEE80211_CHAN_NO_IBSS)
243                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
244         if (chan->flags & IEEE80211_CHAN_RADAR)
245                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
246
247         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
248                     DBM_TO_MBM(chan->max_power));
249
250         return 0;
251
252  nla_put_failure:
253         return -ENOBUFS;
254 }
255
256 /* netlink command implementations */
257
258 struct key_parse {
259         struct key_params p;
260         int idx;
261         bool def, defmgmt;
262 };
263
264 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
265 {
266         struct nlattr *tb[NL80211_KEY_MAX + 1];
267         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
268                                    nl80211_key_policy);
269         if (err)
270                 return err;
271
272         k->def = !!tb[NL80211_KEY_DEFAULT];
273         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
274
275         if (tb[NL80211_KEY_IDX])
276                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
277
278         if (tb[NL80211_KEY_DATA]) {
279                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
280                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
281         }
282
283         if (tb[NL80211_KEY_SEQ]) {
284                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
285                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
286         }
287
288         if (tb[NL80211_KEY_CIPHER])
289                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
290
291         return 0;
292 }
293
294 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
295 {
296         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
297                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
298                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
299         }
300
301         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
302                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
303                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
304         }
305
306         if (info->attrs[NL80211_ATTR_KEY_IDX])
307                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
308
309         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
310                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
311
312         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
313         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
314
315         return 0;
316 }
317
318 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
319 {
320         int err;
321
322         memset(k, 0, sizeof(*k));
323         k->idx = -1;
324
325         if (info->attrs[NL80211_ATTR_KEY])
326                 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
327         else
328                 err = nl80211_parse_key_old(info, k);
329
330         if (err)
331                 return err;
332
333         if (k->def && k->defmgmt)
334                 return -EINVAL;
335
336         if (k->idx != -1) {
337                 if (k->defmgmt) {
338                         if (k->idx < 4 || k->idx > 5)
339                                 return -EINVAL;
340                 } else if (k->def) {
341                         if (k->idx < 0 || k->idx > 3)
342                                 return -EINVAL;
343                 } else {
344                         if (k->idx < 0 || k->idx > 5)
345                                 return -EINVAL;
346                 }
347         }
348
349         return 0;
350 }
351
352 static struct cfg80211_cached_keys *
353 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
354                        struct nlattr *keys)
355 {
356         struct key_parse parse;
357         struct nlattr *key;
358         struct cfg80211_cached_keys *result;
359         int rem, err, def = 0;
360
361         result = kzalloc(sizeof(*result), GFP_KERNEL);
362         if (!result)
363                 return ERR_PTR(-ENOMEM);
364
365         result->def = -1;
366         result->defmgmt = -1;
367
368         nla_for_each_nested(key, keys, rem) {
369                 memset(&parse, 0, sizeof(parse));
370                 parse.idx = -1;
371
372                 err = nl80211_parse_key_new(key, &parse);
373                 if (err)
374                         goto error;
375                 err = -EINVAL;
376                 if (!parse.p.key)
377                         goto error;
378                 if (parse.idx < 0 || parse.idx > 4)
379                         goto error;
380                 if (parse.def) {
381                         if (def)
382                                 goto error;
383                         def = 1;
384                         result->def = parse.idx;
385                 } else if (parse.defmgmt)
386                         goto error;
387                 err = cfg80211_validate_key_settings(rdev, &parse.p,
388                                                      parse.idx, NULL);
389                 if (err)
390                         goto error;
391                 result->params[parse.idx].cipher = parse.p.cipher;
392                 result->params[parse.idx].key_len = parse.p.key_len;
393                 result->params[parse.idx].key = result->data[parse.idx];
394                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
395         }
396
397         return result;
398  error:
399         kfree(result);
400         return ERR_PTR(err);
401 }
402
403 static int nl80211_key_allowed(struct wireless_dev *wdev)
404 {
405         ASSERT_WDEV_LOCK(wdev);
406
407         if (!netif_running(wdev->netdev))
408                 return -ENETDOWN;
409
410         switch (wdev->iftype) {
411         case NL80211_IFTYPE_AP:
412         case NL80211_IFTYPE_AP_VLAN:
413         case NL80211_IFTYPE_P2P_GO:
414                 break;
415         case NL80211_IFTYPE_ADHOC:
416                 if (!wdev->current_bss)
417                         return -ENOLINK;
418                 break;
419         case NL80211_IFTYPE_STATION:
420         case NL80211_IFTYPE_P2P_CLIENT:
421                 if (wdev->sme_state != CFG80211_SME_CONNECTED)
422                         return -ENOLINK;
423                 break;
424         default:
425                 return -EINVAL;
426         }
427
428         return 0;
429 }
430
431 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
432                               struct cfg80211_registered_device *dev)
433 {
434         void *hdr;
435         struct nlattr *nl_bands, *nl_band;
436         struct nlattr *nl_freqs, *nl_freq;
437         struct nlattr *nl_rates, *nl_rate;
438         struct nlattr *nl_modes;
439         struct nlattr *nl_cmds;
440         enum ieee80211_band band;
441         struct ieee80211_channel *chan;
442         struct ieee80211_rate *rate;
443         int i;
444         u16 ifmodes = dev->wiphy.interface_modes;
445         const struct ieee80211_txrx_stypes *mgmt_stypes =
446                                 dev->wiphy.mgmt_stypes;
447
448         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
449         if (!hdr)
450                 return -1;
451
452         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
453         NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
454
455         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
456                     cfg80211_rdev_list_generation);
457
458         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
459                    dev->wiphy.retry_short);
460         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
461                    dev->wiphy.retry_long);
462         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
463                     dev->wiphy.frag_threshold);
464         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
465                     dev->wiphy.rts_threshold);
466         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
467                     dev->wiphy.coverage_class);
468
469         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
470                    dev->wiphy.max_scan_ssids);
471         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
472                     dev->wiphy.max_scan_ie_len);
473
474         NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
475                 sizeof(u32) * dev->wiphy.n_cipher_suites,
476                 dev->wiphy.cipher_suites);
477
478         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
479                    dev->wiphy.max_num_pmkids);
480
481         if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL)
482                 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE);
483
484         nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES);
485         if (!nl_modes)
486                 goto nla_put_failure;
487
488         i = 0;
489         while (ifmodes) {
490                 if (ifmodes & 1)
491                         NLA_PUT_FLAG(msg, i);
492                 ifmodes >>= 1;
493                 i++;
494         }
495
496         nla_nest_end(msg, nl_modes);
497
498         nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
499         if (!nl_bands)
500                 goto nla_put_failure;
501
502         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
503                 if (!dev->wiphy.bands[band])
504                         continue;
505
506                 nl_band = nla_nest_start(msg, band);
507                 if (!nl_band)
508                         goto nla_put_failure;
509
510                 /* add HT info */
511                 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
512                         NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
513                                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
514                                 &dev->wiphy.bands[band]->ht_cap.mcs);
515                         NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
516                                 dev->wiphy.bands[band]->ht_cap.cap);
517                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
518                                 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
519                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
520                                 dev->wiphy.bands[band]->ht_cap.ampdu_density);
521                 }
522
523                 /* add frequencies */
524                 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
525                 if (!nl_freqs)
526                         goto nla_put_failure;
527
528                 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
529                         nl_freq = nla_nest_start(msg, i);
530                         if (!nl_freq)
531                                 goto nla_put_failure;
532
533                         chan = &dev->wiphy.bands[band]->channels[i];
534
535                         if (nl80211_msg_put_channel(msg, chan))
536                                 goto nla_put_failure;
537
538                         nla_nest_end(msg, nl_freq);
539                 }
540
541                 nla_nest_end(msg, nl_freqs);
542
543                 /* add bitrates */
544                 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
545                 if (!nl_rates)
546                         goto nla_put_failure;
547
548                 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
549                         nl_rate = nla_nest_start(msg, i);
550                         if (!nl_rate)
551                                 goto nla_put_failure;
552
553                         rate = &dev->wiphy.bands[band]->bitrates[i];
554                         NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
555                                     rate->bitrate);
556                         if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
557                                 NLA_PUT_FLAG(msg,
558                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
559
560                         nla_nest_end(msg, nl_rate);
561                 }
562
563                 nla_nest_end(msg, nl_rates);
564
565                 nla_nest_end(msg, nl_band);
566         }
567         nla_nest_end(msg, nl_bands);
568
569         nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
570         if (!nl_cmds)
571                 goto nla_put_failure;
572
573         i = 0;
574 #define CMD(op, n)                                              \
575          do {                                                   \
576                 if (dev->ops->op) {                             \
577                         i++;                                    \
578                         NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
579                 }                                               \
580         } while (0)
581
582         CMD(add_virtual_intf, NEW_INTERFACE);
583         CMD(change_virtual_intf, SET_INTERFACE);
584         CMD(add_key, NEW_KEY);
585         CMD(add_beacon, NEW_BEACON);
586         CMD(add_station, NEW_STATION);
587         CMD(add_mpath, NEW_MPATH);
588         CMD(set_mesh_params, SET_MESH_PARAMS);
589         CMD(change_bss, SET_BSS);
590         CMD(auth, AUTHENTICATE);
591         CMD(assoc, ASSOCIATE);
592         CMD(deauth, DEAUTHENTICATE);
593         CMD(disassoc, DISASSOCIATE);
594         CMD(join_ibss, JOIN_IBSS);
595         CMD(set_pmksa, SET_PMKSA);
596         CMD(del_pmksa, DEL_PMKSA);
597         CMD(flush_pmksa, FLUSH_PMKSA);
598         CMD(remain_on_channel, REMAIN_ON_CHANNEL);
599         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
600         CMD(mgmt_tx, FRAME);
601         if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
602                 i++;
603                 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
604         }
605         CMD(set_channel, SET_CHANNEL);
606
607 #undef CMD
608
609         if (dev->ops->connect || dev->ops->auth) {
610                 i++;
611                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
612         }
613
614         if (dev->ops->disconnect || dev->ops->deauth) {
615                 i++;
616                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
617         }
618
619         nla_nest_end(msg, nl_cmds);
620
621         if (mgmt_stypes) {
622                 u16 stypes;
623                 struct nlattr *nl_ftypes, *nl_ifs;
624                 enum nl80211_iftype ift;
625
626                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
627                 if (!nl_ifs)
628                         goto nla_put_failure;
629
630                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
631                         nl_ftypes = nla_nest_start(msg, ift);
632                         if (!nl_ftypes)
633                                 goto nla_put_failure;
634                         i = 0;
635                         stypes = mgmt_stypes[ift].tx;
636                         while (stypes) {
637                                 if (stypes & 1)
638                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
639                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
640                                 stypes >>= 1;
641                                 i++;
642                         }
643                         nla_nest_end(msg, nl_ftypes);
644                 }
645
646                 nla_nest_end(msg, nl_ifs);
647
648                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
649                 if (!nl_ifs)
650                         goto nla_put_failure;
651
652                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
653                         nl_ftypes = nla_nest_start(msg, ift);
654                         if (!nl_ftypes)
655                                 goto nla_put_failure;
656                         i = 0;
657                         stypes = mgmt_stypes[ift].rx;
658                         while (stypes) {
659                                 if (stypes & 1)
660                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
661                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
662                                 stypes >>= 1;
663                                 i++;
664                         }
665                         nla_nest_end(msg, nl_ftypes);
666                 }
667                 nla_nest_end(msg, nl_ifs);
668         }
669
670         return genlmsg_end(msg, hdr);
671
672  nla_put_failure:
673         genlmsg_cancel(msg, hdr);
674         return -EMSGSIZE;
675 }
676
677 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
678 {
679         int idx = 0;
680         int start = cb->args[0];
681         struct cfg80211_registered_device *dev;
682
683         mutex_lock(&cfg80211_mutex);
684         list_for_each_entry(dev, &cfg80211_rdev_list, list) {
685                 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
686                         continue;
687                 if (++idx <= start)
688                         continue;
689                 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
690                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
691                                        dev) < 0) {
692                         idx--;
693                         break;
694                 }
695         }
696         mutex_unlock(&cfg80211_mutex);
697
698         cb->args[0] = idx;
699
700         return skb->len;
701 }
702
703 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
704 {
705         struct sk_buff *msg;
706         struct cfg80211_registered_device *dev;
707
708         dev = cfg80211_get_dev_from_info(info);
709         if (IS_ERR(dev))
710                 return PTR_ERR(dev);
711
712         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
713         if (!msg)
714                 goto out_err;
715
716         if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0)
717                 goto out_free;
718
719         cfg80211_unlock_rdev(dev);
720
721         return genlmsg_reply(msg, info);
722
723  out_free:
724         nlmsg_free(msg);
725  out_err:
726         cfg80211_unlock_rdev(dev);
727         return -ENOBUFS;
728 }
729
730 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
731         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
732         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
733         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
734         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
735         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
736 };
737
738 static int parse_txq_params(struct nlattr *tb[],
739                             struct ieee80211_txq_params *txq_params)
740 {
741         if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
742             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
743             !tb[NL80211_TXQ_ATTR_AIFS])
744                 return -EINVAL;
745
746         txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
747         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
748         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
749         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
750         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
751
752         return 0;
753 }
754
755 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
756 {
757         /*
758          * You can only set the channel explicitly for AP, mesh
759          * and WDS type interfaces; all others have their channel
760          * managed via their respective "establish a connection"
761          * command (connect, join, ...)
762          *
763          * Monitors are special as they are normally slaved to
764          * whatever else is going on, so they behave as though
765          * you tried setting the wiphy channel itself.
766          */
767         return !wdev ||
768                 wdev->iftype == NL80211_IFTYPE_AP ||
769                 wdev->iftype == NL80211_IFTYPE_WDS ||
770                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
771                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
772                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
773 }
774
775 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
776                                  struct wireless_dev *wdev,
777                                  struct genl_info *info)
778 {
779         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
780         u32 freq;
781         int result;
782
783         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
784                 return -EINVAL;
785
786         if (!nl80211_can_set_dev_channel(wdev))
787                 return -EOPNOTSUPP;
788
789         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
790                 channel_type = nla_get_u32(info->attrs[
791                                    NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
792                 if (channel_type != NL80211_CHAN_NO_HT &&
793                     channel_type != NL80211_CHAN_HT20 &&
794                     channel_type != NL80211_CHAN_HT40PLUS &&
795                     channel_type != NL80211_CHAN_HT40MINUS)
796                         return -EINVAL;
797         }
798
799         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
800
801         mutex_lock(&rdev->devlist_mtx);
802         if (wdev) {
803                 wdev_lock(wdev);
804                 result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
805                 wdev_unlock(wdev);
806         } else {
807                 result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
808         }
809         mutex_unlock(&rdev->devlist_mtx);
810
811         return result;
812 }
813
814 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
815 {
816         struct cfg80211_registered_device *rdev;
817         struct net_device *netdev;
818         int result;
819
820         rtnl_lock();
821
822         result = get_rdev_dev_by_info_ifindex(info, &rdev, &netdev);
823         if (result)
824                 goto unlock;
825
826         result = __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
827
828  unlock:
829         rtnl_unlock();
830
831         return result;
832 }
833
834 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
835 {
836         struct cfg80211_registered_device *rdev;
837         struct net_device *netdev = NULL;
838         struct wireless_dev *wdev;
839         int result = 0, rem_txq_params = 0;
840         struct nlattr *nl_txq_params;
841         u32 changed;
842         u8 retry_short = 0, retry_long = 0;
843         u32 frag_threshold = 0, rts_threshold = 0;
844         u8 coverage_class = 0;
845
846         rtnl_lock();
847
848         /*
849          * Try to find the wiphy and netdev. Normally this
850          * function shouldn't need the netdev, but this is
851          * done for backward compatibility -- previously
852          * setting the channel was done per wiphy, but now
853          * it is per netdev. Previous userland like hostapd
854          * also passed a netdev to set_wiphy, so that it is
855          * possible to let that go to the right netdev!
856          */
857         mutex_lock(&cfg80211_mutex);
858
859         if (info->attrs[NL80211_ATTR_IFINDEX]) {
860                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
861
862                 netdev = dev_get_by_index(genl_info_net(info), ifindex);
863                 if (netdev && netdev->ieee80211_ptr) {
864                         rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
865                         mutex_lock(&rdev->mtx);
866                 } else
867                         netdev = NULL;
868         }
869
870         if (!netdev) {
871                 rdev = __cfg80211_rdev_from_info(info);
872                 if (IS_ERR(rdev)) {
873                         mutex_unlock(&cfg80211_mutex);
874                         result = PTR_ERR(rdev);
875                         goto unlock;
876                 }
877                 wdev = NULL;
878                 netdev = NULL;
879                 result = 0;
880
881                 mutex_lock(&rdev->mtx);
882         } else if (netif_running(netdev) &&
883                    nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
884                 wdev = netdev->ieee80211_ptr;
885         else
886                 wdev = NULL;
887
888         /*
889          * end workaround code, by now the rdev is available
890          * and locked, and wdev may or may not be NULL.
891          */
892
893         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
894                 result = cfg80211_dev_rename(
895                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
896
897         mutex_unlock(&cfg80211_mutex);
898
899         if (result)
900                 goto bad_res;
901
902         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
903                 struct ieee80211_txq_params txq_params;
904                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
905
906                 if (!rdev->ops->set_txq_params) {
907                         result = -EOPNOTSUPP;
908                         goto bad_res;
909                 }
910
911                 nla_for_each_nested(nl_txq_params,
912                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
913                                     rem_txq_params) {
914                         nla_parse(tb, NL80211_TXQ_ATTR_MAX,
915                                   nla_data(nl_txq_params),
916                                   nla_len(nl_txq_params),
917                                   txq_params_policy);
918                         result = parse_txq_params(tb, &txq_params);
919                         if (result)
920                                 goto bad_res;
921
922                         result = rdev->ops->set_txq_params(&rdev->wiphy,
923                                                            &txq_params);
924                         if (result)
925                                 goto bad_res;
926                 }
927         }
928
929         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
930                 result = __nl80211_set_channel(rdev, wdev, info);
931                 if (result)
932                         goto bad_res;
933         }
934
935         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
936                 enum nl80211_tx_power_setting type;
937                 int idx, mbm = 0;
938
939                 if (!rdev->ops->set_tx_power) {
940                         result = -EOPNOTSUPP;
941                         goto bad_res;
942                 }
943
944                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
945                 type = nla_get_u32(info->attrs[idx]);
946
947                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
948                     (type != NL80211_TX_POWER_AUTOMATIC)) {
949                         result = -EINVAL;
950                         goto bad_res;
951                 }
952
953                 if (type != NL80211_TX_POWER_AUTOMATIC) {
954                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
955                         mbm = nla_get_u32(info->attrs[idx]);
956                 }
957
958                 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
959                 if (result)
960                         goto bad_res;
961         }
962
963         changed = 0;
964
965         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
966                 retry_short = nla_get_u8(
967                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
968                 if (retry_short == 0) {
969                         result = -EINVAL;
970                         goto bad_res;
971                 }
972                 changed |= WIPHY_PARAM_RETRY_SHORT;
973         }
974
975         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
976                 retry_long = nla_get_u8(
977                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
978                 if (retry_long == 0) {
979                         result = -EINVAL;
980                         goto bad_res;
981                 }
982                 changed |= WIPHY_PARAM_RETRY_LONG;
983         }
984
985         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
986                 frag_threshold = nla_get_u32(
987                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
988                 if (frag_threshold < 256) {
989                         result = -EINVAL;
990                         goto bad_res;
991                 }
992                 if (frag_threshold != (u32) -1) {
993                         /*
994                          * Fragments (apart from the last one) are required to
995                          * have even length. Make the fragmentation code
996                          * simpler by stripping LSB should someone try to use
997                          * odd threshold value.
998                          */
999                         frag_threshold &= ~0x1;
1000                 }
1001                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1002         }
1003
1004         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1005                 rts_threshold = nla_get_u32(
1006                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1007                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
1008         }
1009
1010         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1011                 coverage_class = nla_get_u8(
1012                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1013                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
1014         }
1015
1016         if (changed) {
1017                 u8 old_retry_short, old_retry_long;
1018                 u32 old_frag_threshold, old_rts_threshold;
1019                 u8 old_coverage_class;
1020
1021                 if (!rdev->ops->set_wiphy_params) {
1022                         result = -EOPNOTSUPP;
1023                         goto bad_res;
1024                 }
1025
1026                 old_retry_short = rdev->wiphy.retry_short;
1027                 old_retry_long = rdev->wiphy.retry_long;
1028                 old_frag_threshold = rdev->wiphy.frag_threshold;
1029                 old_rts_threshold = rdev->wiphy.rts_threshold;
1030                 old_coverage_class = rdev->wiphy.coverage_class;
1031
1032                 if (changed & WIPHY_PARAM_RETRY_SHORT)
1033                         rdev->wiphy.retry_short = retry_short;
1034                 if (changed & WIPHY_PARAM_RETRY_LONG)
1035                         rdev->wiphy.retry_long = retry_long;
1036                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1037                         rdev->wiphy.frag_threshold = frag_threshold;
1038                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1039                         rdev->wiphy.rts_threshold = rts_threshold;
1040                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1041                         rdev->wiphy.coverage_class = coverage_class;
1042
1043                 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1044                 if (result) {
1045                         rdev->wiphy.retry_short = old_retry_short;
1046                         rdev->wiphy.retry_long = old_retry_long;
1047                         rdev->wiphy.frag_threshold = old_frag_threshold;
1048                         rdev->wiphy.rts_threshold = old_rts_threshold;
1049                         rdev->wiphy.coverage_class = old_coverage_class;
1050                 }
1051         }
1052
1053  bad_res:
1054         mutex_unlock(&rdev->mtx);
1055         if (netdev)
1056                 dev_put(netdev);
1057  unlock:
1058         rtnl_unlock();
1059         return result;
1060 }
1061
1062
1063 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1064                               struct cfg80211_registered_device *rdev,
1065                               struct net_device *dev)
1066 {
1067         void *hdr;
1068
1069         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1070         if (!hdr)
1071                 return -1;
1072
1073         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1074         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1075         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1076         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1077
1078         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1079                     rdev->devlist_generation ^
1080                         (cfg80211_rdev_list_generation << 2));
1081
1082         return genlmsg_end(msg, hdr);
1083
1084  nla_put_failure:
1085         genlmsg_cancel(msg, hdr);
1086         return -EMSGSIZE;
1087 }
1088
1089 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1090 {
1091         int wp_idx = 0;
1092         int if_idx = 0;
1093         int wp_start = cb->args[0];
1094         int if_start = cb->args[1];
1095         struct cfg80211_registered_device *rdev;
1096         struct wireless_dev *wdev;
1097
1098         mutex_lock(&cfg80211_mutex);
1099         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1100                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1101                         continue;
1102                 if (wp_idx < wp_start) {
1103                         wp_idx++;
1104                         continue;
1105                 }
1106                 if_idx = 0;
1107
1108                 mutex_lock(&rdev->devlist_mtx);
1109                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
1110                         if (if_idx < if_start) {
1111                                 if_idx++;
1112                                 continue;
1113                         }
1114                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1115                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
1116                                                rdev, wdev->netdev) < 0) {
1117                                 mutex_unlock(&rdev->devlist_mtx);
1118                                 goto out;
1119                         }
1120                         if_idx++;
1121                 }
1122                 mutex_unlock(&rdev->devlist_mtx);
1123
1124                 wp_idx++;
1125         }
1126  out:
1127         mutex_unlock(&cfg80211_mutex);
1128
1129         cb->args[0] = wp_idx;
1130         cb->args[1] = if_idx;
1131
1132         return skb->len;
1133 }
1134
1135 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1136 {
1137         struct sk_buff *msg;
1138         struct cfg80211_registered_device *dev;
1139         struct net_device *netdev;
1140         int err;
1141
1142         err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev);
1143         if (err)
1144                 return err;
1145
1146         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1147         if (!msg)
1148                 goto out_err;
1149
1150         if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1151                                dev, netdev) < 0)
1152                 goto out_free;
1153
1154         dev_put(netdev);
1155         cfg80211_unlock_rdev(dev);
1156
1157         return genlmsg_reply(msg, info);
1158
1159  out_free:
1160         nlmsg_free(msg);
1161  out_err:
1162         dev_put(netdev);
1163         cfg80211_unlock_rdev(dev);
1164         return -ENOBUFS;
1165 }
1166
1167 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1168         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1169         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1170         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1171         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1172         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1173 };
1174
1175 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1176 {
1177         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1178         int flag;
1179
1180         *mntrflags = 0;
1181
1182         if (!nla)
1183                 return -EINVAL;
1184
1185         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1186                              nla, mntr_flags_policy))
1187                 return -EINVAL;
1188
1189         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1190                 if (flags[flag])
1191                         *mntrflags |= (1<<flag);
1192
1193         return 0;
1194 }
1195
1196 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1197                                struct net_device *netdev, u8 use_4addr,
1198                                enum nl80211_iftype iftype)
1199 {
1200         if (!use_4addr) {
1201                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1202                         return -EBUSY;
1203                 return 0;
1204         }
1205
1206         switch (iftype) {
1207         case NL80211_IFTYPE_AP_VLAN:
1208                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1209                         return 0;
1210                 break;
1211         case NL80211_IFTYPE_STATION:
1212                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1213                         return 0;
1214                 break;
1215         default:
1216                 break;
1217         }
1218
1219         return -EOPNOTSUPP;
1220 }
1221
1222 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1223 {
1224         struct cfg80211_registered_device *rdev;
1225         struct vif_params params;
1226         int err;
1227         enum nl80211_iftype otype, ntype;
1228         struct net_device *dev;
1229         u32 _flags, *flags = NULL;
1230         bool change = false;
1231
1232         memset(&params, 0, sizeof(params));
1233
1234         rtnl_lock();
1235
1236         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1237         if (err)
1238                 goto unlock_rtnl;
1239
1240         otype = ntype = dev->ieee80211_ptr->iftype;
1241
1242         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1243                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1244                 if (otype != ntype)
1245                         change = true;
1246                 if (ntype > NL80211_IFTYPE_MAX) {
1247                         err = -EINVAL;
1248                         goto unlock;
1249                 }
1250         }
1251
1252         if (info->attrs[NL80211_ATTR_MESH_ID]) {
1253                 if (ntype != NL80211_IFTYPE_MESH_POINT) {
1254                         err = -EINVAL;
1255                         goto unlock;
1256                 }
1257                 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
1258                 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1259                 change = true;
1260         }
1261
1262         if (info->attrs[NL80211_ATTR_4ADDR]) {
1263                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1264                 change = true;
1265                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1266                 if (err)
1267                         goto unlock;
1268         } else {
1269                 params.use_4addr = -1;
1270         }
1271
1272         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1273                 if (ntype != NL80211_IFTYPE_MONITOR) {
1274                         err = -EINVAL;
1275                         goto unlock;
1276                 }
1277                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1278                                           &_flags);
1279                 if (err)
1280                         goto unlock;
1281
1282                 flags = &_flags;
1283                 change = true;
1284         }
1285
1286         if (change)
1287                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1288         else
1289                 err = 0;
1290
1291         if (!err && params.use_4addr != -1)
1292                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1293
1294  unlock:
1295         dev_put(dev);
1296         cfg80211_unlock_rdev(rdev);
1297  unlock_rtnl:
1298         rtnl_unlock();
1299         return err;
1300 }
1301
1302 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1303 {
1304         struct cfg80211_registered_device *rdev;
1305         struct vif_params params;
1306         int err;
1307         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1308         u32 flags;
1309
1310         memset(&params, 0, sizeof(params));
1311
1312         if (!info->attrs[NL80211_ATTR_IFNAME])
1313                 return -EINVAL;
1314
1315         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1316                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1317                 if (type > NL80211_IFTYPE_MAX)
1318                         return -EINVAL;
1319         }
1320
1321         rtnl_lock();
1322
1323         rdev = cfg80211_get_dev_from_info(info);
1324         if (IS_ERR(rdev)) {
1325                 err = PTR_ERR(rdev);
1326                 goto unlock_rtnl;
1327         }
1328
1329         if (!rdev->ops->add_virtual_intf ||
1330             !(rdev->wiphy.interface_modes & (1 << type))) {
1331                 err = -EOPNOTSUPP;
1332                 goto unlock;
1333         }
1334
1335         if (type == NL80211_IFTYPE_MESH_POINT &&
1336             info->attrs[NL80211_ATTR_MESH_ID]) {
1337                 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
1338                 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1339         }
1340
1341         if (info->attrs[NL80211_ATTR_4ADDR]) {
1342                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1343                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1344                 if (err)
1345                         goto unlock;
1346         }
1347
1348         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1349                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1350                                   &flags);
1351         err = rdev->ops->add_virtual_intf(&rdev->wiphy,
1352                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1353                 type, err ? NULL : &flags, &params);
1354
1355  unlock:
1356         cfg80211_unlock_rdev(rdev);
1357  unlock_rtnl:
1358         rtnl_unlock();
1359         return err;
1360 }
1361
1362 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1363 {
1364         struct cfg80211_registered_device *rdev;
1365         int err;
1366         struct net_device *dev;
1367
1368         rtnl_lock();
1369
1370         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1371         if (err)
1372                 goto unlock_rtnl;
1373
1374         if (!rdev->ops->del_virtual_intf) {
1375                 err = -EOPNOTSUPP;
1376                 goto out;
1377         }
1378
1379         err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1380
1381  out:
1382         cfg80211_unlock_rdev(rdev);
1383         dev_put(dev);
1384  unlock_rtnl:
1385         rtnl_unlock();
1386         return err;
1387 }
1388
1389 struct get_key_cookie {
1390         struct sk_buff *msg;
1391         int error;
1392         int idx;
1393 };
1394
1395 static void get_key_callback(void *c, struct key_params *params)
1396 {
1397         struct nlattr *key;
1398         struct get_key_cookie *cookie = c;
1399
1400         if (params->key)
1401                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1402                         params->key_len, params->key);
1403
1404         if (params->seq)
1405                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1406                         params->seq_len, params->seq);
1407
1408         if (params->cipher)
1409                 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1410                             params->cipher);
1411
1412         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1413         if (!key)
1414                 goto nla_put_failure;
1415
1416         if (params->key)
1417                 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1418                         params->key_len, params->key);
1419
1420         if (params->seq)
1421                 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1422                         params->seq_len, params->seq);
1423
1424         if (params->cipher)
1425                 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1426                             params->cipher);
1427
1428         NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1429
1430         nla_nest_end(cookie->msg, key);
1431
1432         return;
1433  nla_put_failure:
1434         cookie->error = 1;
1435 }
1436
1437 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1438 {
1439         struct cfg80211_registered_device *rdev;
1440         int err;
1441         struct net_device *dev;
1442         u8 key_idx = 0;
1443         u8 *mac_addr = NULL;
1444         struct get_key_cookie cookie = {
1445                 .error = 0,
1446         };
1447         void *hdr;
1448         struct sk_buff *msg;
1449
1450         if (info->attrs[NL80211_ATTR_KEY_IDX])
1451                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1452
1453         if (key_idx > 5)
1454                 return -EINVAL;
1455
1456         if (info->attrs[NL80211_ATTR_MAC])
1457                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1458
1459         rtnl_lock();
1460
1461         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1462         if (err)
1463                 goto unlock_rtnl;
1464
1465         if (!rdev->ops->get_key) {
1466                 err = -EOPNOTSUPP;
1467                 goto out;
1468         }
1469
1470         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1471         if (!msg) {
1472                 err = -ENOMEM;
1473                 goto out;
1474         }
1475
1476         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1477                              NL80211_CMD_NEW_KEY);
1478
1479         if (IS_ERR(hdr)) {
1480                 err = PTR_ERR(hdr);
1481                 goto free_msg;
1482         }
1483
1484         cookie.msg = msg;
1485         cookie.idx = key_idx;
1486
1487         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1488         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1489         if (mac_addr)
1490                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1491
1492         err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr,
1493                                 &cookie, get_key_callback);
1494
1495         if (err)
1496                 goto free_msg;
1497
1498         if (cookie.error)
1499                 goto nla_put_failure;
1500
1501         genlmsg_end(msg, hdr);
1502         err = genlmsg_reply(msg, info);
1503         goto out;
1504
1505  nla_put_failure:
1506         err = -ENOBUFS;
1507  free_msg:
1508         nlmsg_free(msg);
1509  out:
1510         cfg80211_unlock_rdev(rdev);
1511         dev_put(dev);
1512  unlock_rtnl:
1513         rtnl_unlock();
1514
1515         return err;
1516 }
1517
1518 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1519 {
1520         struct cfg80211_registered_device *rdev;
1521         struct key_parse key;
1522         int err;
1523         struct net_device *dev;
1524         int (*func)(struct wiphy *wiphy, struct net_device *netdev,
1525                     u8 key_index);
1526
1527         err = nl80211_parse_key(info, &key);
1528         if (err)
1529                 return err;
1530
1531         if (key.idx < 0)
1532                 return -EINVAL;
1533
1534         /* only support setting default key */
1535         if (!key.def && !key.defmgmt)
1536                 return -EINVAL;
1537
1538         rtnl_lock();
1539
1540         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1541         if (err)
1542                 goto unlock_rtnl;
1543
1544         if (key.def)
1545                 func = rdev->ops->set_default_key;
1546         else
1547                 func = rdev->ops->set_default_mgmt_key;
1548
1549         if (!func) {
1550                 err = -EOPNOTSUPP;
1551                 goto out;
1552         }
1553
1554         wdev_lock(dev->ieee80211_ptr);
1555         err = nl80211_key_allowed(dev->ieee80211_ptr);
1556         if (!err)
1557                 err = func(&rdev->wiphy, dev, key.idx);
1558
1559 #ifdef CONFIG_CFG80211_WEXT
1560         if (!err) {
1561                 if (func == rdev->ops->set_default_key)
1562                         dev->ieee80211_ptr->wext.default_key = key.idx;
1563                 else
1564                         dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1565         }
1566 #endif
1567         wdev_unlock(dev->ieee80211_ptr);
1568
1569  out:
1570         cfg80211_unlock_rdev(rdev);
1571         dev_put(dev);
1572
1573  unlock_rtnl:
1574         rtnl_unlock();
1575
1576         return err;
1577 }
1578
1579 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1580 {
1581         struct cfg80211_registered_device *rdev;
1582         int err;
1583         struct net_device *dev;
1584         struct key_parse key;
1585         u8 *mac_addr = NULL;
1586
1587         err = nl80211_parse_key(info, &key);
1588         if (err)
1589                 return err;
1590
1591         if (!key.p.key)
1592                 return -EINVAL;
1593
1594         if (info->attrs[NL80211_ATTR_MAC])
1595                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1596
1597         rtnl_lock();
1598
1599         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1600         if (err)
1601                 goto unlock_rtnl;
1602
1603         if (!rdev->ops->add_key) {
1604                 err = -EOPNOTSUPP;
1605                 goto out;
1606         }
1607
1608         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) {
1609                 err = -EINVAL;
1610                 goto out;
1611         }
1612
1613         wdev_lock(dev->ieee80211_ptr);
1614         err = nl80211_key_allowed(dev->ieee80211_ptr);
1615         if (!err)
1616                 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
1617                                          mac_addr, &key.p);
1618         wdev_unlock(dev->ieee80211_ptr);
1619
1620  out:
1621         cfg80211_unlock_rdev(rdev);
1622         dev_put(dev);
1623  unlock_rtnl:
1624         rtnl_unlock();
1625
1626         return err;
1627 }
1628
1629 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1630 {
1631         struct cfg80211_registered_device *rdev;
1632         int err;
1633         struct net_device *dev;
1634         u8 *mac_addr = NULL;
1635         struct key_parse key;
1636
1637         err = nl80211_parse_key(info, &key);
1638         if (err)
1639                 return err;
1640
1641         if (info->attrs[NL80211_ATTR_MAC])
1642                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1643
1644         rtnl_lock();
1645
1646         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1647         if (err)
1648                 goto unlock_rtnl;
1649
1650         if (!rdev->ops->del_key) {
1651                 err = -EOPNOTSUPP;
1652                 goto out;
1653         }
1654
1655         wdev_lock(dev->ieee80211_ptr);
1656         err = nl80211_key_allowed(dev->ieee80211_ptr);
1657         if (!err)
1658                 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr);
1659
1660 #ifdef CONFIG_CFG80211_WEXT
1661         if (!err) {
1662                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
1663                         dev->ieee80211_ptr->wext.default_key = -1;
1664                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
1665                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
1666         }
1667 #endif
1668         wdev_unlock(dev->ieee80211_ptr);
1669
1670  out:
1671         cfg80211_unlock_rdev(rdev);
1672         dev_put(dev);
1673
1674  unlock_rtnl:
1675         rtnl_unlock();
1676
1677         return err;
1678 }
1679
1680 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1681 {
1682         int (*call)(struct wiphy *wiphy, struct net_device *dev,
1683                     struct beacon_parameters *info);
1684         struct cfg80211_registered_device *rdev;
1685         int err;
1686         struct net_device *dev;
1687         struct beacon_parameters params;
1688         int haveinfo = 0;
1689
1690         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]))
1691                 return -EINVAL;
1692
1693         rtnl_lock();
1694
1695         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1696         if (err)
1697                 goto unlock_rtnl;
1698
1699         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1700             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1701                 err = -EOPNOTSUPP;
1702                 goto out;
1703         }
1704
1705         switch (info->genlhdr->cmd) {
1706         case NL80211_CMD_NEW_BEACON:
1707                 /* these are required for NEW_BEACON */
1708                 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
1709                     !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
1710                     !info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1711                         err = -EINVAL;
1712                         goto out;
1713                 }
1714
1715                 call = rdev->ops->add_beacon;
1716                 break;
1717         case NL80211_CMD_SET_BEACON:
1718                 call = rdev->ops->set_beacon;
1719                 break;
1720         default:
1721                 WARN_ON(1);
1722                 err = -EOPNOTSUPP;
1723                 goto out;
1724         }
1725
1726         if (!call) {
1727                 err = -EOPNOTSUPP;
1728                 goto out;
1729         }
1730
1731         memset(&params, 0, sizeof(params));
1732
1733         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
1734                 params.interval =
1735                     nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
1736                 haveinfo = 1;
1737         }
1738
1739         if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
1740                 params.dtim_period =
1741                     nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
1742                 haveinfo = 1;
1743         }
1744
1745         if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1746                 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1747                 params.head_len =
1748                     nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1749                 haveinfo = 1;
1750         }
1751
1752         if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
1753                 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1754                 params.tail_len =
1755                     nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1756                 haveinfo = 1;
1757         }
1758
1759         if (!haveinfo) {
1760                 err = -EINVAL;
1761                 goto out;
1762         }
1763
1764         err = call(&rdev->wiphy, dev, &params);
1765
1766  out:
1767         cfg80211_unlock_rdev(rdev);
1768         dev_put(dev);
1769  unlock_rtnl:
1770         rtnl_unlock();
1771
1772         return err;
1773 }
1774
1775 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
1776 {
1777         struct cfg80211_registered_device *rdev;
1778         int err;
1779         struct net_device *dev;
1780
1781         rtnl_lock();
1782
1783         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1784         if (err)
1785                 goto unlock_rtnl;
1786
1787         if (!rdev->ops->del_beacon) {
1788                 err = -EOPNOTSUPP;
1789                 goto out;
1790         }
1791
1792         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1793             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1794                 err = -EOPNOTSUPP;
1795                 goto out;
1796         }
1797         err = rdev->ops->del_beacon(&rdev->wiphy, dev);
1798
1799  out:
1800         cfg80211_unlock_rdev(rdev);
1801         dev_put(dev);
1802  unlock_rtnl:
1803         rtnl_unlock();
1804
1805         return err;
1806 }
1807
1808 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
1809         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
1810         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
1811         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
1812         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
1813 };
1814
1815 static int parse_station_flags(struct genl_info *info,
1816                                struct station_parameters *params)
1817 {
1818         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
1819         struct nlattr *nla;
1820         int flag;
1821
1822         /*
1823          * Try parsing the new attribute first so userspace
1824          * can specify both for older kernels.
1825          */
1826         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
1827         if (nla) {
1828                 struct nl80211_sta_flag_update *sta_flags;
1829
1830                 sta_flags = nla_data(nla);
1831                 params->sta_flags_mask = sta_flags->mask;
1832                 params->sta_flags_set = sta_flags->set;
1833                 if ((params->sta_flags_mask |
1834                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
1835                         return -EINVAL;
1836                 return 0;
1837         }
1838
1839         /* if present, parse the old attribute */
1840
1841         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
1842         if (!nla)
1843                 return 0;
1844
1845         if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
1846                              nla, sta_flags_policy))
1847                 return -EINVAL;
1848
1849         params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1;
1850         params->sta_flags_mask &= ~1;
1851
1852         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
1853                 if (flags[flag])
1854                         params->sta_flags_set |= (1<<flag);
1855
1856         return 0;
1857 }
1858
1859 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
1860                                 int flags, struct net_device *dev,
1861                                 const u8 *mac_addr, struct station_info *sinfo)
1862 {
1863         void *hdr;
1864         struct nlattr *sinfoattr, *txrate;
1865         u16 bitrate;
1866
1867         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
1868         if (!hdr)
1869                 return -1;
1870
1871         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1872         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1873
1874         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
1875
1876         sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
1877         if (!sinfoattr)
1878                 goto nla_put_failure;
1879         if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
1880                 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
1881                             sinfo->inactive_time);
1882         if (sinfo->filled & STATION_INFO_RX_BYTES)
1883                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
1884                             sinfo->rx_bytes);
1885         if (sinfo->filled & STATION_INFO_TX_BYTES)
1886                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
1887                             sinfo->tx_bytes);
1888         if (sinfo->filled & STATION_INFO_LLID)
1889                 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
1890                             sinfo->llid);
1891         if (sinfo->filled & STATION_INFO_PLID)
1892                 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
1893                             sinfo->plid);
1894         if (sinfo->filled & STATION_INFO_PLINK_STATE)
1895                 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
1896                             sinfo->plink_state);
1897         if (sinfo->filled & STATION_INFO_SIGNAL)
1898                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
1899                            sinfo->signal);
1900         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
1901                 txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE);
1902                 if (!txrate)
1903                         goto nla_put_failure;
1904
1905                 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
1906                 bitrate = cfg80211_calculate_bitrate(&sinfo->txrate);
1907                 if (bitrate > 0)
1908                         NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
1909
1910                 if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS)
1911                         NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS,
1912                                     sinfo->txrate.mcs);
1913                 if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
1914                         NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
1915                 if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI)
1916                         NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
1917
1918                 nla_nest_end(msg, txrate);
1919         }
1920         if (sinfo->filled & STATION_INFO_RX_PACKETS)
1921                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
1922                             sinfo->rx_packets);
1923         if (sinfo->filled & STATION_INFO_TX_PACKETS)
1924                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
1925                             sinfo->tx_packets);
1926         nla_nest_end(msg, sinfoattr);
1927
1928         return genlmsg_end(msg, hdr);
1929
1930  nla_put_failure:
1931         genlmsg_cancel(msg, hdr);
1932         return -EMSGSIZE;
1933 }
1934
1935 static int nl80211_dump_station(struct sk_buff *skb,
1936                                 struct netlink_callback *cb)
1937 {
1938         struct station_info sinfo;
1939         struct cfg80211_registered_device *dev;
1940         struct net_device *netdev;
1941         u8 mac_addr[ETH_ALEN];
1942         int ifidx = cb->args[0];
1943         int sta_idx = cb->args[1];
1944         int err;
1945
1946         if (!ifidx)
1947                 ifidx = nl80211_get_ifidx(cb);
1948         if (ifidx < 0)
1949                 return ifidx;
1950
1951         rtnl_lock();
1952
1953         netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1954         if (!netdev) {
1955                 err = -ENODEV;
1956                 goto out_rtnl;
1957         }
1958
1959         dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
1960         if (IS_ERR(dev)) {
1961                 err = PTR_ERR(dev);
1962                 goto out_rtnl;
1963         }
1964
1965         if (!dev->ops->dump_station) {
1966                 err = -EOPNOTSUPP;
1967                 goto out_err;
1968         }
1969
1970         while (1) {
1971                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
1972                                              mac_addr, &sinfo);
1973                 if (err == -ENOENT)
1974                         break;
1975                 if (err)
1976                         goto out_err;
1977
1978                 if (nl80211_send_station(skb,
1979                                 NETLINK_CB(cb->skb).pid,
1980                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1981                                 netdev, mac_addr,
1982                                 &sinfo) < 0)
1983                         goto out;
1984
1985                 sta_idx++;
1986         }
1987
1988
1989  out:
1990         cb->args[1] = sta_idx;
1991         err = skb->len;
1992  out_err:
1993         cfg80211_unlock_rdev(dev);
1994  out_rtnl:
1995         rtnl_unlock();
1996
1997         return err;
1998 }
1999
2000 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2001 {
2002         struct cfg80211_registered_device *rdev;
2003         int err;
2004         struct net_device *dev;
2005         struct station_info sinfo;
2006         struct sk_buff *msg;
2007         u8 *mac_addr = NULL;
2008
2009         memset(&sinfo, 0, sizeof(sinfo));
2010
2011         if (!info->attrs[NL80211_ATTR_MAC])
2012                 return -EINVAL;
2013
2014         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2015
2016         rtnl_lock();
2017
2018         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2019         if (err)
2020                 goto out_rtnl;
2021
2022         if (!rdev->ops->get_station) {
2023                 err = -EOPNOTSUPP;
2024                 goto out;
2025         }
2026
2027         err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2028         if (err)
2029                 goto out;
2030
2031         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2032         if (!msg)
2033                 goto out;
2034
2035         if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2036                                  dev, mac_addr, &sinfo) < 0)
2037                 goto out_free;
2038
2039         err = genlmsg_reply(msg, info);
2040         goto out;
2041
2042  out_free:
2043         nlmsg_free(msg);
2044  out:
2045         cfg80211_unlock_rdev(rdev);
2046         dev_put(dev);
2047  out_rtnl:
2048         rtnl_unlock();
2049
2050         return err;
2051 }
2052
2053 /*
2054  * Get vlan interface making sure it is running and on the right wiphy.
2055  */
2056 static int get_vlan(struct genl_info *info,
2057                     struct cfg80211_registered_device *rdev,
2058                     struct net_device **vlan)
2059 {
2060         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2061         *vlan = NULL;
2062
2063         if (vlanattr) {
2064                 *vlan = dev_get_by_index(genl_info_net(info),
2065                                          nla_get_u32(vlanattr));
2066                 if (!*vlan)
2067                         return -ENODEV;
2068                 if (!(*vlan)->ieee80211_ptr)
2069                         return -EINVAL;
2070                 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
2071                         return -EINVAL;
2072                 if (!netif_running(*vlan))
2073                         return -ENETDOWN;
2074         }
2075         return 0;
2076 }
2077
2078 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2079 {
2080         struct cfg80211_registered_device *rdev;
2081         int err;
2082         struct net_device *dev;
2083         struct station_parameters params;
2084         u8 *mac_addr = NULL;
2085
2086         memset(&params, 0, sizeof(params));
2087
2088         params.listen_interval = -1;
2089
2090         if (info->attrs[NL80211_ATTR_STA_AID])
2091                 return -EINVAL;
2092
2093         if (!info->attrs[NL80211_ATTR_MAC])
2094                 return -EINVAL;
2095
2096         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2097
2098         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2099                 params.supported_rates =
2100                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2101                 params.supported_rates_len =
2102                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2103         }
2104
2105         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2106                 params.listen_interval =
2107                     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2108
2109         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2110                 params.ht_capa =
2111                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2112
2113         if (parse_station_flags(info, &params))
2114                 return -EINVAL;
2115
2116         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2117                 params.plink_action =
2118                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2119
2120         rtnl_lock();
2121
2122         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2123         if (err)
2124                 goto out_rtnl;
2125
2126         err = get_vlan(info, rdev, &params.vlan);
2127         if (err)
2128                 goto out;
2129
2130         /* validate settings */
2131         err = 0;
2132
2133         switch (dev->ieee80211_ptr->iftype) {
2134         case NL80211_IFTYPE_AP:
2135         case NL80211_IFTYPE_AP_VLAN:
2136         case NL80211_IFTYPE_P2P_GO:
2137                 /* disallow mesh-specific things */
2138                 if (params.plink_action)
2139                         err = -EINVAL;
2140                 break;
2141         case NL80211_IFTYPE_P2P_CLIENT:
2142         case NL80211_IFTYPE_STATION:
2143                 /* disallow everything but AUTHORIZED flag */
2144                 if (params.plink_action)
2145                         err = -EINVAL;
2146                 if (params.vlan)
2147                         err = -EINVAL;
2148                 if (params.supported_rates)
2149                         err = -EINVAL;
2150                 if (params.ht_capa)
2151                         err = -EINVAL;
2152                 if (params.listen_interval >= 0)
2153                         err = -EINVAL;
2154                 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2155                         err = -EINVAL;
2156                 break;
2157         case NL80211_IFTYPE_MESH_POINT:
2158                 /* disallow things mesh doesn't support */
2159                 if (params.vlan)
2160                         err = -EINVAL;
2161                 if (params.ht_capa)
2162                         err = -EINVAL;
2163                 if (params.listen_interval >= 0)
2164                         err = -EINVAL;
2165                 if (params.supported_rates)
2166                         err = -EINVAL;
2167                 if (params.sta_flags_mask)
2168                         err = -EINVAL;
2169                 break;
2170         default:
2171                 err = -EINVAL;
2172         }
2173
2174         if (err)
2175                 goto out;
2176
2177         if (!rdev->ops->change_station) {
2178                 err = -EOPNOTSUPP;
2179                 goto out;
2180         }
2181
2182         err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2183
2184  out:
2185         if (params.vlan)
2186                 dev_put(params.vlan);
2187         cfg80211_unlock_rdev(rdev);
2188         dev_put(dev);
2189  out_rtnl:
2190         rtnl_unlock();
2191
2192         return err;
2193 }
2194
2195 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2196 {
2197         struct cfg80211_registered_device *rdev;
2198         int err;
2199         struct net_device *dev;
2200         struct station_parameters params;
2201         u8 *mac_addr = NULL;
2202
2203         memset(&params, 0, sizeof(params));
2204
2205         if (!info->attrs[NL80211_ATTR_MAC])
2206                 return -EINVAL;
2207
2208         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2209                 return -EINVAL;
2210
2211         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2212                 return -EINVAL;
2213
2214         if (!info->attrs[NL80211_ATTR_STA_AID])
2215                 return -EINVAL;
2216
2217         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2218         params.supported_rates =
2219                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2220         params.supported_rates_len =
2221                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2222         params.listen_interval =
2223                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2224
2225         params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2226         if (!params.aid || params.aid > IEEE80211_MAX_AID)
2227                 return -EINVAL;
2228
2229         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2230                 params.ht_capa =
2231                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2232
2233         if (parse_station_flags(info, &params))
2234                 return -EINVAL;
2235
2236         rtnl_lock();
2237
2238         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2239         if (err)
2240                 goto out_rtnl;
2241
2242         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2243             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2244             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
2245                 err = -EINVAL;
2246                 goto out;
2247         }
2248
2249         err = get_vlan(info, rdev, &params.vlan);
2250         if (err)
2251                 goto out;
2252
2253         /* validate settings */
2254         err = 0;
2255
2256         if (!rdev->ops->add_station) {
2257                 err = -EOPNOTSUPP;
2258                 goto out;
2259         }
2260
2261         if (!netif_running(dev)) {
2262                 err = -ENETDOWN;
2263                 goto out;
2264         }
2265
2266         err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2267
2268  out:
2269         if (params.vlan)
2270                 dev_put(params.vlan);
2271         cfg80211_unlock_rdev(rdev);
2272         dev_put(dev);
2273  out_rtnl:
2274         rtnl_unlock();
2275
2276         return err;
2277 }
2278
2279 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2280 {
2281         struct cfg80211_registered_device *rdev;
2282         int err;
2283         struct net_device *dev;
2284         u8 *mac_addr = NULL;
2285
2286         if (info->attrs[NL80211_ATTR_MAC])
2287                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2288
2289         rtnl_lock();
2290
2291         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2292         if (err)
2293                 goto out_rtnl;
2294
2295         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2296             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2297             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2298             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
2299                 err = -EINVAL;
2300                 goto out;
2301         }
2302
2303         if (!rdev->ops->del_station) {
2304                 err = -EOPNOTSUPP;
2305                 goto out;
2306         }
2307
2308         err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2309
2310  out:
2311         cfg80211_unlock_rdev(rdev);
2312         dev_put(dev);
2313  out_rtnl:
2314         rtnl_unlock();
2315
2316         return err;
2317 }
2318
2319 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2320                                 int flags, struct net_device *dev,
2321                                 u8 *dst, u8 *next_hop,
2322                                 struct mpath_info *pinfo)
2323 {
2324         void *hdr;
2325         struct nlattr *pinfoattr;
2326
2327         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2328         if (!hdr)
2329                 return -1;
2330
2331         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2332         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2333         NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2334
2335         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2336
2337         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2338         if (!pinfoattr)
2339                 goto nla_put_failure;
2340         if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2341                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2342                             pinfo->frame_qlen);
2343         if (pinfo->filled & MPATH_INFO_SN)
2344                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2345                             pinfo->sn);
2346         if (pinfo->filled & MPATH_INFO_METRIC)
2347                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2348                             pinfo->metric);
2349         if (pinfo->filled & MPATH_INFO_EXPTIME)
2350                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2351                             pinfo->exptime);
2352         if (pinfo->filled & MPATH_INFO_FLAGS)
2353                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2354                             pinfo->flags);
2355         if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2356                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2357                             pinfo->discovery_timeout);
2358         if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2359                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2360                             pinfo->discovery_retries);
2361
2362         nla_nest_end(msg, pinfoattr);
2363
2364         return genlmsg_end(msg, hdr);
2365
2366  nla_put_failure:
2367         genlmsg_cancel(msg, hdr);
2368         return -EMSGSIZE;
2369 }
2370
2371 static int nl80211_dump_mpath(struct sk_buff *skb,
2372                               struct netlink_callback *cb)
2373 {
2374         struct mpath_info pinfo;
2375         struct cfg80211_registered_device *dev;
2376         struct net_device *netdev;
2377         u8 dst[ETH_ALEN];
2378         u8 next_hop[ETH_ALEN];
2379         int ifidx = cb->args[0];
2380         int path_idx = cb->args[1];
2381         int err;
2382
2383         if (!ifidx)
2384                 ifidx = nl80211_get_ifidx(cb);
2385         if (ifidx < 0)
2386                 return ifidx;
2387
2388         rtnl_lock();
2389
2390         netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2391         if (!netdev) {
2392                 err = -ENODEV;
2393                 goto out_rtnl;
2394         }
2395
2396         dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
2397         if (IS_ERR(dev)) {
2398                 err = PTR_ERR(dev);
2399                 goto out_rtnl;
2400         }
2401
2402         if (!dev->ops->dump_mpath) {
2403                 err = -EOPNOTSUPP;
2404                 goto out_err;
2405         }
2406
2407         if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2408                 err = -EOPNOTSUPP;
2409                 goto out_err;
2410         }
2411
2412         while (1) {
2413                 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2414                                            dst, next_hop, &pinfo);
2415                 if (err == -ENOENT)
2416                         break;
2417                 if (err)
2418                         goto out_err;
2419
2420                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2421                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
2422                                        netdev, dst, next_hop,
2423                                        &pinfo) < 0)
2424                         goto out;
2425
2426                 path_idx++;
2427         }
2428
2429
2430  out:
2431         cb->args[1] = path_idx;
2432         err = skb->len;
2433  out_err:
2434         cfg80211_unlock_rdev(dev);
2435  out_rtnl:
2436         rtnl_unlock();
2437
2438         return err;
2439 }
2440
2441 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2442 {
2443         struct cfg80211_registered_device *rdev;
2444         int err;
2445         struct net_device *dev;
2446         struct mpath_info pinfo;
2447         struct sk_buff *msg;
2448         u8 *dst = NULL;
2449         u8 next_hop[ETH_ALEN];
2450
2451         memset(&pinfo, 0, sizeof(pinfo));
2452
2453         if (!info->attrs[NL80211_ATTR_MAC])
2454                 return -EINVAL;
2455
2456         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2457
2458         rtnl_lock();
2459
2460         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2461         if (err)
2462                 goto out_rtnl;
2463
2464         if (!rdev->ops->get_mpath) {
2465                 err = -EOPNOTSUPP;
2466                 goto out;
2467         }
2468
2469         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2470                 err = -EOPNOTSUPP;
2471                 goto out;
2472         }
2473
2474         err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2475         if (err)
2476                 goto out;
2477
2478         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2479         if (!msg)
2480                 goto out;
2481
2482         if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2483                                  dev, dst, next_hop, &pinfo) < 0)
2484                 goto out_free;
2485
2486         err = genlmsg_reply(msg, info);
2487         goto out;
2488
2489  out_free:
2490         nlmsg_free(msg);
2491  out:
2492         cfg80211_unlock_rdev(rdev);
2493         dev_put(dev);
2494  out_rtnl:
2495         rtnl_unlock();
2496
2497         return err;
2498 }
2499
2500 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
2501 {
2502         struct cfg80211_registered_device *rdev;
2503         int err;
2504         struct net_device *dev;
2505         u8 *dst = NULL;
2506         u8 *next_hop = NULL;
2507
2508         if (!info->attrs[NL80211_ATTR_MAC])
2509                 return -EINVAL;
2510
2511         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2512                 return -EINVAL;
2513
2514         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2515         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2516
2517         rtnl_lock();
2518
2519         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2520         if (err)
2521                 goto out_rtnl;
2522
2523         if (!rdev->ops->change_mpath) {
2524                 err = -EOPNOTSUPP;
2525                 goto out;
2526         }
2527
2528         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2529                 err = -EOPNOTSUPP;
2530                 goto out;
2531         }
2532
2533         if (!netif_running(dev)) {
2534                 err = -ENETDOWN;
2535                 goto out;
2536         }
2537
2538         err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
2539
2540  out:
2541         cfg80211_unlock_rdev(rdev);
2542         dev_put(dev);
2543  out_rtnl:
2544         rtnl_unlock();
2545
2546         return err;
2547 }
2548 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
2549 {
2550         struct cfg80211_registered_device *rdev;
2551         int err;
2552         struct net_device *dev;
2553         u8 *dst = NULL;
2554         u8 *next_hop = NULL;
2555
2556         if (!info->attrs[NL80211_ATTR_MAC])
2557                 return -EINVAL;
2558
2559         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2560                 return -EINVAL;
2561
2562         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2563         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2564
2565         rtnl_lock();
2566
2567         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2568         if (err)
2569                 goto out_rtnl;
2570
2571         if (!rdev->ops->add_mpath) {
2572                 err = -EOPNOTSUPP;
2573                 goto out;
2574         }
2575
2576         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2577                 err = -EOPNOTSUPP;
2578                 goto out;
2579         }
2580
2581         if (!netif_running(dev)) {
2582                 err = -ENETDOWN;
2583                 goto out;
2584         }
2585
2586         err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
2587
2588  out:
2589         cfg80211_unlock_rdev(rdev);
2590         dev_put(dev);
2591  out_rtnl:
2592         rtnl_unlock();
2593
2594         return err;
2595 }
2596
2597 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
2598 {
2599         struct cfg80211_registered_device *rdev;
2600         int err;
2601         struct net_device *dev;
2602         u8 *dst = NULL;
2603
2604         if (info->attrs[NL80211_ATTR_MAC])
2605                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2606
2607         rtnl_lock();
2608
2609         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2610         if (err)
2611                 goto out_rtnl;
2612
2613         if (!rdev->ops->del_mpath) {
2614                 err = -EOPNOTSUPP;
2615                 goto out;
2616         }
2617
2618         err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
2619
2620  out:
2621         cfg80211_unlock_rdev(rdev);
2622         dev_put(dev);
2623  out_rtnl:
2624         rtnl_unlock();
2625
2626         return err;
2627 }
2628
2629 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2630 {
2631         struct cfg80211_registered_device *rdev;
2632         int err;
2633         struct net_device *dev;
2634         struct bss_parameters params;
2635
2636         memset(&params, 0, sizeof(params));
2637         /* default to not changing parameters */
2638         params.use_cts_prot = -1;
2639         params.use_short_preamble = -1;
2640         params.use_short_slot_time = -1;
2641         params.ap_isolate = -1;
2642
2643         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
2644                 params.use_cts_prot =
2645                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
2646         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
2647                 params.use_short_preamble =
2648                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
2649         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
2650                 params.use_short_slot_time =
2651                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
2652         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
2653                 params.basic_rates =
2654                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2655                 params.basic_rates_len =
2656                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2657         }
2658         if (info->attrs[NL80211_ATTR_AP_ISOLATE])
2659                 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
2660
2661         rtnl_lock();
2662
2663         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2664         if (err)
2665                 goto out_rtnl;
2666
2667         if (!rdev->ops->change_bss) {
2668                 err = -EOPNOTSUPP;
2669                 goto out;
2670         }
2671
2672         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2673             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
2674                 err = -EOPNOTSUPP;
2675                 goto out;
2676         }
2677
2678         err = rdev->ops->change_bss(&rdev->wiphy, dev, &params);
2679
2680  out:
2681         cfg80211_unlock_rdev(rdev);
2682         dev_put(dev);
2683  out_rtnl:
2684         rtnl_unlock();
2685
2686         return err;
2687 }
2688
2689 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2690         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
2691         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
2692         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
2693         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
2694         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
2695         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
2696 };
2697
2698 static int parse_reg_rule(struct nlattr *tb[],
2699         struct ieee80211_reg_rule *reg_rule)
2700 {
2701         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
2702         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
2703
2704         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2705                 return -EINVAL;
2706         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2707                 return -EINVAL;
2708         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2709                 return -EINVAL;
2710         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2711                 return -EINVAL;
2712         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2713                 return -EINVAL;
2714
2715         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2716
2717         freq_range->start_freq_khz =
2718                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2719         freq_range->end_freq_khz =
2720                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2721         freq_range->max_bandwidth_khz =
2722                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2723
2724         power_rule->max_eirp =
2725                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2726
2727         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2728                 power_rule->max_antenna_gain =
2729                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2730
2731         return 0;
2732 }
2733
2734 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2735 {
2736         int r;
2737         char *data = NULL;
2738
2739         /*
2740          * You should only get this when cfg80211 hasn't yet initialized
2741          * completely when built-in to the kernel right between the time
2742          * window between nl80211_init() and regulatory_init(), if that is
2743          * even possible.
2744          */
2745         mutex_lock(&cfg80211_mutex);
2746         if (unlikely(!cfg80211_regdomain)) {
2747                 mutex_unlock(&cfg80211_mutex);
2748                 return -EINPROGRESS;
2749         }
2750         mutex_unlock(&cfg80211_mutex);
2751
2752         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2753                 return -EINVAL;
2754
2755         data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2756
2757         r = regulatory_hint_user(data);
2758
2759         return r;
2760 }
2761
2762 static int nl80211_get_mesh_params(struct sk_buff *skb,
2763         struct genl_info *info)
2764 {
2765         struct cfg80211_registered_device *rdev;
2766         struct mesh_config cur_params;
2767         int err;
2768         struct net_device *dev;
2769         void *hdr;
2770         struct nlattr *pinfoattr;
2771         struct sk_buff *msg;
2772
2773         rtnl_lock();
2774
2775         /* Look up our device */
2776         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2777         if (err)
2778                 goto out_rtnl;
2779
2780         if (!rdev->ops->get_mesh_params) {
2781                 err = -EOPNOTSUPP;
2782                 goto out;
2783         }
2784
2785         /* Get the mesh params */
2786         err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params);
2787         if (err)
2788                 goto out;
2789
2790         /* Draw up a netlink message to send back */
2791         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2792         if (!msg) {
2793                 err = -ENOBUFS;
2794                 goto out;
2795         }
2796         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2797                              NL80211_CMD_GET_MESH_PARAMS);
2798         if (!hdr)
2799                 goto nla_put_failure;
2800         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS);
2801         if (!pinfoattr)
2802                 goto nla_put_failure;
2803         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2804         NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2805                         cur_params.dot11MeshRetryTimeout);
2806         NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2807                         cur_params.dot11MeshConfirmTimeout);
2808         NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2809                         cur_params.dot11MeshHoldingTimeout);
2810         NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2811                         cur_params.dot11MeshMaxPeerLinks);
2812         NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2813                         cur_params.dot11MeshMaxRetries);
2814         NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2815                         cur_params.dot11MeshTTL);
2816         NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2817                         cur_params.auto_open_plinks);
2818         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2819                         cur_params.dot11MeshHWMPmaxPREQretries);
2820         NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2821                         cur_params.path_refresh_time);
2822         NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2823                         cur_params.min_discovery_timeout);
2824         NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2825                         cur_params.dot11MeshHWMPactivePathTimeout);
2826         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2827                         cur_params.dot11MeshHWMPpreqMinInterval);
2828         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2829                         cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2830         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
2831                         cur_params.dot11MeshHWMPRootMode);
2832         nla_nest_end(msg, pinfoattr);
2833         genlmsg_end(msg, hdr);
2834         err = genlmsg_reply(msg, info);
2835         goto out;
2836
2837  nla_put_failure:
2838         genlmsg_cancel(msg, hdr);
2839         nlmsg_free(msg);
2840         err = -EMSGSIZE;
2841  out:
2842         /* Cleanup */
2843         cfg80211_unlock_rdev(rdev);
2844         dev_put(dev);
2845  out_rtnl:
2846         rtnl_unlock();
2847
2848         return err;
2849 }
2850
2851 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
2852 do {\
2853         if (table[attr_num]) {\
2854                 cfg.param = nla_fn(table[attr_num]); \
2855                 mask |= (1 << (attr_num - 1)); \
2856         } \
2857 } while (0);\
2858
2859 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
2860         [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2861         [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2862         [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2863         [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2864         [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2865         [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2866         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2867
2868         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2869         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2870         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2871         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2872         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2873         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2874 };
2875
2876 static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2877 {
2878         int err;
2879         u32 mask;
2880         struct cfg80211_registered_device *rdev;
2881         struct net_device *dev;
2882         struct mesh_config cfg;
2883         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
2884         struct nlattr *parent_attr;
2885
2886         parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS];
2887         if (!parent_attr)
2888                 return -EINVAL;
2889         if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
2890                         parent_attr, nl80211_meshconf_params_policy))
2891                 return -EINVAL;
2892
2893         rtnl_lock();
2894
2895         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2896         if (err)
2897                 goto out_rtnl;
2898
2899         if (!rdev->ops->set_mesh_params) {
2900                 err = -EOPNOTSUPP;
2901                 goto out;
2902         }
2903
2904         /* This makes sure that there aren't more than 32 mesh config
2905          * parameters (otherwise our bitfield scheme would not work.) */
2906         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
2907
2908         /* Fill in the params struct */
2909         mask = 0;
2910         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
2911                         mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
2912         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
2913                         mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
2914         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
2915                         mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
2916         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
2917                         mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
2918         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
2919                         mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
2920         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
2921                         mask, NL80211_MESHCONF_TTL, nla_get_u8);
2922         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
2923                         mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
2924         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
2925                         mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2926                         nla_get_u8);
2927         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
2928                         mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
2929         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
2930                         mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2931                         nla_get_u16);
2932         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
2933                         mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2934                         nla_get_u32);
2935         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
2936                         mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2937                         nla_get_u16);
2938         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2939                         dot11MeshHWMPnetDiameterTraversalTime,
2940                         mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2941                         nla_get_u16);
2942         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2943                         dot11MeshHWMPRootMode, mask,
2944                         NL80211_MESHCONF_HWMP_ROOTMODE,
2945                         nla_get_u8);
2946
2947         /* Apply changes */
2948         err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask);
2949
2950  out:
2951         /* cleanup */
2952         cfg80211_unlock_rdev(rdev);
2953         dev_put(dev);
2954  out_rtnl:
2955         rtnl_unlock();
2956
2957         return err;
2958 }
2959
2960 #undef FILL_IN_MESH_PARAM_IF_SET
2961
2962 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
2963 {
2964         struct sk_buff *msg;
2965         void *hdr = NULL;
2966         struct nlattr *nl_reg_rules;
2967         unsigned int i;
2968         int err = -EINVAL;
2969
2970         mutex_lock(&cfg80211_mutex);
2971
2972         if (!cfg80211_regdomain)
2973                 goto out;
2974
2975         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2976         if (!msg) {
2977                 err = -ENOBUFS;
2978                 goto out;
2979         }
2980
2981         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2982                              NL80211_CMD_GET_REG);
2983         if (!hdr)
2984                 goto nla_put_failure;
2985
2986         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
2987                 cfg80211_regdomain->alpha2);
2988
2989         nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
2990         if (!nl_reg_rules)
2991                 goto nla_put_failure;
2992
2993         for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
2994                 struct nlattr *nl_reg_rule;
2995                 const struct ieee80211_reg_rule *reg_rule;
2996                 const struct ieee80211_freq_range *freq_range;
2997                 const struct ieee80211_power_rule *power_rule;
2998
2999                 reg_rule = &cfg80211_regdomain->reg_rules[i];
3000                 freq_range = &reg_rule->freq_range;
3001                 power_rule = &reg_rule->power_rule;
3002
3003                 nl_reg_rule = nla_nest_start(msg, i);
3004                 if (!nl_reg_rule)
3005                         goto nla_put_failure;
3006
3007                 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3008                         reg_rule->flags);
3009                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
3010                         freq_range->start_freq_khz);
3011                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
3012                         freq_range->end_freq_khz);
3013                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3014                         freq_range->max_bandwidth_khz);
3015                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3016                         power_rule->max_antenna_gain);
3017                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3018                         power_rule->max_eirp);
3019
3020                 nla_nest_end(msg, nl_reg_rule);
3021         }
3022
3023         nla_nest_end(msg, nl_reg_rules);
3024
3025         genlmsg_end(msg, hdr);
3026         err = genlmsg_reply(msg, info);
3027         goto out;
3028
3029 nla_put_failure:
3030         genlmsg_cancel(msg, hdr);
3031         nlmsg_free(msg);
3032         err = -EMSGSIZE;
3033 out:
3034         mutex_unlock(&cfg80211_mutex);
3035         return err;
3036 }
3037
3038 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3039 {
3040         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3041         struct nlattr *nl_reg_rule;
3042         char *alpha2 = NULL;
3043         int rem_reg_rules = 0, r = 0;
3044         u32 num_rules = 0, rule_idx = 0, size_of_regd;
3045         struct ieee80211_regdomain *rd = NULL;
3046
3047         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3048                 return -EINVAL;
3049
3050         if (!info->attrs[NL80211_ATTR_REG_RULES])
3051                 return -EINVAL;
3052
3053         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3054
3055         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3056                         rem_reg_rules) {
3057                 num_rules++;
3058                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3059                         return -EINVAL;
3060         }
3061
3062         mutex_lock(&cfg80211_mutex);
3063
3064         if (!reg_is_valid_request(alpha2)) {
3065                 r = -EINVAL;
3066                 goto bad_reg;
3067         }
3068
3069         size_of_regd = sizeof(struct ieee80211_regdomain) +
3070                 (num_rules * sizeof(struct ieee80211_reg_rule));
3071
3072         rd = kzalloc(size_of_regd, GFP_KERNEL);
3073         if (!rd) {
3074                 r = -ENOMEM;
3075                 goto bad_reg;
3076         }
3077
3078         rd->n_reg_rules = num_rules;
3079         rd->alpha2[0] = alpha2[0];
3080         rd->alpha2[1] = alpha2[1];
3081
3082         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3083                         rem_reg_rules) {
3084                 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3085                         nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3086                         reg_rule_policy);
3087                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3088                 if (r)
3089                         goto bad_reg;
3090
3091                 rule_idx++;
3092
3093                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3094                         r = -EINVAL;
3095                         goto bad_reg;
3096                 }
3097         }
3098
3099         BUG_ON(rule_idx != num_rules);
3100
3101         r = set_regdom(rd);
3102
3103         mutex_unlock(&cfg80211_mutex);
3104
3105         return r;
3106
3107  bad_reg:
3108         mutex_unlock(&cfg80211_mutex);
3109         kfree(rd);
3110         return r;
3111 }
3112
3113 static int validate_scan_freqs(struct nlattr *freqs)
3114 {
3115         struct nlattr *attr1, *attr2;
3116         int n_channels = 0, tmp1, tmp2;
3117
3118         nla_for_each_nested(attr1, freqs, tmp1) {
3119                 n_channels++;
3120                 /*
3121                  * Some hardware has a limited channel list for
3122                  * scanning, and it is pretty much nonsensical
3123                  * to scan for a channel twice, so disallow that
3124                  * and don't require drivers to check that the
3125                  * channel list they get isn't longer than what
3126                  * they can scan, as long as they can scan all
3127                  * the channels they registered at once.
3128                  */
3129                 nla_for_each_nested(attr2, freqs, tmp2)
3130                         if (attr1 != attr2 &&
3131                             nla_get_u32(attr1) == nla_get_u32(attr2))
3132                                 return 0;
3133         }
3134
3135         return n_channels;
3136 }
3137
3138 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3139 {
3140         struct cfg80211_registered_device *rdev;
3141         struct net_device *dev;
3142         struct cfg80211_scan_request *request;
3143         struct cfg80211_ssid *ssid;
3144         struct ieee80211_channel *channel;
3145         struct nlattr *attr;
3146         struct wiphy *wiphy;
3147         int err, tmp, n_ssids = 0, n_channels, i;
3148         enum ieee80211_band band;
3149         size_t ie_len;
3150
3151         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3152                 return -EINVAL;
3153
3154         rtnl_lock();
3155
3156         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3157         if (err)
3158                 goto out_rtnl;
3159
3160         wiphy = &rdev->wiphy;
3161
3162         if (!rdev->ops->scan) {
3163                 err = -EOPNOTSUPP;
3164                 goto out;
3165         }
3166
3167         if (!netif_running(dev)) {
3168                 err = -ENETDOWN;
3169                 goto out;
3170         }
3171
3172         if (rdev->scan_req) {
3173                 err = -EBUSY;
3174                 goto out;
3175         }
3176
3177         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3178                 n_channels = validate_scan_freqs(
3179                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3180                 if (!n_channels) {
3181                         err = -EINVAL;
3182                         goto out;
3183                 }
3184         } else {
3185                 n_channels = 0;
3186
3187                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3188                         if (wiphy->bands[band])
3189                                 n_channels += wiphy->bands[band]->n_channels;
3190         }
3191
3192         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3193                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3194                         n_ssids++;
3195
3196         if (n_ssids > wiphy->max_scan_ssids) {
3197                 err = -EINVAL;
3198                 goto out;
3199         }
3200
3201         if (info->attrs[NL80211_ATTR_IE])
3202                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3203         else
3204                 ie_len = 0;
3205
3206         if (ie_len > wiphy->max_scan_ie_len) {
3207                 err = -EINVAL;
3208                 goto out;
3209         }
3210
3211         request = kzalloc(sizeof(*request)
3212                         + sizeof(*ssid) * n_ssids
3213                         + sizeof(channel) * n_channels
3214                         + ie_len, GFP_KERNEL);
3215         if (!request) {
3216                 err = -ENOMEM;
3217                 goto out;
3218         }
3219
3220         if (n_ssids)
3221                 request->ssids = (void *)&request->channels[n_channels];
3222         request->n_ssids = n_ssids;
3223         if (ie_len) {
3224                 if (request->ssids)
3225                         request->ie = (void *)(request->ssids + n_ssids);
3226                 else
3227                         request->ie = (void *)(request->channels + n_channels);
3228         }
3229
3230         i = 0;
3231         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3232                 /* user specified, bail out if channel not found */
3233                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3234                         struct ieee80211_channel *chan;
3235
3236                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3237
3238                         if (!chan) {
3239                                 err = -EINVAL;
3240                                 goto out_free;
3241                         }
3242
3243                         /* ignore disabled channels */
3244                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3245                                 continue;
3246
3247                         request->channels[i] = chan;
3248                         i++;
3249                 }
3250         } else {
3251                 /* all channels */
3252                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3253                         int j;
3254                         if (!wiphy->bands[band])
3255                                 continue;
3256                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3257                                 struct ieee80211_channel *chan;
3258
3259                                 chan = &wiphy->bands[band]->channels[j];
3260
3261                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3262                                         continue;
3263
3264                                 request->channels[i] = chan;
3265                                 i++;
3266                         }
3267                 }
3268         }
3269
3270         if (!i) {
3271                 err = -EINVAL;
3272                 goto out_free;
3273         }
3274
3275         request->n_channels = i;
3276
3277         i = 0;
3278         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3279                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3280                         if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
3281                                 err = -EINVAL;
3282                                 goto out_free;
3283                         }
3284                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3285                         request->ssids[i].ssid_len = nla_len(attr);
3286                         i++;
3287                 }
3288         }
3289
3290         if (info->attrs[NL80211_ATTR_IE]) {
3291                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3292                 memcpy((void *)request->ie,
3293                        nla_data(info->attrs[NL80211_ATTR_IE]),
3294                        request->ie_len);
3295         }
3296
3297         request->dev = dev;
3298         request->wiphy = &rdev->wiphy;
3299
3300         rdev->scan_req = request;
3301         err = rdev->ops->scan(&rdev->wiphy, dev, request);
3302
3303         if (!err) {
3304                 nl80211_send_scan_start(rdev, dev);
3305                 dev_hold(dev);
3306         }
3307
3308  out_free:
3309         if (err) {
3310                 rdev->scan_req = NULL;
3311                 kfree(request);
3312         }
3313  out:
3314         cfg80211_unlock_rdev(rdev);
3315         dev_put(dev);
3316  out_rtnl:
3317         rtnl_unlock();
3318
3319         return err;
3320 }
3321
3322 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags,
3323                             struct cfg80211_registered_device *rdev,
3324                             struct wireless_dev *wdev,
3325                             struct cfg80211_internal_bss *intbss)
3326 {
3327         struct cfg80211_bss *res = &intbss->pub;
3328         void *hdr;
3329         struct nlattr *bss;
3330         int i;
3331
3332         ASSERT_WDEV_LOCK(wdev);
3333
3334         hdr = nl80211hdr_put(msg, pid, seq, flags,
3335                              NL80211_CMD_NEW_SCAN_RESULTS);
3336         if (!hdr)
3337                 return -1;
3338
3339         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
3340         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
3341
3342         bss = nla_nest_start(msg, NL80211_ATTR_BSS);
3343         if (!bss)
3344                 goto nla_put_failure;
3345         if (!is_zero_ether_addr(res->bssid))
3346                 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
3347         if (res->information_elements && res->len_information_elements)
3348                 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3349                         res->len_information_elements,
3350                         res->information_elements);
3351         if (res->beacon_ies && res->len_beacon_ies &&
3352             res->beacon_ies != res->information_elements)
3353                 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
3354                         res->len_beacon_ies, res->beacon_ies);
3355         if (res->tsf)
3356                 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3357         if (res->beacon_interval)
3358                 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3359         NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3360         NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3361         NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
3362                 jiffies_to_msecs(jiffies - intbss->ts));
3363
3364         switch (rdev->wiphy.signal_type) {
3365         case CFG80211_SIGNAL_TYPE_MBM:
3366                 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
3367                 break;
3368         case CFG80211_SIGNAL_TYPE_UNSPEC:
3369                 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
3370                 break;
3371         default:
3372                 break;
3373         }
3374
3375         switch (wdev->iftype) {
3376         case NL80211_IFTYPE_P2P_CLIENT:
3377         case NL80211_IFTYPE_STATION:
3378                 if (intbss == wdev->current_bss)
3379                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3380                                     NL80211_BSS_STATUS_ASSOCIATED);
3381                 else for (i = 0; i < MAX_AUTH_BSSES; i++) {
3382                         if (intbss != wdev->auth_bsses[i])
3383                                 continue;
3384                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3385                                     NL80211_BSS_STATUS_AUTHENTICATED);
3386                         break;
3387                 }
3388                 break;
3389         case NL80211_IFTYPE_ADHOC:
3390                 if (intbss == wdev->current_bss)
3391                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3392                                     NL80211_BSS_STATUS_IBSS_JOINED);
3393                 break;
3394         default:
3395                 break;
3396         }
3397
3398         nla_nest_end(msg, bss);
3399
3400         return genlmsg_end(msg, hdr);
3401
3402  nla_put_failure:
3403         genlmsg_cancel(msg, hdr);
3404         return -EMSGSIZE;
3405 }
3406
3407 static int nl80211_dump_scan(struct sk_buff *skb,
3408                              struct netlink_callback *cb)
3409 {
3410         struct cfg80211_registered_device *rdev;
3411         struct net_device *dev;
3412         struct cfg80211_internal_bss *scan;
3413         struct wireless_dev *wdev;
3414         int ifidx = cb->args[0];
3415         int start = cb->args[1], idx = 0;
3416         int err;
3417
3418         if (!ifidx)
3419                 ifidx = nl80211_get_ifidx(cb);
3420         if (ifidx < 0)
3421                 return ifidx;
3422         cb->args[0] = ifidx;
3423
3424         dev = dev_get_by_index(sock_net(skb->sk), ifidx);
3425         if (!dev)
3426                 return -ENODEV;
3427
3428         rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3429         if (IS_ERR(rdev)) {
3430                 err = PTR_ERR(rdev);
3431                 goto out_put_netdev;
3432         }
3433
3434         wdev = dev->ieee80211_ptr;
3435
3436         wdev_lock(wdev);
3437         spin_lock_bh(&rdev->bss_lock);
3438         cfg80211_bss_expire(rdev);
3439
3440         list_for_each_entry(scan, &rdev->bss_list, list) {
3441                 if (++idx <= start)
3442                         continue;
3443                 if (nl80211_send_bss(skb,
3444                                 NETLINK_CB(cb->skb).pid,
3445                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3446                                 rdev, wdev, scan) < 0) {
3447                         idx--;
3448                         goto out;
3449                 }
3450         }
3451
3452  out:
3453         spin_unlock_bh(&rdev->bss_lock);
3454         wdev_unlock(wdev);
3455
3456         cb->args[1] = idx;
3457         err = skb->len;
3458         cfg80211_unlock_rdev(rdev);
3459  out_put_netdev:
3460         dev_put(dev);
3461
3462         return err;
3463 }
3464
3465 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
3466                                 int flags, struct net_device *dev,
3467                                 struct survey_info *survey)
3468 {
3469         void *hdr;
3470         struct nlattr *infoattr;
3471
3472         /* Survey without a channel doesn't make sense */
3473         if (!survey->channel)
3474                 return -EINVAL;
3475
3476         hdr = nl80211hdr_put(msg, pid, seq, flags,
3477                              NL80211_CMD_NEW_SURVEY_RESULTS);
3478         if (!hdr)
3479                 return -ENOMEM;
3480
3481         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3482
3483         infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
3484         if (!infoattr)
3485                 goto nla_put_failure;
3486
3487         NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
3488                     survey->channel->center_freq);
3489         if (survey->filled & SURVEY_INFO_NOISE_DBM)
3490                 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
3491                             survey->noise);
3492
3493         nla_nest_end(msg, infoattr);
3494
3495         return genlmsg_end(msg, hdr);
3496
3497  nla_put_failure:
3498         genlmsg_cancel(msg, hdr);
3499         return -EMSGSIZE;
3500 }
3501
3502 static int nl80211_dump_survey(struct sk_buff *skb,
3503                         struct netlink_callback *cb)
3504 {
3505         struct survey_info survey;
3506         struct cfg80211_registered_device *dev;
3507         struct net_device *netdev;
3508         int ifidx = cb->args[0];
3509         int survey_idx = cb->args[1];
3510         int res;
3511
3512         if (!ifidx)
3513                 ifidx = nl80211_get_ifidx(cb);
3514         if (ifidx < 0)
3515                 return ifidx;
3516         cb->args[0] = ifidx;
3517
3518         rtnl_lock();
3519
3520         netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3521         if (!netdev) {
3522                 res = -ENODEV;
3523                 goto out_rtnl;
3524         }
3525
3526         dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3527         if (IS_ERR(dev)) {
3528                 res = PTR_ERR(dev);
3529                 goto out_rtnl;
3530         }
3531
3532         if (!dev->ops->dump_survey) {
3533                 res = -EOPNOTSUPP;
3534                 goto out_err;
3535         }
3536
3537         while (1) {
3538                 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
3539                                             &survey);
3540                 if (res == -ENOENT)
3541                         break;
3542                 if (res)
3543                         goto out_err;
3544
3545                 if (nl80211_send_survey(skb,
3546                                 NETLINK_CB(cb->skb).pid,
3547                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3548                                 netdev,
3549                                 &survey) < 0)
3550                         goto out;
3551                 survey_idx++;
3552         }
3553
3554  out:
3555         cb->args[1] = survey_idx;
3556         res = skb->len;
3557  out_err:
3558         cfg80211_unlock_rdev(dev);
3559  out_rtnl:
3560         rtnl_unlock();
3561
3562         return res;
3563 }
3564
3565 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3566 {
3567         return auth_type <= NL80211_AUTHTYPE_MAX;
3568 }
3569
3570 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
3571 {
3572         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
3573                                   NL80211_WPA_VERSION_2));
3574 }
3575
3576 static bool nl80211_valid_akm_suite(u32 akm)
3577 {
3578         return akm == WLAN_AKM_SUITE_8021X ||
3579                 akm == WLAN_AKM_SUITE_PSK;
3580 }
3581
3582 static bool nl80211_valid_cipher_suite(u32 cipher)
3583 {
3584         return cipher == WLAN_CIPHER_SUITE_WEP40 ||
3585                 cipher == WLAN_CIPHER_SUITE_WEP104 ||
3586                 cipher == WLAN_CIPHER_SUITE_TKIP ||
3587                 cipher == WLAN_CIPHER_SUITE_CCMP ||
3588                 cipher == WLAN_CIPHER_SUITE_AES_CMAC;
3589 }
3590
3591
3592 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
3593 {
3594         struct cfg80211_registered_device *rdev;
3595         struct net_device *dev;
3596         struct ieee80211_channel *chan;
3597         const u8 *bssid, *ssid, *ie = NULL;
3598         int err, ssid_len, ie_len = 0;
3599         enum nl80211_auth_type auth_type;
3600         struct key_parse key;
3601         bool local_state_change;
3602
3603         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3604                 return -EINVAL;
3605
3606         if (!info->attrs[NL80211_ATTR_MAC])
3607                 return -EINVAL;
3608
3609         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
3610                 return -EINVAL;
3611
3612         if (!info->attrs[NL80211_ATTR_SSID])
3613                 return -EINVAL;
3614
3615         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
3616                 return -EINVAL;
3617
3618         err = nl80211_parse_key(info, &key);
3619         if (err)
3620                 return err;
3621
3622         if (key.idx >= 0) {
3623                 if (!key.p.key || !key.p.key_len)
3624                         return -EINVAL;
3625                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
3626                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
3627                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
3628                      key.p.key_len != WLAN_KEY_LEN_WEP104))
3629                         return -EINVAL;
3630                 if (key.idx > 4)
3631                         return -EINVAL;
3632         } else {
3633                 key.p.key_len = 0;
3634                 key.p.key = NULL;
3635         }
3636
3637         rtnl_lock();
3638
3639         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3640         if (err)
3641                 goto unlock_rtnl;
3642
3643         if (key.idx >= 0) {
3644                 int i;
3645                 bool ok = false;
3646                 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
3647                         if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
3648                                 ok = true;
3649                                 break;
3650                         }
3651                 }
3652                 if (!ok) {
3653                         err = -EINVAL;
3654                         goto out;
3655                 }
3656         }
3657
3658         if (!rdev->ops->auth) {
3659                 err = -EOPNOTSUPP;
3660                 goto out;
3661         }
3662
3663         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3664             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
3665                 err = -EOPNOTSUPP;
3666                 goto out;
3667         }
3668
3669         if (!netif_running(dev)) {
3670                 err = -ENETDOWN;
3671                 goto out;
3672         }
3673
3674         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3675         chan = ieee80211_get_channel(&rdev->wiphy,
3676                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3677         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3678                 err = -EINVAL;
3679                 goto out;
3680         }
3681
3682         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3683         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3684
3685         if (info->attrs[NL80211_ATTR_IE]) {
3686                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3687                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3688         }
3689
3690         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
3691         if (!nl80211_valid_auth_type(auth_type)) {
3692                 err = -EINVAL;
3693                 goto out;
3694         }
3695
3696         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3697
3698         err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
3699                                  ssid, ssid_len, ie, ie_len,
3700                                  key.p.key, key.p.key_len, key.idx,
3701                                  local_state_change);
3702
3703 out:
3704         cfg80211_unlock_rdev(rdev);
3705         dev_put(dev);
3706 unlock_rtnl:
3707         rtnl_unlock();
3708         return err;
3709 }
3710
3711 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
3712                                    struct genl_info *info,
3713                                    struct cfg80211_crypto_settings *settings,
3714                                    int cipher_limit)
3715 {
3716         memset(settings, 0, sizeof(*settings));
3717
3718         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
3719
3720         if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
3721                 u16 proto;
3722                 proto = nla_get_u16(
3723                         info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
3724                 settings->control_port_ethertype = cpu_to_be16(proto);
3725                 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
3726                     proto != ETH_P_PAE)
3727                         return -EINVAL;
3728                 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
3729                         settings->control_port_no_encrypt = true;
3730         } else
3731                 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
3732
3733         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
3734                 void *data;
3735                 int len, i;
3736
3737                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3738                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3739                 settings->n_ciphers_pairwise = len / sizeof(u32);
3740
3741                 if (len % sizeof(u32))
3742                         return -EINVAL;
3743
3744                 if (settings->n_ciphers_pairwise > cipher_limit)
3745                         return -EINVAL;
3746
3747                 memcpy(settings->ciphers_pairwise, data, len);
3748
3749                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3750                         if (!nl80211_valid_cipher_suite(
3751                                         settings->ciphers_pairwise[i]))
3752                                 return -EINVAL;
3753         }
3754
3755         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
3756                 settings->cipher_group =
3757                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
3758                 if (!nl80211_valid_cipher_suite(settings->cipher_group))
3759                         return -EINVAL;
3760         }
3761
3762         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
3763                 settings->wpa_versions =
3764                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
3765                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
3766                         return -EINVAL;
3767         }
3768
3769         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
3770                 void *data;
3771                 int len, i;
3772
3773                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
3774                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
3775                 settings->n_akm_suites = len / sizeof(u32);
3776
3777                 if (len % sizeof(u32))
3778                         return -EINVAL;
3779
3780                 memcpy(settings->akm_suites, data, len);
3781
3782                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3783                         if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
3784                                 return -EINVAL;
3785         }
3786
3787         return 0;
3788 }
3789
3790 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
3791 {
3792         struct cfg80211_registered_device *rdev;
3793         struct net_device *dev;
3794         struct cfg80211_crypto_settings crypto;
3795         struct ieee80211_channel *chan;
3796         const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
3797         int err, ssid_len, ie_len = 0;
3798         bool use_mfp = false;
3799
3800         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3801                 return -EINVAL;
3802
3803         if (!info->attrs[NL80211_ATTR_MAC] ||
3804             !info->attrs[NL80211_ATTR_SSID] ||
3805             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
3806                 return -EINVAL;
3807
3808         rtnl_lock();
3809
3810         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3811         if (err)
3812                 goto unlock_rtnl;
3813
3814         if (!rdev->ops->assoc) {
3815                 err = -EOPNOTSUPP;
3816                 goto out;
3817         }
3818
3819         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3820             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
3821                 err = -EOPNOTSUPP;
3822                 goto out;
3823         }
3824
3825         if (!netif_running(dev)) {
3826                 err = -ENETDOWN;
3827                 goto out;
3828         }
3829
3830         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3831
3832         chan = ieee80211_get_channel(&rdev->wiphy,
3833                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3834         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3835                 err = -EINVAL;
3836                 goto out;
3837         }
3838
3839         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3840         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3841
3842         if (info->attrs[NL80211_ATTR_IE]) {
3843                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3844                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3845         }
3846
3847         if (info->attrs[NL80211_ATTR_USE_MFP]) {
3848                 enum nl80211_mfp mfp =
3849                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
3850                 if (mfp == NL80211_MFP_REQUIRED)
3851                         use_mfp = true;
3852                 else if (mfp != NL80211_MFP_NO) {
3853                         err = -EINVAL;
3854                         goto out;
3855                 }
3856         }
3857
3858         if (info->attrs[NL80211_ATTR_PREV_BSSID])
3859                 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
3860
3861         err = nl80211_crypto_settings(rdev, info, &crypto, 1);
3862         if (!err)
3863                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
3864                                           ssid, ssid_len, ie, ie_len, use_mfp,
3865                                           &crypto);
3866
3867 out:
3868         cfg80211_unlock_rdev(rdev);
3869         dev_put(dev);
3870 unlock_rtnl:
3871         rtnl_unlock();
3872         return err;
3873 }
3874
3875 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
3876 {
3877         struct cfg80211_registered_device *rdev;
3878         struct net_device *dev;
3879         const u8 *ie = NULL, *bssid;
3880         int err, ie_len = 0;
3881         u16 reason_code;
3882         bool local_state_change;
3883
3884         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3885                 return -EINVAL;
3886
3887         if (!info->attrs[NL80211_ATTR_MAC])
3888                 return -EINVAL;
3889
3890         if (!info->attrs[NL80211_ATTR_REASON_CODE])
3891                 return -EINVAL;
3892
3893         rtnl_lock();
3894
3895         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3896         if (err)
3897                 goto unlock_rtnl;
3898
3899         if (!rdev->ops->deauth) {
3900                 err = -EOPNOTSUPP;
3901                 goto out;
3902         }
3903
3904         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3905             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
3906                 err = -EOPNOTSUPP;
3907                 goto out;
3908         }
3909
3910         if (!netif_running(dev)) {
3911                 err = -ENETDOWN;
3912                 goto out;
3913         }
3914
3915         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3916
3917         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3918         if (reason_code == 0) {
3919                 /* Reason Code 0 is reserved */
3920                 err = -EINVAL;
3921                 goto out;
3922         }
3923
3924         if (info->attrs[NL80211_ATTR_IE]) {
3925                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3926                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3927         }
3928
3929         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3930
3931         err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
3932                                    local_state_change);
3933
3934 out:
3935         cfg80211_unlock_rdev(rdev);
3936         dev_put(dev);
3937 unlock_rtnl:
3938         rtnl_unlock();
3939         return err;
3940 }
3941
3942 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
3943 {
3944         struct cfg80211_registered_device *rdev;
3945         struct net_device *dev;
3946         const u8 *ie = NULL, *bssid;
3947         int err, ie_len = 0;
3948         u16 reason_code;
3949         bool local_state_change;
3950
3951         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3952                 return -EINVAL;
3953
3954         if (!info->attrs[NL80211_ATTR_MAC])
3955                 return -EINVAL;
3956
3957         if (!info->attrs[NL80211_ATTR_REASON_CODE])
3958                 return -EINVAL;
3959
3960         rtnl_lock();
3961
3962         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3963         if (err)
3964                 goto unlock_rtnl;
3965
3966         if (!rdev->ops->disassoc) {
3967                 err = -EOPNOTSUPP;
3968                 goto out;
3969         }
3970
3971         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3972             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
3973                 err = -EOPNOTSUPP;
3974                 goto out;
3975         }
3976
3977         if (!netif_running(dev)) {
3978                 err = -ENETDOWN;
3979                 goto out;
3980         }
3981
3982         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3983
3984         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3985         if (reason_code == 0) {
3986                 /* Reason Code 0 is reserved */
3987                 err = -EINVAL;
3988                 goto out;
3989         }
3990
3991         if (info->attrs[NL80211_ATTR_IE]) {
3992                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3993                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3994         }
3995
3996         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3997
3998         err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
3999                                      local_state_change);
4000
4001 out:
4002         cfg80211_unlock_rdev(rdev);
4003         dev_put(dev);
4004 unlock_rtnl:
4005         rtnl_unlock();
4006         return err;
4007 }
4008
4009 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
4010 {
4011         struct cfg80211_registered_device *rdev;
4012         struct net_device *dev;
4013         struct cfg80211_ibss_params ibss;
4014         struct wiphy *wiphy;
4015         struct cfg80211_cached_keys *connkeys = NULL;
4016         int err;
4017
4018         memset(&ibss, 0, sizeof(ibss));
4019
4020         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4021                 return -EINVAL;
4022
4023         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4024             !info->attrs[NL80211_ATTR_SSID] ||
4025             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4026                 return -EINVAL;
4027
4028         ibss.beacon_interval = 100;
4029
4030         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
4031                 ibss.beacon_interval =
4032                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4033                 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
4034                         return -EINVAL;
4035         }
4036
4037         rtnl_lock();
4038
4039         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4040         if (err)
4041                 goto unlock_rtnl;
4042
4043         if (!rdev->ops->join_ibss) {
4044                 err = -EOPNOTSUPP;
4045                 goto out;
4046         }
4047
4048         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
4049                 err = -EOPNOTSUPP;
4050                 goto out;
4051         }
4052
4053         if (!netif_running(dev)) {
4054                 err = -ENETDOWN;
4055                 goto out;
4056         }
4057
4058         wiphy = &rdev->wiphy;
4059
4060         if (info->attrs[NL80211_ATTR_MAC])
4061                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4062         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4063         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4064
4065         if (info->attrs[NL80211_ATTR_IE]) {
4066                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4067                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4068         }
4069
4070         ibss.channel = ieee80211_get_channel(wiphy,
4071                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4072         if (!ibss.channel ||
4073             ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4074             ibss.channel->flags & IEEE80211_CHAN_DISABLED) {
4075                 err = -EINVAL;
4076                 goto out;
4077         }
4078
4079         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4080         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4081
4082         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4083                 connkeys = nl80211_parse_connkeys(rdev,
4084                                         info->attrs[NL80211_ATTR_KEYS]);
4085                 if (IS_ERR(connkeys)) {
4086                         err = PTR_ERR(connkeys);
4087                         connkeys = NULL;
4088                         goto out;
4089                 }
4090         }
4091
4092         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4093                 u8 *rates =
4094                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4095                 int n_rates =
4096                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4097                 struct ieee80211_supported_band *sband =
4098                         wiphy->bands[ibss.channel->band];
4099                 int i, j;
4100
4101                 if (n_rates == 0) {
4102                         err = -EINVAL;
4103                         goto out;
4104                 }
4105
4106                 for (i = 0; i < n_rates; i++) {
4107                         int rate = (rates[i] & 0x7f) * 5;
4108                         bool found = false;
4109
4110                         for (j = 0; j < sband->n_bitrates; j++) {
4111                                 if (sband->bitrates[j].bitrate == rate) {
4112                                         found = true;
4113                                         ibss.basic_rates |= BIT(j);
4114                                         break;
4115                                 }
4116                         }
4117                         if (!found) {
4118                                 err = -EINVAL;
4119                                 goto out;
4120                         }
4121                 }
4122         } else {
4123                 /*
4124                 * If no rates were explicitly configured,
4125                 * use the mandatory rate set for 11b or
4126                 * 11a for maximum compatibility.
4127                 */
4128                 struct ieee80211_supported_band *sband =
4129                         wiphy->bands[ibss.channel->band];
4130                 int j;
4131                 u32 flag = ibss.channel->band == IEEE80211_BAND_5GHZ ?
4132                         IEEE80211_RATE_MANDATORY_A :
4133                         IEEE80211_RATE_MANDATORY_B;
4134
4135                 for (j = 0; j < sband->n_bitrates; j++) {
4136                         if (sband->bitrates[j].flags & flag)
4137                                 ibss.basic_rates |= BIT(j);
4138                 }
4139         }
4140
4141         err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4142
4143 out:
4144         cfg80211_unlock_rdev(rdev);
4145         dev_put(dev);
4146 unlock_rtnl:
4147         if (err)
4148                 kfree(connkeys);
4149         rtnl_unlock();
4150         return err;
4151 }
4152
4153 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4154 {
4155         struct cfg80211_registered_device *rdev;
4156         struct net_device *dev;
4157         int err;
4158
4159         rtnl_lock();
4160
4161         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4162         if (err)
4163                 goto unlock_rtnl;
4164
4165         if (!rdev->ops->leave_ibss) {
4166                 err = -EOPNOTSUPP;
4167                 goto out;
4168         }
4169
4170         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
4171                 err = -EOPNOTSUPP;
4172                 goto out;
4173         }
4174
4175         if (!netif_running(dev)) {
4176                 err = -ENETDOWN;
4177                 goto out;
4178         }
4179
4180         err = cfg80211_leave_ibss(rdev, dev, false);
4181
4182 out:
4183         cfg80211_unlock_rdev(rdev);
4184         dev_put(dev);
4185 unlock_rtnl:
4186         rtnl_unlock();
4187         return err;
4188 }
4189
4190 #ifdef CONFIG_NL80211_TESTMODE
4191 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4192         .name = "testmode",
4193 };
4194
4195 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4196 {
4197         struct cfg80211_registered_device *rdev;
4198         int err;
4199
4200         if (!info->attrs[NL80211_ATTR_TESTDATA])
4201                 return -EINVAL;
4202
4203         rtnl_lock();
4204
4205         rdev = cfg80211_get_dev_from_info(info);
4206         if (IS_ERR(rdev)) {
4207                 err = PTR_ERR(rdev);
4208                 goto unlock_rtnl;
4209         }
4210
4211         err = -EOPNOTSUPP;
4212         if (rdev->ops->testmode_cmd) {
4213                 rdev->testmode_info = info;
4214                 err = rdev->ops->testmode_cmd(&rdev->wiphy,
4215                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4216                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4217                 rdev->testmode_info = NULL;
4218         }
4219
4220         cfg80211_unlock_rdev(rdev);
4221
4222  unlock_rtnl:
4223         rtnl_unlock();
4224         return err;
4225 }
4226
4227 static struct sk_buff *
4228 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
4229                               int approxlen, u32 pid, u32 seq, gfp_t gfp)
4230 {
4231         struct sk_buff *skb;
4232         void *hdr;
4233         struct nlattr *data;
4234
4235         skb = nlmsg_new(approxlen + 100, gfp);
4236         if (!skb)
4237                 return NULL;
4238
4239         hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
4240         if (!hdr) {
4241                 kfree_skb(skb);
4242                 return NULL;
4243         }
4244
4245         NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4246         data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4247
4248         ((void **)skb->cb)[0] = rdev;
4249         ((void **)skb->cb)[1] = hdr;
4250         ((void **)skb->cb)[2] = data;
4251
4252         return skb;
4253
4254  nla_put_failure:
4255         kfree_skb(skb);
4256         return NULL;
4257 }
4258
4259 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
4260                                                   int approxlen)
4261 {
4262         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4263
4264         if (WARN_ON(!rdev->testmode_info))
4265                 return NULL;
4266
4267         return __cfg80211_testmode_alloc_skb(rdev, approxlen,
4268                                 rdev->testmode_info->snd_pid,
4269                                 rdev->testmode_info->snd_seq,
4270                                 GFP_KERNEL);
4271 }
4272 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
4273
4274 int cfg80211_testmode_reply(struct sk_buff *skb)
4275 {
4276         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
4277         void *hdr = ((void **)skb->cb)[1];
4278         struct nlattr *data = ((void **)skb->cb)[2];
4279
4280         if (WARN_ON(!rdev->testmode_info)) {
4281                 kfree_skb(skb);
4282                 return -EINVAL;
4283         }
4284
4285         nla_nest_end(skb, data);
4286         genlmsg_end(skb, hdr);
4287         return genlmsg_reply(skb, rdev->testmode_info);
4288 }
4289 EXPORT_SYMBOL(cfg80211_testmode_reply);
4290
4291 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
4292                                                   int approxlen, gfp_t gfp)
4293 {
4294         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4295
4296         return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
4297 }
4298 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
4299
4300 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
4301 {
4302         void *hdr = ((void **)skb->cb)[1];
4303         struct nlattr *data = ((void **)skb->cb)[2];
4304
4305         nla_nest_end(skb, data);
4306         genlmsg_end(skb, hdr);
4307         genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
4308 }
4309 EXPORT_SYMBOL(cfg80211_testmode_event);
4310 #endif
4311
4312 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
4313 {
4314         struct cfg80211_registered_device *rdev;
4315         struct net_device *dev;
4316         struct cfg80211_connect_params connect;
4317         struct wiphy *wiphy;
4318         struct cfg80211_cached_keys *connkeys = NULL;
4319         int err;
4320
4321         memset(&connect, 0, sizeof(connect));
4322
4323         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4324                 return -EINVAL;
4325
4326         if (!info->attrs[NL80211_ATTR_SSID] ||
4327             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4328                 return -EINVAL;
4329
4330         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4331                 connect.auth_type =
4332                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4333                 if (!nl80211_valid_auth_type(connect.auth_type))
4334                         return -EINVAL;
4335         } else
4336                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4337
4338         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
4339
4340         err = nl80211_crypto_settings(rdev, info, &connect.crypto,
4341                                       NL80211_MAX_NR_CIPHER_SUITES);
4342         if (err)
4343                 return err;
4344         rtnl_lock();
4345
4346         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4347         if (err)
4348                 goto unlock_rtnl;
4349
4350         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4351             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
4352                 err = -EOPNOTSUPP;
4353                 goto out;
4354         }
4355
4356         if (!netif_running(dev)) {
4357                 err = -ENETDOWN;
4358                 goto out;
4359         }
4360
4361         wiphy = &rdev->wiphy;
4362
4363         if (info->attrs[NL80211_ATTR_MAC])
4364                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4365         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4366         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4367
4368         if (info->attrs[NL80211_ATTR_IE]) {
4369                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4370                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4371         }
4372
4373         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4374                 connect.channel =
4375                         ieee80211_get_channel(wiphy,
4376                             nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4377                 if (!connect.channel ||
4378                     connect.channel->flags & IEEE80211_CHAN_DISABLED) {
4379                         err = -EINVAL;
4380                         goto out;
4381                 }
4382         }
4383
4384         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4385                 connkeys = nl80211_parse_connkeys(rdev,
4386                                         info->attrs[NL80211_ATTR_KEYS]);
4387                 if (IS_ERR(connkeys)) {
4388                         err = PTR_ERR(connkeys);
4389                         connkeys = NULL;
4390                         goto out;
4391                 }
4392         }
4393
4394         err = cfg80211_connect(rdev, dev, &connect, connkeys);
4395
4396 out:
4397         cfg80211_unlock_rdev(rdev);
4398         dev_put(dev);
4399 unlock_rtnl:
4400         if (err)
4401                 kfree(connkeys);
4402         rtnl_unlock();
4403         return err;
4404 }
4405
4406 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
4407 {
4408         struct cfg80211_registered_device *rdev;
4409         struct net_device *dev;
4410         int err;
4411         u16 reason;
4412
4413         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4414                 reason = WLAN_REASON_DEAUTH_LEAVING;
4415         else
4416                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4417
4418         if (reason == 0)
4419                 return -EINVAL;
4420
4421         rtnl_lock();
4422
4423         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4424         if (err)
4425                 goto unlock_rtnl;
4426
4427         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4428             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
4429                 err = -EOPNOTSUPP;
4430                 goto out;
4431         }
4432
4433         if (!netif_running(dev)) {
4434                 err = -ENETDOWN;
4435                 goto out;
4436         }
4437
4438         err = cfg80211_disconnect(rdev, dev, reason, true);
4439
4440 out:
4441         cfg80211_unlock_rdev(rdev);
4442         dev_put(dev);
4443 unlock_rtnl:
4444         rtnl_unlock();
4445         return err;
4446 }
4447
4448 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4449 {
4450         struct cfg80211_registered_device *rdev;
4451         struct net *net;
4452         int err;
4453         u32 pid;
4454
4455         if (!info->attrs[NL80211_ATTR_PID])
4456                 return -EINVAL;
4457
4458         pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
4459
4460         rtnl_lock();
4461
4462         rdev = cfg80211_get_dev_from_info(info);
4463         if (IS_ERR(rdev)) {
4464                 err = PTR_ERR(rdev);
4465                 goto out_rtnl;
4466         }
4467
4468         net = get_net_ns_by_pid(pid);
4469         if (IS_ERR(net)) {
4470                 err = PTR_ERR(net);
4471                 goto out;
4472         }
4473
4474         err = 0;
4475
4476         /* check if anything to do */
4477         if (net_eq(wiphy_net(&rdev->wiphy), net))
4478                 goto out_put_net;
4479
4480         err = cfg80211_switch_netns(rdev, net);
4481  out_put_net:
4482         put_net(net);
4483  out:
4484         cfg80211_unlock_rdev(rdev);
4485  out_rtnl:
4486         rtnl_unlock();
4487         return err;
4488 }
4489
4490 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
4491 {
4492         struct cfg80211_registered_device *rdev;
4493         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
4494                         struct cfg80211_pmksa *pmksa) = NULL;
4495         int err;
4496         struct net_device *dev;
4497         struct cfg80211_pmksa pmksa;
4498
4499         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
4500
4501         if (!info->attrs[NL80211_ATTR_MAC])
4502                 return -EINVAL;
4503
4504         if (!info->attrs[NL80211_ATTR_PMKID])
4505                 return -EINVAL;
4506
4507         rtnl_lock();
4508
4509         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4510         if (err)
4511                 goto out_rtnl;
4512
4513         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
4514         pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4515
4516         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4517             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
4518                 err = -EOPNOTSUPP;
4519                 goto out;
4520         }
4521
4522         switch (info->genlhdr->cmd) {
4523         case NL80211_CMD_SET_PMKSA:
4524                 rdev_ops = rdev->ops->set_pmksa;
4525                 break;
4526         case NL80211_CMD_DEL_PMKSA:
4527                 rdev_ops = rdev->ops->del_pmksa;
4528                 break;
4529         default:
4530                 WARN_ON(1);
4531                 break;
4532         }
4533
4534         if (!rdev_ops) {
4535                 err = -EOPNOTSUPP;
4536                 goto out;
4537         }
4538
4539         err = rdev_ops(&rdev->wiphy, dev, &pmksa);
4540
4541  out:
4542         cfg80211_unlock_rdev(rdev);
4543         dev_put(dev);
4544  out_rtnl:
4545         rtnl_unlock();
4546
4547         return err;
4548 }
4549
4550 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4551 {
4552         struct cfg80211_registered_device *rdev;
4553         int err;
4554         struct net_device *dev;
4555
4556         rtnl_lock();
4557
4558         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4559         if (err)
4560                 goto out_rtnl;
4561
4562         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4563             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
4564                 err = -EOPNOTSUPP;
4565                 goto out;
4566         }
4567
4568         if (!rdev->ops->flush_pmksa) {
4569                 err = -EOPNOTSUPP;
4570                 goto out;
4571         }
4572
4573         err = rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4574
4575  out:
4576         cfg80211_unlock_rdev(rdev);
4577         dev_put(dev);
4578  out_rtnl:
4579         rtnl_unlock();
4580
4581         return err;
4582
4583 }
4584
4585 static int nl80211_remain_on_channel(struct sk_buff *skb,
4586                                      struct genl_info *info)
4587 {
4588         struct cfg80211_registered_device *rdev;
4589         struct net_device *dev;
4590         struct ieee80211_channel *chan;
4591         struct sk_buff *msg;
4592         void *hdr;
4593         u64 cookie;
4594         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4595         u32 freq, duration;
4596         int err;
4597
4598         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4599             !info->attrs[NL80211_ATTR_DURATION])
4600                 return -EINVAL;
4601
4602         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4603
4604         /*
4605          * We should be on that channel for at least one jiffie,
4606          * and more than 5 seconds seems excessive.
4607          */
4608         if (!duration || !msecs_to_jiffies(duration) || duration > 5000)
4609                 return -EINVAL;
4610
4611         rtnl_lock();
4612
4613         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4614         if (err)
4615                 goto unlock_rtnl;
4616
4617         if (!rdev->ops->remain_on_channel) {
4618                 err = -EOPNOTSUPP;
4619                 goto out;
4620         }
4621
4622         if (!netif_running(dev)) {
4623                 err = -ENETDOWN;
4624                 goto out;
4625         }
4626
4627         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4628                 channel_type = nla_get_u32(
4629                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4630                 if (channel_type != NL80211_CHAN_NO_HT &&
4631                     channel_type != NL80211_CHAN_HT20 &&
4632                     channel_type != NL80211_CHAN_HT40PLUS &&
4633                     channel_type != NL80211_CHAN_HT40MINUS) {
4634                         err = -EINVAL;
4635                         goto out;
4636                 }
4637         }
4638
4639         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4640         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4641         if (chan == NULL) {
4642                 err = -EINVAL;
4643                 goto out;
4644         }
4645
4646         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4647         if (!msg) {
4648                 err = -ENOMEM;
4649                 goto out;
4650         }
4651
4652         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4653                              NL80211_CMD_REMAIN_ON_CHANNEL);
4654
4655         if (IS_ERR(hdr)) {
4656                 err = PTR_ERR(hdr);
4657                 goto free_msg;
4658         }
4659
4660         err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
4661                                            channel_type, duration, &cookie);
4662
4663         if (err)
4664                 goto free_msg;
4665
4666         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4667
4668         genlmsg_end(msg, hdr);
4669         err = genlmsg_reply(msg, info);
4670         goto out;
4671
4672  nla_put_failure:
4673         err = -ENOBUFS;
4674  free_msg:
4675         nlmsg_free(msg);
4676  out:
4677         cfg80211_unlock_rdev(rdev);
4678         dev_put(dev);
4679  unlock_rtnl:
4680         rtnl_unlock();
4681         return err;
4682 }
4683
4684 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
4685                                             struct genl_info *info)
4686 {
4687         struct cfg80211_registered_device *rdev;
4688         struct net_device *dev;
4689         u64 cookie;
4690         int err;
4691
4692         if (!info->attrs[NL80211_ATTR_COOKIE])
4693                 return -EINVAL;
4694
4695         rtnl_lock();
4696
4697         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4698         if (err)
4699                 goto unlock_rtnl;
4700
4701         if (!rdev->ops->cancel_remain_on_channel) {
4702                 err = -EOPNOTSUPP;
4703                 goto out;
4704         }
4705
4706         if (!netif_running(dev)) {
4707                 err = -ENETDOWN;
4708                 goto out;
4709         }
4710
4711         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
4712
4713         err = rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
4714
4715  out:
4716         cfg80211_unlock_rdev(rdev);
4717         dev_put(dev);
4718  unlock_rtnl:
4719         rtnl_unlock();
4720         return err;
4721 }
4722
4723 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4724                            u8 *rates, u8 rates_len)
4725 {
4726         u8 i;
4727         u32 mask = 0;
4728
4729         for (i = 0; i < rates_len; i++) {
4730                 int rate = (rates[i] & 0x7f) * 5;
4731                 int ridx;
4732                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4733                         struct ieee80211_rate *srate =
4734                                 &sband->bitrates[ridx];
4735                         if (rate == srate->bitrate) {
4736                                 mask |= 1 << ridx;
4737                                 break;
4738                         }
4739                 }
4740                 if (ridx == sband->n_bitrates)
4741                         return 0; /* rate not found */
4742         }
4743
4744         return mask;
4745 }
4746
4747 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4748         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4749                                     .len = NL80211_MAX_SUPP_RATES },
4750 };
4751
4752 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
4753                                        struct genl_info *info)
4754 {
4755         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4756         struct cfg80211_registered_device *rdev;
4757         struct cfg80211_bitrate_mask mask;
4758         int err, rem, i;
4759         struct net_device *dev;
4760         struct nlattr *tx_rates;
4761         struct ieee80211_supported_band *sband;
4762
4763         if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
4764                 return -EINVAL;
4765
4766         rtnl_lock();
4767
4768         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4769         if (err)
4770                 goto unlock_rtnl;
4771
4772         if (!rdev->ops->set_bitrate_mask) {
4773                 err = -EOPNOTSUPP;
4774                 goto unlock;
4775         }
4776
4777         memset(&mask, 0, sizeof(mask));
4778         /* Default to all rates enabled */
4779         for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
4780                 sband = rdev->wiphy.bands[i];
4781                 mask.control[i].legacy =
4782                         sband ? (1 << sband->n_bitrates) - 1 : 0;
4783         }
4784
4785         /*
4786          * The nested attribute uses enum nl80211_band as the index. This maps
4787          * directly to the enum ieee80211_band values used in cfg80211.
4788          */
4789         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
4790         {
4791                 enum ieee80211_band band = nla_type(tx_rates);
4792                 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
4793                         err = -EINVAL;
4794                         goto unlock;
4795                 }
4796                 sband = rdev->wiphy.bands[band];
4797                 if (sband == NULL) {
4798                         err = -EINVAL;
4799                         goto unlock;
4800                 }
4801                 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
4802                           nla_len(tx_rates), nl80211_txattr_policy);
4803                 if (tb[NL80211_TXRATE_LEGACY]) {
4804                         mask.control[band].legacy = rateset_to_mask(
4805                                 sband,
4806                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
4807                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
4808                         if (mask.control[band].legacy == 0) {
4809                                 err = -EINVAL;
4810                                 goto unlock;
4811                         }
4812                 }
4813         }
4814
4815         err = rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
4816
4817  unlock:
4818         dev_put(dev);
4819         cfg80211_unlock_rdev(rdev);
4820  unlock_rtnl:
4821         rtnl_unlock();
4822         return err;
4823 }
4824
4825 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
4826 {
4827         struct cfg80211_registered_device *rdev;
4828         struct net_device *dev;
4829         u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
4830         int err;
4831
4832         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
4833                 return -EINVAL;
4834
4835         if (info->attrs[NL80211_ATTR_FRAME_TYPE])
4836                 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
4837
4838         rtnl_lock();
4839
4840         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4841         if (err)
4842                 goto unlock_rtnl;
4843
4844         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4845             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4846             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
4847                 err = -EOPNOTSUPP;
4848                 goto out;
4849         }
4850
4851         /* not much point in registering if we can't reply */
4852         if (!rdev->ops->mgmt_tx) {
4853                 err = -EOPNOTSUPP;
4854                 goto out;
4855         }
4856
4857         err = cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
4858                         frame_type,
4859                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
4860                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
4861  out:
4862         cfg80211_unlock_rdev(rdev);
4863         dev_put(dev);
4864  unlock_rtnl:
4865         rtnl_unlock();
4866         return err;
4867 }
4868
4869 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
4870 {
4871         struct cfg80211_registered_device *rdev;
4872         struct net_device *dev;
4873         struct ieee80211_channel *chan;
4874         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4875         bool channel_type_valid = false;
4876         u32 freq;
4877         int err;
4878         void *hdr;
4879         u64 cookie;
4880         struct sk_buff *msg;
4881
4882         if (!info->attrs[NL80211_ATTR_FRAME] ||
4883             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4884                 return -EINVAL;
4885
4886         rtnl_lock();
4887
4888         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4889         if (err)
4890                 goto unlock_rtnl;
4891
4892         if (!rdev->ops->mgmt_tx) {
4893                 err = -EOPNOTSUPP;
4894                 goto out;
4895         }
4896
4897         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4898             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4899             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT) {
4900                 err = -EOPNOTSUPP;
4901                 goto out;
4902         }
4903
4904         if (!netif_running(dev)) {
4905                 err = -ENETDOWN;
4906                 goto out;
4907         }
4908
4909         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4910                 channel_type = nla_get_u32(
4911                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4912                 if (channel_type != NL80211_CHAN_NO_HT &&
4913                     channel_type != NL80211_CHAN_HT20 &&
4914                     channel_type != NL80211_CHAN_HT40PLUS &&
4915                     channel_type != NL80211_CHAN_HT40MINUS) {
4916                         err = -EINVAL;
4917                         goto out;
4918                 }
4919                 channel_type_valid = true;
4920         }
4921
4922         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4923         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4924         if (chan == NULL) {
4925                 err = -EINVAL;
4926                 goto out;
4927         }
4928
4929         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4930         if (!msg) {
4931                 err = -ENOMEM;
4932                 goto out;
4933         }
4934
4935         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4936                              NL80211_CMD_FRAME);
4937
4938         if (IS_ERR(hdr)) {
4939                 err = PTR_ERR(hdr);
4940                 goto free_msg;
4941         }
4942         err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, channel_type,
4943                                     channel_type_valid,
4944                                     nla_data(info->attrs[NL80211_ATTR_FRAME]),
4945                                     nla_len(info->attrs[NL80211_ATTR_FRAME]),
4946                                     &cookie);
4947         if (err)
4948                 goto free_msg;
4949
4950         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4951
4952         genlmsg_end(msg, hdr);
4953         err = genlmsg_reply(msg, info);
4954         goto out;
4955
4956  nla_put_failure:
4957         err = -ENOBUFS;
4958  free_msg:
4959         nlmsg_free(msg);
4960  out:
4961         cfg80211_unlock_rdev(rdev);
4962         dev_put(dev);
4963 unlock_rtnl:
4964         rtnl_unlock();
4965         return err;
4966 }
4967
4968 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
4969 {
4970         struct cfg80211_registered_device *rdev;
4971         struct wireless_dev *wdev;
4972         struct net_device *dev;
4973         u8 ps_state;
4974         bool state;
4975         int err;
4976
4977         if (!info->attrs[NL80211_ATTR_PS_STATE]) {
4978                 err = -EINVAL;
4979                 goto out;
4980         }
4981
4982         ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
4983
4984         if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) {
4985                 err = -EINVAL;
4986                 goto out;
4987         }
4988
4989         rtnl_lock();
4990
4991         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4992         if (err)
4993                 goto unlock_rtnl;
4994
4995         wdev = dev->ieee80211_ptr;
4996
4997         if (!rdev->ops->set_power_mgmt) {
4998                 err = -EOPNOTSUPP;
4999                 goto unlock_rdev;
5000         }
5001
5002         state = (ps_state == NL80211_PS_ENABLED) ? true : false;
5003
5004         if (state == wdev->ps)
5005                 goto unlock_rdev;
5006
5007         wdev->ps = state;
5008
5009         if (rdev->ops->set_power_mgmt(wdev->wiphy, dev, wdev->ps,
5010                                       wdev->ps_timeout))
5011                 /* assume this means it's off */
5012                 wdev->ps = false;
5013
5014 unlock_rdev:
5015         cfg80211_unlock_rdev(rdev);
5016         dev_put(dev);
5017 unlock_rtnl:
5018         rtnl_unlock();
5019
5020 out:
5021         return err;
5022 }
5023
5024 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5025 {
5026         struct cfg80211_registered_device *rdev;
5027         enum nl80211_ps_state ps_state;
5028         struct wireless_dev *wdev;
5029         struct net_device *dev;
5030         struct sk_buff *msg;
5031         void *hdr;
5032         int err;
5033
5034         rtnl_lock();
5035
5036         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
5037         if (err)
5038                 goto unlock_rtnl;
5039
5040         wdev = dev->ieee80211_ptr;
5041
5042         if (!rdev->ops->set_power_mgmt) {
5043                 err = -EOPNOTSUPP;
5044                 goto out;
5045         }
5046
5047         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5048         if (!msg) {
5049                 err = -ENOMEM;
5050                 goto out;
5051         }
5052
5053         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5054                              NL80211_CMD_GET_POWER_SAVE);
5055         if (!hdr) {
5056                 err = -ENOMEM;
5057                 goto free_msg;
5058         }
5059
5060         if (wdev->ps)
5061                 ps_state = NL80211_PS_ENABLED;
5062         else
5063                 ps_state = NL80211_PS_DISABLED;
5064
5065         NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
5066
5067         genlmsg_end(msg, hdr);
5068         err = genlmsg_reply(msg, info);
5069         goto out;
5070
5071 nla_put_failure:
5072         err = -ENOBUFS;
5073
5074 free_msg:
5075         nlmsg_free(msg);
5076
5077 out:
5078         cfg80211_unlock_rdev(rdev);
5079         dev_put(dev);
5080
5081 unlock_rtnl:
5082         rtnl_unlock();
5083
5084         return err;
5085 }
5086
5087 static struct nla_policy
5088 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5089         [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5090         [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5091         [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5092 };
5093
5094 static int nl80211_set_cqm_rssi(struct genl_info *info,
5095                                 s32 threshold, u32 hysteresis)
5096 {
5097         struct cfg80211_registered_device *rdev;
5098         struct wireless_dev *wdev;
5099         struct net_device *dev;
5100         int err;
5101
5102         if (threshold > 0)
5103                 return -EINVAL;
5104
5105         rtnl_lock();
5106
5107         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
5108         if (err)
5109                 goto unlock_rdev;
5110
5111         wdev = dev->ieee80211_ptr;
5112
5113         if (!rdev->ops->set_cqm_rssi_config) {
5114                 err = -EOPNOTSUPP;
5115                 goto unlock_rdev;
5116         }
5117
5118         if (wdev->iftype != NL80211_IFTYPE_STATION &&
5119             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT) {
5120                 err = -EOPNOTSUPP;
5121                 goto unlock_rdev;
5122         }
5123
5124         err = rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5125                                              threshold, hysteresis);
5126
5127 unlock_rdev:
5128         cfg80211_unlock_rdev(rdev);
5129         dev_put(dev);
5130         rtnl_unlock();
5131
5132         return err;
5133 }
5134
5135 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5136 {
5137         struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5138         struct nlattr *cqm;
5139         int err;
5140
5141         cqm = info->attrs[NL80211_ATTR_CQM];
5142         if (!cqm) {
5143                 err = -EINVAL;
5144                 goto out;
5145         }
5146
5147         err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5148                                nl80211_attr_cqm_policy);
5149         if (err)
5150                 goto out;
5151
5152         if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5153             attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5154                 s32 threshold;
5155                 u32 hysteresis;
5156                 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5157                 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5158                 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5159         } else
5160                 err = -EINVAL;
5161
5162 out:
5163         return err;
5164 }
5165
5166 static struct genl_ops nl80211_ops[] = {
5167         {
5168                 .cmd = NL80211_CMD_GET_WIPHY,
5169                 .doit = nl80211_get_wiphy,
5170                 .dumpit = nl80211_dump_wiphy,
5171                 .policy = nl80211_policy,
5172                 /* can be retrieved by unprivileged users */
5173         },
5174         {
5175                 .cmd = NL80211_CMD_SET_WIPHY,
5176                 .doit = nl80211_set_wiphy,
5177                 .policy = nl80211_policy,
5178                 .flags = GENL_ADMIN_PERM,
5179         },
5180         {
5181                 .cmd = NL80211_CMD_GET_INTERFACE,
5182                 .doit = nl80211_get_interface,
5183                 .dumpit = nl80211_dump_interface,
5184                 .policy = nl80211_policy,
5185                 /* can be retrieved by unprivileged users */
5186         },
5187         {
5188                 .cmd = NL80211_CMD_SET_INTERFACE,
5189                 .doit = nl80211_set_interface,
5190                 .policy = nl80211_policy,
5191                 .flags = GENL_ADMIN_PERM,
5192         },
5193         {
5194                 .cmd = NL80211_CMD_NEW_INTERFACE,
5195                 .doit = nl80211_new_interface,
5196                 .policy = nl80211_policy,
5197                 .flags = GENL_ADMIN_PERM,
5198         },
5199         {
5200                 .cmd = NL80211_CMD_DEL_INTERFACE,
5201                 .doit = nl80211_del_interface,
5202                 .policy = nl80211_policy,
5203                 .flags = GENL_ADMIN_PERM,
5204         },
5205         {
5206                 .cmd = NL80211_CMD_GET_KEY,
5207                 .doit = nl80211_get_key,
5208                 .policy = nl80211_policy,
5209                 .flags = GENL_ADMIN_PERM,
5210         },
5211         {
5212                 .cmd = NL80211_CMD_SET_KEY,
5213                 .doit = nl80211_set_key,
5214                 .policy = nl80211_policy,
5215                 .flags = GENL_ADMIN_PERM,
5216         },
5217         {
5218                 .cmd = NL80211_CMD_NEW_KEY,
5219                 .doit = nl80211_new_key,
5220                 .policy = nl80211_policy,
5221                 .flags = GENL_ADMIN_PERM,
5222         },
5223         {
5224                 .cmd = NL80211_CMD_DEL_KEY,
5225                 .doit = nl80211_del_key,
5226                 .policy = nl80211_policy,
5227                 .flags = GENL_ADMIN_PERM,
5228         },
5229         {
5230                 .cmd = NL80211_CMD_SET_BEACON,
5231                 .policy = nl80211_policy,
5232                 .flags = GENL_ADMIN_PERM,
5233                 .doit = nl80211_addset_beacon,
5234         },
5235         {
5236                 .cmd = NL80211_CMD_NEW_BEACON,
5237                 .policy = nl80211_policy,
5238                 .flags = GENL_ADMIN_PERM,
5239                 .doit = nl80211_addset_beacon,
5240         },
5241         {
5242                 .cmd = NL80211_CMD_DEL_BEACON,
5243                 .policy = nl80211_policy,
5244                 .flags = GENL_ADMIN_PERM,
5245                 .doit = nl80211_del_beacon,
5246         },
5247         {
5248                 .cmd = NL80211_CMD_GET_STATION,
5249                 .doit = nl80211_get_station,
5250                 .dumpit = nl80211_dump_station,
5251                 .policy = nl80211_policy,
5252         },
5253         {
5254                 .cmd = NL80211_CMD_SET_STATION,
5255                 .doit = nl80211_set_station,
5256                 .policy = nl80211_policy,
5257                 .flags = GENL_ADMIN_PERM,
5258         },
5259         {
5260                 .cmd = NL80211_CMD_NEW_STATION,
5261                 .doit = nl80211_new_station,
5262                 .policy = nl80211_policy,
5263                 .flags = GENL_ADMIN_PERM,
5264         },
5265         {
5266                 .cmd = NL80211_CMD_DEL_STATION,
5267                 .doit = nl80211_del_station,
5268                 .policy = nl80211_policy,
5269                 .flags = GENL_ADMIN_PERM,
5270         },
5271         {
5272                 .cmd = NL80211_CMD_GET_MPATH,
5273                 .doit = nl80211_get_mpath,
5274                 .dumpit = nl80211_dump_mpath,
5275                 .policy = nl80211_policy,
5276                 .flags = GENL_ADMIN_PERM,
5277         },
5278         {
5279                 .cmd = NL80211_CMD_SET_MPATH,
5280                 .doit = nl80211_set_mpath,
5281                 .policy = nl80211_policy,
5282                 .flags = GENL_ADMIN_PERM,
5283         },
5284         {
5285                 .cmd = NL80211_CMD_NEW_MPATH,
5286                 .doit = nl80211_new_mpath,
5287                 .policy = nl80211_policy,
5288                 .flags = GENL_ADMIN_PERM,
5289         },
5290         {
5291                 .cmd = NL80211_CMD_DEL_MPATH,
5292                 .doit = nl80211_del_mpath,
5293                 .policy = nl80211_policy,
5294                 .flags = GENL_ADMIN_PERM,
5295         },
5296         {
5297                 .cmd = NL80211_CMD_SET_BSS,
5298                 .doit = nl80211_set_bss,
5299                 .policy = nl80211_policy,
5300                 .flags = GENL_ADMIN_PERM,
5301         },
5302         {
5303                 .cmd = NL80211_CMD_GET_REG,
5304                 .doit = nl80211_get_reg,
5305                 .policy = nl80211_policy,
5306                 /* can be retrieved by unprivileged users */
5307         },
5308         {
5309                 .cmd = NL80211_CMD_SET_REG,
5310                 .doit = nl80211_set_reg,
5311                 .policy = nl80211_policy,
5312                 .flags = GENL_ADMIN_PERM,
5313         },
5314         {
5315                 .cmd = NL80211_CMD_REQ_SET_REG,
5316                 .doit = nl80211_req_set_reg,
5317                 .policy = nl80211_policy,
5318                 .flags = GENL_ADMIN_PERM,
5319         },
5320         {
5321                 .cmd = NL80211_CMD_GET_MESH_PARAMS,
5322                 .doit = nl80211_get_mesh_params,
5323                 .policy = nl80211_policy,
5324                 /* can be retrieved by unprivileged users */
5325         },
5326         {
5327                 .cmd = NL80211_CMD_SET_MESH_PARAMS,
5328                 .doit = nl80211_set_mesh_params,
5329                 .policy = nl80211_policy,
5330                 .flags = GENL_ADMIN_PERM,
5331         },
5332         {
5333                 .cmd = NL80211_CMD_TRIGGER_SCAN,
5334                 .doit = nl80211_trigger_scan,
5335                 .policy = nl80211_policy,
5336                 .flags = GENL_ADMIN_PERM,
5337         },
5338         {
5339                 .cmd = NL80211_CMD_GET_SCAN,
5340                 .policy = nl80211_policy,
5341                 .dumpit = nl80211_dump_scan,
5342         },
5343         {
5344                 .cmd = NL80211_CMD_AUTHENTICATE,
5345                 .doit = nl80211_authenticate,
5346                 .policy = nl80211_policy,
5347                 .flags = GENL_ADMIN_PERM,
5348         },
5349         {
5350                 .cmd = NL80211_CMD_ASSOCIATE,
5351                 .doit = nl80211_associate,
5352                 .policy = nl80211_policy,
5353                 .flags = GENL_ADMIN_PERM,
5354         },
5355         {
5356                 .cmd = NL80211_CMD_DEAUTHENTICATE,
5357                 .doit = nl80211_deauthenticate,
5358                 .policy = nl80211_policy,
5359                 .flags = GENL_ADMIN_PERM,
5360         },
5361         {
5362                 .cmd = NL80211_CMD_DISASSOCIATE,
5363                 .doit = nl80211_disassociate,
5364                 .policy = nl80211_policy,
5365                 .flags = GENL_ADMIN_PERM,
5366         },
5367         {
5368                 .cmd = NL80211_CMD_JOIN_IBSS,
5369                 .doit = nl80211_join_ibss,
5370                 .policy = nl80211_policy,
5371                 .flags = GENL_ADMIN_PERM,
5372         },
5373         {
5374                 .cmd = NL80211_CMD_LEAVE_IBSS,
5375                 .doit = nl80211_leave_ibss,
5376                 .policy = nl80211_policy,
5377                 .flags = GENL_ADMIN_PERM,
5378         },
5379 #ifdef CONFIG_NL80211_TESTMODE
5380         {
5381                 .cmd = NL80211_CMD_TESTMODE,
5382                 .doit = nl80211_testmode_do,
5383                 .policy = nl80211_policy,
5384                 .flags = GENL_ADMIN_PERM,
5385         },
5386 #endif
5387         {
5388                 .cmd = NL80211_CMD_CONNECT,
5389                 .doit = nl80211_connect,
5390                 .policy = nl80211_policy,
5391                 .flags = GENL_ADMIN_PERM,
5392         },
5393         {
5394                 .cmd = NL80211_CMD_DISCONNECT,
5395                 .doit = nl80211_disconnect,
5396                 .policy = nl80211_policy,
5397                 .flags = GENL_ADMIN_PERM,
5398         },
5399         {
5400                 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
5401                 .doit = nl80211_wiphy_netns,
5402                 .policy = nl80211_policy,
5403                 .flags = GENL_ADMIN_PERM,
5404         },
5405         {
5406                 .cmd = NL80211_CMD_GET_SURVEY,
5407                 .policy = nl80211_policy,
5408                 .dumpit = nl80211_dump_survey,
5409         },
5410         {
5411                 .cmd = NL80211_CMD_SET_PMKSA,
5412                 .doit = nl80211_setdel_pmksa,
5413                 .policy = nl80211_policy,
5414                 .flags = GENL_ADMIN_PERM,
5415         },
5416         {
5417                 .cmd = NL80211_CMD_DEL_PMKSA,
5418                 .doit = nl80211_setdel_pmksa,
5419                 .policy = nl80211_policy,
5420                 .flags = GENL_ADMIN_PERM,
5421         },
5422         {
5423                 .cmd = NL80211_CMD_FLUSH_PMKSA,
5424                 .doit = nl80211_flush_pmksa,
5425                 .policy = nl80211_policy,
5426                 .flags = GENL_ADMIN_PERM,
5427         },
5428         {
5429                 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
5430                 .doit = nl80211_remain_on_channel,
5431                 .policy = nl80211_policy,
5432                 .flags = GENL_ADMIN_PERM,
5433         },
5434         {
5435                 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
5436                 .doit = nl80211_cancel_remain_on_channel,
5437                 .policy = nl80211_policy,
5438                 .flags = GENL_ADMIN_PERM,
5439         },
5440         {
5441                 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
5442                 .doit = nl80211_set_tx_bitrate_mask,
5443                 .policy = nl80211_policy,
5444                 .flags = GENL_ADMIN_PERM,
5445         },
5446         {
5447                 .cmd = NL80211_CMD_REGISTER_FRAME,
5448                 .doit = nl80211_register_mgmt,
5449                 .policy = nl80211_policy,
5450                 .flags = GENL_ADMIN_PERM,
5451         },
5452         {
5453                 .cmd = NL80211_CMD_FRAME,
5454                 .doit = nl80211_tx_mgmt,
5455                 .policy = nl80211_policy,
5456                 .flags = GENL_ADMIN_PERM,
5457         },
5458         {
5459                 .cmd = NL80211_CMD_SET_POWER_SAVE,
5460                 .doit = nl80211_set_power_save,
5461                 .policy = nl80211_policy,
5462                 .flags = GENL_ADMIN_PERM,
5463         },
5464         {
5465                 .cmd = NL80211_CMD_GET_POWER_SAVE,
5466                 .doit = nl80211_get_power_save,
5467                 .policy = nl80211_policy,
5468                 /* can be retrieved by unprivileged users */
5469         },
5470         {
5471                 .cmd = NL80211_CMD_SET_CQM,
5472                 .doit = nl80211_set_cqm,
5473                 .policy = nl80211_policy,
5474                 .flags = GENL_ADMIN_PERM,
5475         },
5476         {
5477                 .cmd = NL80211_CMD_SET_CHANNEL,
5478                 .doit = nl80211_set_channel,
5479                 .policy = nl80211_policy,
5480                 .flags = GENL_ADMIN_PERM,
5481         },
5482 };
5483
5484 static struct genl_multicast_group nl80211_mlme_mcgrp = {
5485         .name = "mlme",
5486 };
5487
5488 /* multicast groups */
5489 static struct genl_multicast_group nl80211_config_mcgrp = {
5490         .name = "config",
5491 };
5492 static struct genl_multicast_group nl80211_scan_mcgrp = {
5493         .name = "scan",
5494 };
5495 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
5496         .name = "regulatory",
5497 };
5498
5499 /* notification functions */
5500
5501 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
5502 {
5503         struct sk_buff *msg;
5504
5505         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5506         if (!msg)
5507                 return;
5508
5509         if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
5510                 nlmsg_free(msg);
5511                 return;
5512         }
5513
5514         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5515                                 nl80211_config_mcgrp.id, GFP_KERNEL);
5516 }
5517
5518 static int nl80211_add_scan_req(struct sk_buff *msg,
5519                                 struct cfg80211_registered_device *rdev)
5520 {
5521         struct cfg80211_scan_request *req = rdev->scan_req;
5522         struct nlattr *nest;
5523         int i;
5524
5525         ASSERT_RDEV_LOCK(rdev);
5526
5527         if (WARN_ON(!req))
5528                 return 0;
5529
5530         nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
5531         if (!nest)
5532                 goto nla_put_failure;
5533         for (i = 0; i < req->n_ssids; i++)
5534                 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid);
5535         nla_nest_end(msg, nest);
5536
5537         nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
5538         if (!nest)
5539                 goto nla_put_failure;
5540         for (i = 0; i < req->n_channels; i++)
5541                 NLA_PUT_U32(msg, i, req->channels[i]->center_freq);
5542         nla_nest_end(msg, nest);
5543
5544         if (req->ie)
5545                 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie);
5546
5547         return 0;
5548  nla_put_failure:
5549         return -ENOBUFS;
5550 }
5551
5552 static int nl80211_send_scan_msg(struct sk_buff *msg,
5553                                  struct cfg80211_registered_device *rdev,
5554                                  struct net_device *netdev,
5555                                  u32 pid, u32 seq, int flags,
5556                                  u32 cmd)
5557 {
5558         void *hdr;
5559
5560         hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
5561         if (!hdr)
5562                 return -1;
5563
5564         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5565         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5566
5567         /* ignore errors and send incomplete event anyway */
5568         nl80211_add_scan_req(msg, rdev);
5569
5570         return genlmsg_end(msg, hdr);
5571
5572  nla_put_failure:
5573         genlmsg_cancel(msg, hdr);
5574         return -EMSGSIZE;
5575 }
5576
5577 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
5578                              struct net_device *netdev)
5579 {
5580         struct sk_buff *msg;
5581
5582         msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
5583         if (!msg)
5584                 return;
5585
5586         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5587                                   NL80211_CMD_TRIGGER_SCAN) < 0) {
5588                 nlmsg_free(msg);
5589                 return;
5590         }
5591
5592         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5593                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5594 }
5595
5596 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
5597                             struct net_device *netdev)
5598 {
5599         struct sk_buff *msg;
5600
5601         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5602         if (!msg)
5603                 return;
5604
5605         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5606                                   NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
5607                 nlmsg_free(msg);
5608                 return;
5609         }
5610
5611         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5612                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5613 }
5614
5615 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
5616                                struct net_device *netdev)
5617 {
5618         struct sk_buff *msg;
5619
5620         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5621         if (!msg)
5622                 return;
5623
5624         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5625                                   NL80211_CMD_SCAN_ABORTED) < 0) {
5626                 nlmsg_free(msg);
5627                 return;
5628         }
5629
5630         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5631                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5632 }
5633
5634 /*
5635  * This can happen on global regulatory changes or device specific settings
5636  * based on custom world regulatory domains.
5637  */
5638 void nl80211_send_reg_change_event(struct regulatory_request *request)
5639 {
5640         struct sk_buff *msg;
5641         void *hdr;
5642
5643         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5644         if (!msg)
5645                 return;
5646
5647         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
5648         if (!hdr) {
5649                 nlmsg_free(msg);
5650                 return;
5651         }
5652
5653         /* Userspace can always count this one always being set */
5654         NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator);
5655
5656         if (request->alpha2[0] == '0' && request->alpha2[1] == '0')
5657                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5658                            NL80211_REGDOM_TYPE_WORLD);
5659         else if (request->alpha2[0] == '9' && request->alpha2[1] == '9')
5660                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5661                            NL80211_REGDOM_TYPE_CUSTOM_WORLD);
5662         else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
5663                  request->intersect)
5664                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5665                            NL80211_REGDOM_TYPE_INTERSECTION);
5666         else {
5667                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5668                            NL80211_REGDOM_TYPE_COUNTRY);
5669                 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2);
5670         }
5671
5672         if (wiphy_idx_valid(request->wiphy_idx))
5673                 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
5674
5675         if (genlmsg_end(msg, hdr) < 0) {
5676                 nlmsg_free(msg);
5677                 return;
5678         }
5679
5680         rcu_read_lock();
5681         genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
5682                                 GFP_ATOMIC);
5683         rcu_read_unlock();
5684
5685         return;
5686
5687 nla_put_failure:
5688         genlmsg_cancel(msg, hdr);
5689         nlmsg_free(msg);
5690 }
5691
5692 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
5693                                     struct net_device *netdev,
5694                                     const u8 *buf, size_t len,
5695                                     enum nl80211_commands cmd, gfp_t gfp)
5696 {
5697         struct sk_buff *msg;
5698         void *hdr;
5699
5700         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5701         if (!msg)
5702                 return;
5703
5704         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5705         if (!hdr) {
5706                 nlmsg_free(msg);
5707                 return;
5708         }
5709
5710         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5711         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5712         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
5713
5714         if (genlmsg_end(msg, hdr) < 0) {
5715                 nlmsg_free(msg);
5716                 return;
5717         }
5718
5719         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5720                                 nl80211_mlme_mcgrp.id, gfp);
5721         return;
5722
5723  nla_put_failure:
5724         genlmsg_cancel(msg, hdr);
5725         nlmsg_free(msg);
5726 }
5727
5728 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
5729                           struct net_device *netdev, const u8 *buf,
5730                           size_t len, gfp_t gfp)
5731 {
5732         nl80211_send_mlme_event(rdev, netdev, buf, len,
5733                                 NL80211_CMD_AUTHENTICATE, gfp);
5734 }
5735
5736 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
5737                            struct net_device *netdev, const u8 *buf,
5738                            size_t len, gfp_t gfp)
5739 {
5740         nl80211_send_mlme_event(rdev, netdev, buf, len,
5741                                 NL80211_CMD_ASSOCIATE, gfp);
5742 }
5743
5744 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
5745                          struct net_device *netdev, const u8 *buf,
5746                          size_t len, gfp_t gfp)
5747 {
5748         nl80211_send_mlme_event(rdev, netdev, buf, len,
5749                                 NL80211_CMD_DEAUTHENTICATE, gfp);
5750 }
5751
5752 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
5753                            struct net_device *netdev, const u8 *buf,
5754                            size_t len, gfp_t gfp)
5755 {
5756         nl80211_send_mlme_event(rdev, netdev, buf, len,
5757                                 NL80211_CMD_DISASSOCIATE, gfp);
5758 }
5759
5760 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
5761                                       struct net_device *netdev, int cmd,
5762                                       const u8 *addr, gfp_t gfp)
5763 {
5764         struct sk_buff *msg;
5765         void *hdr;
5766
5767         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5768         if (!msg)
5769                 return;
5770
5771         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5772         if (!hdr) {
5773                 nlmsg_free(msg);
5774                 return;
5775         }
5776
5777         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5778         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5779         NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT);
5780         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5781
5782         if (genlmsg_end(msg, hdr) < 0) {
5783                 nlmsg_free(msg);
5784                 return;
5785         }
5786
5787         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5788                                 nl80211_mlme_mcgrp.id, gfp);
5789         return;
5790
5791  nla_put_failure:
5792         genlmsg_cancel(msg, hdr);
5793         nlmsg_free(msg);
5794 }
5795
5796 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
5797                                struct net_device *netdev, const u8 *addr,
5798                                gfp_t gfp)
5799 {
5800         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
5801                                   addr, gfp);
5802 }
5803
5804 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
5805                                 struct net_device *netdev, const u8 *addr,
5806                                 gfp_t gfp)
5807 {
5808         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
5809                                   addr, gfp);
5810 }
5811
5812 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
5813                                  struct net_device *netdev, const u8 *bssid,
5814                                  const u8 *req_ie, size_t req_ie_len,
5815                                  const u8 *resp_ie, size_t resp_ie_len,
5816                                  u16 status, gfp_t gfp)
5817 {
5818         struct sk_buff *msg;
5819         void *hdr;
5820
5821         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5822         if (!msg)
5823                 return;
5824
5825         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
5826         if (!hdr) {
5827                 nlmsg_free(msg);
5828                 return;
5829         }
5830
5831         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5832         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5833         if (bssid)
5834                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5835         NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status);
5836         if (req_ie)
5837                 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
5838         if (resp_ie)
5839                 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
5840
5841         if (genlmsg_end(msg, hdr) < 0) {
5842                 nlmsg_free(msg);
5843                 return;
5844         }
5845
5846         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5847                                 nl80211_mlme_mcgrp.id, gfp);
5848         return;
5849
5850  nla_put_failure:
5851         genlmsg_cancel(msg, hdr);
5852         nlmsg_free(msg);
5853
5854 }
5855
5856 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
5857                          struct net_device *netdev, const u8 *bssid,
5858                          const u8 *req_ie, size_t req_ie_len,
5859                          const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
5860 {
5861         struct sk_buff *msg;
5862         void *hdr;
5863
5864         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5865         if (!msg)
5866                 return;
5867
5868         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
5869         if (!hdr) {
5870                 nlmsg_free(msg);
5871                 return;
5872         }
5873
5874         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5875         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5876         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5877         if (req_ie)
5878                 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
5879         if (resp_ie)
5880                 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
5881
5882         if (genlmsg_end(msg, hdr) < 0) {
5883                 nlmsg_free(msg);
5884                 return;
5885         }
5886
5887         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5888                                 nl80211_mlme_mcgrp.id, gfp);
5889         return;
5890
5891  nla_put_failure:
5892         genlmsg_cancel(msg, hdr);
5893         nlmsg_free(msg);
5894
5895 }
5896
5897 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
5898                                struct net_device *netdev, u16 reason,
5899                                const u8 *ie, size_t ie_len, bool from_ap)
5900 {
5901         struct sk_buff *msg;
5902         void *hdr;
5903
5904         msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
5905         if (!msg)
5906                 return;
5907
5908         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
5909         if (!hdr) {
5910                 nlmsg_free(msg);
5911                 return;
5912         }
5913
5914         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5915         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5916         if (from_ap && reason)
5917                 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason);
5918         if (from_ap)
5919                 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP);
5920         if (ie)
5921                 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie);
5922
5923         if (genlmsg_end(msg, hdr) < 0) {
5924                 nlmsg_free(msg);
5925                 return;
5926         }
5927
5928         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5929                                 nl80211_mlme_mcgrp.id, GFP_KERNEL);
5930         return;
5931
5932  nla_put_failure:
5933         genlmsg_cancel(msg, hdr);
5934         nlmsg_free(msg);
5935
5936 }
5937
5938 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
5939                              struct net_device *netdev, const u8 *bssid,
5940                              gfp_t gfp)
5941 {
5942         struct sk_buff *msg;
5943         void *hdr;
5944
5945         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5946         if (!msg)
5947                 return;
5948
5949         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
5950         if (!hdr) {
5951                 nlmsg_free(msg);
5952                 return;
5953         }
5954
5955         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5956         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5957         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5958
5959         if (genlmsg_end(msg, hdr) < 0) {
5960                 nlmsg_free(msg);
5961                 return;
5962         }
5963
5964         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5965                                 nl80211_mlme_mcgrp.id, gfp);
5966         return;
5967
5968  nla_put_failure:
5969         genlmsg_cancel(msg, hdr);
5970         nlmsg_free(msg);
5971 }
5972
5973 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
5974                                  struct net_device *netdev, const u8 *addr,
5975                                  enum nl80211_key_type key_type, int key_id,
5976                                  const u8 *tsc, gfp_t gfp)
5977 {
5978         struct sk_buff *msg;
5979         void *hdr;
5980
5981         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5982         if (!msg)
5983                 return;
5984
5985         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
5986         if (!hdr) {
5987                 nlmsg_free(msg);
5988                 return;
5989         }
5990
5991         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5992         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5993         if (addr)
5994                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5995         NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type);
5996         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id);
5997         if (tsc)
5998                 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc);
5999
6000         if (genlmsg_end(msg, hdr) < 0) {
6001                 nlmsg_free(msg);
6002                 return;
6003         }
6004
6005         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6006                                 nl80211_mlme_mcgrp.id, gfp);
6007         return;
6008
6009  nla_put_failure:
6010         genlmsg_cancel(msg, hdr);
6011         nlmsg_free(msg);
6012 }
6013
6014 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
6015                                     struct ieee80211_channel *channel_before,
6016                                     struct ieee80211_channel *channel_after)
6017 {
6018         struct sk_buff *msg;
6019         void *hdr;
6020         struct nlattr *nl_freq;
6021
6022         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
6023         if (!msg)
6024                 return;
6025
6026         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
6027         if (!hdr) {
6028                 nlmsg_free(msg);
6029                 return;
6030         }
6031
6032         /*
6033          * Since we are applying the beacon hint to a wiphy we know its
6034          * wiphy_idx is valid
6035          */
6036         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy));
6037
6038         /* Before */
6039         nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
6040         if (!nl_freq)
6041                 goto nla_put_failure;
6042         if (nl80211_msg_put_channel(msg, channel_before))
6043                 goto nla_put_failure;
6044         nla_nest_end(msg, nl_freq);
6045
6046         /* After */
6047         nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
6048         if (!nl_freq)
6049                 goto nla_put_failure;
6050         if (nl80211_msg_put_channel(msg, channel_after))
6051                 goto nla_put_failure;
6052         nla_nest_end(msg, nl_freq);
6053
6054         if (genlmsg_end(msg, hdr) < 0) {
6055                 nlmsg_free(msg);
6056                 return;
6057         }
6058
6059         rcu_read_lock();
6060         genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
6061                                 GFP_ATOMIC);
6062         rcu_read_unlock();
6063
6064         return;
6065
6066 nla_put_failure:
6067         genlmsg_cancel(msg, hdr);
6068         nlmsg_free(msg);
6069 }
6070
6071 static void nl80211_send_remain_on_chan_event(
6072         int cmd, struct cfg80211_registered_device *rdev,
6073         struct net_device *netdev, u64 cookie,
6074         struct ieee80211_channel *chan,
6075         enum nl80211_channel_type channel_type,
6076         unsigned int duration, gfp_t gfp)
6077 {
6078         struct sk_buff *msg;
6079         void *hdr;
6080
6081         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
6082         if (!msg)
6083                 return;
6084
6085         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
6086         if (!hdr) {
6087                 nlmsg_free(msg);
6088                 return;
6089         }
6090
6091         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6092         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6093         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq);
6094         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type);
6095         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
6096
6097         if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL)
6098                 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
6099
6100         if (genlmsg_end(msg, hdr) < 0) {
6101                 nlmsg_free(msg);
6102                 return;
6103         }
6104
6105         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6106                                 nl80211_mlme_mcgrp.id, gfp);
6107         return;
6108
6109  nla_put_failure:
6110         genlmsg_cancel(msg, hdr);
6111         nlmsg_free(msg);
6112 }
6113
6114 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
6115                                     struct net_device *netdev, u64 cookie,
6116                                     struct ieee80211_channel *chan,
6117                                     enum nl80211_channel_type channel_type,
6118                                     unsigned int duration, gfp_t gfp)
6119 {
6120         nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
6121                                           rdev, netdev, cookie, chan,
6122                                           channel_type, duration, gfp);
6123 }
6124
6125 void nl80211_send_remain_on_channel_cancel(
6126         struct cfg80211_registered_device *rdev, struct net_device *netdev,
6127         u64 cookie, struct ieee80211_channel *chan,
6128         enum nl80211_channel_type channel_type, gfp_t gfp)
6129 {
6130         nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
6131                                           rdev, netdev, cookie, chan,
6132                                           channel_type, 0, gfp);
6133 }
6134
6135 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
6136                             struct net_device *dev, const u8 *mac_addr,
6137                             struct station_info *sinfo, gfp_t gfp)
6138 {
6139         struct sk_buff *msg;
6140
6141         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
6142         if (!msg)
6143                 return;
6144
6145         if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) {
6146                 nlmsg_free(msg);
6147                 return;
6148         }
6149
6150         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6151                                 nl80211_mlme_mcgrp.id, gfp);
6152 }
6153
6154 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
6155                       struct net_device *netdev, u32 nlpid,
6156                       int freq, const u8 *buf, size_t len, gfp_t gfp)
6157 {
6158         struct sk_buff *msg;
6159         void *hdr;
6160         int err;
6161
6162         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
6163         if (!msg)
6164                 return -ENOMEM;
6165
6166         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
6167         if (!hdr) {
6168                 nlmsg_free(msg);
6169                 return -ENOMEM;
6170         }
6171
6172         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6173         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6174         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
6175         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
6176
6177         err = genlmsg_end(msg, hdr);
6178         if (err < 0) {
6179                 nlmsg_free(msg);
6180                 return err;
6181         }
6182
6183         err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
6184         if (err < 0)
6185                 return err;
6186         return 0;
6187
6188  nla_put_failure:
6189         genlmsg_cancel(msg, hdr);
6190         nlmsg_free(msg);
6191         return -ENOBUFS;
6192 }
6193
6194 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
6195                                  struct net_device *netdev, u64 cookie,
6196                                  const u8 *buf, size_t len, bool ack,
6197                                  gfp_t gfp)
6198 {
6199         struct sk_buff *msg;
6200         void *hdr;
6201
6202         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
6203         if (!msg)
6204                 return;
6205
6206         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
6207         if (!hdr) {
6208                 nlmsg_free(msg);
6209                 return;
6210         }
6211
6212         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6213         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6214         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
6215         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
6216         if (ack)
6217                 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK);
6218
6219         if (genlmsg_end(msg, hdr) < 0) {
6220                 nlmsg_free(msg);
6221                 return;
6222         }
6223
6224         genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
6225         return;
6226
6227  nla_put_failure:
6228         genlmsg_cancel(msg, hdr);
6229         nlmsg_free(msg);
6230 }
6231
6232 void
6233 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev,
6234                              struct net_device *netdev,
6235                              enum nl80211_cqm_rssi_threshold_event rssi_event,
6236                              gfp_t gfp)
6237 {
6238         struct sk_buff *msg;
6239         struct nlattr *pinfoattr;
6240         void *hdr;
6241
6242         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
6243         if (!msg)
6244                 return;
6245
6246         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
6247         if (!hdr) {
6248                 nlmsg_free(msg);
6249                 return;
6250         }
6251
6252         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6253         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6254
6255         pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
6256         if (!pinfoattr)
6257                 goto nla_put_failure;
6258
6259         NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
6260                     rssi_event);
6261
6262         nla_nest_end(msg, pinfoattr);
6263
6264         if (genlmsg_end(msg, hdr) < 0) {
6265                 nlmsg_free(msg);
6266                 return;
6267         }
6268
6269         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6270                                 nl80211_mlme_mcgrp.id, gfp);
6271         return;
6272
6273  nla_put_failure:
6274         genlmsg_cancel(msg, hdr);
6275         nlmsg_free(msg);
6276 }
6277
6278 static int nl80211_netlink_notify(struct notifier_block * nb,
6279                                   unsigned long state,
6280                                   void *_notify)
6281 {
6282         struct netlink_notify *notify = _notify;
6283         struct cfg80211_registered_device *rdev;
6284         struct wireless_dev *wdev;
6285
6286         if (state != NETLINK_URELEASE)
6287                 return NOTIFY_DONE;
6288
6289         rcu_read_lock();
6290
6291         list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list)
6292                 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list)
6293                         cfg80211_mlme_unregister_socket(wdev, notify->pid);
6294
6295         rcu_read_unlock();
6296
6297         return NOTIFY_DONE;
6298 }
6299
6300 static struct notifier_block nl80211_netlink_notifier = {
6301         .notifier_call = nl80211_netlink_notify,
6302 };
6303
6304 /* initialisation/exit functions */
6305
6306 int nl80211_init(void)
6307 {
6308         int err;
6309
6310         err = genl_register_family_with_ops(&nl80211_fam,
6311                 nl80211_ops, ARRAY_SIZE(nl80211_ops));
6312         if (err)
6313                 return err;
6314
6315         err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
6316         if (err)
6317                 goto err_out;
6318
6319         err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
6320         if (err)
6321                 goto err_out;
6322
6323         err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
6324         if (err)
6325                 goto err_out;
6326
6327         err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
6328         if (err)
6329                 goto err_out;
6330
6331 #ifdef CONFIG_NL80211_TESTMODE
6332         err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
6333         if (err)
6334                 goto err_out;
6335 #endif
6336
6337         err = netlink_register_notifier(&nl80211_netlink_notifier);
6338         if (err)
6339                 goto err_out;
6340
6341         return 0;
6342  err_out:
6343         genl_unregister_family(&nl80211_fam);
6344         return err;
6345 }
6346
6347 void nl80211_exit(void)
6348 {
6349         netlink_unregister_notifier(&nl80211_netlink_notifier);
6350         genl_unregister_family(&nl80211_fam);
6351 }