cfg80211: Use capability info to detect mesh beacons.
[linux-2.6.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25
26 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
27                             struct genl_info *info);
28 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
29                               struct genl_info *info);
30
31 /* the netlink family */
32 static struct genl_family nl80211_fam = {
33         .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
34         .name = "nl80211",      /* have users key off the name instead */
35         .hdrsize = 0,           /* no private header */
36         .version = 1,           /* no particular meaning now */
37         .maxattr = NL80211_ATTR_MAX,
38         .netnsok = true,
39         .pre_doit = nl80211_pre_doit,
40         .post_doit = nl80211_post_doit,
41 };
42
43 /* internal helper: get rdev and dev */
44 static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
45                                        struct cfg80211_registered_device **rdev,
46                                        struct net_device **dev)
47 {
48         struct nlattr **attrs = info->attrs;
49         int ifindex;
50
51         if (!attrs[NL80211_ATTR_IFINDEX])
52                 return -EINVAL;
53
54         ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
55         *dev = dev_get_by_index(genl_info_net(info), ifindex);
56         if (!*dev)
57                 return -ENODEV;
58
59         *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex);
60         if (IS_ERR(*rdev)) {
61                 dev_put(*dev);
62                 return PTR_ERR(*rdev);
63         }
64
65         return 0;
66 }
67
68 /* policy for the attributes */
69 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
70         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
71         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
72                                       .len = 20-1 },
73         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
74         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
75         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
76         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
77         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
78         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
79         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
80         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
81
82         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
83         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
84         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
85
86         [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
87         [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
88
89         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
90         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
91                                     .len = WLAN_MAX_KEY_LEN },
92         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
93         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
94         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
95         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
96         [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
97
98         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
99         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
100         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
101                                        .len = IEEE80211_MAX_DATA_LEN },
102         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
103                                        .len = IEEE80211_MAX_DATA_LEN },
104         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
105         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
106         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
107         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
108                                                .len = NL80211_MAX_SUPP_RATES },
109         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
110         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
111         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
112         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
113                                 .len = IEEE80211_MAX_MESH_ID_LEN },
114         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
115
116         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
117         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
118
119         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
120         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
121         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
122         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
123                                            .len = NL80211_MAX_SUPP_RATES },
124         [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
125
126         [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
127         [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
128
129         [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
130                                          .len = NL80211_HT_CAPABILITY_LEN },
131
132         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
133         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
134                               .len = IEEE80211_MAX_DATA_LEN },
135         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
136         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
137
138         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
139                                 .len = IEEE80211_MAX_SSID_LEN },
140         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
141         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
142         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
143         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
144         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
145         [NL80211_ATTR_STA_FLAGS2] = {
146                 .len = sizeof(struct nl80211_sta_flag_update),
147         },
148         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
149         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
150         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
151         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
152         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
153         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
154         [NL80211_ATTR_PID] = { .type = NLA_U32 },
155         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
156         [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
157                                  .len = WLAN_PMKID_LEN },
158         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
159         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
160         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
161         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
162                                  .len = IEEE80211_MAX_DATA_LEN },
163         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
164         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
165         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
166         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
167         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
168         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
169         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
170         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
171         [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
172         [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
173         [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
174         [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
175         [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
176         [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
177 };
178
179 /* policy for the key attributes */
180 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
181         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
182         [NL80211_KEY_IDX] = { .type = NLA_U8 },
183         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
184         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
185         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
186         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
187         [NL80211_KEY_TYPE] = { .type = NLA_U32 },
188         [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
189 };
190
191 /* policy for the key default flags */
192 static const struct nla_policy
193 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
194         [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
195         [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
196 };
197
198 /* policy for WoWLAN attributes */
199 static const struct nla_policy
200 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
201         [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
202         [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
203         [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
204         [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
205 };
206
207 /* ifidx get helper */
208 static int nl80211_get_ifidx(struct netlink_callback *cb)
209 {
210         int res;
211
212         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
213                           nl80211_fam.attrbuf, nl80211_fam.maxattr,
214                           nl80211_policy);
215         if (res)
216                 return res;
217
218         if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
219                 return -EINVAL;
220
221         res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
222         if (!res)
223                 return -EINVAL;
224         return res;
225 }
226
227 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
228                                        struct netlink_callback *cb,
229                                        struct cfg80211_registered_device **rdev,
230                                        struct net_device **dev)
231 {
232         int ifidx = cb->args[0];
233         int err;
234
235         if (!ifidx)
236                 ifidx = nl80211_get_ifidx(cb);
237         if (ifidx < 0)
238                 return ifidx;
239
240         cb->args[0] = ifidx;
241
242         rtnl_lock();
243
244         *dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
245         if (!*dev) {
246                 err = -ENODEV;
247                 goto out_rtnl;
248         }
249
250         *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
251         if (IS_ERR(*rdev)) {
252                 err = PTR_ERR(*rdev);
253                 goto out_rtnl;
254         }
255
256         return 0;
257  out_rtnl:
258         rtnl_unlock();
259         return err;
260 }
261
262 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
263 {
264         cfg80211_unlock_rdev(rdev);
265         rtnl_unlock();
266 }
267
268 /* IE validation */
269 static bool is_valid_ie_attr(const struct nlattr *attr)
270 {
271         const u8 *pos;
272         int len;
273
274         if (!attr)
275                 return true;
276
277         pos = nla_data(attr);
278         len = nla_len(attr);
279
280         while (len) {
281                 u8 elemlen;
282
283                 if (len < 2)
284                         return false;
285                 len -= 2;
286
287                 elemlen = pos[1];
288                 if (elemlen > len)
289                         return false;
290
291                 len -= elemlen;
292                 pos += 2 + elemlen;
293         }
294
295         return true;
296 }
297
298 /* message building helper */
299 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
300                                    int flags, u8 cmd)
301 {
302         /* since there is no private header just add the generic one */
303         return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
304 }
305
306 static int nl80211_msg_put_channel(struct sk_buff *msg,
307                                    struct ieee80211_channel *chan)
308 {
309         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
310                     chan->center_freq);
311
312         if (chan->flags & IEEE80211_CHAN_DISABLED)
313                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
314         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
315                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
316         if (chan->flags & IEEE80211_CHAN_NO_IBSS)
317                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
318         if (chan->flags & IEEE80211_CHAN_RADAR)
319                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
320
321         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
322                     DBM_TO_MBM(chan->max_power));
323
324         return 0;
325
326  nla_put_failure:
327         return -ENOBUFS;
328 }
329
330 /* netlink command implementations */
331
332 struct key_parse {
333         struct key_params p;
334         int idx;
335         int type;
336         bool def, defmgmt;
337         bool def_uni, def_multi;
338 };
339
340 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
341 {
342         struct nlattr *tb[NL80211_KEY_MAX + 1];
343         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
344                                    nl80211_key_policy);
345         if (err)
346                 return err;
347
348         k->def = !!tb[NL80211_KEY_DEFAULT];
349         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
350
351         if (k->def) {
352                 k->def_uni = true;
353                 k->def_multi = true;
354         }
355         if (k->defmgmt)
356                 k->def_multi = true;
357
358         if (tb[NL80211_KEY_IDX])
359                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
360
361         if (tb[NL80211_KEY_DATA]) {
362                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
363                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
364         }
365
366         if (tb[NL80211_KEY_SEQ]) {
367                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
368                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
369         }
370
371         if (tb[NL80211_KEY_CIPHER])
372                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
373
374         if (tb[NL80211_KEY_TYPE]) {
375                 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
376                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
377                         return -EINVAL;
378         }
379
380         if (tb[NL80211_KEY_DEFAULT_TYPES]) {
381                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
382                 int err = nla_parse_nested(kdt,
383                                            NUM_NL80211_KEY_DEFAULT_TYPES - 1,
384                                            tb[NL80211_KEY_DEFAULT_TYPES],
385                                            nl80211_key_default_policy);
386                 if (err)
387                         return err;
388
389                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
390                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
391         }
392
393         return 0;
394 }
395
396 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
397 {
398         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
399                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
400                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
401         }
402
403         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
404                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
405                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
406         }
407
408         if (info->attrs[NL80211_ATTR_KEY_IDX])
409                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
410
411         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
412                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
413
414         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
415         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
416
417         if (k->def) {
418                 k->def_uni = true;
419                 k->def_multi = true;
420         }
421         if (k->defmgmt)
422                 k->def_multi = true;
423
424         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
425                 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
426                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
427                         return -EINVAL;
428         }
429
430         if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
431                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
432                 int err = nla_parse_nested(
433                                 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
434                                 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
435                                 nl80211_key_default_policy);
436                 if (err)
437                         return err;
438
439                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
440                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
441         }
442
443         return 0;
444 }
445
446 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
447 {
448         int err;
449
450         memset(k, 0, sizeof(*k));
451         k->idx = -1;
452         k->type = -1;
453
454         if (info->attrs[NL80211_ATTR_KEY])
455                 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
456         else
457                 err = nl80211_parse_key_old(info, k);
458
459         if (err)
460                 return err;
461
462         if (k->def && k->defmgmt)
463                 return -EINVAL;
464
465         if (k->defmgmt) {
466                 if (k->def_uni || !k->def_multi)
467                         return -EINVAL;
468         }
469
470         if (k->idx != -1) {
471                 if (k->defmgmt) {
472                         if (k->idx < 4 || k->idx > 5)
473                                 return -EINVAL;
474                 } else if (k->def) {
475                         if (k->idx < 0 || k->idx > 3)
476                                 return -EINVAL;
477                 } else {
478                         if (k->idx < 0 || k->idx > 5)
479                                 return -EINVAL;
480                 }
481         }
482
483         return 0;
484 }
485
486 static struct cfg80211_cached_keys *
487 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
488                        struct nlattr *keys)
489 {
490         struct key_parse parse;
491         struct nlattr *key;
492         struct cfg80211_cached_keys *result;
493         int rem, err, def = 0;
494
495         result = kzalloc(sizeof(*result), GFP_KERNEL);
496         if (!result)
497                 return ERR_PTR(-ENOMEM);
498
499         result->def = -1;
500         result->defmgmt = -1;
501
502         nla_for_each_nested(key, keys, rem) {
503                 memset(&parse, 0, sizeof(parse));
504                 parse.idx = -1;
505
506                 err = nl80211_parse_key_new(key, &parse);
507                 if (err)
508                         goto error;
509                 err = -EINVAL;
510                 if (!parse.p.key)
511                         goto error;
512                 if (parse.idx < 0 || parse.idx > 4)
513                         goto error;
514                 if (parse.def) {
515                         if (def)
516                                 goto error;
517                         def = 1;
518                         result->def = parse.idx;
519                         if (!parse.def_uni || !parse.def_multi)
520                                 goto error;
521                 } else if (parse.defmgmt)
522                         goto error;
523                 err = cfg80211_validate_key_settings(rdev, &parse.p,
524                                                      parse.idx, false, NULL);
525                 if (err)
526                         goto error;
527                 result->params[parse.idx].cipher = parse.p.cipher;
528                 result->params[parse.idx].key_len = parse.p.key_len;
529                 result->params[parse.idx].key = result->data[parse.idx];
530                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
531         }
532
533         return result;
534  error:
535         kfree(result);
536         return ERR_PTR(err);
537 }
538
539 static int nl80211_key_allowed(struct wireless_dev *wdev)
540 {
541         ASSERT_WDEV_LOCK(wdev);
542
543         switch (wdev->iftype) {
544         case NL80211_IFTYPE_AP:
545         case NL80211_IFTYPE_AP_VLAN:
546         case NL80211_IFTYPE_P2P_GO:
547                 break;
548         case NL80211_IFTYPE_ADHOC:
549                 if (!wdev->current_bss)
550                         return -ENOLINK;
551                 break;
552         case NL80211_IFTYPE_STATION:
553         case NL80211_IFTYPE_P2P_CLIENT:
554                 if (wdev->sme_state != CFG80211_SME_CONNECTED)
555                         return -ENOLINK;
556                 break;
557         default:
558                 return -EINVAL;
559         }
560
561         return 0;
562 }
563
564 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
565                               struct cfg80211_registered_device *dev)
566 {
567         void *hdr;
568         struct nlattr *nl_bands, *nl_band;
569         struct nlattr *nl_freqs, *nl_freq;
570         struct nlattr *nl_rates, *nl_rate;
571         struct nlattr *nl_modes;
572         struct nlattr *nl_cmds;
573         enum ieee80211_band band;
574         struct ieee80211_channel *chan;
575         struct ieee80211_rate *rate;
576         int i;
577         u16 ifmodes = dev->wiphy.interface_modes;
578         const struct ieee80211_txrx_stypes *mgmt_stypes =
579                                 dev->wiphy.mgmt_stypes;
580
581         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
582         if (!hdr)
583                 return -1;
584
585         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
586         NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
587
588         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
589                     cfg80211_rdev_list_generation);
590
591         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
592                    dev->wiphy.retry_short);
593         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
594                    dev->wiphy.retry_long);
595         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
596                     dev->wiphy.frag_threshold);
597         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
598                     dev->wiphy.rts_threshold);
599         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
600                     dev->wiphy.coverage_class);
601         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
602                    dev->wiphy.max_scan_ssids);
603         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
604                     dev->wiphy.max_scan_ie_len);
605
606         if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)
607                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN);
608         if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)
609                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
610
611         NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
612                 sizeof(u32) * dev->wiphy.n_cipher_suites,
613                 dev->wiphy.cipher_suites);
614
615         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
616                    dev->wiphy.max_num_pmkids);
617
618         if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL)
619                 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE);
620
621         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
622                     dev->wiphy.available_antennas_tx);
623         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
624                     dev->wiphy.available_antennas_rx);
625
626         if ((dev->wiphy.available_antennas_tx ||
627              dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
628                 u32 tx_ant = 0, rx_ant = 0;
629                 int res;
630                 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
631                 if (!res) {
632                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant);
633                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant);
634                 }
635         }
636
637         nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES);
638         if (!nl_modes)
639                 goto nla_put_failure;
640
641         i = 0;
642         while (ifmodes) {
643                 if (ifmodes & 1)
644                         NLA_PUT_FLAG(msg, i);
645                 ifmodes >>= 1;
646                 i++;
647         }
648
649         nla_nest_end(msg, nl_modes);
650
651         nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
652         if (!nl_bands)
653                 goto nla_put_failure;
654
655         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
656                 if (!dev->wiphy.bands[band])
657                         continue;
658
659                 nl_band = nla_nest_start(msg, band);
660                 if (!nl_band)
661                         goto nla_put_failure;
662
663                 /* add HT info */
664                 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
665                         NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
666                                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
667                                 &dev->wiphy.bands[band]->ht_cap.mcs);
668                         NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
669                                 dev->wiphy.bands[band]->ht_cap.cap);
670                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
671                                 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
672                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
673                                 dev->wiphy.bands[band]->ht_cap.ampdu_density);
674                 }
675
676                 /* add frequencies */
677                 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
678                 if (!nl_freqs)
679                         goto nla_put_failure;
680
681                 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
682                         nl_freq = nla_nest_start(msg, i);
683                         if (!nl_freq)
684                                 goto nla_put_failure;
685
686                         chan = &dev->wiphy.bands[band]->channels[i];
687
688                         if (nl80211_msg_put_channel(msg, chan))
689                                 goto nla_put_failure;
690
691                         nla_nest_end(msg, nl_freq);
692                 }
693
694                 nla_nest_end(msg, nl_freqs);
695
696                 /* add bitrates */
697                 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
698                 if (!nl_rates)
699                         goto nla_put_failure;
700
701                 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
702                         nl_rate = nla_nest_start(msg, i);
703                         if (!nl_rate)
704                                 goto nla_put_failure;
705
706                         rate = &dev->wiphy.bands[band]->bitrates[i];
707                         NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
708                                     rate->bitrate);
709                         if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
710                                 NLA_PUT_FLAG(msg,
711                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
712
713                         nla_nest_end(msg, nl_rate);
714                 }
715
716                 nla_nest_end(msg, nl_rates);
717
718                 nla_nest_end(msg, nl_band);
719         }
720         nla_nest_end(msg, nl_bands);
721
722         nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
723         if (!nl_cmds)
724                 goto nla_put_failure;
725
726         i = 0;
727 #define CMD(op, n)                                              \
728          do {                                                   \
729                 if (dev->ops->op) {                             \
730                         i++;                                    \
731                         NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
732                 }                                               \
733         } while (0)
734
735         CMD(add_virtual_intf, NEW_INTERFACE);
736         CMD(change_virtual_intf, SET_INTERFACE);
737         CMD(add_key, NEW_KEY);
738         CMD(add_beacon, NEW_BEACON);
739         CMD(add_station, NEW_STATION);
740         CMD(add_mpath, NEW_MPATH);
741         CMD(update_mesh_config, SET_MESH_CONFIG);
742         CMD(change_bss, SET_BSS);
743         CMD(auth, AUTHENTICATE);
744         CMD(assoc, ASSOCIATE);
745         CMD(deauth, DEAUTHENTICATE);
746         CMD(disassoc, DISASSOCIATE);
747         CMD(join_ibss, JOIN_IBSS);
748         CMD(join_mesh, JOIN_MESH);
749         CMD(set_pmksa, SET_PMKSA);
750         CMD(del_pmksa, DEL_PMKSA);
751         CMD(flush_pmksa, FLUSH_PMKSA);
752         CMD(remain_on_channel, REMAIN_ON_CHANNEL);
753         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
754         CMD(mgmt_tx, FRAME);
755         CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
756         if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
757                 i++;
758                 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
759         }
760         CMD(set_channel, SET_CHANNEL);
761         CMD(set_wds_peer, SET_WDS_PEER);
762
763 #undef CMD
764
765         if (dev->ops->connect || dev->ops->auth) {
766                 i++;
767                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
768         }
769
770         if (dev->ops->disconnect || dev->ops->deauth) {
771                 i++;
772                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
773         }
774
775         nla_nest_end(msg, nl_cmds);
776
777         if (dev->ops->remain_on_channel)
778                 NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
779                             dev->wiphy.max_remain_on_channel_duration);
780
781         /* for now at least assume all drivers have it */
782         if (dev->ops->mgmt_tx)
783                 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
784
785         if (mgmt_stypes) {
786                 u16 stypes;
787                 struct nlattr *nl_ftypes, *nl_ifs;
788                 enum nl80211_iftype ift;
789
790                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
791                 if (!nl_ifs)
792                         goto nla_put_failure;
793
794                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
795                         nl_ftypes = nla_nest_start(msg, ift);
796                         if (!nl_ftypes)
797                                 goto nla_put_failure;
798                         i = 0;
799                         stypes = mgmt_stypes[ift].tx;
800                         while (stypes) {
801                                 if (stypes & 1)
802                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
803                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
804                                 stypes >>= 1;
805                                 i++;
806                         }
807                         nla_nest_end(msg, nl_ftypes);
808                 }
809
810                 nla_nest_end(msg, nl_ifs);
811
812                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
813                 if (!nl_ifs)
814                         goto nla_put_failure;
815
816                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
817                         nl_ftypes = nla_nest_start(msg, ift);
818                         if (!nl_ftypes)
819                                 goto nla_put_failure;
820                         i = 0;
821                         stypes = mgmt_stypes[ift].rx;
822                         while (stypes) {
823                                 if (stypes & 1)
824                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
825                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
826                                 stypes >>= 1;
827                                 i++;
828                         }
829                         nla_nest_end(msg, nl_ftypes);
830                 }
831                 nla_nest_end(msg, nl_ifs);
832         }
833
834         if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
835                 struct nlattr *nl_wowlan;
836
837                 nl_wowlan = nla_nest_start(msg,
838                                 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
839                 if (!nl_wowlan)
840                         goto nla_put_failure;
841
842                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY)
843                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
844                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT)
845                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
846                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT)
847                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
848                 if (dev->wiphy.wowlan.n_patterns) {
849                         struct nl80211_wowlan_pattern_support pat = {
850                                 .max_patterns = dev->wiphy.wowlan.n_patterns,
851                                 .min_pattern_len =
852                                         dev->wiphy.wowlan.pattern_min_len,
853                                 .max_pattern_len =
854                                         dev->wiphy.wowlan.pattern_max_len,
855                         };
856                         NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
857                                 sizeof(pat), &pat);
858                 }
859
860                 nla_nest_end(msg, nl_wowlan);
861         }
862
863         return genlmsg_end(msg, hdr);
864
865  nla_put_failure:
866         genlmsg_cancel(msg, hdr);
867         return -EMSGSIZE;
868 }
869
870 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
871 {
872         int idx = 0;
873         int start = cb->args[0];
874         struct cfg80211_registered_device *dev;
875
876         mutex_lock(&cfg80211_mutex);
877         list_for_each_entry(dev, &cfg80211_rdev_list, list) {
878                 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
879                         continue;
880                 if (++idx <= start)
881                         continue;
882                 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
883                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
884                                        dev) < 0) {
885                         idx--;
886                         break;
887                 }
888         }
889         mutex_unlock(&cfg80211_mutex);
890
891         cb->args[0] = idx;
892
893         return skb->len;
894 }
895
896 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
897 {
898         struct sk_buff *msg;
899         struct cfg80211_registered_device *dev = info->user_ptr[0];
900
901         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
902         if (!msg)
903                 return -ENOMEM;
904
905         if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
906                 nlmsg_free(msg);
907                 return -ENOBUFS;
908         }
909
910         return genlmsg_reply(msg, info);
911 }
912
913 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
914         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
915         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
916         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
917         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
918         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
919 };
920
921 static int parse_txq_params(struct nlattr *tb[],
922                             struct ieee80211_txq_params *txq_params)
923 {
924         if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
925             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
926             !tb[NL80211_TXQ_ATTR_AIFS])
927                 return -EINVAL;
928
929         txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
930         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
931         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
932         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
933         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
934
935         return 0;
936 }
937
938 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
939 {
940         /*
941          * You can only set the channel explicitly for AP, mesh
942          * and WDS type interfaces; all others have their channel
943          * managed via their respective "establish a connection"
944          * command (connect, join, ...)
945          *
946          * Monitors are special as they are normally slaved to
947          * whatever else is going on, so they behave as though
948          * you tried setting the wiphy channel itself.
949          */
950         return !wdev ||
951                 wdev->iftype == NL80211_IFTYPE_AP ||
952                 wdev->iftype == NL80211_IFTYPE_WDS ||
953                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
954                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
955                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
956 }
957
958 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
959                                  struct wireless_dev *wdev,
960                                  struct genl_info *info)
961 {
962         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
963         u32 freq;
964         int result;
965
966         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
967                 return -EINVAL;
968
969         if (!nl80211_can_set_dev_channel(wdev))
970                 return -EOPNOTSUPP;
971
972         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
973                 channel_type = nla_get_u32(info->attrs[
974                                    NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
975                 if (channel_type != NL80211_CHAN_NO_HT &&
976                     channel_type != NL80211_CHAN_HT20 &&
977                     channel_type != NL80211_CHAN_HT40PLUS &&
978                     channel_type != NL80211_CHAN_HT40MINUS)
979                         return -EINVAL;
980         }
981
982         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
983
984         mutex_lock(&rdev->devlist_mtx);
985         if (wdev) {
986                 wdev_lock(wdev);
987                 result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
988                 wdev_unlock(wdev);
989         } else {
990                 result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
991         }
992         mutex_unlock(&rdev->devlist_mtx);
993
994         return result;
995 }
996
997 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
998 {
999         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1000         struct net_device *netdev = info->user_ptr[1];
1001
1002         return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1003 }
1004
1005 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1006 {
1007         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1008         struct net_device *dev = info->user_ptr[1];
1009         struct wireless_dev *wdev = dev->ieee80211_ptr;
1010         const u8 *bssid;
1011
1012         if (!info->attrs[NL80211_ATTR_MAC])
1013                 return -EINVAL;
1014
1015         if (netif_running(dev))
1016                 return -EBUSY;
1017
1018         if (!rdev->ops->set_wds_peer)
1019                 return -EOPNOTSUPP;
1020
1021         if (wdev->iftype != NL80211_IFTYPE_WDS)
1022                 return -EOPNOTSUPP;
1023
1024         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1025         return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1026 }
1027
1028
1029 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1030 {
1031         struct cfg80211_registered_device *rdev;
1032         struct net_device *netdev = NULL;
1033         struct wireless_dev *wdev;
1034         int result = 0, rem_txq_params = 0;
1035         struct nlattr *nl_txq_params;
1036         u32 changed;
1037         u8 retry_short = 0, retry_long = 0;
1038         u32 frag_threshold = 0, rts_threshold = 0;
1039         u8 coverage_class = 0;
1040
1041         /*
1042          * Try to find the wiphy and netdev. Normally this
1043          * function shouldn't need the netdev, but this is
1044          * done for backward compatibility -- previously
1045          * setting the channel was done per wiphy, but now
1046          * it is per netdev. Previous userland like hostapd
1047          * also passed a netdev to set_wiphy, so that it is
1048          * possible to let that go to the right netdev!
1049          */
1050         mutex_lock(&cfg80211_mutex);
1051
1052         if (info->attrs[NL80211_ATTR_IFINDEX]) {
1053                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1054
1055                 netdev = dev_get_by_index(genl_info_net(info), ifindex);
1056                 if (netdev && netdev->ieee80211_ptr) {
1057                         rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1058                         mutex_lock(&rdev->mtx);
1059                 } else
1060                         netdev = NULL;
1061         }
1062
1063         if (!netdev) {
1064                 rdev = __cfg80211_rdev_from_info(info);
1065                 if (IS_ERR(rdev)) {
1066                         mutex_unlock(&cfg80211_mutex);
1067                         return PTR_ERR(rdev);
1068                 }
1069                 wdev = NULL;
1070                 netdev = NULL;
1071                 result = 0;
1072
1073                 mutex_lock(&rdev->mtx);
1074         } else if (netif_running(netdev) &&
1075                    nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1076                 wdev = netdev->ieee80211_ptr;
1077         else
1078                 wdev = NULL;
1079
1080         /*
1081          * end workaround code, by now the rdev is available
1082          * and locked, and wdev may or may not be NULL.
1083          */
1084
1085         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1086                 result = cfg80211_dev_rename(
1087                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1088
1089         mutex_unlock(&cfg80211_mutex);
1090
1091         if (result)
1092                 goto bad_res;
1093
1094         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1095                 struct ieee80211_txq_params txq_params;
1096                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1097
1098                 if (!rdev->ops->set_txq_params) {
1099                         result = -EOPNOTSUPP;
1100                         goto bad_res;
1101                 }
1102
1103                 nla_for_each_nested(nl_txq_params,
1104                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1105                                     rem_txq_params) {
1106                         nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1107                                   nla_data(nl_txq_params),
1108                                   nla_len(nl_txq_params),
1109                                   txq_params_policy);
1110                         result = parse_txq_params(tb, &txq_params);
1111                         if (result)
1112                                 goto bad_res;
1113
1114                         result = rdev->ops->set_txq_params(&rdev->wiphy,
1115                                                            &txq_params);
1116                         if (result)
1117                                 goto bad_res;
1118                 }
1119         }
1120
1121         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1122                 result = __nl80211_set_channel(rdev, wdev, info);
1123                 if (result)
1124                         goto bad_res;
1125         }
1126
1127         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1128                 enum nl80211_tx_power_setting type;
1129                 int idx, mbm = 0;
1130
1131                 if (!rdev->ops->set_tx_power) {
1132                         result = -EOPNOTSUPP;
1133                         goto bad_res;
1134                 }
1135
1136                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1137                 type = nla_get_u32(info->attrs[idx]);
1138
1139                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1140                     (type != NL80211_TX_POWER_AUTOMATIC)) {
1141                         result = -EINVAL;
1142                         goto bad_res;
1143                 }
1144
1145                 if (type != NL80211_TX_POWER_AUTOMATIC) {
1146                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1147                         mbm = nla_get_u32(info->attrs[idx]);
1148                 }
1149
1150                 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1151                 if (result)
1152                         goto bad_res;
1153         }
1154
1155         if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1156             info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1157                 u32 tx_ant, rx_ant;
1158                 if ((!rdev->wiphy.available_antennas_tx &&
1159                      !rdev->wiphy.available_antennas_rx) ||
1160                     !rdev->ops->set_antenna) {
1161                         result = -EOPNOTSUPP;
1162                         goto bad_res;
1163                 }
1164
1165                 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1166                 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1167
1168                 /* reject antenna configurations which don't match the
1169                  * available antenna masks, except for the "all" mask */
1170                 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1171                     (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1172                         result = -EINVAL;
1173                         goto bad_res;
1174                 }
1175
1176                 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1177                 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1178
1179                 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1180                 if (result)
1181                         goto bad_res;
1182         }
1183
1184         changed = 0;
1185
1186         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1187                 retry_short = nla_get_u8(
1188                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1189                 if (retry_short == 0) {
1190                         result = -EINVAL;
1191                         goto bad_res;
1192                 }
1193                 changed |= WIPHY_PARAM_RETRY_SHORT;
1194         }
1195
1196         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1197                 retry_long = nla_get_u8(
1198                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1199                 if (retry_long == 0) {
1200                         result = -EINVAL;
1201                         goto bad_res;
1202                 }
1203                 changed |= WIPHY_PARAM_RETRY_LONG;
1204         }
1205
1206         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1207                 frag_threshold = nla_get_u32(
1208                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1209                 if (frag_threshold < 256) {
1210                         result = -EINVAL;
1211                         goto bad_res;
1212                 }
1213                 if (frag_threshold != (u32) -1) {
1214                         /*
1215                          * Fragments (apart from the last one) are required to
1216                          * have even length. Make the fragmentation code
1217                          * simpler by stripping LSB should someone try to use
1218                          * odd threshold value.
1219                          */
1220                         frag_threshold &= ~0x1;
1221                 }
1222                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1223         }
1224
1225         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1226                 rts_threshold = nla_get_u32(
1227                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1228                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
1229         }
1230
1231         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1232                 coverage_class = nla_get_u8(
1233                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1234                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
1235         }
1236
1237         if (changed) {
1238                 u8 old_retry_short, old_retry_long;
1239                 u32 old_frag_threshold, old_rts_threshold;
1240                 u8 old_coverage_class;
1241
1242                 if (!rdev->ops->set_wiphy_params) {
1243                         result = -EOPNOTSUPP;
1244                         goto bad_res;
1245                 }
1246
1247                 old_retry_short = rdev->wiphy.retry_short;
1248                 old_retry_long = rdev->wiphy.retry_long;
1249                 old_frag_threshold = rdev->wiphy.frag_threshold;
1250                 old_rts_threshold = rdev->wiphy.rts_threshold;
1251                 old_coverage_class = rdev->wiphy.coverage_class;
1252
1253                 if (changed & WIPHY_PARAM_RETRY_SHORT)
1254                         rdev->wiphy.retry_short = retry_short;
1255                 if (changed & WIPHY_PARAM_RETRY_LONG)
1256                         rdev->wiphy.retry_long = retry_long;
1257                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1258                         rdev->wiphy.frag_threshold = frag_threshold;
1259                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1260                         rdev->wiphy.rts_threshold = rts_threshold;
1261                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1262                         rdev->wiphy.coverage_class = coverage_class;
1263
1264                 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1265                 if (result) {
1266                         rdev->wiphy.retry_short = old_retry_short;
1267                         rdev->wiphy.retry_long = old_retry_long;
1268                         rdev->wiphy.frag_threshold = old_frag_threshold;
1269                         rdev->wiphy.rts_threshold = old_rts_threshold;
1270                         rdev->wiphy.coverage_class = old_coverage_class;
1271                 }
1272         }
1273
1274  bad_res:
1275         mutex_unlock(&rdev->mtx);
1276         if (netdev)
1277                 dev_put(netdev);
1278         return result;
1279 }
1280
1281
1282 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1283                               struct cfg80211_registered_device *rdev,
1284                               struct net_device *dev)
1285 {
1286         void *hdr;
1287
1288         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1289         if (!hdr)
1290                 return -1;
1291
1292         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1293         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1294         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1295         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1296
1297         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1298                     rdev->devlist_generation ^
1299                         (cfg80211_rdev_list_generation << 2));
1300
1301         return genlmsg_end(msg, hdr);
1302
1303  nla_put_failure:
1304         genlmsg_cancel(msg, hdr);
1305         return -EMSGSIZE;
1306 }
1307
1308 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1309 {
1310         int wp_idx = 0;
1311         int if_idx = 0;
1312         int wp_start = cb->args[0];
1313         int if_start = cb->args[1];
1314         struct cfg80211_registered_device *rdev;
1315         struct wireless_dev *wdev;
1316
1317         mutex_lock(&cfg80211_mutex);
1318         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1319                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1320                         continue;
1321                 if (wp_idx < wp_start) {
1322                         wp_idx++;
1323                         continue;
1324                 }
1325                 if_idx = 0;
1326
1327                 mutex_lock(&rdev->devlist_mtx);
1328                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
1329                         if (if_idx < if_start) {
1330                                 if_idx++;
1331                                 continue;
1332                         }
1333                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1334                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
1335                                                rdev, wdev->netdev) < 0) {
1336                                 mutex_unlock(&rdev->devlist_mtx);
1337                                 goto out;
1338                         }
1339                         if_idx++;
1340                 }
1341                 mutex_unlock(&rdev->devlist_mtx);
1342
1343                 wp_idx++;
1344         }
1345  out:
1346         mutex_unlock(&cfg80211_mutex);
1347
1348         cb->args[0] = wp_idx;
1349         cb->args[1] = if_idx;
1350
1351         return skb->len;
1352 }
1353
1354 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1355 {
1356         struct sk_buff *msg;
1357         struct cfg80211_registered_device *dev = info->user_ptr[0];
1358         struct net_device *netdev = info->user_ptr[1];
1359
1360         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1361         if (!msg)
1362                 return -ENOMEM;
1363
1364         if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1365                                dev, netdev) < 0) {
1366                 nlmsg_free(msg);
1367                 return -ENOBUFS;
1368         }
1369
1370         return genlmsg_reply(msg, info);
1371 }
1372
1373 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1374         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1375         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1376         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1377         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1378         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1379 };
1380
1381 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1382 {
1383         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1384         int flag;
1385
1386         *mntrflags = 0;
1387
1388         if (!nla)
1389                 return -EINVAL;
1390
1391         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1392                              nla, mntr_flags_policy))
1393                 return -EINVAL;
1394
1395         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1396                 if (flags[flag])
1397                         *mntrflags |= (1<<flag);
1398
1399         return 0;
1400 }
1401
1402 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1403                                struct net_device *netdev, u8 use_4addr,
1404                                enum nl80211_iftype iftype)
1405 {
1406         if (!use_4addr) {
1407                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1408                         return -EBUSY;
1409                 return 0;
1410         }
1411
1412         switch (iftype) {
1413         case NL80211_IFTYPE_AP_VLAN:
1414                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1415                         return 0;
1416                 break;
1417         case NL80211_IFTYPE_STATION:
1418                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1419                         return 0;
1420                 break;
1421         default:
1422                 break;
1423         }
1424
1425         return -EOPNOTSUPP;
1426 }
1427
1428 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1429 {
1430         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1431         struct vif_params params;
1432         int err;
1433         enum nl80211_iftype otype, ntype;
1434         struct net_device *dev = info->user_ptr[1];
1435         u32 _flags, *flags = NULL;
1436         bool change = false;
1437
1438         memset(&params, 0, sizeof(params));
1439
1440         otype = ntype = dev->ieee80211_ptr->iftype;
1441
1442         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1443                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1444                 if (otype != ntype)
1445                         change = true;
1446                 if (ntype > NL80211_IFTYPE_MAX)
1447                         return -EINVAL;
1448         }
1449
1450         if (info->attrs[NL80211_ATTR_MESH_ID]) {
1451                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1452
1453                 if (ntype != NL80211_IFTYPE_MESH_POINT)
1454                         return -EINVAL;
1455                 if (netif_running(dev))
1456                         return -EBUSY;
1457
1458                 wdev_lock(wdev);
1459                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1460                              IEEE80211_MAX_MESH_ID_LEN);
1461                 wdev->mesh_id_up_len =
1462                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1463                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1464                        wdev->mesh_id_up_len);
1465                 wdev_unlock(wdev);
1466         }
1467
1468         if (info->attrs[NL80211_ATTR_4ADDR]) {
1469                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1470                 change = true;
1471                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1472                 if (err)
1473                         return err;
1474         } else {
1475                 params.use_4addr = -1;
1476         }
1477
1478         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1479                 if (ntype != NL80211_IFTYPE_MONITOR)
1480                         return -EINVAL;
1481                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1482                                           &_flags);
1483                 if (err)
1484                         return err;
1485
1486                 flags = &_flags;
1487                 change = true;
1488         }
1489
1490         if (change)
1491                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1492         else
1493                 err = 0;
1494
1495         if (!err && params.use_4addr != -1)
1496                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1497
1498         return err;
1499 }
1500
1501 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1502 {
1503         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1504         struct vif_params params;
1505         struct net_device *dev;
1506         int err;
1507         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1508         u32 flags;
1509
1510         memset(&params, 0, sizeof(params));
1511
1512         if (!info->attrs[NL80211_ATTR_IFNAME])
1513                 return -EINVAL;
1514
1515         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1516                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1517                 if (type > NL80211_IFTYPE_MAX)
1518                         return -EINVAL;
1519         }
1520
1521         if (!rdev->ops->add_virtual_intf ||
1522             !(rdev->wiphy.interface_modes & (1 << type)))
1523                 return -EOPNOTSUPP;
1524
1525         if (info->attrs[NL80211_ATTR_4ADDR]) {
1526                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1527                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1528                 if (err)
1529                         return err;
1530         }
1531
1532         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1533                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1534                                   &flags);
1535         dev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1536                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1537                 type, err ? NULL : &flags, &params);
1538         if (IS_ERR(dev))
1539                 return PTR_ERR(dev);
1540
1541         if (type == NL80211_IFTYPE_MESH_POINT &&
1542             info->attrs[NL80211_ATTR_MESH_ID]) {
1543                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1544
1545                 wdev_lock(wdev);
1546                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1547                              IEEE80211_MAX_MESH_ID_LEN);
1548                 wdev->mesh_id_up_len =
1549                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1550                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1551                        wdev->mesh_id_up_len);
1552                 wdev_unlock(wdev);
1553         }
1554
1555         return 0;
1556 }
1557
1558 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1559 {
1560         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1561         struct net_device *dev = info->user_ptr[1];
1562
1563         if (!rdev->ops->del_virtual_intf)
1564                 return -EOPNOTSUPP;
1565
1566         return rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1567 }
1568
1569 struct get_key_cookie {
1570         struct sk_buff *msg;
1571         int error;
1572         int idx;
1573 };
1574
1575 static void get_key_callback(void *c, struct key_params *params)
1576 {
1577         struct nlattr *key;
1578         struct get_key_cookie *cookie = c;
1579
1580         if (params->key)
1581                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1582                         params->key_len, params->key);
1583
1584         if (params->seq)
1585                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1586                         params->seq_len, params->seq);
1587
1588         if (params->cipher)
1589                 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1590                             params->cipher);
1591
1592         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1593         if (!key)
1594                 goto nla_put_failure;
1595
1596         if (params->key)
1597                 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1598                         params->key_len, params->key);
1599
1600         if (params->seq)
1601                 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1602                         params->seq_len, params->seq);
1603
1604         if (params->cipher)
1605                 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1606                             params->cipher);
1607
1608         NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1609
1610         nla_nest_end(cookie->msg, key);
1611
1612         return;
1613  nla_put_failure:
1614         cookie->error = 1;
1615 }
1616
1617 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1618 {
1619         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1620         int err;
1621         struct net_device *dev = info->user_ptr[1];
1622         u8 key_idx = 0;
1623         const u8 *mac_addr = NULL;
1624         bool pairwise;
1625         struct get_key_cookie cookie = {
1626                 .error = 0,
1627         };
1628         void *hdr;
1629         struct sk_buff *msg;
1630
1631         if (info->attrs[NL80211_ATTR_KEY_IDX])
1632                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1633
1634         if (key_idx > 5)
1635                 return -EINVAL;
1636
1637         if (info->attrs[NL80211_ATTR_MAC])
1638                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1639
1640         pairwise = !!mac_addr;
1641         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
1642                 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1643                 if (kt >= NUM_NL80211_KEYTYPES)
1644                         return -EINVAL;
1645                 if (kt != NL80211_KEYTYPE_GROUP &&
1646                     kt != NL80211_KEYTYPE_PAIRWISE)
1647                         return -EINVAL;
1648                 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
1649         }
1650
1651         if (!rdev->ops->get_key)
1652                 return -EOPNOTSUPP;
1653
1654         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1655         if (!msg)
1656                 return -ENOMEM;
1657
1658         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1659                              NL80211_CMD_NEW_KEY);
1660         if (IS_ERR(hdr))
1661                 return PTR_ERR(hdr);
1662
1663         cookie.msg = msg;
1664         cookie.idx = key_idx;
1665
1666         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1667         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1668         if (mac_addr)
1669                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1670
1671         if (pairwise && mac_addr &&
1672             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1673                 return -ENOENT;
1674
1675         err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
1676                                  mac_addr, &cookie, get_key_callback);
1677
1678         if (err)
1679                 goto free_msg;
1680
1681         if (cookie.error)
1682                 goto nla_put_failure;
1683
1684         genlmsg_end(msg, hdr);
1685         return genlmsg_reply(msg, info);
1686
1687  nla_put_failure:
1688         err = -ENOBUFS;
1689  free_msg:
1690         nlmsg_free(msg);
1691         return err;
1692 }
1693
1694 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1695 {
1696         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1697         struct key_parse key;
1698         int err;
1699         struct net_device *dev = info->user_ptr[1];
1700
1701         err = nl80211_parse_key(info, &key);
1702         if (err)
1703                 return err;
1704
1705         if (key.idx < 0)
1706                 return -EINVAL;
1707
1708         /* only support setting default key */
1709         if (!key.def && !key.defmgmt)
1710                 return -EINVAL;
1711
1712         wdev_lock(dev->ieee80211_ptr);
1713
1714         if (key.def) {
1715                 if (!rdev->ops->set_default_key) {
1716                         err = -EOPNOTSUPP;
1717                         goto out;
1718                 }
1719
1720                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1721                 if (err)
1722                         goto out;
1723
1724                 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
1725                                                  key.def_uni, key.def_multi);
1726
1727                 if (err)
1728                         goto out;
1729
1730 #ifdef CONFIG_CFG80211_WEXT
1731                 dev->ieee80211_ptr->wext.default_key = key.idx;
1732 #endif
1733         } else {
1734                 if (key.def_uni || !key.def_multi) {
1735                         err = -EINVAL;
1736                         goto out;
1737                 }
1738
1739                 if (!rdev->ops->set_default_mgmt_key) {
1740                         err = -EOPNOTSUPP;
1741                         goto out;
1742                 }
1743
1744                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1745                 if (err)
1746                         goto out;
1747
1748                 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
1749                                                       dev, key.idx);
1750                 if (err)
1751                         goto out;
1752
1753 #ifdef CONFIG_CFG80211_WEXT
1754                 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1755 #endif
1756         }
1757
1758  out:
1759         wdev_unlock(dev->ieee80211_ptr);
1760
1761         return err;
1762 }
1763
1764 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1765 {
1766         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1767         int err;
1768         struct net_device *dev = info->user_ptr[1];
1769         struct key_parse key;
1770         const u8 *mac_addr = NULL;
1771
1772         err = nl80211_parse_key(info, &key);
1773         if (err)
1774                 return err;
1775
1776         if (!key.p.key)
1777                 return -EINVAL;
1778
1779         if (info->attrs[NL80211_ATTR_MAC])
1780                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1781
1782         if (key.type == -1) {
1783                 if (mac_addr)
1784                         key.type = NL80211_KEYTYPE_PAIRWISE;
1785                 else
1786                         key.type = NL80211_KEYTYPE_GROUP;
1787         }
1788
1789         /* for now */
1790         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
1791             key.type != NL80211_KEYTYPE_GROUP)
1792                 return -EINVAL;
1793
1794         if (!rdev->ops->add_key)
1795                 return -EOPNOTSUPP;
1796
1797         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
1798                                            key.type == NL80211_KEYTYPE_PAIRWISE,
1799                                            mac_addr))
1800                 return -EINVAL;
1801
1802         wdev_lock(dev->ieee80211_ptr);
1803         err = nl80211_key_allowed(dev->ieee80211_ptr);
1804         if (!err)
1805                 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
1806                                          key.type == NL80211_KEYTYPE_PAIRWISE,
1807                                          mac_addr, &key.p);
1808         wdev_unlock(dev->ieee80211_ptr);
1809
1810         return err;
1811 }
1812
1813 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1814 {
1815         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1816         int err;
1817         struct net_device *dev = info->user_ptr[1];
1818         u8 *mac_addr = NULL;
1819         struct key_parse key;
1820
1821         err = nl80211_parse_key(info, &key);
1822         if (err)
1823                 return err;
1824
1825         if (info->attrs[NL80211_ATTR_MAC])
1826                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1827
1828         if (key.type == -1) {
1829                 if (mac_addr)
1830                         key.type = NL80211_KEYTYPE_PAIRWISE;
1831                 else
1832                         key.type = NL80211_KEYTYPE_GROUP;
1833         }
1834
1835         /* for now */
1836         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
1837             key.type != NL80211_KEYTYPE_GROUP)
1838                 return -EINVAL;
1839
1840         if (!rdev->ops->del_key)
1841                 return -EOPNOTSUPP;
1842
1843         wdev_lock(dev->ieee80211_ptr);
1844         err = nl80211_key_allowed(dev->ieee80211_ptr);
1845
1846         if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
1847             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1848                 err = -ENOENT;
1849
1850         if (!err)
1851                 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
1852                                          key.type == NL80211_KEYTYPE_PAIRWISE,
1853                                          mac_addr);
1854
1855 #ifdef CONFIG_CFG80211_WEXT
1856         if (!err) {
1857                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
1858                         dev->ieee80211_ptr->wext.default_key = -1;
1859                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
1860                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
1861         }
1862 #endif
1863         wdev_unlock(dev->ieee80211_ptr);
1864
1865         return err;
1866 }
1867
1868 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1869 {
1870         int (*call)(struct wiphy *wiphy, struct net_device *dev,
1871                     struct beacon_parameters *info);
1872         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1873         struct net_device *dev = info->user_ptr[1];
1874         struct beacon_parameters params;
1875         int haveinfo = 0;
1876
1877         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]))
1878                 return -EINVAL;
1879
1880         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1881             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
1882                 return -EOPNOTSUPP;
1883
1884         switch (info->genlhdr->cmd) {
1885         case NL80211_CMD_NEW_BEACON:
1886                 /* these are required for NEW_BEACON */
1887                 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
1888                     !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
1889                     !info->attrs[NL80211_ATTR_BEACON_HEAD])
1890                         return -EINVAL;
1891
1892                 call = rdev->ops->add_beacon;
1893                 break;
1894         case NL80211_CMD_SET_BEACON:
1895                 call = rdev->ops->set_beacon;
1896                 break;
1897         default:
1898                 WARN_ON(1);
1899                 return -EOPNOTSUPP;
1900         }
1901
1902         if (!call)
1903                 return -EOPNOTSUPP;
1904
1905         memset(&params, 0, sizeof(params));
1906
1907         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
1908                 params.interval =
1909                     nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
1910                 haveinfo = 1;
1911         }
1912
1913         if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
1914                 params.dtim_period =
1915                     nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
1916                 haveinfo = 1;
1917         }
1918
1919         if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1920                 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1921                 params.head_len =
1922                     nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1923                 haveinfo = 1;
1924         }
1925
1926         if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
1927                 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1928                 params.tail_len =
1929                     nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1930                 haveinfo = 1;
1931         }
1932
1933         if (!haveinfo)
1934                 return -EINVAL;
1935
1936         return call(&rdev->wiphy, dev, &params);
1937 }
1938
1939 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
1940 {
1941         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1942         struct net_device *dev = info->user_ptr[1];
1943
1944         if (!rdev->ops->del_beacon)
1945                 return -EOPNOTSUPP;
1946
1947         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1948             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
1949                 return -EOPNOTSUPP;
1950
1951         return rdev->ops->del_beacon(&rdev->wiphy, dev);
1952 }
1953
1954 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
1955         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
1956         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
1957         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
1958         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
1959         [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
1960 };
1961
1962 static int parse_station_flags(struct genl_info *info,
1963                                struct station_parameters *params)
1964 {
1965         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
1966         struct nlattr *nla;
1967         int flag;
1968
1969         /*
1970          * Try parsing the new attribute first so userspace
1971          * can specify both for older kernels.
1972          */
1973         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
1974         if (nla) {
1975                 struct nl80211_sta_flag_update *sta_flags;
1976
1977                 sta_flags = nla_data(nla);
1978                 params->sta_flags_mask = sta_flags->mask;
1979                 params->sta_flags_set = sta_flags->set;
1980                 if ((params->sta_flags_mask |
1981                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
1982                         return -EINVAL;
1983                 return 0;
1984         }
1985
1986         /* if present, parse the old attribute */
1987
1988         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
1989         if (!nla)
1990                 return 0;
1991
1992         if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
1993                              nla, sta_flags_policy))
1994                 return -EINVAL;
1995
1996         params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1;
1997         params->sta_flags_mask &= ~1;
1998
1999         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
2000                 if (flags[flag])
2001                         params->sta_flags_set |= (1<<flag);
2002
2003         return 0;
2004 }
2005
2006 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2007                                  int attr)
2008 {
2009         struct nlattr *rate;
2010         u16 bitrate;
2011
2012         rate = nla_nest_start(msg, attr);
2013         if (!rate)
2014                 goto nla_put_failure;
2015
2016         /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2017         bitrate = cfg80211_calculate_bitrate(info);
2018         if (bitrate > 0)
2019                 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
2020
2021         if (info->flags & RATE_INFO_FLAGS_MCS)
2022                 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs);
2023         if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
2024                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
2025         if (info->flags & RATE_INFO_FLAGS_SHORT_GI)
2026                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
2027
2028         nla_nest_end(msg, rate);
2029         return true;
2030
2031 nla_put_failure:
2032         return false;
2033 }
2034
2035 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2036                                 int flags, struct net_device *dev,
2037                                 const u8 *mac_addr, struct station_info *sinfo)
2038 {
2039         void *hdr;
2040         struct nlattr *sinfoattr, *bss_param;
2041
2042         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2043         if (!hdr)
2044                 return -1;
2045
2046         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2047         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
2048
2049         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
2050
2051         sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2052         if (!sinfoattr)
2053                 goto nla_put_failure;
2054         if (sinfo->filled & STATION_INFO_CONNECTED_TIME)
2055                 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2056                             sinfo->connected_time);
2057         if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
2058                 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2059                             sinfo->inactive_time);
2060         if (sinfo->filled & STATION_INFO_RX_BYTES)
2061                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
2062                             sinfo->rx_bytes);
2063         if (sinfo->filled & STATION_INFO_TX_BYTES)
2064                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
2065                             sinfo->tx_bytes);
2066         if (sinfo->filled & STATION_INFO_LLID)
2067                 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
2068                             sinfo->llid);
2069         if (sinfo->filled & STATION_INFO_PLID)
2070                 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
2071                             sinfo->plid);
2072         if (sinfo->filled & STATION_INFO_PLINK_STATE)
2073                 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
2074                             sinfo->plink_state);
2075         if (sinfo->filled & STATION_INFO_SIGNAL)
2076                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
2077                            sinfo->signal);
2078         if (sinfo->filled & STATION_INFO_SIGNAL_AVG)
2079                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2080                            sinfo->signal_avg);
2081         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2082                 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2083                                           NL80211_STA_INFO_TX_BITRATE))
2084                         goto nla_put_failure;
2085         }
2086         if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2087                 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2088                                           NL80211_STA_INFO_RX_BITRATE))
2089                         goto nla_put_failure;
2090         }
2091         if (sinfo->filled & STATION_INFO_RX_PACKETS)
2092                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
2093                             sinfo->rx_packets);
2094         if (sinfo->filled & STATION_INFO_TX_PACKETS)
2095                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
2096                             sinfo->tx_packets);
2097         if (sinfo->filled & STATION_INFO_TX_RETRIES)
2098                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES,
2099                             sinfo->tx_retries);
2100         if (sinfo->filled & STATION_INFO_TX_FAILED)
2101                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED,
2102                             sinfo->tx_failed);
2103         if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2104                 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2105                 if (!bss_param)
2106                         goto nla_put_failure;
2107
2108                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT)
2109                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT);
2110                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE)
2111                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE);
2112                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME)
2113                         NLA_PUT_FLAG(msg,
2114                                      NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME);
2115                 NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2116                            sinfo->bss_param.dtim_period);
2117                 NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2118                             sinfo->bss_param.beacon_interval);
2119
2120                 nla_nest_end(msg, bss_param);
2121         }
2122         nla_nest_end(msg, sinfoattr);
2123
2124         return genlmsg_end(msg, hdr);
2125
2126  nla_put_failure:
2127         genlmsg_cancel(msg, hdr);
2128         return -EMSGSIZE;
2129 }
2130
2131 static int nl80211_dump_station(struct sk_buff *skb,
2132                                 struct netlink_callback *cb)
2133 {
2134         struct station_info sinfo;
2135         struct cfg80211_registered_device *dev;
2136         struct net_device *netdev;
2137         u8 mac_addr[ETH_ALEN];
2138         int sta_idx = cb->args[1];
2139         int err;
2140
2141         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2142         if (err)
2143                 return err;
2144
2145         if (!dev->ops->dump_station) {
2146                 err = -EOPNOTSUPP;
2147                 goto out_err;
2148         }
2149
2150         while (1) {
2151                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2152                                              mac_addr, &sinfo);
2153                 if (err == -ENOENT)
2154                         break;
2155                 if (err)
2156                         goto out_err;
2157
2158                 if (nl80211_send_station(skb,
2159                                 NETLINK_CB(cb->skb).pid,
2160                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2161                                 netdev, mac_addr,
2162                                 &sinfo) < 0)
2163                         goto out;
2164
2165                 sta_idx++;
2166         }
2167
2168
2169  out:
2170         cb->args[1] = sta_idx;
2171         err = skb->len;
2172  out_err:
2173         nl80211_finish_netdev_dump(dev);
2174
2175         return err;
2176 }
2177
2178 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2179 {
2180         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2181         struct net_device *dev = info->user_ptr[1];
2182         struct station_info sinfo;
2183         struct sk_buff *msg;
2184         u8 *mac_addr = NULL;
2185         int err;
2186
2187         memset(&sinfo, 0, sizeof(sinfo));
2188
2189         if (!info->attrs[NL80211_ATTR_MAC])
2190                 return -EINVAL;
2191
2192         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2193
2194         if (!rdev->ops->get_station)
2195                 return -EOPNOTSUPP;
2196
2197         err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2198         if (err)
2199                 return err;
2200
2201         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2202         if (!msg)
2203                 return -ENOMEM;
2204
2205         if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2206                                  dev, mac_addr, &sinfo) < 0) {
2207                 nlmsg_free(msg);
2208                 return -ENOBUFS;
2209         }
2210
2211         return genlmsg_reply(msg, info);
2212 }
2213
2214 /*
2215  * Get vlan interface making sure it is running and on the right wiphy.
2216  */
2217 static int get_vlan(struct genl_info *info,
2218                     struct cfg80211_registered_device *rdev,
2219                     struct net_device **vlan)
2220 {
2221         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2222         *vlan = NULL;
2223
2224         if (vlanattr) {
2225                 *vlan = dev_get_by_index(genl_info_net(info),
2226                                          nla_get_u32(vlanattr));
2227                 if (!*vlan)
2228                         return -ENODEV;
2229                 if (!(*vlan)->ieee80211_ptr)
2230                         return -EINVAL;
2231                 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
2232                         return -EINVAL;
2233                 if (!netif_running(*vlan))
2234                         return -ENETDOWN;
2235         }
2236         return 0;
2237 }
2238
2239 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2240 {
2241         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2242         int err;
2243         struct net_device *dev = info->user_ptr[1];
2244         struct station_parameters params;
2245         u8 *mac_addr = NULL;
2246
2247         memset(&params, 0, sizeof(params));
2248
2249         params.listen_interval = -1;
2250
2251         if (info->attrs[NL80211_ATTR_STA_AID])
2252                 return -EINVAL;
2253
2254         if (!info->attrs[NL80211_ATTR_MAC])
2255                 return -EINVAL;
2256
2257         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2258
2259         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2260                 params.supported_rates =
2261                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2262                 params.supported_rates_len =
2263                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2264         }
2265
2266         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2267                 params.listen_interval =
2268                     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2269
2270         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2271                 params.ht_capa =
2272                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2273
2274         if (parse_station_flags(info, &params))
2275                 return -EINVAL;
2276
2277         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2278                 params.plink_action =
2279                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2280
2281         err = get_vlan(info, rdev, &params.vlan);
2282         if (err)
2283                 goto out;
2284
2285         /* validate settings */
2286         err = 0;
2287
2288         switch (dev->ieee80211_ptr->iftype) {
2289         case NL80211_IFTYPE_AP:
2290         case NL80211_IFTYPE_AP_VLAN:
2291         case NL80211_IFTYPE_P2P_GO:
2292                 /* disallow mesh-specific things */
2293                 if (params.plink_action)
2294                         err = -EINVAL;
2295                 break;
2296         case NL80211_IFTYPE_P2P_CLIENT:
2297         case NL80211_IFTYPE_STATION:
2298                 /* disallow everything but AUTHORIZED flag */
2299                 if (params.plink_action)
2300                         err = -EINVAL;
2301                 if (params.vlan)
2302                         err = -EINVAL;
2303                 if (params.supported_rates)
2304                         err = -EINVAL;
2305                 if (params.ht_capa)
2306                         err = -EINVAL;
2307                 if (params.listen_interval >= 0)
2308                         err = -EINVAL;
2309                 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2310                         err = -EINVAL;
2311                 break;
2312         case NL80211_IFTYPE_MESH_POINT:
2313                 /* disallow things mesh doesn't support */
2314                 if (params.vlan)
2315                         err = -EINVAL;
2316                 if (params.ht_capa)
2317                         err = -EINVAL;
2318                 if (params.listen_interval >= 0)
2319                         err = -EINVAL;
2320                 if (params.supported_rates)
2321                         err = -EINVAL;
2322                 if (params.sta_flags_mask &
2323                                 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2324                                   BIT(NL80211_STA_FLAG_AUTHORIZED)))
2325                         err = -EINVAL;
2326                 break;
2327         default:
2328                 err = -EINVAL;
2329         }
2330
2331         if (err)
2332                 goto out;
2333
2334         if (!rdev->ops->change_station) {
2335                 err = -EOPNOTSUPP;
2336                 goto out;
2337         }
2338
2339         err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2340
2341  out:
2342         if (params.vlan)
2343                 dev_put(params.vlan);
2344
2345         return err;
2346 }
2347
2348 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2349 {
2350         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2351         int err;
2352         struct net_device *dev = info->user_ptr[1];
2353         struct station_parameters params;
2354         u8 *mac_addr = NULL;
2355
2356         memset(&params, 0, sizeof(params));
2357
2358         if (!info->attrs[NL80211_ATTR_MAC])
2359                 return -EINVAL;
2360
2361         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2362                 return -EINVAL;
2363
2364         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2365                 return -EINVAL;
2366
2367         if (!info->attrs[NL80211_ATTR_STA_AID])
2368                 return -EINVAL;
2369
2370         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2371         params.supported_rates =
2372                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2373         params.supported_rates_len =
2374                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2375         params.listen_interval =
2376                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2377
2378         params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2379         if (!params.aid || params.aid > IEEE80211_MAX_AID)
2380                 return -EINVAL;
2381
2382         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2383                 params.ht_capa =
2384                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2385
2386         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2387                 params.plink_action =
2388                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2389
2390         if (parse_station_flags(info, &params))
2391                 return -EINVAL;
2392
2393         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2394             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2395             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2396             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2397                 return -EINVAL;
2398
2399         err = get_vlan(info, rdev, &params.vlan);
2400         if (err)
2401                 goto out;
2402
2403         /* validate settings */
2404         err = 0;
2405
2406         if (!rdev->ops->add_station) {
2407                 err = -EOPNOTSUPP;
2408                 goto out;
2409         }
2410
2411         err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2412
2413  out:
2414         if (params.vlan)
2415                 dev_put(params.vlan);
2416         return err;
2417 }
2418
2419 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2420 {
2421         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2422         struct net_device *dev = info->user_ptr[1];
2423         u8 *mac_addr = NULL;
2424
2425         if (info->attrs[NL80211_ATTR_MAC])
2426                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2427
2428         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2429             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2430             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2431             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2432                 return -EINVAL;
2433
2434         if (!rdev->ops->del_station)
2435                 return -EOPNOTSUPP;
2436
2437         return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2438 }
2439
2440 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2441                                 int flags, struct net_device *dev,
2442                                 u8 *dst, u8 *next_hop,
2443                                 struct mpath_info *pinfo)
2444 {
2445         void *hdr;
2446         struct nlattr *pinfoattr;
2447
2448         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2449         if (!hdr)
2450                 return -1;
2451
2452         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2453         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2454         NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2455
2456         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2457
2458         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2459         if (!pinfoattr)
2460                 goto nla_put_failure;
2461         if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2462                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2463                             pinfo->frame_qlen);
2464         if (pinfo->filled & MPATH_INFO_SN)
2465                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2466                             pinfo->sn);
2467         if (pinfo->filled & MPATH_INFO_METRIC)
2468                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2469                             pinfo->metric);
2470         if (pinfo->filled & MPATH_INFO_EXPTIME)
2471                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2472                             pinfo->exptime);
2473         if (pinfo->filled & MPATH_INFO_FLAGS)
2474                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2475                             pinfo->flags);
2476         if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2477                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2478                             pinfo->discovery_timeout);
2479         if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2480                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2481                             pinfo->discovery_retries);
2482
2483         nla_nest_end(msg, pinfoattr);
2484
2485         return genlmsg_end(msg, hdr);
2486
2487  nla_put_failure:
2488         genlmsg_cancel(msg, hdr);
2489         return -EMSGSIZE;
2490 }
2491
2492 static int nl80211_dump_mpath(struct sk_buff *skb,
2493                               struct netlink_callback *cb)
2494 {
2495         struct mpath_info pinfo;
2496         struct cfg80211_registered_device *dev;
2497         struct net_device *netdev;
2498         u8 dst[ETH_ALEN];
2499         u8 next_hop[ETH_ALEN];
2500         int path_idx = cb->args[1];
2501         int err;
2502
2503         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2504         if (err)
2505                 return err;
2506
2507         if (!dev->ops->dump_mpath) {
2508                 err = -EOPNOTSUPP;
2509                 goto out_err;
2510         }
2511
2512         if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2513                 err = -EOPNOTSUPP;
2514                 goto out_err;
2515         }
2516
2517         while (1) {
2518                 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2519                                            dst, next_hop, &pinfo);
2520                 if (err == -ENOENT)
2521                         break;
2522                 if (err)
2523                         goto out_err;
2524
2525                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2526                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
2527                                        netdev, dst, next_hop,
2528                                        &pinfo) < 0)
2529                         goto out;
2530
2531                 path_idx++;
2532         }
2533
2534
2535  out:
2536         cb->args[1] = path_idx;
2537         err = skb->len;
2538  out_err:
2539         nl80211_finish_netdev_dump(dev);
2540         return err;
2541 }
2542
2543 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2544 {
2545         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2546         int err;
2547         struct net_device *dev = info->user_ptr[1];
2548         struct mpath_info pinfo;
2549         struct sk_buff *msg;
2550         u8 *dst = NULL;
2551         u8 next_hop[ETH_ALEN];
2552
2553         memset(&pinfo, 0, sizeof(pinfo));
2554
2555         if (!info->attrs[NL80211_ATTR_MAC])
2556                 return -EINVAL;
2557
2558         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2559
2560         if (!rdev->ops->get_mpath)
2561                 return -EOPNOTSUPP;
2562
2563         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2564                 return -EOPNOTSUPP;
2565
2566         err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2567         if (err)
2568                 return err;
2569
2570         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2571         if (!msg)
2572                 return -ENOMEM;
2573
2574         if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2575                                  dev, dst, next_hop, &pinfo) < 0) {
2576                 nlmsg_free(msg);
2577                 return -ENOBUFS;
2578         }
2579
2580         return genlmsg_reply(msg, info);
2581 }
2582
2583 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
2584 {
2585         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2586         struct net_device *dev = info->user_ptr[1];
2587         u8 *dst = NULL;
2588         u8 *next_hop = NULL;
2589
2590         if (!info->attrs[NL80211_ATTR_MAC])
2591                 return -EINVAL;
2592
2593         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2594                 return -EINVAL;
2595
2596         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2597         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2598
2599         if (!rdev->ops->change_mpath)
2600                 return -EOPNOTSUPP;
2601
2602         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2603                 return -EOPNOTSUPP;
2604
2605         return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
2606 }
2607
2608 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
2609 {
2610         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2611         struct net_device *dev = info->user_ptr[1];
2612         u8 *dst = NULL;
2613         u8 *next_hop = NULL;
2614
2615         if (!info->attrs[NL80211_ATTR_MAC])
2616                 return -EINVAL;
2617
2618         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2619                 return -EINVAL;
2620
2621         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2622         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2623
2624         if (!rdev->ops->add_mpath)
2625                 return -EOPNOTSUPP;
2626
2627         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2628                 return -EOPNOTSUPP;
2629
2630         return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
2631 }
2632
2633 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
2634 {
2635         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2636         struct net_device *dev = info->user_ptr[1];
2637         u8 *dst = NULL;
2638
2639         if (info->attrs[NL80211_ATTR_MAC])
2640                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2641
2642         if (!rdev->ops->del_mpath)
2643                 return -EOPNOTSUPP;
2644
2645         return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
2646 }
2647
2648 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2649 {
2650         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2651         struct net_device *dev = info->user_ptr[1];
2652         struct bss_parameters params;
2653
2654         memset(&params, 0, sizeof(params));
2655         /* default to not changing parameters */
2656         params.use_cts_prot = -1;
2657         params.use_short_preamble = -1;
2658         params.use_short_slot_time = -1;
2659         params.ap_isolate = -1;
2660         params.ht_opmode = -1;
2661
2662         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
2663                 params.use_cts_prot =
2664                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
2665         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
2666                 params.use_short_preamble =
2667                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
2668         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
2669                 params.use_short_slot_time =
2670                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
2671         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
2672                 params.basic_rates =
2673                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2674                 params.basic_rates_len =
2675                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2676         }
2677         if (info->attrs[NL80211_ATTR_AP_ISOLATE])
2678                 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
2679         if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
2680                 params.ht_opmode =
2681                         nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
2682
2683         if (!rdev->ops->change_bss)
2684                 return -EOPNOTSUPP;
2685
2686         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2687             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2688                 return -EOPNOTSUPP;
2689
2690         return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
2691 }
2692
2693 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2694         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
2695         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
2696         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
2697         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
2698         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
2699         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
2700 };
2701
2702 static int parse_reg_rule(struct nlattr *tb[],
2703         struct ieee80211_reg_rule *reg_rule)
2704 {
2705         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
2706         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
2707
2708         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2709                 return -EINVAL;
2710         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2711                 return -EINVAL;
2712         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2713                 return -EINVAL;
2714         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2715                 return -EINVAL;
2716         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2717                 return -EINVAL;
2718
2719         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2720
2721         freq_range->start_freq_khz =
2722                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2723         freq_range->end_freq_khz =
2724                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2725         freq_range->max_bandwidth_khz =
2726                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2727
2728         power_rule->max_eirp =
2729                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2730
2731         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2732                 power_rule->max_antenna_gain =
2733                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2734
2735         return 0;
2736 }
2737
2738 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2739 {
2740         int r;
2741         char *data = NULL;
2742
2743         /*
2744          * You should only get this when cfg80211 hasn't yet initialized
2745          * completely when built-in to the kernel right between the time
2746          * window between nl80211_init() and regulatory_init(), if that is
2747          * even possible.
2748          */
2749         mutex_lock(&cfg80211_mutex);
2750         if (unlikely(!cfg80211_regdomain)) {
2751                 mutex_unlock(&cfg80211_mutex);
2752                 return -EINPROGRESS;
2753         }
2754         mutex_unlock(&cfg80211_mutex);
2755
2756         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2757                 return -EINVAL;
2758
2759         data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2760
2761         r = regulatory_hint_user(data);
2762
2763         return r;
2764 }
2765
2766 static int nl80211_get_mesh_config(struct sk_buff *skb,
2767                                    struct genl_info *info)
2768 {
2769         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2770         struct net_device *dev = info->user_ptr[1];
2771         struct wireless_dev *wdev = dev->ieee80211_ptr;
2772         struct mesh_config cur_params;
2773         int err = 0;
2774         void *hdr;
2775         struct nlattr *pinfoattr;
2776         struct sk_buff *msg;
2777
2778         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
2779                 return -EOPNOTSUPP;
2780
2781         if (!rdev->ops->get_mesh_config)
2782                 return -EOPNOTSUPP;
2783
2784         wdev_lock(wdev);
2785         /* If not connected, get default parameters */
2786         if (!wdev->mesh_id_len)
2787                 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
2788         else
2789                 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
2790                                                  &cur_params);
2791         wdev_unlock(wdev);
2792
2793         if (err)
2794                 return err;
2795
2796         /* Draw up a netlink message to send back */
2797         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2798         if (!msg)
2799                 return -ENOMEM;
2800         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2801                              NL80211_CMD_GET_MESH_CONFIG);
2802         if (!hdr)
2803                 goto out;
2804         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
2805         if (!pinfoattr)
2806                 goto nla_put_failure;
2807         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2808         NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2809                         cur_params.dot11MeshRetryTimeout);
2810         NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2811                         cur_params.dot11MeshConfirmTimeout);
2812         NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2813                         cur_params.dot11MeshHoldingTimeout);
2814         NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2815                         cur_params.dot11MeshMaxPeerLinks);
2816         NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2817                         cur_params.dot11MeshMaxRetries);
2818         NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2819                         cur_params.dot11MeshTTL);
2820         NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL,
2821                         cur_params.element_ttl);
2822         NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2823                         cur_params.auto_open_plinks);
2824         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2825                         cur_params.dot11MeshHWMPmaxPREQretries);
2826         NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2827                         cur_params.path_refresh_time);
2828         NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2829                         cur_params.min_discovery_timeout);
2830         NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2831                         cur_params.dot11MeshHWMPactivePathTimeout);
2832         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2833                         cur_params.dot11MeshHWMPpreqMinInterval);
2834         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2835                         cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2836         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
2837                         cur_params.dot11MeshHWMPRootMode);
2838         nla_nest_end(msg, pinfoattr);
2839         genlmsg_end(msg, hdr);
2840         return genlmsg_reply(msg, info);
2841
2842  nla_put_failure:
2843         genlmsg_cancel(msg, hdr);
2844  out:
2845         nlmsg_free(msg);
2846         return -ENOBUFS;
2847 }
2848
2849 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
2850         [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2851         [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2852         [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2853         [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2854         [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2855         [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2856         [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
2857         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2858
2859         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2860         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2861         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2862         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2863         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2864         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2865 };
2866
2867 static const struct nla_policy
2868         nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
2869         [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
2870         [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
2871         [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
2872         [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
2873                 .len = IEEE80211_MAX_DATA_LEN },
2874         [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
2875 };
2876
2877 static int nl80211_parse_mesh_config(struct genl_info *info,
2878                                      struct mesh_config *cfg,
2879                                      u32 *mask_out)
2880 {
2881         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
2882         u32 mask = 0;
2883
2884 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
2885 do {\
2886         if (table[attr_num]) {\
2887                 cfg->param = nla_fn(table[attr_num]); \
2888                 mask |= (1 << (attr_num - 1)); \
2889         } \
2890 } while (0);\
2891
2892
2893         if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
2894                 return -EINVAL;
2895         if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
2896                              info->attrs[NL80211_ATTR_MESH_CONFIG],
2897                              nl80211_meshconf_params_policy))
2898                 return -EINVAL;
2899
2900         /* This makes sure that there aren't more than 32 mesh config
2901          * parameters (otherwise our bitfield scheme would not work.) */
2902         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
2903
2904         /* Fill in the params struct */
2905         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
2906                         mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
2907         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
2908                         mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
2909         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
2910                         mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
2911         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
2912                         mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
2913         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
2914                         mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
2915         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
2916                         mask, NL80211_MESHCONF_TTL, nla_get_u8);
2917         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
2918                         mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
2919         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
2920                         mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
2921         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
2922                         mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2923                         nla_get_u8);
2924         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
2925                         mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
2926         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
2927                         mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2928                         nla_get_u16);
2929         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
2930                         mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2931                         nla_get_u32);
2932         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
2933                         mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2934                         nla_get_u16);
2935         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2936                         dot11MeshHWMPnetDiameterTraversalTime,
2937                         mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2938                         nla_get_u16);
2939         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2940                         dot11MeshHWMPRootMode, mask,
2941                         NL80211_MESHCONF_HWMP_ROOTMODE,
2942                         nla_get_u8);
2943         if (mask_out)
2944                 *mask_out = mask;
2945
2946         return 0;
2947
2948 #undef FILL_IN_MESH_PARAM_IF_SET
2949 }
2950
2951 static int nl80211_parse_mesh_setup(struct genl_info *info,
2952                                      struct mesh_setup *setup)
2953 {
2954         struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
2955
2956         if (!info->attrs[NL80211_ATTR_MESH_SETUP])
2957                 return -EINVAL;
2958         if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
2959                              info->attrs[NL80211_ATTR_MESH_SETUP],
2960                              nl80211_mesh_setup_params_policy))
2961                 return -EINVAL;
2962
2963         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
2964                 setup->path_sel_proto =
2965                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
2966                  IEEE80211_PATH_PROTOCOL_VENDOR :
2967                  IEEE80211_PATH_PROTOCOL_HWMP;
2968
2969         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
2970                 setup->path_metric =
2971                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
2972                  IEEE80211_PATH_METRIC_VENDOR :
2973                  IEEE80211_PATH_METRIC_AIRTIME;
2974
2975
2976         if (tb[NL80211_MESH_SETUP_IE]) {
2977                 struct nlattr *ieattr =
2978                         tb[NL80211_MESH_SETUP_IE];
2979                 if (!is_valid_ie_attr(ieattr))
2980                         return -EINVAL;
2981                 setup->ie = nla_data(ieattr);
2982                 setup->ie_len = nla_len(ieattr);
2983         }
2984         setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
2985         setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
2986
2987         return 0;
2988 }
2989
2990 static int nl80211_update_mesh_config(struct sk_buff *skb,
2991                                       struct genl_info *info)
2992 {
2993         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2994         struct net_device *dev = info->user_ptr[1];
2995         struct wireless_dev *wdev = dev->ieee80211_ptr;
2996         struct mesh_config cfg;
2997         u32 mask;
2998         int err;
2999
3000         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3001                 return -EOPNOTSUPP;
3002
3003         if (!rdev->ops->update_mesh_config)
3004                 return -EOPNOTSUPP;
3005
3006         err = nl80211_parse_mesh_config(info, &cfg, &mask);
3007         if (err)
3008                 return err;
3009
3010         wdev_lock(wdev);
3011         if (!wdev->mesh_id_len)
3012                 err = -ENOLINK;
3013
3014         if (!err)
3015                 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3016                                                     mask, &cfg);
3017
3018         wdev_unlock(wdev);
3019
3020         return err;
3021 }
3022
3023 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3024 {
3025         struct sk_buff *msg;
3026         void *hdr = NULL;
3027         struct nlattr *nl_reg_rules;
3028         unsigned int i;
3029         int err = -EINVAL;
3030
3031         mutex_lock(&cfg80211_mutex);
3032
3033         if (!cfg80211_regdomain)
3034                 goto out;
3035
3036         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3037         if (!msg) {
3038                 err = -ENOBUFS;
3039                 goto out;
3040         }
3041
3042         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3043                              NL80211_CMD_GET_REG);
3044         if (!hdr)
3045                 goto put_failure;
3046
3047         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
3048                 cfg80211_regdomain->alpha2);
3049
3050         nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3051         if (!nl_reg_rules)
3052                 goto nla_put_failure;
3053
3054         for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
3055                 struct nlattr *nl_reg_rule;
3056                 const struct ieee80211_reg_rule *reg_rule;
3057                 const struct ieee80211_freq_range *freq_range;
3058                 const struct ieee80211_power_rule *power_rule;
3059
3060                 reg_rule = &cfg80211_regdomain->reg_rules[i];
3061                 freq_range = &reg_rule->freq_range;
3062                 power_rule = &reg_rule->power_rule;
3063
3064                 nl_reg_rule = nla_nest_start(msg, i);
3065                 if (!nl_reg_rule)
3066                         goto nla_put_failure;
3067
3068                 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3069                         reg_rule->flags);
3070                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
3071                         freq_range->start_freq_khz);
3072                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
3073                         freq_range->end_freq_khz);
3074                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3075                         freq_range->max_bandwidth_khz);
3076                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3077                         power_rule->max_antenna_gain);
3078                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3079                         power_rule->max_eirp);
3080
3081                 nla_nest_end(msg, nl_reg_rule);
3082         }
3083
3084         nla_nest_end(msg, nl_reg_rules);
3085
3086         genlmsg_end(msg, hdr);
3087         err = genlmsg_reply(msg, info);
3088         goto out;
3089
3090 nla_put_failure:
3091         genlmsg_cancel(msg, hdr);
3092 put_failure:
3093         nlmsg_free(msg);
3094         err = -EMSGSIZE;
3095 out:
3096         mutex_unlock(&cfg80211_mutex);
3097         return err;
3098 }
3099
3100 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3101 {
3102         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3103         struct nlattr *nl_reg_rule;
3104         char *alpha2 = NULL;
3105         int rem_reg_rules = 0, r = 0;
3106         u32 num_rules = 0, rule_idx = 0, size_of_regd;
3107         struct ieee80211_regdomain *rd = NULL;
3108
3109         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3110                 return -EINVAL;
3111
3112         if (!info->attrs[NL80211_ATTR_REG_RULES])
3113                 return -EINVAL;
3114
3115         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3116
3117         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3118                         rem_reg_rules) {
3119                 num_rules++;
3120                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3121                         return -EINVAL;
3122         }
3123
3124         mutex_lock(&cfg80211_mutex);
3125
3126         if (!reg_is_valid_request(alpha2)) {
3127                 r = -EINVAL;
3128                 goto bad_reg;
3129         }
3130
3131         size_of_regd = sizeof(struct ieee80211_regdomain) +
3132                 (num_rules * sizeof(struct ieee80211_reg_rule));
3133
3134         rd = kzalloc(size_of_regd, GFP_KERNEL);
3135         if (!rd) {
3136                 r = -ENOMEM;
3137                 goto bad_reg;
3138         }
3139
3140         rd->n_reg_rules = num_rules;
3141         rd->alpha2[0] = alpha2[0];
3142         rd->alpha2[1] = alpha2[1];
3143
3144         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3145                         rem_reg_rules) {
3146                 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3147                         nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3148                         reg_rule_policy);
3149                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3150                 if (r)
3151                         goto bad_reg;
3152
3153                 rule_idx++;
3154
3155                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3156                         r = -EINVAL;
3157                         goto bad_reg;
3158                 }
3159         }
3160
3161         BUG_ON(rule_idx != num_rules);
3162
3163         r = set_regdom(rd);
3164
3165         mutex_unlock(&cfg80211_mutex);
3166
3167         return r;
3168
3169  bad_reg:
3170         mutex_unlock(&cfg80211_mutex);
3171         kfree(rd);
3172         return r;
3173 }
3174
3175 static int validate_scan_freqs(struct nlattr *freqs)
3176 {
3177         struct nlattr *attr1, *attr2;
3178         int n_channels = 0, tmp1, tmp2;
3179
3180         nla_for_each_nested(attr1, freqs, tmp1) {
3181                 n_channels++;
3182                 /*
3183                  * Some hardware has a limited channel list for
3184                  * scanning, and it is pretty much nonsensical
3185                  * to scan for a channel twice, so disallow that
3186                  * and don't require drivers to check that the
3187                  * channel list they get isn't longer than what
3188                  * they can scan, as long as they can scan all
3189                  * the channels they registered at once.
3190                  */
3191                 nla_for_each_nested(attr2, freqs, tmp2)
3192                         if (attr1 != attr2 &&
3193                             nla_get_u32(attr1) == nla_get_u32(attr2))
3194                                 return 0;
3195         }
3196
3197         return n_channels;
3198 }
3199
3200 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3201 {
3202         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3203         struct net_device *dev = info->user_ptr[1];
3204         struct cfg80211_scan_request *request;
3205         struct cfg80211_ssid *ssid;
3206         struct ieee80211_channel *channel;
3207         struct nlattr *attr;
3208         struct wiphy *wiphy;
3209         int err, tmp, n_ssids = 0, n_channels, i;
3210         enum ieee80211_band band;
3211         size_t ie_len;
3212
3213         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3214                 return -EINVAL;
3215
3216         wiphy = &rdev->wiphy;
3217
3218         if (!rdev->ops->scan)
3219                 return -EOPNOTSUPP;
3220
3221         if (rdev->scan_req)
3222                 return -EBUSY;
3223
3224         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3225                 n_channels = validate_scan_freqs(
3226                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3227                 if (!n_channels)
3228                         return -EINVAL;
3229         } else {
3230                 n_channels = 0;
3231
3232                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3233                         if (wiphy->bands[band])
3234                                 n_channels += wiphy->bands[band]->n_channels;
3235         }
3236
3237         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3238                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3239                         n_ssids++;
3240
3241         if (n_ssids > wiphy->max_scan_ssids)
3242                 return -EINVAL;
3243
3244         if (info->attrs[NL80211_ATTR_IE])
3245                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3246         else
3247                 ie_len = 0;
3248
3249         if (ie_len > wiphy->max_scan_ie_len)
3250                 return -EINVAL;
3251
3252         request = kzalloc(sizeof(*request)
3253                         + sizeof(*ssid) * n_ssids
3254                         + sizeof(channel) * n_channels
3255                         + ie_len, GFP_KERNEL);
3256         if (!request)
3257                 return -ENOMEM;
3258
3259         if (n_ssids)
3260                 request->ssids = (void *)&request->channels[n_channels];
3261         request->n_ssids = n_ssids;
3262         if (ie_len) {
3263                 if (request->ssids)
3264                         request->ie = (void *)(request->ssids + n_ssids);
3265                 else
3266                         request->ie = (void *)(request->channels + n_channels);
3267         }
3268
3269         i = 0;
3270         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3271                 /* user specified, bail out if channel not found */
3272                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3273                         struct ieee80211_channel *chan;
3274
3275                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3276
3277                         if (!chan) {
3278                                 err = -EINVAL;
3279                                 goto out_free;
3280                         }
3281
3282                         /* ignore disabled channels */
3283                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3284                                 continue;
3285
3286                         request->channels[i] = chan;
3287                         i++;
3288                 }
3289         } else {
3290                 /* all channels */
3291                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3292                         int j;
3293                         if (!wiphy->bands[band])
3294                                 continue;
3295                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3296                                 struct ieee80211_channel *chan;
3297
3298                                 chan = &wiphy->bands[band]->channels[j];
3299
3300                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3301                                         continue;
3302
3303                                 request->channels[i] = chan;
3304                                 i++;
3305                         }
3306                 }
3307         }
3308
3309         if (!i) {
3310                 err = -EINVAL;
3311                 goto out_free;
3312         }
3313
3314         request->n_channels = i;
3315
3316         i = 0;
3317         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3318                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3319                         if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
3320                                 err = -EINVAL;
3321                                 goto out_free;
3322                         }
3323                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3324                         request->ssids[i].ssid_len = nla_len(attr);
3325                         i++;
3326                 }
3327         }
3328
3329         if (info->attrs[NL80211_ATTR_IE]) {
3330                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3331                 memcpy((void *)request->ie,
3332                        nla_data(info->attrs[NL80211_ATTR_IE]),
3333                        request->ie_len);
3334         }
3335
3336         request->dev = dev;
3337         request->wiphy = &rdev->wiphy;
3338
3339         rdev->scan_req = request;
3340         err = rdev->ops->scan(&rdev->wiphy, dev, request);
3341
3342         if (!err) {
3343                 nl80211_send_scan_start(rdev, dev);
3344                 dev_hold(dev);
3345         } else {
3346  out_free:
3347                 rdev->scan_req = NULL;
3348                 kfree(request);
3349         }
3350
3351         return err;
3352 }
3353
3354 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags,
3355                             struct cfg80211_registered_device *rdev,
3356                             struct wireless_dev *wdev,
3357                             struct cfg80211_internal_bss *intbss)
3358 {
3359         struct cfg80211_bss *res = &intbss->pub;
3360         void *hdr;
3361         struct nlattr *bss;
3362         int i;
3363
3364         ASSERT_WDEV_LOCK(wdev);
3365
3366         hdr = nl80211hdr_put(msg, pid, seq, flags,
3367                              NL80211_CMD_NEW_SCAN_RESULTS);
3368         if (!hdr)
3369                 return -1;
3370
3371         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
3372         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
3373
3374         bss = nla_nest_start(msg, NL80211_ATTR_BSS);
3375         if (!bss)
3376                 goto nla_put_failure;
3377         if (!is_zero_ether_addr(res->bssid))
3378                 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
3379         if (res->information_elements && res->len_information_elements)
3380                 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3381                         res->len_information_elements,
3382                         res->information_elements);
3383         if (res->beacon_ies && res->len_beacon_ies &&
3384             res->beacon_ies != res->information_elements)
3385                 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
3386                         res->len_beacon_ies, res->beacon_ies);
3387         if (res->tsf)
3388                 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3389         if (res->beacon_interval)
3390                 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3391         NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3392         NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3393         NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
3394                 jiffies_to_msecs(jiffies - intbss->ts));
3395
3396         switch (rdev->wiphy.signal_type) {
3397         case CFG80211_SIGNAL_TYPE_MBM:
3398                 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
3399                 break;
3400         case CFG80211_SIGNAL_TYPE_UNSPEC:
3401                 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
3402                 break;
3403         default:
3404                 break;
3405         }
3406
3407         switch (wdev->iftype) {
3408         case NL80211_IFTYPE_P2P_CLIENT:
3409         case NL80211_IFTYPE_STATION:
3410                 if (intbss == wdev->current_bss)
3411                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3412                                     NL80211_BSS_STATUS_ASSOCIATED);
3413                 else for (i = 0; i < MAX_AUTH_BSSES; i++) {
3414                         if (intbss != wdev->auth_bsses[i])
3415                                 continue;
3416                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3417                                     NL80211_BSS_STATUS_AUTHENTICATED);
3418                         break;
3419                 }
3420                 break;
3421         case NL80211_IFTYPE_ADHOC:
3422                 if (intbss == wdev->current_bss)
3423                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3424                                     NL80211_BSS_STATUS_IBSS_JOINED);
3425                 break;
3426         default:
3427                 break;
3428         }
3429
3430         nla_nest_end(msg, bss);
3431
3432         return genlmsg_end(msg, hdr);
3433
3434  nla_put_failure:
3435         genlmsg_cancel(msg, hdr);
3436         return -EMSGSIZE;
3437 }
3438
3439 static int nl80211_dump_scan(struct sk_buff *skb,
3440                              struct netlink_callback *cb)
3441 {
3442         struct cfg80211_registered_device *rdev;
3443         struct net_device *dev;
3444         struct cfg80211_internal_bss *scan;
3445         struct wireless_dev *wdev;
3446         int start = cb->args[1], idx = 0;
3447         int err;
3448
3449         err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
3450         if (err)
3451                 return err;
3452
3453         wdev = dev->ieee80211_ptr;
3454
3455         wdev_lock(wdev);
3456         spin_lock_bh(&rdev->bss_lock);
3457         cfg80211_bss_expire(rdev);
3458
3459         list_for_each_entry(scan, &rdev->bss_list, list) {
3460                 if (++idx <= start)
3461                         continue;
3462                 if (nl80211_send_bss(skb,
3463                                 NETLINK_CB(cb->skb).pid,
3464                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3465                                 rdev, wdev, scan) < 0) {
3466                         idx--;
3467                         break;
3468                 }
3469         }
3470
3471         spin_unlock_bh(&rdev->bss_lock);
3472         wdev_unlock(wdev);
3473
3474         cb->args[1] = idx;
3475         nl80211_finish_netdev_dump(rdev);
3476
3477         return skb->len;
3478 }
3479
3480 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
3481                                 int flags, struct net_device *dev,
3482                                 struct survey_info *survey)
3483 {
3484         void *hdr;
3485         struct nlattr *infoattr;
3486
3487         /* Survey without a channel doesn't make sense */
3488         if (!survey->channel)
3489                 return -EINVAL;
3490
3491         hdr = nl80211hdr_put(msg, pid, seq, flags,
3492                              NL80211_CMD_NEW_SURVEY_RESULTS);
3493         if (!hdr)
3494                 return -ENOMEM;
3495
3496         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3497
3498         infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
3499         if (!infoattr)
3500                 goto nla_put_failure;
3501
3502         NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
3503                     survey->channel->center_freq);
3504         if (survey->filled & SURVEY_INFO_NOISE_DBM)
3505                 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
3506                             survey->noise);
3507         if (survey->filled & SURVEY_INFO_IN_USE)
3508                 NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE);
3509         if (survey->filled & SURVEY_INFO_CHANNEL_TIME)
3510                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
3511                             survey->channel_time);
3512         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
3513                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
3514                             survey->channel_time_busy);
3515         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
3516                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
3517                             survey->channel_time_ext_busy);
3518         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX)
3519                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
3520                             survey->channel_time_rx);
3521         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX)
3522                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
3523                             survey->channel_time_tx);
3524
3525         nla_nest_end(msg, infoattr);
3526
3527         return genlmsg_end(msg, hdr);
3528
3529  nla_put_failure:
3530         genlmsg_cancel(msg, hdr);
3531         return -EMSGSIZE;
3532 }
3533
3534 static int nl80211_dump_survey(struct sk_buff *skb,
3535                         struct netlink_callback *cb)
3536 {
3537         struct survey_info survey;
3538         struct cfg80211_registered_device *dev;
3539         struct net_device *netdev;
3540         int survey_idx = cb->args[1];
3541         int res;
3542
3543         res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3544         if (res)
3545                 return res;
3546
3547         if (!dev->ops->dump_survey) {
3548                 res = -EOPNOTSUPP;
3549                 goto out_err;
3550         }
3551
3552         while (1) {
3553                 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
3554                                             &survey);
3555                 if (res == -ENOENT)
3556                         break;
3557                 if (res)
3558                         goto out_err;
3559
3560                 if (nl80211_send_survey(skb,
3561                                 NETLINK_CB(cb->skb).pid,
3562                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3563                                 netdev,
3564                                 &survey) < 0)
3565                         goto out;
3566                 survey_idx++;
3567         }
3568
3569  out:
3570         cb->args[1] = survey_idx;
3571         res = skb->len;
3572  out_err:
3573         nl80211_finish_netdev_dump(dev);
3574         return res;
3575 }
3576
3577 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3578 {
3579         return auth_type <= NL80211_AUTHTYPE_MAX;
3580 }
3581
3582 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
3583 {
3584         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
3585                                   NL80211_WPA_VERSION_2));
3586 }
3587
3588 static bool nl80211_valid_akm_suite(u32 akm)
3589 {
3590         return akm == WLAN_AKM_SUITE_8021X ||
3591                 akm == WLAN_AKM_SUITE_PSK;
3592 }
3593
3594 static bool nl80211_valid_cipher_suite(u32 cipher)
3595 {
3596         return cipher == WLAN_CIPHER_SUITE_WEP40 ||
3597                 cipher == WLAN_CIPHER_SUITE_WEP104 ||
3598                 cipher == WLAN_CIPHER_SUITE_TKIP ||
3599                 cipher == WLAN_CIPHER_SUITE_CCMP ||
3600                 cipher == WLAN_CIPHER_SUITE_AES_CMAC;
3601 }
3602
3603
3604 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
3605 {
3606         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3607         struct net_device *dev = info->user_ptr[1];
3608         struct ieee80211_channel *chan;
3609         const u8 *bssid, *ssid, *ie = NULL;
3610         int err, ssid_len, ie_len = 0;
3611         enum nl80211_auth_type auth_type;
3612         struct key_parse key;
3613         bool local_state_change;
3614
3615         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3616                 return -EINVAL;
3617
3618         if (!info->attrs[NL80211_ATTR_MAC])
3619                 return -EINVAL;
3620
3621         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
3622                 return -EINVAL;
3623
3624         if (!info->attrs[NL80211_ATTR_SSID])
3625                 return -EINVAL;
3626
3627         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
3628                 return -EINVAL;
3629
3630         err = nl80211_parse_key(info, &key);
3631         if (err)
3632                 return err;
3633
3634         if (key.idx >= 0) {
3635                 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
3636                         return -EINVAL;
3637                 if (!key.p.key || !key.p.key_len)
3638                         return -EINVAL;
3639                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
3640                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
3641                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
3642                      key.p.key_len != WLAN_KEY_LEN_WEP104))
3643                         return -EINVAL;
3644                 if (key.idx > 4)
3645                         return -EINVAL;
3646         } else {
3647                 key.p.key_len = 0;
3648                 key.p.key = NULL;
3649         }
3650
3651         if (key.idx >= 0) {
3652                 int i;
3653                 bool ok = false;
3654                 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
3655                         if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
3656                                 ok = true;
3657                                 break;
3658                         }
3659                 }
3660                 if (!ok)
3661                         return -EINVAL;
3662         }
3663
3664         if (!rdev->ops->auth)
3665                 return -EOPNOTSUPP;
3666
3667         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3668             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
3669                 return -EOPNOTSUPP;
3670
3671         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3672         chan = ieee80211_get_channel(&rdev->wiphy,
3673                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3674         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
3675                 return -EINVAL;
3676
3677         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3678         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3679
3680         if (info->attrs[NL80211_ATTR_IE]) {
3681                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3682                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3683         }
3684
3685         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
3686         if (!nl80211_valid_auth_type(auth_type))
3687                 return -EINVAL;
3688
3689         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3690
3691         return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
3692                                   ssid, ssid_len, ie, ie_len,
3693                                   key.p.key, key.p.key_len, key.idx,
3694                                   local_state_change);
3695 }
3696
3697 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
3698                                    struct genl_info *info,
3699                                    struct cfg80211_crypto_settings *settings,
3700                                    int cipher_limit)
3701 {
3702         memset(settings, 0, sizeof(*settings));
3703
3704         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
3705
3706         if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
3707                 u16 proto;
3708                 proto = nla_get_u16(
3709                         info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
3710                 settings->control_port_ethertype = cpu_to_be16(proto);
3711                 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
3712                     proto != ETH_P_PAE)
3713                         return -EINVAL;
3714                 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
3715                         settings->control_port_no_encrypt = true;
3716         } else
3717                 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
3718
3719         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
3720                 void *data;
3721                 int len, i;
3722
3723                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3724                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3725                 settings->n_ciphers_pairwise = len / sizeof(u32);
3726
3727                 if (len % sizeof(u32))
3728                         return -EINVAL;
3729
3730                 if (settings->n_ciphers_pairwise > cipher_limit)
3731                         return -EINVAL;
3732
3733                 memcpy(settings->ciphers_pairwise, data, len);
3734
3735                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3736                         if (!nl80211_valid_cipher_suite(
3737                                         settings->ciphers_pairwise[i]))
3738                                 return -EINVAL;
3739         }
3740
3741         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
3742                 settings->cipher_group =
3743                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
3744                 if (!nl80211_valid_cipher_suite(settings->cipher_group))
3745                         return -EINVAL;
3746         }
3747
3748         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
3749                 settings->wpa_versions =
3750                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
3751                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
3752                         return -EINVAL;
3753         }
3754
3755         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
3756                 void *data;
3757                 int len, i;
3758
3759                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
3760                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
3761                 settings->n_akm_suites = len / sizeof(u32);
3762
3763                 if (len % sizeof(u32))
3764                         return -EINVAL;
3765
3766                 memcpy(settings->akm_suites, data, len);
3767
3768                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3769                         if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
3770                                 return -EINVAL;
3771         }
3772
3773         return 0;
3774 }
3775
3776 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
3777 {
3778         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3779         struct net_device *dev = info->user_ptr[1];
3780         struct cfg80211_crypto_settings crypto;
3781         struct ieee80211_channel *chan;
3782         const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
3783         int err, ssid_len, ie_len = 0;
3784         bool use_mfp = false;
3785
3786         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3787                 return -EINVAL;
3788
3789         if (!info->attrs[NL80211_ATTR_MAC] ||
3790             !info->attrs[NL80211_ATTR_SSID] ||
3791             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
3792                 return -EINVAL;
3793
3794         if (!rdev->ops->assoc)
3795                 return -EOPNOTSUPP;
3796
3797         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3798             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
3799                 return -EOPNOTSUPP;
3800
3801         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3802
3803         chan = ieee80211_get_channel(&rdev->wiphy,
3804                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3805         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
3806                 return -EINVAL;
3807
3808         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3809         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3810
3811         if (info->attrs[NL80211_ATTR_IE]) {
3812                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3813                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3814         }
3815
3816         if (info->attrs[NL80211_ATTR_USE_MFP]) {
3817                 enum nl80211_mfp mfp =
3818                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
3819                 if (mfp == NL80211_MFP_REQUIRED)
3820                         use_mfp = true;
3821                 else if (mfp != NL80211_MFP_NO)
3822                         return -EINVAL;
3823         }
3824
3825         if (info->attrs[NL80211_ATTR_PREV_BSSID])
3826                 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
3827
3828         err = nl80211_crypto_settings(rdev, info, &crypto, 1);
3829         if (!err)
3830                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
3831                                           ssid, ssid_len, ie, ie_len, use_mfp,
3832                                           &crypto);
3833
3834         return err;
3835 }
3836
3837 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
3838 {
3839         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3840         struct net_device *dev = info->user_ptr[1];
3841         const u8 *ie = NULL, *bssid;
3842         int ie_len = 0;
3843         u16 reason_code;
3844         bool local_state_change;
3845
3846         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3847                 return -EINVAL;
3848
3849         if (!info->attrs[NL80211_ATTR_MAC])
3850                 return -EINVAL;
3851
3852         if (!info->attrs[NL80211_ATTR_REASON_CODE])
3853                 return -EINVAL;
3854
3855         if (!rdev->ops->deauth)
3856                 return -EOPNOTSUPP;
3857
3858         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3859             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
3860                 return -EOPNOTSUPP;
3861
3862         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3863
3864         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3865         if (reason_code == 0) {
3866                 /* Reason Code 0 is reserved */
3867                 return -EINVAL;
3868         }
3869
3870         if (info->attrs[NL80211_ATTR_IE]) {
3871                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3872                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3873         }
3874
3875         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3876
3877         return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
3878                                     local_state_change);
3879 }
3880
3881 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
3882 {
3883         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3884         struct net_device *dev = info->user_ptr[1];
3885         const u8 *ie = NULL, *bssid;
3886         int ie_len = 0;
3887         u16 reason_code;
3888         bool local_state_change;
3889
3890         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3891                 return -EINVAL;
3892
3893         if (!info->attrs[NL80211_ATTR_MAC])
3894                 return -EINVAL;
3895
3896         if (!info->attrs[NL80211_ATTR_REASON_CODE])
3897                 return -EINVAL;
3898
3899         if (!rdev->ops->disassoc)
3900                 return -EOPNOTSUPP;
3901
3902         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3903             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
3904                 return -EOPNOTSUPP;
3905
3906         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3907
3908         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3909         if (reason_code == 0) {
3910                 /* Reason Code 0 is reserved */
3911                 return -EINVAL;
3912         }
3913
3914         if (info->attrs[NL80211_ATTR_IE]) {
3915                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3916                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3917         }
3918
3919         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3920
3921         return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
3922                                       local_state_change);
3923 }
3924
3925 static bool
3926 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
3927                          int mcast_rate[IEEE80211_NUM_BANDS],
3928                          int rateval)
3929 {
3930         struct wiphy *wiphy = &rdev->wiphy;
3931         bool found = false;
3932         int band, i;
3933
3934         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3935                 struct ieee80211_supported_band *sband;
3936
3937                 sband = wiphy->bands[band];
3938                 if (!sband)
3939                         continue;
3940
3941                 for (i = 0; i < sband->n_bitrates; i++) {
3942                         if (sband->bitrates[i].bitrate == rateval) {
3943                                 mcast_rate[band] = i + 1;
3944                                 found = true;
3945                                 break;
3946                         }
3947                 }
3948         }
3949
3950         return found;
3951 }
3952
3953 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
3954 {
3955         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3956         struct net_device *dev = info->user_ptr[1];
3957         struct cfg80211_ibss_params ibss;
3958         struct wiphy *wiphy;
3959         struct cfg80211_cached_keys *connkeys = NULL;
3960         int err;
3961
3962         memset(&ibss, 0, sizeof(ibss));
3963
3964         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3965                 return -EINVAL;
3966
3967         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
3968             !info->attrs[NL80211_ATTR_SSID] ||
3969             !nla_len(info->attrs[NL80211_ATTR_SSID]))
3970                 return -EINVAL;
3971
3972         ibss.beacon_interval = 100;
3973
3974         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
3975                 ibss.beacon_interval =
3976                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3977                 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
3978                         return -EINVAL;
3979         }
3980
3981         if (!rdev->ops->join_ibss)
3982                 return -EOPNOTSUPP;
3983
3984         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
3985                 return -EOPNOTSUPP;
3986
3987         wiphy = &rdev->wiphy;
3988
3989         if (info->attrs[NL80211_ATTR_MAC])
3990                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3991         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3992         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3993
3994         if (info->attrs[NL80211_ATTR_IE]) {
3995                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3996                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3997         }
3998
3999         ibss.channel = ieee80211_get_channel(wiphy,
4000                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4001         if (!ibss.channel ||
4002             ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4003             ibss.channel->flags & IEEE80211_CHAN_DISABLED)
4004                 return -EINVAL;
4005
4006         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4007         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4008
4009         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4010                 u8 *rates =
4011                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4012                 int n_rates =
4013                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4014                 struct ieee80211_supported_band *sband =
4015                         wiphy->bands[ibss.channel->band];
4016                 int i, j;
4017
4018                 if (n_rates == 0)
4019                         return -EINVAL;
4020
4021                 for (i = 0; i < n_rates; i++) {
4022                         int rate = (rates[i] & 0x7f) * 5;
4023                         bool found = false;
4024
4025                         for (j = 0; j < sband->n_bitrates; j++) {
4026                                 if (sband->bitrates[j].bitrate == rate) {
4027                                         found = true;
4028                                         ibss.basic_rates |= BIT(j);
4029                                         break;
4030                                 }
4031                         }
4032                         if (!found)
4033                                 return -EINVAL;
4034                 }
4035         }
4036
4037         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
4038             !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
4039                         nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
4040                 return -EINVAL;
4041
4042         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4043                 connkeys = nl80211_parse_connkeys(rdev,
4044                                         info->attrs[NL80211_ATTR_KEYS]);
4045                 if (IS_ERR(connkeys))
4046                         return PTR_ERR(connkeys);
4047         }
4048
4049         err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4050         if (err)
4051                 kfree(connkeys);
4052         return err;
4053 }
4054
4055 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4056 {
4057         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4058         struct net_device *dev = info->user_ptr[1];
4059
4060         if (!rdev->ops->leave_ibss)
4061                 return -EOPNOTSUPP;
4062
4063         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4064                 return -EOPNOTSUPP;
4065
4066         return cfg80211_leave_ibss(rdev, dev, false);
4067 }
4068
4069 #ifdef CONFIG_NL80211_TESTMODE
4070 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4071         .name = "testmode",
4072 };
4073
4074 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4075 {
4076         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4077         int err;
4078
4079         if (!info->attrs[NL80211_ATTR_TESTDATA])
4080                 return -EINVAL;
4081
4082         err = -EOPNOTSUPP;
4083         if (rdev->ops->testmode_cmd) {
4084                 rdev->testmode_info = info;
4085                 err = rdev->ops->testmode_cmd(&rdev->wiphy,
4086                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4087                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4088                 rdev->testmode_info = NULL;
4089         }
4090
4091         return err;
4092 }
4093
4094 static struct sk_buff *
4095 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
4096                               int approxlen, u32 pid, u32 seq, gfp_t gfp)
4097 {
4098         struct sk_buff *skb;
4099         void *hdr;
4100         struct nlattr *data;
4101
4102         skb = nlmsg_new(approxlen + 100, gfp);
4103         if (!skb)
4104                 return NULL;
4105
4106         hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
4107         if (!hdr) {
4108                 kfree_skb(skb);
4109                 return NULL;
4110         }
4111
4112         NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4113         data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4114
4115         ((void **)skb->cb)[0] = rdev;
4116         ((void **)skb->cb)[1] = hdr;
4117         ((void **)skb->cb)[2] = data;
4118
4119         return skb;
4120
4121  nla_put_failure:
4122         kfree_skb(skb);
4123         return NULL;
4124 }
4125
4126 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
4127                                                   int approxlen)
4128 {
4129         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4130
4131         if (WARN_ON(!rdev->testmode_info))
4132                 return NULL;
4133
4134         return __cfg80211_testmode_alloc_skb(rdev, approxlen,
4135                                 rdev->testmode_info->snd_pid,
4136                                 rdev->testmode_info->snd_seq,
4137                                 GFP_KERNEL);
4138 }
4139 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
4140
4141 int cfg80211_testmode_reply(struct sk_buff *skb)
4142 {
4143         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
4144         void *hdr = ((void **)skb->cb)[1];
4145         struct nlattr *data = ((void **)skb->cb)[2];
4146
4147         if (WARN_ON(!rdev->testmode_info)) {
4148                 kfree_skb(skb);
4149                 return -EINVAL;
4150         }
4151
4152         nla_nest_end(skb, data);
4153         genlmsg_end(skb, hdr);
4154         return genlmsg_reply(skb, rdev->testmode_info);
4155 }
4156 EXPORT_SYMBOL(cfg80211_testmode_reply);
4157
4158 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
4159                                                   int approxlen, gfp_t gfp)
4160 {
4161         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4162
4163         return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
4164 }
4165 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
4166
4167 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
4168 {
4169         void *hdr = ((void **)skb->cb)[1];
4170         struct nlattr *data = ((void **)skb->cb)[2];
4171
4172         nla_nest_end(skb, data);
4173         genlmsg_end(skb, hdr);
4174         genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
4175 }
4176 EXPORT_SYMBOL(cfg80211_testmode_event);
4177 #endif
4178
4179 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
4180 {
4181         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4182         struct net_device *dev = info->user_ptr[1];
4183         struct cfg80211_connect_params connect;
4184         struct wiphy *wiphy;
4185         struct cfg80211_cached_keys *connkeys = NULL;
4186         int err;
4187
4188         memset(&connect, 0, sizeof(connect));
4189
4190         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4191                 return -EINVAL;
4192
4193         if (!info->attrs[NL80211_ATTR_SSID] ||
4194             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4195                 return -EINVAL;
4196
4197         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4198                 connect.auth_type =
4199                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4200                 if (!nl80211_valid_auth_type(connect.auth_type))
4201                         return -EINVAL;
4202         } else
4203                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4204
4205         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
4206
4207         err = nl80211_crypto_settings(rdev, info, &connect.crypto,
4208                                       NL80211_MAX_NR_CIPHER_SUITES);
4209         if (err)
4210                 return err;
4211
4212         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4213             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4214                 return -EOPNOTSUPP;
4215
4216         wiphy = &rdev->wiphy;
4217
4218         if (info->attrs[NL80211_ATTR_MAC])
4219                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4220         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4221         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4222
4223         if (info->attrs[NL80211_ATTR_IE]) {
4224                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4225                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4226         }
4227
4228         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4229                 connect.channel =
4230                         ieee80211_get_channel(wiphy,
4231                             nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4232                 if (!connect.channel ||
4233                     connect.channel->flags & IEEE80211_CHAN_DISABLED)
4234                         return -EINVAL;
4235         }
4236
4237         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4238                 connkeys = nl80211_parse_connkeys(rdev,
4239                                         info->attrs[NL80211_ATTR_KEYS]);
4240                 if (IS_ERR(connkeys))
4241                         return PTR_ERR(connkeys);
4242         }
4243
4244         err = cfg80211_connect(rdev, dev, &connect, connkeys);
4245         if (err)
4246                 kfree(connkeys);
4247         return err;
4248 }
4249
4250 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
4251 {
4252         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4253         struct net_device *dev = info->user_ptr[1];
4254         u16 reason;
4255
4256         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4257                 reason = WLAN_REASON_DEAUTH_LEAVING;
4258         else
4259                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4260
4261         if (reason == 0)
4262                 return -EINVAL;
4263
4264         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4265             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4266                 return -EOPNOTSUPP;
4267
4268         return cfg80211_disconnect(rdev, dev, reason, true);
4269 }
4270
4271 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4272 {
4273         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4274         struct net *net;
4275         int err;
4276         u32 pid;
4277
4278         if (!info->attrs[NL80211_ATTR_PID])
4279                 return -EINVAL;
4280
4281         pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
4282
4283         net = get_net_ns_by_pid(pid);
4284         if (IS_ERR(net))
4285                 return PTR_ERR(net);
4286
4287         err = 0;
4288
4289         /* check if anything to do */
4290         if (!net_eq(wiphy_net(&rdev->wiphy), net))
4291                 err = cfg80211_switch_netns(rdev, net);
4292
4293         put_net(net);
4294         return err;
4295 }
4296
4297 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
4298 {
4299         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4300         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
4301                         struct cfg80211_pmksa *pmksa) = NULL;
4302         struct net_device *dev = info->user_ptr[1];
4303         struct cfg80211_pmksa pmksa;
4304
4305         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
4306
4307         if (!info->attrs[NL80211_ATTR_MAC])
4308                 return -EINVAL;
4309
4310         if (!info->attrs[NL80211_ATTR_PMKID])
4311                 return -EINVAL;
4312
4313         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
4314         pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4315
4316         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4317             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4318                 return -EOPNOTSUPP;
4319
4320         switch (info->genlhdr->cmd) {
4321         case NL80211_CMD_SET_PMKSA:
4322                 rdev_ops = rdev->ops->set_pmksa;
4323                 break;
4324         case NL80211_CMD_DEL_PMKSA:
4325                 rdev_ops = rdev->ops->del_pmksa;
4326                 break;
4327         default:
4328                 WARN_ON(1);
4329                 break;
4330         }
4331
4332         if (!rdev_ops)
4333                 return -EOPNOTSUPP;
4334
4335         return rdev_ops(&rdev->wiphy, dev, &pmksa);
4336 }
4337
4338 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4339 {
4340         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4341         struct net_device *dev = info->user_ptr[1];
4342
4343         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4344             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4345                 return -EOPNOTSUPP;
4346
4347         if (!rdev->ops->flush_pmksa)
4348                 return -EOPNOTSUPP;
4349
4350         return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4351 }
4352
4353 static int nl80211_remain_on_channel(struct sk_buff *skb,
4354                                      struct genl_info *info)
4355 {
4356         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4357         struct net_device *dev = info->user_ptr[1];
4358         struct ieee80211_channel *chan;
4359         struct sk_buff *msg;
4360         void *hdr;
4361         u64 cookie;
4362         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4363         u32 freq, duration;
4364         int err;
4365
4366         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4367             !info->attrs[NL80211_ATTR_DURATION])
4368                 return -EINVAL;
4369
4370         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4371
4372         /*
4373          * We should be on that channel for at least one jiffie,
4374          * and more than 5 seconds seems excessive.
4375          */
4376         if (!duration || !msecs_to_jiffies(duration) ||
4377             duration > rdev->wiphy.max_remain_on_channel_duration)
4378                 return -EINVAL;
4379
4380         if (!rdev->ops->remain_on_channel)
4381                 return -EOPNOTSUPP;
4382
4383         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4384                 channel_type = nla_get_u32(
4385                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4386                 if (channel_type != NL80211_CHAN_NO_HT &&
4387                     channel_type != NL80211_CHAN_HT20 &&
4388                     channel_type != NL80211_CHAN_HT40PLUS &&
4389                     channel_type != NL80211_CHAN_HT40MINUS)
4390                         return -EINVAL;
4391         }
4392
4393         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4394         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4395         if (chan == NULL)
4396                 return -EINVAL;
4397
4398         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4399         if (!msg)
4400                 return -ENOMEM;
4401
4402         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4403                              NL80211_CMD_REMAIN_ON_CHANNEL);
4404
4405         if (IS_ERR(hdr)) {
4406                 err = PTR_ERR(hdr);
4407                 goto free_msg;
4408         }
4409
4410         err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
4411                                            channel_type, duration, &cookie);
4412
4413         if (err)
4414                 goto free_msg;
4415
4416         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4417
4418         genlmsg_end(msg, hdr);
4419
4420         return genlmsg_reply(msg, info);
4421
4422  nla_put_failure:
4423         err = -ENOBUFS;
4424  free_msg:
4425         nlmsg_free(msg);
4426         return err;
4427 }
4428
4429 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
4430                                             struct genl_info *info)
4431 {
4432         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4433         struct net_device *dev = info->user_ptr[1];
4434         u64 cookie;
4435
4436         if (!info->attrs[NL80211_ATTR_COOKIE])
4437                 return -EINVAL;
4438
4439         if (!rdev->ops->cancel_remain_on_channel)
4440                 return -EOPNOTSUPP;
4441
4442         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
4443
4444         return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
4445 }
4446
4447 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4448                            u8 *rates, u8 rates_len)
4449 {
4450         u8 i;
4451         u32 mask = 0;
4452
4453         for (i = 0; i < rates_len; i++) {
4454                 int rate = (rates[i] & 0x7f) * 5;
4455                 int ridx;
4456                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4457                         struct ieee80211_rate *srate =
4458                                 &sband->bitrates[ridx];
4459                         if (rate == srate->bitrate) {
4460                                 mask |= 1 << ridx;
4461                                 break;
4462                         }
4463                 }
4464                 if (ridx == sband->n_bitrates)
4465                         return 0; /* rate not found */
4466         }
4467
4468         return mask;
4469 }
4470
4471 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4472         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4473                                     .len = NL80211_MAX_SUPP_RATES },
4474 };
4475
4476 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
4477                                        struct genl_info *info)
4478 {
4479         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4480         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4481         struct cfg80211_bitrate_mask mask;
4482         int rem, i;
4483         struct net_device *dev = info->user_ptr[1];
4484         struct nlattr *tx_rates;
4485         struct ieee80211_supported_band *sband;
4486
4487         if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
4488                 return -EINVAL;
4489
4490         if (!rdev->ops->set_bitrate_mask)
4491                 return -EOPNOTSUPP;
4492
4493         memset(&mask, 0, sizeof(mask));
4494         /* Default to all rates enabled */
4495         for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
4496                 sband = rdev->wiphy.bands[i];
4497                 mask.control[i].legacy =
4498                         sband ? (1 << sband->n_bitrates) - 1 : 0;
4499         }
4500
4501         /*
4502          * The nested attribute uses enum nl80211_band as the index. This maps
4503          * directly to the enum ieee80211_band values used in cfg80211.
4504          */
4505         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
4506         {
4507                 enum ieee80211_band band = nla_type(tx_rates);
4508                 if (band < 0 || band >= IEEE80211_NUM_BANDS)
4509                         return -EINVAL;
4510                 sband = rdev->wiphy.bands[band];
4511                 if (sband == NULL)
4512                         return -EINVAL;
4513                 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
4514                           nla_len(tx_rates), nl80211_txattr_policy);
4515                 if (tb[NL80211_TXRATE_LEGACY]) {
4516                         mask.control[band].legacy = rateset_to_mask(
4517                                 sband,
4518                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
4519                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
4520                         if (mask.control[band].legacy == 0)
4521                                 return -EINVAL;
4522                 }
4523         }
4524
4525         return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
4526 }
4527
4528 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
4529 {
4530         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4531         struct net_device *dev = info->user_ptr[1];
4532         u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
4533
4534         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
4535                 return -EINVAL;
4536
4537         if (info->attrs[NL80211_ATTR_FRAME_TYPE])
4538                 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
4539
4540         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4541             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4542             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
4543             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4544             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4545             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4546             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4547                 return -EOPNOTSUPP;
4548
4549         /* not much point in registering if we can't reply */
4550         if (!rdev->ops->mgmt_tx)
4551                 return -EOPNOTSUPP;
4552
4553         return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
4554                         frame_type,
4555                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
4556                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
4557 }
4558
4559 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
4560 {
4561         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4562         struct net_device *dev = info->user_ptr[1];
4563         struct ieee80211_channel *chan;
4564         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4565         bool channel_type_valid = false;
4566         u32 freq;
4567         int err;
4568         void *hdr;
4569         u64 cookie;
4570         struct sk_buff *msg;
4571         unsigned int wait = 0;
4572         bool offchan;
4573
4574         if (!info->attrs[NL80211_ATTR_FRAME] ||
4575             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4576                 return -EINVAL;
4577
4578         if (!rdev->ops->mgmt_tx)
4579                 return -EOPNOTSUPP;
4580
4581         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4582             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4583             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
4584             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4585             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4586             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4587             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4588                 return -EOPNOTSUPP;
4589
4590         if (info->attrs[NL80211_ATTR_DURATION]) {
4591                 if (!rdev->ops->mgmt_tx_cancel_wait)
4592                         return -EINVAL;
4593                 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4594         }
4595
4596         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4597                 channel_type = nla_get_u32(
4598                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4599                 if (channel_type != NL80211_CHAN_NO_HT &&
4600                     channel_type != NL80211_CHAN_HT20 &&
4601                     channel_type != NL80211_CHAN_HT40PLUS &&
4602                     channel_type != NL80211_CHAN_HT40MINUS)
4603                         return -EINVAL;
4604                 channel_type_valid = true;
4605         }
4606
4607         offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
4608
4609         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4610         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4611         if (chan == NULL)
4612                 return -EINVAL;
4613
4614         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4615         if (!msg)
4616                 return -ENOMEM;
4617
4618         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4619                              NL80211_CMD_FRAME);
4620
4621         if (IS_ERR(hdr)) {
4622                 err = PTR_ERR(hdr);
4623                 goto free_msg;
4624         }
4625         err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type,
4626                                     channel_type_valid, wait,
4627                                     nla_data(info->attrs[NL80211_ATTR_FRAME]),
4628                                     nla_len(info->attrs[NL80211_ATTR_FRAME]),
4629                                     &cookie);
4630         if (err)
4631                 goto free_msg;
4632
4633         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4634
4635         genlmsg_end(msg, hdr);
4636         return genlmsg_reply(msg, info);
4637
4638  nla_put_failure:
4639         err = -ENOBUFS;
4640  free_msg:
4641         nlmsg_free(msg);
4642         return err;
4643 }
4644
4645 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
4646 {
4647         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4648         struct net_device *dev = info->user_ptr[1];
4649         u64 cookie;
4650
4651         if (!info->attrs[NL80211_ATTR_COOKIE])
4652                 return -EINVAL;
4653
4654         if (!rdev->ops->mgmt_tx_cancel_wait)
4655                 return -EOPNOTSUPP;
4656
4657         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4658             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4659             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
4660             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4661             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4662             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4663                 return -EOPNOTSUPP;
4664
4665         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
4666
4667         return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie);
4668 }
4669
4670 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
4671 {
4672         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4673         struct wireless_dev *wdev;
4674         struct net_device *dev = info->user_ptr[1];
4675         u8 ps_state;
4676         bool state;
4677         int err;
4678
4679         if (!info->attrs[NL80211_ATTR_PS_STATE])
4680                 return -EINVAL;
4681
4682         ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
4683
4684         if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
4685                 return -EINVAL;
4686
4687         wdev = dev->ieee80211_ptr;
4688
4689         if (!rdev->ops->set_power_mgmt)
4690                 return -EOPNOTSUPP;
4691
4692         state = (ps_state == NL80211_PS_ENABLED) ? true : false;
4693
4694         if (state == wdev->ps)
4695                 return 0;
4696
4697         err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state,
4698                                         wdev->ps_timeout);
4699         if (!err)
4700                 wdev->ps = state;
4701         return err;
4702 }
4703
4704 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
4705 {
4706         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4707         enum nl80211_ps_state ps_state;
4708         struct wireless_dev *wdev;
4709         struct net_device *dev = info->user_ptr[1];
4710         struct sk_buff *msg;
4711         void *hdr;
4712         int err;
4713
4714         wdev = dev->ieee80211_ptr;
4715
4716         if (!rdev->ops->set_power_mgmt)
4717                 return -EOPNOTSUPP;
4718
4719         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4720         if (!msg)
4721                 return -ENOMEM;
4722
4723         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4724                              NL80211_CMD_GET_POWER_SAVE);
4725         if (!hdr) {
4726                 err = -ENOBUFS;
4727                 goto free_msg;
4728         }
4729
4730         if (wdev->ps)
4731                 ps_state = NL80211_PS_ENABLED;
4732         else
4733                 ps_state = NL80211_PS_DISABLED;
4734
4735         NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
4736
4737         genlmsg_end(msg, hdr);
4738         return genlmsg_reply(msg, info);
4739
4740  nla_put_failure:
4741         err = -ENOBUFS;
4742  free_msg:
4743         nlmsg_free(msg);
4744         return err;
4745 }
4746
4747 static struct nla_policy
4748 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
4749         [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
4750         [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
4751         [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
4752 };
4753
4754 static int nl80211_set_cqm_rssi(struct genl_info *info,
4755                                 s32 threshold, u32 hysteresis)
4756 {
4757         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4758         struct wireless_dev *wdev;
4759         struct net_device *dev = info->user_ptr[1];
4760
4761         if (threshold > 0)
4762                 return -EINVAL;
4763
4764         wdev = dev->ieee80211_ptr;
4765
4766         if (!rdev->ops->set_cqm_rssi_config)
4767                 return -EOPNOTSUPP;
4768
4769         if (wdev->iftype != NL80211_IFTYPE_STATION &&
4770             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
4771                 return -EOPNOTSUPP;
4772
4773         return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
4774                                               threshold, hysteresis);
4775 }
4776
4777 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
4778 {
4779         struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
4780         struct nlattr *cqm;
4781         int err;
4782
4783         cqm = info->attrs[NL80211_ATTR_CQM];
4784         if (!cqm) {
4785                 err = -EINVAL;
4786                 goto out;
4787         }
4788
4789         err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
4790                                nl80211_attr_cqm_policy);
4791         if (err)
4792                 goto out;
4793
4794         if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
4795             attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
4796                 s32 threshold;
4797                 u32 hysteresis;
4798                 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
4799                 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
4800                 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
4801         } else
4802                 err = -EINVAL;
4803
4804 out:
4805         return err;
4806 }
4807
4808 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
4809 {
4810         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4811         struct net_device *dev = info->user_ptr[1];
4812         struct mesh_config cfg;
4813         struct mesh_setup setup;
4814         int err;
4815
4816         /* start with default */
4817         memcpy(&cfg, &default_mesh_config, sizeof(cfg));
4818         memcpy(&setup, &default_mesh_setup, sizeof(setup));
4819
4820         if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
4821                 /* and parse parameters if given */
4822                 err = nl80211_parse_mesh_config(info, &cfg, NULL);
4823                 if (err)
4824                         return err;
4825         }
4826
4827         if (!info->attrs[NL80211_ATTR_MESH_ID] ||
4828             !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
4829                 return -EINVAL;
4830
4831         setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
4832         setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
4833
4834         if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
4835                 /* parse additional setup parameters if given */
4836                 err = nl80211_parse_mesh_setup(info, &setup);
4837                 if (err)
4838                         return err;
4839         }
4840
4841         return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
4842 }
4843
4844 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
4845 {
4846         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4847         struct net_device *dev = info->user_ptr[1];
4848
4849         return cfg80211_leave_mesh(rdev, dev);
4850 }
4851
4852 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
4853 {
4854         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4855         struct sk_buff *msg;
4856         void *hdr;
4857
4858         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
4859                 return -EOPNOTSUPP;
4860
4861         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4862         if (!msg)
4863                 return -ENOMEM;
4864
4865         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4866                              NL80211_CMD_GET_WOWLAN);
4867         if (!hdr)
4868                 goto nla_put_failure;
4869
4870         if (rdev->wowlan) {
4871                 struct nlattr *nl_wowlan;
4872
4873                 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
4874                 if (!nl_wowlan)
4875                         goto nla_put_failure;
4876
4877                 if (rdev->wowlan->any)
4878                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
4879                 if (rdev->wowlan->disconnect)
4880                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
4881                 if (rdev->wowlan->magic_pkt)
4882                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
4883                 if (rdev->wowlan->n_patterns) {
4884                         struct nlattr *nl_pats, *nl_pat;
4885                         int i, pat_len;
4886
4887                         nl_pats = nla_nest_start(msg,
4888                                         NL80211_WOWLAN_TRIG_PKT_PATTERN);
4889                         if (!nl_pats)
4890                                 goto nla_put_failure;
4891
4892                         for (i = 0; i < rdev->wowlan->n_patterns; i++) {
4893                                 nl_pat = nla_nest_start(msg, i + 1);
4894                                 if (!nl_pat)
4895                                         goto nla_put_failure;
4896                                 pat_len = rdev->wowlan->patterns[i].pattern_len;
4897                                 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_MASK,
4898                                         DIV_ROUND_UP(pat_len, 8),
4899                                         rdev->wowlan->patterns[i].mask);
4900                                 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
4901                                         pat_len,
4902                                         rdev->wowlan->patterns[i].pattern);
4903                                 nla_nest_end(msg, nl_pat);
4904                         }
4905                         nla_nest_end(msg, nl_pats);
4906                 }
4907
4908                 nla_nest_end(msg, nl_wowlan);
4909         }
4910
4911         genlmsg_end(msg, hdr);
4912         return genlmsg_reply(msg, info);
4913
4914 nla_put_failure:
4915         nlmsg_free(msg);
4916         return -ENOBUFS;
4917 }
4918
4919 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
4920 {
4921         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4922         struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
4923         struct cfg80211_wowlan no_triggers = {};
4924         struct cfg80211_wowlan new_triggers = {};
4925         struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
4926         int err, i;
4927
4928         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
4929                 return -EOPNOTSUPP;
4930
4931         if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS])
4932                 goto no_triggers;
4933
4934         err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
4935                         nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
4936                         nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
4937                         nl80211_wowlan_policy);
4938         if (err)
4939                 return err;
4940
4941         if (tb[NL80211_WOWLAN_TRIG_ANY]) {
4942                 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
4943                         return -EINVAL;
4944                 new_triggers.any = true;
4945         }
4946
4947         if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
4948                 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
4949                         return -EINVAL;
4950                 new_triggers.disconnect = true;
4951         }
4952
4953         if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
4954                 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
4955                         return -EINVAL;
4956                 new_triggers.magic_pkt = true;
4957         }
4958
4959         if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
4960                 struct nlattr *pat;
4961                 int n_patterns = 0;
4962                 int rem, pat_len, mask_len;
4963                 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
4964
4965                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
4966                                     rem)
4967                         n_patterns++;
4968                 if (n_patterns > wowlan->n_patterns)
4969                         return -EINVAL;
4970
4971                 new_triggers.patterns = kcalloc(n_patterns,
4972                                                 sizeof(new_triggers.patterns[0]),
4973                                                 GFP_KERNEL);
4974                 if (!new_triggers.patterns)
4975                         return -ENOMEM;
4976
4977                 new_triggers.n_patterns = n_patterns;
4978                 i = 0;
4979
4980                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
4981                                     rem) {
4982                         nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
4983                                   nla_data(pat), nla_len(pat), NULL);
4984                         err = -EINVAL;
4985                         if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
4986                             !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
4987                                 goto error;
4988                         pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
4989                         mask_len = DIV_ROUND_UP(pat_len, 8);
4990                         if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
4991                             mask_len)
4992                                 goto error;
4993                         if (pat_len > wowlan->pattern_max_len ||
4994                             pat_len < wowlan->pattern_min_len)
4995                                 goto error;
4996
4997                         new_triggers.patterns[i].mask =
4998                                 kmalloc(mask_len + pat_len, GFP_KERNEL);
4999                         if (!new_triggers.patterns[i].mask) {
5000                                 err = -ENOMEM;
5001                                 goto error;
5002                         }
5003                         new_triggers.patterns[i].pattern =
5004                                 new_triggers.patterns[i].mask + mask_len;
5005                         memcpy(new_triggers.patterns[i].mask,
5006                                nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
5007                                mask_len);
5008                         new_triggers.patterns[i].pattern_len = pat_len;
5009                         memcpy(new_triggers.patterns[i].pattern,
5010                                nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
5011                                pat_len);
5012                         i++;
5013                 }
5014         }
5015
5016         if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) {
5017                 struct cfg80211_wowlan *ntrig;
5018                 ntrig = kmemdup(&new_triggers, sizeof(new_triggers),
5019                                 GFP_KERNEL);
5020                 if (!ntrig) {
5021                         err = -ENOMEM;
5022                         goto error;
5023                 }
5024                 cfg80211_rdev_free_wowlan(rdev);
5025                 rdev->wowlan = ntrig;
5026         } else {
5027  no_triggers:
5028                 cfg80211_rdev_free_wowlan(rdev);
5029                 rdev->wowlan = NULL;
5030         }
5031
5032         return 0;
5033  error:
5034         for (i = 0; i < new_triggers.n_patterns; i++)
5035                 kfree(new_triggers.patterns[i].mask);
5036         kfree(new_triggers.patterns);
5037         return err;
5038 }
5039
5040 #define NL80211_FLAG_NEED_WIPHY         0x01
5041 #define NL80211_FLAG_NEED_NETDEV        0x02
5042 #define NL80211_FLAG_NEED_RTNL          0x04
5043 #define NL80211_FLAG_CHECK_NETDEV_UP    0x08
5044 #define NL80211_FLAG_NEED_NETDEV_UP     (NL80211_FLAG_NEED_NETDEV |\
5045                                          NL80211_FLAG_CHECK_NETDEV_UP)
5046
5047 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
5048                             struct genl_info *info)
5049 {
5050         struct cfg80211_registered_device *rdev;
5051         struct net_device *dev;
5052         int err;
5053         bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
5054
5055         if (rtnl)
5056                 rtnl_lock();
5057
5058         if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
5059                 rdev = cfg80211_get_dev_from_info(info);
5060                 if (IS_ERR(rdev)) {
5061                         if (rtnl)
5062                                 rtnl_unlock();
5063                         return PTR_ERR(rdev);
5064                 }
5065                 info->user_ptr[0] = rdev;
5066         } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
5067                 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
5068                 if (err) {
5069                         if (rtnl)
5070                                 rtnl_unlock();
5071                         return err;
5072                 }
5073                 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
5074                     !netif_running(dev)) {
5075                         cfg80211_unlock_rdev(rdev);
5076                         dev_put(dev);
5077                         if (rtnl)
5078                                 rtnl_unlock();
5079                         return -ENETDOWN;
5080                 }
5081                 info->user_ptr[0] = rdev;
5082                 info->user_ptr[1] = dev;
5083         }
5084
5085         return 0;
5086 }
5087
5088 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
5089                               struct genl_info *info)
5090 {
5091         if (info->user_ptr[0])
5092                 cfg80211_unlock_rdev(info->user_ptr[0]);
5093         if (info->user_ptr[1])
5094                 dev_put(info->user_ptr[1]);
5095         if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
5096                 rtnl_unlock();
5097 }
5098
5099 static struct genl_ops nl80211_ops[] = {
5100         {
5101                 .cmd = NL80211_CMD_GET_WIPHY,
5102                 .doit = nl80211_get_wiphy,
5103                 .dumpit = nl80211_dump_wiphy,
5104                 .policy = nl80211_policy,
5105                 /* can be retrieved by unprivileged users */
5106                 .internal_flags = NL80211_FLAG_NEED_WIPHY,
5107         },
5108         {
5109                 .cmd = NL80211_CMD_SET_WIPHY,
5110                 .doit = nl80211_set_wiphy,
5111                 .policy = nl80211_policy,
5112                 .flags = GENL_ADMIN_PERM,
5113                 .internal_flags = NL80211_FLAG_NEED_RTNL,
5114         },
5115         {
5116                 .cmd = NL80211_CMD_GET_INTERFACE,
5117                 .doit = nl80211_get_interface,
5118                 .dumpit = nl80211_dump_interface,
5119                 .policy = nl80211_policy,
5120                 /* can be retrieved by unprivileged users */
5121                 .internal_flags = NL80211_FLAG_NEED_NETDEV,
5122         },
5123         {
5124                 .cmd = NL80211_CMD_SET_INTERFACE,
5125                 .doit = nl80211_set_interface,
5126                 .policy = nl80211_policy,
5127                 .flags = GENL_ADMIN_PERM,
5128                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5129                                   NL80211_FLAG_NEED_RTNL,
5130         },
5131         {
5132                 .cmd = NL80211_CMD_NEW_INTERFACE,
5133                 .doit = nl80211_new_interface,
5134                 .policy = nl80211_policy,
5135                 .flags = GENL_ADMIN_PERM,
5136                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5137                                   NL80211_FLAG_NEED_RTNL,
5138         },
5139         {
5140                 .cmd = NL80211_CMD_DEL_INTERFACE,
5141                 .doit = nl80211_del_interface,
5142                 .policy = nl80211_policy,
5143                 .flags = GENL_ADMIN_PERM,
5144                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5145                                   NL80211_FLAG_NEED_RTNL,
5146         },
5147         {
5148                 .cmd = NL80211_CMD_GET_KEY,
5149                 .doit = nl80211_get_key,
5150                 .policy = nl80211_policy,
5151                 .flags = GENL_ADMIN_PERM,
5152                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5153                                   NL80211_FLAG_NEED_RTNL,
5154         },
5155         {
5156                 .cmd = NL80211_CMD_SET_KEY,
5157                 .doit = nl80211_set_key,
5158                 .policy = nl80211_policy,
5159                 .flags = GENL_ADMIN_PERM,
5160                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5161                                   NL80211_FLAG_NEED_RTNL,
5162         },
5163         {
5164                 .cmd = NL80211_CMD_NEW_KEY,
5165                 .doit = nl80211_new_key,
5166                 .policy = nl80211_policy,
5167                 .flags = GENL_ADMIN_PERM,
5168                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5169                                   NL80211_FLAG_NEED_RTNL,
5170         },
5171         {
5172                 .cmd = NL80211_CMD_DEL_KEY,
5173                 .doit = nl80211_del_key,
5174                 .policy = nl80211_policy,
5175                 .flags = GENL_ADMIN_PERM,
5176                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5177                                   NL80211_FLAG_NEED_RTNL,
5178         },
5179         {
5180                 .cmd = NL80211_CMD_SET_BEACON,
5181                 .policy = nl80211_policy,
5182                 .flags = GENL_ADMIN_PERM,
5183                 .doit = nl80211_addset_beacon,
5184                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5185                                   NL80211_FLAG_NEED_RTNL,
5186         },
5187         {
5188                 .cmd = NL80211_CMD_NEW_BEACON,
5189                 .policy = nl80211_policy,
5190                 .flags = GENL_ADMIN_PERM,
5191                 .doit = nl80211_addset_beacon,
5192                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5193                                   NL80211_FLAG_NEED_RTNL,
5194         },
5195         {
5196                 .cmd = NL80211_CMD_DEL_BEACON,
5197                 .policy = nl80211_policy,
5198                 .flags = GENL_ADMIN_PERM,
5199                 .doit = nl80211_del_beacon,
5200                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5201                                   NL80211_FLAG_NEED_RTNL,
5202         },
5203         {
5204                 .cmd = NL80211_CMD_GET_STATION,
5205                 .doit = nl80211_get_station,
5206                 .dumpit = nl80211_dump_station,
5207                 .policy = nl80211_policy,
5208                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5209                                   NL80211_FLAG_NEED_RTNL,
5210         },
5211         {
5212                 .cmd = NL80211_CMD_SET_STATION,
5213                 .doit = nl80211_set_station,
5214                 .policy = nl80211_policy,
5215                 .flags = GENL_ADMIN_PERM,
5216                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5217                                   NL80211_FLAG_NEED_RTNL,
5218         },
5219         {
5220                 .cmd = NL80211_CMD_NEW_STATION,
5221                 .doit = nl80211_new_station,
5222                 .policy = nl80211_policy,
5223                 .flags = GENL_ADMIN_PERM,
5224                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5225                                   NL80211_FLAG_NEED_RTNL,
5226         },
5227         {
5228                 .cmd = NL80211_CMD_DEL_STATION,
5229                 .doit = nl80211_del_station,
5230                 .policy = nl80211_policy,
5231                 .flags = GENL_ADMIN_PERM,
5232                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5233                                   NL80211_FLAG_NEED_RTNL,
5234         },
5235         {
5236                 .cmd = NL80211_CMD_GET_MPATH,
5237                 .doit = nl80211_get_mpath,
5238                 .dumpit = nl80211_dump_mpath,
5239                 .policy = nl80211_policy,
5240                 .flags = GENL_ADMIN_PERM,
5241                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5242                                   NL80211_FLAG_NEED_RTNL,
5243         },
5244         {
5245                 .cmd = NL80211_CMD_SET_MPATH,
5246                 .doit = nl80211_set_mpath,
5247                 .policy = nl80211_policy,
5248                 .flags = GENL_ADMIN_PERM,
5249                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5250                                   NL80211_FLAG_NEED_RTNL,
5251         },
5252         {
5253                 .cmd = NL80211_CMD_NEW_MPATH,
5254                 .doit = nl80211_new_mpath,
5255                 .policy = nl80211_policy,
5256                 .flags = GENL_ADMIN_PERM,
5257                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5258                                   NL80211_FLAG_NEED_RTNL,
5259         },
5260         {
5261                 .cmd = NL80211_CMD_DEL_MPATH,
5262                 .doit = nl80211_del_mpath,
5263                 .policy = nl80211_policy,
5264                 .flags = GENL_ADMIN_PERM,
5265                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5266                                   NL80211_FLAG_NEED_RTNL,
5267         },
5268         {
5269                 .cmd = NL80211_CMD_SET_BSS,
5270                 .doit = nl80211_set_bss,
5271                 .policy = nl80211_policy,
5272                 .flags = GENL_ADMIN_PERM,
5273                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5274                                   NL80211_FLAG_NEED_RTNL,
5275         },
5276         {
5277                 .cmd = NL80211_CMD_GET_REG,
5278                 .doit = nl80211_get_reg,
5279                 .policy = nl80211_policy,
5280                 /* can be retrieved by unprivileged users */
5281         },
5282         {
5283                 .cmd = NL80211_CMD_SET_REG,
5284                 .doit = nl80211_set_reg,
5285                 .policy = nl80211_policy,
5286                 .flags = GENL_ADMIN_PERM,
5287         },
5288         {
5289                 .cmd = NL80211_CMD_REQ_SET_REG,
5290                 .doit = nl80211_req_set_reg,
5291                 .policy = nl80211_policy,
5292                 .flags = GENL_ADMIN_PERM,
5293         },
5294         {
5295                 .cmd = NL80211_CMD_GET_MESH_CONFIG,
5296                 .doit = nl80211_get_mesh_config,
5297                 .policy = nl80211_policy,
5298                 /* can be retrieved by unprivileged users */
5299                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5300                                   NL80211_FLAG_NEED_RTNL,
5301         },
5302         {
5303                 .cmd = NL80211_CMD_SET_MESH_CONFIG,
5304                 .doit = nl80211_update_mesh_config,
5305                 .policy = nl80211_policy,
5306                 .flags = GENL_ADMIN_PERM,
5307                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5308                                   NL80211_FLAG_NEED_RTNL,
5309         },
5310         {
5311                 .cmd = NL80211_CMD_TRIGGER_SCAN,
5312                 .doit = nl80211_trigger_scan,
5313                 .policy = nl80211_policy,
5314                 .flags = GENL_ADMIN_PERM,
5315                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5316                                   NL80211_FLAG_NEED_RTNL,
5317         },
5318         {
5319                 .cmd = NL80211_CMD_GET_SCAN,
5320                 .policy = nl80211_policy,
5321                 .dumpit = nl80211_dump_scan,
5322         },
5323         {
5324                 .cmd = NL80211_CMD_AUTHENTICATE,
5325                 .doit = nl80211_authenticate,
5326                 .policy = nl80211_policy,
5327                 .flags = GENL_ADMIN_PERM,
5328                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5329                                   NL80211_FLAG_NEED_RTNL,
5330         },
5331         {
5332                 .cmd = NL80211_CMD_ASSOCIATE,
5333                 .doit = nl80211_associate,
5334                 .policy = nl80211_policy,
5335                 .flags = GENL_ADMIN_PERM,
5336                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5337                                   NL80211_FLAG_NEED_RTNL,
5338         },
5339         {
5340                 .cmd = NL80211_CMD_DEAUTHENTICATE,
5341                 .doit = nl80211_deauthenticate,
5342                 .policy = nl80211_policy,
5343                 .flags = GENL_ADMIN_PERM,
5344                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5345                                   NL80211_FLAG_NEED_RTNL,
5346         },
5347         {
5348                 .cmd = NL80211_CMD_DISASSOCIATE,
5349                 .doit = nl80211_disassociate,
5350                 .policy = nl80211_policy,
5351                 .flags = GENL_ADMIN_PERM,
5352                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5353                                   NL80211_FLAG_NEED_RTNL,
5354         },
5355         {
5356                 .cmd = NL80211_CMD_JOIN_IBSS,
5357                 .doit = nl80211_join_ibss,
5358                 .policy = nl80211_policy,
5359                 .flags = GENL_ADMIN_PERM,
5360                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5361                                   NL80211_FLAG_NEED_RTNL,
5362         },
5363         {
5364                 .cmd = NL80211_CMD_LEAVE_IBSS,
5365                 .doit = nl80211_leave_ibss,
5366                 .policy = nl80211_policy,
5367                 .flags = GENL_ADMIN_PERM,
5368                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5369                                   NL80211_FLAG_NEED_RTNL,
5370         },
5371 #ifdef CONFIG_NL80211_TESTMODE
5372         {
5373                 .cmd = NL80211_CMD_TESTMODE,
5374                 .doit = nl80211_testmode_do,
5375                 .policy = nl80211_policy,
5376                 .flags = GENL_ADMIN_PERM,
5377                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5378                                   NL80211_FLAG_NEED_RTNL,
5379         },
5380 #endif
5381         {
5382                 .cmd = NL80211_CMD_CONNECT,
5383                 .doit = nl80211_connect,
5384                 .policy = nl80211_policy,
5385                 .flags = GENL_ADMIN_PERM,
5386                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5387                                   NL80211_FLAG_NEED_RTNL,
5388         },
5389         {
5390                 .cmd = NL80211_CMD_DISCONNECT,
5391                 .doit = nl80211_disconnect,
5392                 .policy = nl80211_policy,
5393                 .flags = GENL_ADMIN_PERM,
5394                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5395                                   NL80211_FLAG_NEED_RTNL,
5396         },
5397         {
5398                 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
5399                 .doit = nl80211_wiphy_netns,
5400                 .policy = nl80211_policy,
5401                 .flags = GENL_ADMIN_PERM,
5402                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5403                                   NL80211_FLAG_NEED_RTNL,
5404         },
5405         {
5406                 .cmd = NL80211_CMD_GET_SURVEY,
5407                 .policy = nl80211_policy,
5408                 .dumpit = nl80211_dump_survey,
5409         },
5410         {
5411                 .cmd = NL80211_CMD_SET_PMKSA,
5412                 .doit = nl80211_setdel_pmksa,
5413                 .policy = nl80211_policy,
5414                 .flags = GENL_ADMIN_PERM,
5415                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5416                                   NL80211_FLAG_NEED_RTNL,
5417         },
5418         {
5419                 .cmd = NL80211_CMD_DEL_PMKSA,
5420                 .doit = nl80211_setdel_pmksa,
5421                 .policy = nl80211_policy,
5422                 .flags = GENL_ADMIN_PERM,
5423                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5424                                   NL80211_FLAG_NEED_RTNL,
5425         },
5426         {
5427                 .cmd = NL80211_CMD_FLUSH_PMKSA,
5428                 .doit = nl80211_flush_pmksa,
5429                 .policy = nl80211_policy,
5430                 .flags = GENL_ADMIN_PERM,
5431                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5432                                   NL80211_FLAG_NEED_RTNL,
5433         },
5434         {
5435                 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
5436                 .doit = nl80211_remain_on_channel,
5437                 .policy = nl80211_policy,
5438                 .flags = GENL_ADMIN_PERM,
5439                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5440                                   NL80211_FLAG_NEED_RTNL,
5441         },
5442         {
5443                 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
5444                 .doit = nl80211_cancel_remain_on_channel,
5445                 .policy = nl80211_policy,
5446                 .flags = GENL_ADMIN_PERM,
5447                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5448                                   NL80211_FLAG_NEED_RTNL,
5449         },
5450         {
5451                 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
5452                 .doit = nl80211_set_tx_bitrate_mask,
5453                 .policy = nl80211_policy,
5454                 .flags = GENL_ADMIN_PERM,
5455                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5456                                   NL80211_FLAG_NEED_RTNL,
5457         },
5458         {
5459                 .cmd = NL80211_CMD_REGISTER_FRAME,
5460                 .doit = nl80211_register_mgmt,
5461                 .policy = nl80211_policy,
5462                 .flags = GENL_ADMIN_PERM,
5463                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5464                                   NL80211_FLAG_NEED_RTNL,
5465         },
5466         {
5467                 .cmd = NL80211_CMD_FRAME,
5468                 .doit = nl80211_tx_mgmt,
5469                 .policy = nl80211_policy,
5470                 .flags = GENL_ADMIN_PERM,
5471                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5472                                   NL80211_FLAG_NEED_RTNL,
5473         },
5474         {
5475                 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
5476                 .doit = nl80211_tx_mgmt_cancel_wait,
5477                 .policy = nl80211_policy,
5478                 .flags = GENL_ADMIN_PERM,
5479                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5480                                   NL80211_FLAG_NEED_RTNL,
5481         },
5482         {
5483                 .cmd = NL80211_CMD_SET_POWER_SAVE,
5484                 .doit = nl80211_set_power_save,
5485                 .policy = nl80211_policy,
5486                 .flags = GENL_ADMIN_PERM,
5487                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5488                                   NL80211_FLAG_NEED_RTNL,
5489         },
5490         {
5491                 .cmd = NL80211_CMD_GET_POWER_SAVE,
5492                 .doit = nl80211_get_power_save,
5493                 .policy = nl80211_policy,
5494                 /* can be retrieved by unprivileged users */
5495                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5496                                   NL80211_FLAG_NEED_RTNL,
5497         },
5498         {
5499                 .cmd = NL80211_CMD_SET_CQM,
5500                 .doit = nl80211_set_cqm,
5501                 .policy = nl80211_policy,
5502                 .flags = GENL_ADMIN_PERM,
5503                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5504                                   NL80211_FLAG_NEED_RTNL,
5505         },
5506         {
5507                 .cmd = NL80211_CMD_SET_CHANNEL,
5508                 .doit = nl80211_set_channel,
5509                 .policy = nl80211_policy,
5510                 .flags = GENL_ADMIN_PERM,
5511                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5512                                   NL80211_FLAG_NEED_RTNL,
5513         },
5514         {
5515                 .cmd = NL80211_CMD_SET_WDS_PEER,
5516                 .doit = nl80211_set_wds_peer,
5517                 .policy = nl80211_policy,
5518                 .flags = GENL_ADMIN_PERM,
5519                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5520                                   NL80211_FLAG_NEED_RTNL,
5521         },
5522         {
5523                 .cmd = NL80211_CMD_JOIN_MESH,
5524                 .doit = nl80211_join_mesh,
5525                 .policy = nl80211_policy,
5526                 .flags = GENL_ADMIN_PERM,
5527                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5528                                   NL80211_FLAG_NEED_RTNL,
5529         },
5530         {
5531                 .cmd = NL80211_CMD_LEAVE_MESH,
5532                 .doit = nl80211_leave_mesh,
5533                 .policy = nl80211_policy,
5534                 .flags = GENL_ADMIN_PERM,
5535                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5536                                   NL80211_FLAG_NEED_RTNL,
5537         },
5538         {
5539                 .cmd = NL80211_CMD_GET_WOWLAN,
5540                 .doit = nl80211_get_wowlan,
5541                 .policy = nl80211_policy,
5542                 /* can be retrieved by unprivileged users */
5543                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5544                                   NL80211_FLAG_NEED_RTNL,
5545         },
5546         {
5547                 .cmd = NL80211_CMD_SET_WOWLAN,
5548                 .doit = nl80211_set_wowlan,
5549                 .policy = nl80211_policy,
5550                 .flags = GENL_ADMIN_PERM,
5551                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5552                                   NL80211_FLAG_NEED_RTNL,
5553         },
5554 };
5555
5556 static struct genl_multicast_group nl80211_mlme_mcgrp = {
5557         .name = "mlme",
5558 };
5559
5560 /* multicast groups */
5561 static struct genl_multicast_group nl80211_config_mcgrp = {
5562         .name = "config",
5563 };
5564 static struct genl_multicast_group nl80211_scan_mcgrp = {
5565         .name = "scan",
5566 };
5567 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
5568         .name = "regulatory",
5569 };
5570
5571 /* notification functions */
5572
5573 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
5574 {
5575         struct sk_buff *msg;
5576
5577         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5578         if (!msg)
5579                 return;
5580
5581         if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
5582                 nlmsg_free(msg);
5583                 return;
5584         }
5585
5586         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5587                                 nl80211_config_mcgrp.id, GFP_KERNEL);
5588 }
5589
5590 static int nl80211_add_scan_req(struct sk_buff *msg,
5591                                 struct cfg80211_registered_device *rdev)
5592 {
5593         struct cfg80211_scan_request *req = rdev->scan_req;
5594         struct nlattr *nest;
5595         int i;
5596
5597         ASSERT_RDEV_LOCK(rdev);
5598
5599         if (WARN_ON(!req))
5600                 return 0;
5601
5602         nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
5603         if (!nest)
5604                 goto nla_put_failure;
5605         for (i = 0; i < req->n_ssids; i++)
5606                 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid);
5607         nla_nest_end(msg, nest);
5608
5609         nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
5610         if (!nest)
5611                 goto nla_put_failure;
5612         for (i = 0; i < req->n_channels; i++)
5613                 NLA_PUT_U32(msg, i, req->channels[i]->center_freq);
5614         nla_nest_end(msg, nest);
5615
5616         if (req->ie)
5617                 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie);
5618
5619         return 0;
5620  nla_put_failure:
5621         return -ENOBUFS;
5622 }
5623
5624 static int nl80211_send_scan_msg(struct sk_buff *msg,
5625                                  struct cfg80211_registered_device *rdev,
5626                                  struct net_device *netdev,
5627                                  u32 pid, u32 seq, int flags,
5628                                  u32 cmd)
5629 {
5630         void *hdr;
5631
5632         hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
5633         if (!hdr)
5634                 return -1;
5635
5636         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5637         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5638
5639         /* ignore errors and send incomplete event anyway */
5640         nl80211_add_scan_req(msg, rdev);
5641
5642         return genlmsg_end(msg, hdr);
5643
5644  nla_put_failure:
5645         genlmsg_cancel(msg, hdr);
5646         return -EMSGSIZE;
5647 }
5648
5649 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
5650                              struct net_device *netdev)
5651 {
5652         struct sk_buff *msg;
5653
5654         msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
5655         if (!msg)
5656                 return;
5657
5658         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5659                                   NL80211_CMD_TRIGGER_SCAN) < 0) {
5660                 nlmsg_free(msg);
5661                 return;
5662         }
5663
5664         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5665                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5666 }
5667
5668 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
5669                             struct net_device *netdev)
5670 {
5671         struct sk_buff *msg;
5672
5673         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5674         if (!msg)
5675                 return;
5676
5677         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5678                                   NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
5679                 nlmsg_free(msg);
5680                 return;
5681         }
5682
5683         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5684                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5685 }
5686
5687 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
5688                                struct net_device *netdev)
5689 {
5690         struct sk_buff *msg;
5691
5692         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5693         if (!msg)
5694                 return;
5695
5696         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5697                                   NL80211_CMD_SCAN_ABORTED) < 0) {
5698                 nlmsg_free(msg);
5699                 return;
5700         }
5701
5702         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5703                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5704 }
5705
5706 /*
5707  * This can happen on global regulatory changes or device specific settings
5708  * based on custom world regulatory domains.
5709  */
5710 void nl80211_send_reg_change_event(struct regulatory_request *request)
5711 {
5712         struct sk_buff *msg;
5713         void *hdr;
5714
5715         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5716         if (!msg)
5717                 return;
5718
5719         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
5720         if (!hdr) {
5721                 nlmsg_free(msg);
5722                 return;
5723         }
5724
5725         /* Userspace can always count this one always being set */
5726         NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator);
5727
5728         if (request->alpha2[0] == '0' && request->alpha2[1] == '0')
5729                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5730                            NL80211_REGDOM_TYPE_WORLD);
5731         else if (request->alpha2[0] == '9' && request->alpha2[1] == '9')
5732                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5733                            NL80211_REGDOM_TYPE_CUSTOM_WORLD);
5734         else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
5735                  request->intersect)
5736                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5737                            NL80211_REGDOM_TYPE_INTERSECTION);
5738         else {
5739                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5740                            NL80211_REGDOM_TYPE_COUNTRY);
5741                 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2);
5742         }
5743
5744         if (wiphy_idx_valid(request->wiphy_idx))
5745                 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
5746
5747         if (genlmsg_end(msg, hdr) < 0) {
5748                 nlmsg_free(msg);
5749                 return;
5750         }
5751
5752         rcu_read_lock();
5753         genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
5754                                 GFP_ATOMIC);
5755         rcu_read_unlock();
5756
5757         return;
5758
5759 nla_put_failure:
5760         genlmsg_cancel(msg, hdr);
5761         nlmsg_free(msg);
5762 }
5763
5764 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
5765                                     struct net_device *netdev,
5766                                     const u8 *buf, size_t len,
5767                                     enum nl80211_commands cmd, gfp_t gfp)
5768 {
5769         struct sk_buff *msg;
5770         void *hdr;
5771
5772         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5773         if (!msg)
5774                 return;
5775
5776         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5777         if (!hdr) {
5778                 nlmsg_free(msg);
5779                 return;
5780         }
5781
5782         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5783         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5784         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
5785
5786         if (genlmsg_end(msg, hdr) < 0) {
5787                 nlmsg_free(msg);
5788                 return;
5789         }
5790
5791         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5792                                 nl80211_mlme_mcgrp.id, gfp);
5793         return;
5794
5795  nla_put_failure:
5796         genlmsg_cancel(msg, hdr);
5797         nlmsg_free(msg);
5798 }
5799
5800 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
5801                           struct net_device *netdev, const u8 *buf,
5802                           size_t len, gfp_t gfp)
5803 {
5804         nl80211_send_mlme_event(rdev, netdev, buf, len,
5805                                 NL80211_CMD_AUTHENTICATE, gfp);
5806 }
5807
5808 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
5809                            struct net_device *netdev, const u8 *buf,
5810                            size_t len, gfp_t gfp)
5811 {
5812         nl80211_send_mlme_event(rdev, netdev, buf, len,
5813                                 NL80211_CMD_ASSOCIATE, gfp);
5814 }
5815
5816 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
5817                          struct net_device *netdev, const u8 *buf,
5818                          size_t len, gfp_t gfp)
5819 {
5820         nl80211_send_mlme_event(rdev, netdev, buf, len,
5821                                 NL80211_CMD_DEAUTHENTICATE, gfp);
5822 }
5823
5824 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
5825                            struct net_device *netdev, const u8 *buf,
5826                            size_t len, gfp_t gfp)
5827 {
5828         nl80211_send_mlme_event(rdev, netdev, buf, len,
5829                                 NL80211_CMD_DISASSOCIATE, gfp);
5830 }
5831
5832 void nl80211_send_unprot_deauth(struct cfg80211_registered_device *rdev,
5833                                 struct net_device *netdev, const u8 *buf,
5834                                 size_t len, gfp_t gfp)
5835 {
5836         nl80211_send_mlme_event(rdev, netdev, buf, len,
5837                                 NL80211_CMD_UNPROT_DEAUTHENTICATE, gfp);
5838 }
5839
5840 void nl80211_send_unprot_disassoc(struct cfg80211_registered_device *rdev,
5841                                   struct net_device *netdev, const u8 *buf,
5842                                   size_t len, gfp_t gfp)
5843 {
5844         nl80211_send_mlme_event(rdev, netdev, buf, len,
5845                                 NL80211_CMD_UNPROT_DISASSOCIATE, gfp);
5846 }
5847
5848 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
5849                                       struct net_device *netdev, int cmd,
5850                                       const u8 *addr, gfp_t gfp)
5851 {
5852         struct sk_buff *msg;
5853         void *hdr;
5854
5855         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5856         if (!msg)
5857                 return;
5858
5859         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5860         if (!hdr) {
5861                 nlmsg_free(msg);
5862                 return;
5863         }
5864
5865         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5866         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5867         NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT);
5868         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5869
5870         if (genlmsg_end(msg, hdr) < 0) {
5871                 nlmsg_free(msg);
5872                 return;
5873         }
5874
5875         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5876                                 nl80211_mlme_mcgrp.id, gfp);
5877         return;
5878
5879  nla_put_failure:
5880         genlmsg_cancel(msg, hdr);
5881         nlmsg_free(msg);
5882 }
5883
5884 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
5885                                struct net_device *netdev, const u8 *addr,
5886                                gfp_t gfp)
5887 {
5888         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
5889                                   addr, gfp);
5890 }
5891
5892 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
5893                                 struct net_device *netdev, const u8 *addr,
5894                                 gfp_t gfp)
5895 {
5896         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
5897                                   addr, gfp);
5898 }
5899
5900 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
5901                                  struct net_device *netdev, const u8 *bssid,
5902                                  const u8 *req_ie, size_t req_ie_len,
5903                                  const u8 *resp_ie, size_t resp_ie_len,
5904                                  u16 status, gfp_t gfp)
5905 {
5906         struct sk_buff *msg;
5907         void *hdr;
5908
5909         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5910         if (!msg)
5911                 return;
5912
5913         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
5914         if (!hdr) {
5915                 nlmsg_free(msg);
5916                 return;
5917         }
5918
5919         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5920         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5921         if (bssid)
5922                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5923         NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status);
5924         if (req_ie)
5925                 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
5926         if (resp_ie)
5927                 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
5928
5929         if (genlmsg_end(msg, hdr) < 0) {
5930                 nlmsg_free(msg);
5931                 return;
5932         }
5933
5934         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5935                                 nl80211_mlme_mcgrp.id, gfp);
5936         return;
5937
5938  nla_put_failure:
5939         genlmsg_cancel(msg, hdr);
5940         nlmsg_free(msg);
5941
5942 }
5943
5944 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
5945                          struct net_device *netdev, const u8 *bssid,
5946                          const u8 *req_ie, size_t req_ie_len,
5947                          const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
5948 {
5949         struct sk_buff *msg;
5950         void *hdr;
5951
5952         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5953         if (!msg)
5954                 return;
5955
5956         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
5957         if (!hdr) {
5958                 nlmsg_free(msg);
5959                 return;
5960         }
5961
5962         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5963         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5964         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5965         if (req_ie)
5966                 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
5967         if (resp_ie)
5968                 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
5969
5970         if (genlmsg_end(msg, hdr) < 0) {
5971                 nlmsg_free(msg);
5972                 return;
5973         }
5974
5975         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5976                                 nl80211_mlme_mcgrp.id, gfp);
5977         return;
5978
5979  nla_put_failure:
5980         genlmsg_cancel(msg, hdr);
5981         nlmsg_free(msg);
5982
5983 }
5984
5985 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
5986                                struct net_device *netdev, u16 reason,
5987                                const u8 *ie, size_t ie_len, bool from_ap)
5988 {
5989         struct sk_buff *msg;
5990         void *hdr;