6a82c898f83165823508e123165457c107ee428b
[linux-2.6.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25
26 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
27                             struct genl_info *info);
28 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
29                               struct genl_info *info);
30
31 /* the netlink family */
32 static struct genl_family nl80211_fam = {
33         .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
34         .name = "nl80211",      /* have users key off the name instead */
35         .hdrsize = 0,           /* no private header */
36         .version = 1,           /* no particular meaning now */
37         .maxattr = NL80211_ATTR_MAX,
38         .netnsok = true,
39         .pre_doit = nl80211_pre_doit,
40         .post_doit = nl80211_post_doit,
41 };
42
43 /* internal helper: get rdev and dev */
44 static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
45                                        struct cfg80211_registered_device **rdev,
46                                        struct net_device **dev)
47 {
48         struct nlattr **attrs = info->attrs;
49         int ifindex;
50
51         if (!attrs[NL80211_ATTR_IFINDEX])
52                 return -EINVAL;
53
54         ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
55         *dev = dev_get_by_index(genl_info_net(info), ifindex);
56         if (!*dev)
57                 return -ENODEV;
58
59         *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex);
60         if (IS_ERR(*rdev)) {
61                 dev_put(*dev);
62                 return PTR_ERR(*rdev);
63         }
64
65         return 0;
66 }
67
68 /* policy for the attributes */
69 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
70         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
71         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
72                                       .len = 20-1 },
73         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
74         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
75         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
76         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
77         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
78         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
79         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
80         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
81
82         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
83         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
84         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
85
86         [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
87         [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
88
89         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
90         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
91                                     .len = WLAN_MAX_KEY_LEN },
92         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
93         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
94         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
95         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
96         [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
97
98         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
99         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
100         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
101                                        .len = IEEE80211_MAX_DATA_LEN },
102         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
103                                        .len = IEEE80211_MAX_DATA_LEN },
104         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
105         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
106         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
107         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
108                                                .len = NL80211_MAX_SUPP_RATES },
109         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
110         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
111         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
112         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
113                                 .len = IEEE80211_MAX_MESH_ID_LEN },
114         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
115
116         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
117         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
118
119         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
120         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
121         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
122         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
123                                            .len = NL80211_MAX_SUPP_RATES },
124         [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
125
126         [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
127         [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
128
129         [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
130                                          .len = NL80211_HT_CAPABILITY_LEN },
131
132         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
133         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
134                               .len = IEEE80211_MAX_DATA_LEN },
135         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
136         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
137
138         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
139                                 .len = IEEE80211_MAX_SSID_LEN },
140         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
141         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
142         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
143         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
144         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
145         [NL80211_ATTR_STA_FLAGS2] = {
146                 .len = sizeof(struct nl80211_sta_flag_update),
147         },
148         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
149         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
150         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
151         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
152         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
153         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
154         [NL80211_ATTR_PID] = { .type = NLA_U32 },
155         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
156         [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
157                                  .len = WLAN_PMKID_LEN },
158         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
159         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
160         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
161         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
162                                  .len = IEEE80211_MAX_DATA_LEN },
163         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
164         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
165         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
166         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
167         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
168         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
169         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
170         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
171         [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
172         [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
173         [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
174         [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
175         [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
176         [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
177         [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
178         [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
179         [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
180 };
181
182 /* policy for the key attributes */
183 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
184         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
185         [NL80211_KEY_IDX] = { .type = NLA_U8 },
186         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
187         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
188         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
189         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
190         [NL80211_KEY_TYPE] = { .type = NLA_U32 },
191         [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
192 };
193
194 /* policy for the key default flags */
195 static const struct nla_policy
196 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
197         [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
198         [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
199 };
200
201 /* policy for WoWLAN attributes */
202 static const struct nla_policy
203 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
204         [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
205         [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
206         [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
207         [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
208 };
209
210 /* policy for GTK rekey offload attributes */
211 static const struct nla_policy
212 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
213         [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
214         [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
215         [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
216 };
217
218 /* ifidx get helper */
219 static int nl80211_get_ifidx(struct netlink_callback *cb)
220 {
221         int res;
222
223         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
224                           nl80211_fam.attrbuf, nl80211_fam.maxattr,
225                           nl80211_policy);
226         if (res)
227                 return res;
228
229         if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
230                 return -EINVAL;
231
232         res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
233         if (!res)
234                 return -EINVAL;
235         return res;
236 }
237
238 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
239                                        struct netlink_callback *cb,
240                                        struct cfg80211_registered_device **rdev,
241                                        struct net_device **dev)
242 {
243         int ifidx = cb->args[0];
244         int err;
245
246         if (!ifidx)
247                 ifidx = nl80211_get_ifidx(cb);
248         if (ifidx < 0)
249                 return ifidx;
250
251         cb->args[0] = ifidx;
252
253         rtnl_lock();
254
255         *dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
256         if (!*dev) {
257                 err = -ENODEV;
258                 goto out_rtnl;
259         }
260
261         *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
262         if (IS_ERR(*rdev)) {
263                 err = PTR_ERR(*rdev);
264                 goto out_rtnl;
265         }
266
267         return 0;
268  out_rtnl:
269         rtnl_unlock();
270         return err;
271 }
272
273 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
274 {
275         cfg80211_unlock_rdev(rdev);
276         rtnl_unlock();
277 }
278
279 /* IE validation */
280 static bool is_valid_ie_attr(const struct nlattr *attr)
281 {
282         const u8 *pos;
283         int len;
284
285         if (!attr)
286                 return true;
287
288         pos = nla_data(attr);
289         len = nla_len(attr);
290
291         while (len) {
292                 u8 elemlen;
293
294                 if (len < 2)
295                         return false;
296                 len -= 2;
297
298                 elemlen = pos[1];
299                 if (elemlen > len)
300                         return false;
301
302                 len -= elemlen;
303                 pos += 2 + elemlen;
304         }
305
306         return true;
307 }
308
309 /* message building helper */
310 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
311                                    int flags, u8 cmd)
312 {
313         /* since there is no private header just add the generic one */
314         return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
315 }
316
317 static int nl80211_msg_put_channel(struct sk_buff *msg,
318                                    struct ieee80211_channel *chan)
319 {
320         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
321                     chan->center_freq);
322
323         if (chan->flags & IEEE80211_CHAN_DISABLED)
324                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
325         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
326                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
327         if (chan->flags & IEEE80211_CHAN_NO_IBSS)
328                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
329         if (chan->flags & IEEE80211_CHAN_RADAR)
330                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
331
332         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
333                     DBM_TO_MBM(chan->max_power));
334
335         return 0;
336
337  nla_put_failure:
338         return -ENOBUFS;
339 }
340
341 /* netlink command implementations */
342
343 struct key_parse {
344         struct key_params p;
345         int idx;
346         int type;
347         bool def, defmgmt;
348         bool def_uni, def_multi;
349 };
350
351 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
352 {
353         struct nlattr *tb[NL80211_KEY_MAX + 1];
354         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
355                                    nl80211_key_policy);
356         if (err)
357                 return err;
358
359         k->def = !!tb[NL80211_KEY_DEFAULT];
360         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
361
362         if (k->def) {
363                 k->def_uni = true;
364                 k->def_multi = true;
365         }
366         if (k->defmgmt)
367                 k->def_multi = true;
368
369         if (tb[NL80211_KEY_IDX])
370                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
371
372         if (tb[NL80211_KEY_DATA]) {
373                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
374                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
375         }
376
377         if (tb[NL80211_KEY_SEQ]) {
378                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
379                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
380         }
381
382         if (tb[NL80211_KEY_CIPHER])
383                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
384
385         if (tb[NL80211_KEY_TYPE]) {
386                 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
387                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
388                         return -EINVAL;
389         }
390
391         if (tb[NL80211_KEY_DEFAULT_TYPES]) {
392                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
393                 int err = nla_parse_nested(kdt,
394                                            NUM_NL80211_KEY_DEFAULT_TYPES - 1,
395                                            tb[NL80211_KEY_DEFAULT_TYPES],
396                                            nl80211_key_default_policy);
397                 if (err)
398                         return err;
399
400                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
401                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
402         }
403
404         return 0;
405 }
406
407 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
408 {
409         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
410                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
411                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
412         }
413
414         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
415                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
416                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
417         }
418
419         if (info->attrs[NL80211_ATTR_KEY_IDX])
420                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
421
422         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
423                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
424
425         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
426         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
427
428         if (k->def) {
429                 k->def_uni = true;
430                 k->def_multi = true;
431         }
432         if (k->defmgmt)
433                 k->def_multi = true;
434
435         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
436                 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
437                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
438                         return -EINVAL;
439         }
440
441         if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
442                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
443                 int err = nla_parse_nested(
444                                 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
445                                 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
446                                 nl80211_key_default_policy);
447                 if (err)
448                         return err;
449
450                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
451                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
452         }
453
454         return 0;
455 }
456
457 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
458 {
459         int err;
460
461         memset(k, 0, sizeof(*k));
462         k->idx = -1;
463         k->type = -1;
464
465         if (info->attrs[NL80211_ATTR_KEY])
466                 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
467         else
468                 err = nl80211_parse_key_old(info, k);
469
470         if (err)
471                 return err;
472
473         if (k->def && k->defmgmt)
474                 return -EINVAL;
475
476         if (k->defmgmt) {
477                 if (k->def_uni || !k->def_multi)
478                         return -EINVAL;
479         }
480
481         if (k->idx != -1) {
482                 if (k->defmgmt) {
483                         if (k->idx < 4 || k->idx > 5)
484                                 return -EINVAL;
485                 } else if (k->def) {
486                         if (k->idx < 0 || k->idx > 3)
487                                 return -EINVAL;
488                 } else {
489                         if (k->idx < 0 || k->idx > 5)
490                                 return -EINVAL;
491                 }
492         }
493
494         return 0;
495 }
496
497 static struct cfg80211_cached_keys *
498 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
499                        struct nlattr *keys)
500 {
501         struct key_parse parse;
502         struct nlattr *key;
503         struct cfg80211_cached_keys *result;
504         int rem, err, def = 0;
505
506         result = kzalloc(sizeof(*result), GFP_KERNEL);
507         if (!result)
508                 return ERR_PTR(-ENOMEM);
509
510         result->def = -1;
511         result->defmgmt = -1;
512
513         nla_for_each_nested(key, keys, rem) {
514                 memset(&parse, 0, sizeof(parse));
515                 parse.idx = -1;
516
517                 err = nl80211_parse_key_new(key, &parse);
518                 if (err)
519                         goto error;
520                 err = -EINVAL;
521                 if (!parse.p.key)
522                         goto error;
523                 if (parse.idx < 0 || parse.idx > 4)
524                         goto error;
525                 if (parse.def) {
526                         if (def)
527                                 goto error;
528                         def = 1;
529                         result->def = parse.idx;
530                         if (!parse.def_uni || !parse.def_multi)
531                                 goto error;
532                 } else if (parse.defmgmt)
533                         goto error;
534                 err = cfg80211_validate_key_settings(rdev, &parse.p,
535                                                      parse.idx, false, NULL);
536                 if (err)
537                         goto error;
538                 result->params[parse.idx].cipher = parse.p.cipher;
539                 result->params[parse.idx].key_len = parse.p.key_len;
540                 result->params[parse.idx].key = result->data[parse.idx];
541                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
542         }
543
544         return result;
545  error:
546         kfree(result);
547         return ERR_PTR(err);
548 }
549
550 static int nl80211_key_allowed(struct wireless_dev *wdev)
551 {
552         ASSERT_WDEV_LOCK(wdev);
553
554         switch (wdev->iftype) {
555         case NL80211_IFTYPE_AP:
556         case NL80211_IFTYPE_AP_VLAN:
557         case NL80211_IFTYPE_P2P_GO:
558         case NL80211_IFTYPE_MESH_POINT:
559                 break;
560         case NL80211_IFTYPE_ADHOC:
561                 if (!wdev->current_bss)
562                         return -ENOLINK;
563                 break;
564         case NL80211_IFTYPE_STATION:
565         case NL80211_IFTYPE_P2P_CLIENT:
566                 if (wdev->sme_state != CFG80211_SME_CONNECTED)
567                         return -ENOLINK;
568                 break;
569         default:
570                 return -EINVAL;
571         }
572
573         return 0;
574 }
575
576 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
577 {
578         struct nlattr *nl_modes = nla_nest_start(msg, attr);
579         int i;
580
581         if (!nl_modes)
582                 goto nla_put_failure;
583
584         i = 0;
585         while (ifmodes) {
586                 if (ifmodes & 1)
587                         NLA_PUT_FLAG(msg, i);
588                 ifmodes >>= 1;
589                 i++;
590         }
591
592         nla_nest_end(msg, nl_modes);
593         return 0;
594
595 nla_put_failure:
596         return -ENOBUFS;
597 }
598
599 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
600                                           struct sk_buff *msg)
601 {
602         struct nlattr *nl_combis;
603         int i, j;
604
605         nl_combis = nla_nest_start(msg,
606                                 NL80211_ATTR_INTERFACE_COMBINATIONS);
607         if (!nl_combis)
608                 goto nla_put_failure;
609
610         for (i = 0; i < wiphy->n_iface_combinations; i++) {
611                 const struct ieee80211_iface_combination *c;
612                 struct nlattr *nl_combi, *nl_limits;
613
614                 c = &wiphy->iface_combinations[i];
615
616                 nl_combi = nla_nest_start(msg, i + 1);
617                 if (!nl_combi)
618                         goto nla_put_failure;
619
620                 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
621                 if (!nl_limits)
622                         goto nla_put_failure;
623
624                 for (j = 0; j < c->n_limits; j++) {
625                         struct nlattr *nl_limit;
626
627                         nl_limit = nla_nest_start(msg, j + 1);
628                         if (!nl_limit)
629                                 goto nla_put_failure;
630                         NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX,
631                                     c->limits[j].max);
632                         if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
633                                                 c->limits[j].types))
634                                 goto nla_put_failure;
635                         nla_nest_end(msg, nl_limit);
636                 }
637
638                 nla_nest_end(msg, nl_limits);
639
640                 if (c->beacon_int_infra_match)
641                         NLA_PUT_FLAG(msg,
642                                 NL80211_IFACE_COMB_STA_AP_BI_MATCH);
643                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
644                             c->num_different_channels);
645                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM,
646                             c->max_interfaces);
647
648                 nla_nest_end(msg, nl_combi);
649         }
650
651         nla_nest_end(msg, nl_combis);
652
653         return 0;
654 nla_put_failure:
655         return -ENOBUFS;
656 }
657
658 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
659                               struct cfg80211_registered_device *dev)
660 {
661         void *hdr;
662         struct nlattr *nl_bands, *nl_band;
663         struct nlattr *nl_freqs, *nl_freq;
664         struct nlattr *nl_rates, *nl_rate;
665         struct nlattr *nl_cmds;
666         enum ieee80211_band band;
667         struct ieee80211_channel *chan;
668         struct ieee80211_rate *rate;
669         int i;
670         const struct ieee80211_txrx_stypes *mgmt_stypes =
671                                 dev->wiphy.mgmt_stypes;
672
673         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
674         if (!hdr)
675                 return -1;
676
677         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
678         NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
679
680         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
681                     cfg80211_rdev_list_generation);
682
683         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
684                    dev->wiphy.retry_short);
685         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
686                    dev->wiphy.retry_long);
687         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
688                     dev->wiphy.frag_threshold);
689         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
690                     dev->wiphy.rts_threshold);
691         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
692                     dev->wiphy.coverage_class);
693         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
694                    dev->wiphy.max_scan_ssids);
695         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
696                     dev->wiphy.max_scan_ie_len);
697
698         if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)
699                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN);
700         if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)
701                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
702
703         NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
704                 sizeof(u32) * dev->wiphy.n_cipher_suites,
705                 dev->wiphy.cipher_suites);
706
707         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
708                    dev->wiphy.max_num_pmkids);
709
710         if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL)
711                 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE);
712
713         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
714                     dev->wiphy.available_antennas_tx);
715         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
716                     dev->wiphy.available_antennas_rx);
717
718         if ((dev->wiphy.available_antennas_tx ||
719              dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
720                 u32 tx_ant = 0, rx_ant = 0;
721                 int res;
722                 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
723                 if (!res) {
724                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant);
725                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant);
726                 }
727         }
728
729         if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
730                                 dev->wiphy.interface_modes))
731                 goto nla_put_failure;
732
733         nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
734         if (!nl_bands)
735                 goto nla_put_failure;
736
737         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
738                 if (!dev->wiphy.bands[band])
739                         continue;
740
741                 nl_band = nla_nest_start(msg, band);
742                 if (!nl_band)
743                         goto nla_put_failure;
744
745                 /* add HT info */
746                 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
747                         NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
748                                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
749                                 &dev->wiphy.bands[band]->ht_cap.mcs);
750                         NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
751                                 dev->wiphy.bands[band]->ht_cap.cap);
752                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
753                                 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
754                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
755                                 dev->wiphy.bands[band]->ht_cap.ampdu_density);
756                 }
757
758                 /* add frequencies */
759                 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
760                 if (!nl_freqs)
761                         goto nla_put_failure;
762
763                 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
764                         nl_freq = nla_nest_start(msg, i);
765                         if (!nl_freq)
766                                 goto nla_put_failure;
767
768                         chan = &dev->wiphy.bands[band]->channels[i];
769
770                         if (nl80211_msg_put_channel(msg, chan))
771                                 goto nla_put_failure;
772
773                         nla_nest_end(msg, nl_freq);
774                 }
775
776                 nla_nest_end(msg, nl_freqs);
777
778                 /* add bitrates */
779                 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
780                 if (!nl_rates)
781                         goto nla_put_failure;
782
783                 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
784                         nl_rate = nla_nest_start(msg, i);
785                         if (!nl_rate)
786                                 goto nla_put_failure;
787
788                         rate = &dev->wiphy.bands[band]->bitrates[i];
789                         NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
790                                     rate->bitrate);
791                         if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
792                                 NLA_PUT_FLAG(msg,
793                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
794
795                         nla_nest_end(msg, nl_rate);
796                 }
797
798                 nla_nest_end(msg, nl_rates);
799
800                 nla_nest_end(msg, nl_band);
801         }
802         nla_nest_end(msg, nl_bands);
803
804         nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
805         if (!nl_cmds)
806                 goto nla_put_failure;
807
808         i = 0;
809 #define CMD(op, n)                                              \
810          do {                                                   \
811                 if (dev->ops->op) {                             \
812                         i++;                                    \
813                         NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
814                 }                                               \
815         } while (0)
816
817         CMD(add_virtual_intf, NEW_INTERFACE);
818         CMD(change_virtual_intf, SET_INTERFACE);
819         CMD(add_key, NEW_KEY);
820         CMD(add_beacon, NEW_BEACON);
821         CMD(add_station, NEW_STATION);
822         CMD(add_mpath, NEW_MPATH);
823         CMD(update_mesh_config, SET_MESH_CONFIG);
824         CMD(change_bss, SET_BSS);
825         CMD(auth, AUTHENTICATE);
826         CMD(assoc, ASSOCIATE);
827         CMD(deauth, DEAUTHENTICATE);
828         CMD(disassoc, DISASSOCIATE);
829         CMD(join_ibss, JOIN_IBSS);
830         CMD(join_mesh, JOIN_MESH);
831         CMD(set_pmksa, SET_PMKSA);
832         CMD(del_pmksa, DEL_PMKSA);
833         CMD(flush_pmksa, FLUSH_PMKSA);
834         CMD(remain_on_channel, REMAIN_ON_CHANNEL);
835         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
836         CMD(mgmt_tx, FRAME);
837         CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
838         if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
839                 i++;
840                 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
841         }
842         CMD(set_channel, SET_CHANNEL);
843         CMD(set_wds_peer, SET_WDS_PEER);
844         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
845                 CMD(sched_scan_start, START_SCHED_SCAN);
846
847 #undef CMD
848
849         if (dev->ops->connect || dev->ops->auth) {
850                 i++;
851                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
852         }
853
854         if (dev->ops->disconnect || dev->ops->deauth) {
855                 i++;
856                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
857         }
858
859         nla_nest_end(msg, nl_cmds);
860
861         if (dev->ops->remain_on_channel)
862                 NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
863                             dev->wiphy.max_remain_on_channel_duration);
864
865         /* for now at least assume all drivers have it */
866         if (dev->ops->mgmt_tx)
867                 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
868
869         if (mgmt_stypes) {
870                 u16 stypes;
871                 struct nlattr *nl_ftypes, *nl_ifs;
872                 enum nl80211_iftype ift;
873
874                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
875                 if (!nl_ifs)
876                         goto nla_put_failure;
877
878                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
879                         nl_ftypes = nla_nest_start(msg, ift);
880                         if (!nl_ftypes)
881                                 goto nla_put_failure;
882                         i = 0;
883                         stypes = mgmt_stypes[ift].tx;
884                         while (stypes) {
885                                 if (stypes & 1)
886                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
887                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
888                                 stypes >>= 1;
889                                 i++;
890                         }
891                         nla_nest_end(msg, nl_ftypes);
892                 }
893
894                 nla_nest_end(msg, nl_ifs);
895
896                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
897                 if (!nl_ifs)
898                         goto nla_put_failure;
899
900                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
901                         nl_ftypes = nla_nest_start(msg, ift);
902                         if (!nl_ftypes)
903                                 goto nla_put_failure;
904                         i = 0;
905                         stypes = mgmt_stypes[ift].rx;
906                         while (stypes) {
907                                 if (stypes & 1)
908                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
909                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
910                                 stypes >>= 1;
911                                 i++;
912                         }
913                         nla_nest_end(msg, nl_ftypes);
914                 }
915                 nla_nest_end(msg, nl_ifs);
916         }
917
918         if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
919                 struct nlattr *nl_wowlan;
920
921                 nl_wowlan = nla_nest_start(msg,
922                                 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
923                 if (!nl_wowlan)
924                         goto nla_put_failure;
925
926                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY)
927                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
928                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT)
929                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
930                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT)
931                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
932                 if (dev->wiphy.wowlan.n_patterns) {
933                         struct nl80211_wowlan_pattern_support pat = {
934                                 .max_patterns = dev->wiphy.wowlan.n_patterns,
935                                 .min_pattern_len =
936                                         dev->wiphy.wowlan.pattern_min_len,
937                                 .max_pattern_len =
938                                         dev->wiphy.wowlan.pattern_max_len,
939                         };
940                         NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
941                                 sizeof(pat), &pat);
942                 }
943
944                 nla_nest_end(msg, nl_wowlan);
945         }
946
947         if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
948                                 dev->wiphy.software_iftypes))
949                 goto nla_put_failure;
950
951         if (nl80211_put_iface_combinations(&dev->wiphy, msg))
952                 goto nla_put_failure;
953
954         return genlmsg_end(msg, hdr);
955
956  nla_put_failure:
957         genlmsg_cancel(msg, hdr);
958         return -EMSGSIZE;
959 }
960
961 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
962 {
963         int idx = 0;
964         int start = cb->args[0];
965         struct cfg80211_registered_device *dev;
966
967         mutex_lock(&cfg80211_mutex);
968         list_for_each_entry(dev, &cfg80211_rdev_list, list) {
969                 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
970                         continue;
971                 if (++idx <= start)
972                         continue;
973                 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
974                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
975                                        dev) < 0) {
976                         idx--;
977                         break;
978                 }
979         }
980         mutex_unlock(&cfg80211_mutex);
981
982         cb->args[0] = idx;
983
984         return skb->len;
985 }
986
987 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
988 {
989         struct sk_buff *msg;
990         struct cfg80211_registered_device *dev = info->user_ptr[0];
991
992         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
993         if (!msg)
994                 return -ENOMEM;
995
996         if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
997                 nlmsg_free(msg);
998                 return -ENOBUFS;
999         }
1000
1001         return genlmsg_reply(msg, info);
1002 }
1003
1004 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1005         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
1006         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
1007         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
1008         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
1009         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
1010 };
1011
1012 static int parse_txq_params(struct nlattr *tb[],
1013                             struct ieee80211_txq_params *txq_params)
1014 {
1015         if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1016             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1017             !tb[NL80211_TXQ_ATTR_AIFS])
1018                 return -EINVAL;
1019
1020         txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
1021         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1022         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1023         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1024         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1025
1026         return 0;
1027 }
1028
1029 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1030 {
1031         /*
1032          * You can only set the channel explicitly for AP, mesh
1033          * and WDS type interfaces; all others have their channel
1034          * managed via their respective "establish a connection"
1035          * command (connect, join, ...)
1036          *
1037          * Monitors are special as they are normally slaved to
1038          * whatever else is going on, so they behave as though
1039          * you tried setting the wiphy channel itself.
1040          */
1041         return !wdev ||
1042                 wdev->iftype == NL80211_IFTYPE_AP ||
1043                 wdev->iftype == NL80211_IFTYPE_WDS ||
1044                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1045                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1046                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1047 }
1048
1049 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1050                                  struct wireless_dev *wdev,
1051                                  struct genl_info *info)
1052 {
1053         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1054         u32 freq;
1055         int result;
1056
1057         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1058                 return -EINVAL;
1059
1060         if (!nl80211_can_set_dev_channel(wdev))
1061                 return -EOPNOTSUPP;
1062
1063         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1064                 channel_type = nla_get_u32(info->attrs[
1065                                    NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1066                 if (channel_type != NL80211_CHAN_NO_HT &&
1067                     channel_type != NL80211_CHAN_HT20 &&
1068                     channel_type != NL80211_CHAN_HT40PLUS &&
1069                     channel_type != NL80211_CHAN_HT40MINUS)
1070                         return -EINVAL;
1071         }
1072
1073         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1074
1075         mutex_lock(&rdev->devlist_mtx);
1076         if (wdev) {
1077                 wdev_lock(wdev);
1078                 result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
1079                 wdev_unlock(wdev);
1080         } else {
1081                 result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
1082         }
1083         mutex_unlock(&rdev->devlist_mtx);
1084
1085         return result;
1086 }
1087
1088 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1089 {
1090         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1091         struct net_device *netdev = info->user_ptr[1];
1092
1093         return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1094 }
1095
1096 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1097 {
1098         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1099         struct net_device *dev = info->user_ptr[1];
1100         struct wireless_dev *wdev = dev->ieee80211_ptr;
1101         const u8 *bssid;
1102
1103         if (!info->attrs[NL80211_ATTR_MAC])
1104                 return -EINVAL;
1105
1106         if (netif_running(dev))
1107                 return -EBUSY;
1108
1109         if (!rdev->ops->set_wds_peer)
1110                 return -EOPNOTSUPP;
1111
1112         if (wdev->iftype != NL80211_IFTYPE_WDS)
1113                 return -EOPNOTSUPP;
1114
1115         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1116         return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1117 }
1118
1119
1120 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1121 {
1122         struct cfg80211_registered_device *rdev;
1123         struct net_device *netdev = NULL;
1124         struct wireless_dev *wdev;
1125         int result = 0, rem_txq_params = 0;
1126         struct nlattr *nl_txq_params;
1127         u32 changed;
1128         u8 retry_short = 0, retry_long = 0;
1129         u32 frag_threshold = 0, rts_threshold = 0;
1130         u8 coverage_class = 0;
1131
1132         /*
1133          * Try to find the wiphy and netdev. Normally this
1134          * function shouldn't need the netdev, but this is
1135          * done for backward compatibility -- previously
1136          * setting the channel was done per wiphy, but now
1137          * it is per netdev. Previous userland like hostapd
1138          * also passed a netdev to set_wiphy, so that it is
1139          * possible to let that go to the right netdev!
1140          */
1141         mutex_lock(&cfg80211_mutex);
1142
1143         if (info->attrs[NL80211_ATTR_IFINDEX]) {
1144                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1145
1146                 netdev = dev_get_by_index(genl_info_net(info), ifindex);
1147                 if (netdev && netdev->ieee80211_ptr) {
1148                         rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1149                         mutex_lock(&rdev->mtx);
1150                 } else
1151                         netdev = NULL;
1152         }
1153
1154         if (!netdev) {
1155                 rdev = __cfg80211_rdev_from_info(info);
1156                 if (IS_ERR(rdev)) {
1157                         mutex_unlock(&cfg80211_mutex);
1158                         return PTR_ERR(rdev);
1159                 }
1160                 wdev = NULL;
1161                 netdev = NULL;
1162                 result = 0;
1163
1164                 mutex_lock(&rdev->mtx);
1165         } else if (netif_running(netdev) &&
1166                    nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1167                 wdev = netdev->ieee80211_ptr;
1168         else
1169                 wdev = NULL;
1170
1171         /*
1172          * end workaround code, by now the rdev is available
1173          * and locked, and wdev may or may not be NULL.
1174          */
1175
1176         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1177                 result = cfg80211_dev_rename(
1178                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1179
1180         mutex_unlock(&cfg80211_mutex);
1181
1182         if (result)
1183                 goto bad_res;
1184
1185         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1186                 struct ieee80211_txq_params txq_params;
1187                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1188
1189                 if (!rdev->ops->set_txq_params) {
1190                         result = -EOPNOTSUPP;
1191                         goto bad_res;
1192                 }
1193
1194                 nla_for_each_nested(nl_txq_params,
1195                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1196                                     rem_txq_params) {
1197                         nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1198                                   nla_data(nl_txq_params),
1199                                   nla_len(nl_txq_params),
1200                                   txq_params_policy);
1201                         result = parse_txq_params(tb, &txq_params);
1202                         if (result)
1203                                 goto bad_res;
1204
1205                         result = rdev->ops->set_txq_params(&rdev->wiphy,
1206                                                            &txq_params);
1207                         if (result)
1208                                 goto bad_res;
1209                 }
1210         }
1211
1212         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1213                 result = __nl80211_set_channel(rdev, wdev, info);
1214                 if (result)
1215                         goto bad_res;
1216         }
1217
1218         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1219                 enum nl80211_tx_power_setting type;
1220                 int idx, mbm = 0;
1221
1222                 if (!rdev->ops->set_tx_power) {
1223                         result = -EOPNOTSUPP;
1224                         goto bad_res;
1225                 }
1226
1227                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1228                 type = nla_get_u32(info->attrs[idx]);
1229
1230                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1231                     (type != NL80211_TX_POWER_AUTOMATIC)) {
1232                         result = -EINVAL;
1233                         goto bad_res;
1234                 }
1235
1236                 if (type != NL80211_TX_POWER_AUTOMATIC) {
1237                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1238                         mbm = nla_get_u32(info->attrs[idx]);
1239                 }
1240
1241                 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1242                 if (result)
1243                         goto bad_res;
1244         }
1245
1246         if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1247             info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1248                 u32 tx_ant, rx_ant;
1249                 if ((!rdev->wiphy.available_antennas_tx &&
1250                      !rdev->wiphy.available_antennas_rx) ||
1251                     !rdev->ops->set_antenna) {
1252                         result = -EOPNOTSUPP;
1253                         goto bad_res;
1254                 }
1255
1256                 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1257                 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1258
1259                 /* reject antenna configurations which don't match the
1260                  * available antenna masks, except for the "all" mask */
1261                 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1262                     (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1263                         result = -EINVAL;
1264                         goto bad_res;
1265                 }
1266
1267                 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1268                 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1269
1270                 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1271                 if (result)
1272                         goto bad_res;
1273         }
1274
1275         changed = 0;
1276
1277         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1278                 retry_short = nla_get_u8(
1279                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1280                 if (retry_short == 0) {
1281                         result = -EINVAL;
1282                         goto bad_res;
1283                 }
1284                 changed |= WIPHY_PARAM_RETRY_SHORT;
1285         }
1286
1287         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1288                 retry_long = nla_get_u8(
1289                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1290                 if (retry_long == 0) {
1291                         result = -EINVAL;
1292                         goto bad_res;
1293                 }
1294                 changed |= WIPHY_PARAM_RETRY_LONG;
1295         }
1296
1297         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1298                 frag_threshold = nla_get_u32(
1299                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1300                 if (frag_threshold < 256) {
1301                         result = -EINVAL;
1302                         goto bad_res;
1303                 }
1304                 if (frag_threshold != (u32) -1) {
1305                         /*
1306                          * Fragments (apart from the last one) are required to
1307                          * have even length. Make the fragmentation code
1308                          * simpler by stripping LSB should someone try to use
1309                          * odd threshold value.
1310                          */
1311                         frag_threshold &= ~0x1;
1312                 }
1313                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1314         }
1315
1316         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1317                 rts_threshold = nla_get_u32(
1318                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1319                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
1320         }
1321
1322         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1323                 coverage_class = nla_get_u8(
1324                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1325                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
1326         }
1327
1328         if (changed) {
1329                 u8 old_retry_short, old_retry_long;
1330                 u32 old_frag_threshold, old_rts_threshold;
1331                 u8 old_coverage_class;
1332
1333                 if (!rdev->ops->set_wiphy_params) {
1334                         result = -EOPNOTSUPP;
1335                         goto bad_res;
1336                 }
1337
1338                 old_retry_short = rdev->wiphy.retry_short;
1339                 old_retry_long = rdev->wiphy.retry_long;
1340                 old_frag_threshold = rdev->wiphy.frag_threshold;
1341                 old_rts_threshold = rdev->wiphy.rts_threshold;
1342                 old_coverage_class = rdev->wiphy.coverage_class;
1343
1344                 if (changed & WIPHY_PARAM_RETRY_SHORT)
1345                         rdev->wiphy.retry_short = retry_short;
1346                 if (changed & WIPHY_PARAM_RETRY_LONG)
1347                         rdev->wiphy.retry_long = retry_long;
1348                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1349                         rdev->wiphy.frag_threshold = frag_threshold;
1350                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1351                         rdev->wiphy.rts_threshold = rts_threshold;
1352                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1353                         rdev->wiphy.coverage_class = coverage_class;
1354
1355                 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1356                 if (result) {
1357                         rdev->wiphy.retry_short = old_retry_short;
1358                         rdev->wiphy.retry_long = old_retry_long;
1359                         rdev->wiphy.frag_threshold = old_frag_threshold;
1360                         rdev->wiphy.rts_threshold = old_rts_threshold;
1361                         rdev->wiphy.coverage_class = old_coverage_class;
1362                 }
1363         }
1364
1365  bad_res:
1366         mutex_unlock(&rdev->mtx);
1367         if (netdev)
1368                 dev_put(netdev);
1369         return result;
1370 }
1371
1372
1373 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1374                               struct cfg80211_registered_device *rdev,
1375                               struct net_device *dev)
1376 {
1377         void *hdr;
1378
1379         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1380         if (!hdr)
1381                 return -1;
1382
1383         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1384         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1385         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1386         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1387
1388         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1389                     rdev->devlist_generation ^
1390                         (cfg80211_rdev_list_generation << 2));
1391
1392         return genlmsg_end(msg, hdr);
1393
1394  nla_put_failure:
1395         genlmsg_cancel(msg, hdr);
1396         return -EMSGSIZE;
1397 }
1398
1399 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1400 {
1401         int wp_idx = 0;
1402         int if_idx = 0;
1403         int wp_start = cb->args[0];
1404         int if_start = cb->args[1];
1405         struct cfg80211_registered_device *rdev;
1406         struct wireless_dev *wdev;
1407
1408         mutex_lock(&cfg80211_mutex);
1409         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1410                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1411                         continue;
1412                 if (wp_idx < wp_start) {
1413                         wp_idx++;
1414                         continue;
1415                 }
1416                 if_idx = 0;
1417
1418                 mutex_lock(&rdev->devlist_mtx);
1419                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
1420                         if (if_idx < if_start) {
1421                                 if_idx++;
1422                                 continue;
1423                         }
1424                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1425                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
1426                                                rdev, wdev->netdev) < 0) {
1427                                 mutex_unlock(&rdev->devlist_mtx);
1428                                 goto out;
1429                         }
1430                         if_idx++;
1431                 }
1432                 mutex_unlock(&rdev->devlist_mtx);
1433
1434                 wp_idx++;
1435         }
1436  out:
1437         mutex_unlock(&cfg80211_mutex);
1438
1439         cb->args[0] = wp_idx;
1440         cb->args[1] = if_idx;
1441
1442         return skb->len;
1443 }
1444
1445 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1446 {
1447         struct sk_buff *msg;
1448         struct cfg80211_registered_device *dev = info->user_ptr[0];
1449         struct net_device *netdev = info->user_ptr[1];
1450
1451         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1452         if (!msg)
1453                 return -ENOMEM;
1454
1455         if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1456                                dev, netdev) < 0) {
1457                 nlmsg_free(msg);
1458                 return -ENOBUFS;
1459         }
1460
1461         return genlmsg_reply(msg, info);
1462 }
1463
1464 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1465         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1466         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1467         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1468         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1469         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1470 };
1471
1472 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1473 {
1474         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1475         int flag;
1476
1477         *mntrflags = 0;
1478
1479         if (!nla)
1480                 return -EINVAL;
1481
1482         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1483                              nla, mntr_flags_policy))
1484                 return -EINVAL;
1485
1486         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1487                 if (flags[flag])
1488                         *mntrflags |= (1<<flag);
1489
1490         return 0;
1491 }
1492
1493 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1494                                struct net_device *netdev, u8 use_4addr,
1495                                enum nl80211_iftype iftype)
1496 {
1497         if (!use_4addr) {
1498                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1499                         return -EBUSY;
1500                 return 0;
1501         }
1502
1503         switch (iftype) {
1504         case NL80211_IFTYPE_AP_VLAN:
1505                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1506                         return 0;
1507                 break;
1508         case NL80211_IFTYPE_STATION:
1509                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1510                         return 0;
1511                 break;
1512         default:
1513                 break;
1514         }
1515
1516         return -EOPNOTSUPP;
1517 }
1518
1519 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1520 {
1521         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1522         struct vif_params params;
1523         int err;
1524         enum nl80211_iftype otype, ntype;
1525         struct net_device *dev = info->user_ptr[1];
1526         u32 _flags, *flags = NULL;
1527         bool change = false;
1528
1529         memset(&params, 0, sizeof(params));
1530
1531         otype = ntype = dev->ieee80211_ptr->iftype;
1532
1533         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1534                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1535                 if (otype != ntype)
1536                         change = true;
1537                 if (ntype > NL80211_IFTYPE_MAX)
1538                         return -EINVAL;
1539         }
1540
1541         if (info->attrs[NL80211_ATTR_MESH_ID]) {
1542                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1543
1544                 if (ntype != NL80211_IFTYPE_MESH_POINT)
1545                         return -EINVAL;
1546                 if (netif_running(dev))
1547                         return -EBUSY;
1548
1549                 wdev_lock(wdev);
1550                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1551                              IEEE80211_MAX_MESH_ID_LEN);
1552                 wdev->mesh_id_up_len =
1553                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1554                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1555                        wdev->mesh_id_up_len);
1556                 wdev_unlock(wdev);
1557         }
1558
1559         if (info->attrs[NL80211_ATTR_4ADDR]) {
1560                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1561                 change = true;
1562                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1563                 if (err)
1564                         return err;
1565         } else {
1566                 params.use_4addr = -1;
1567         }
1568
1569         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1570                 if (ntype != NL80211_IFTYPE_MONITOR)
1571                         return -EINVAL;
1572                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1573                                           &_flags);
1574                 if (err)
1575                         return err;
1576
1577                 flags = &_flags;
1578                 change = true;
1579         }
1580
1581         if (change)
1582                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1583         else
1584                 err = 0;
1585
1586         if (!err && params.use_4addr != -1)
1587                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1588
1589         return err;
1590 }
1591
1592 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1593 {
1594         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1595         struct vif_params params;
1596         struct net_device *dev;
1597         int err;
1598         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1599         u32 flags;
1600
1601         memset(&params, 0, sizeof(params));
1602
1603         if (!info->attrs[NL80211_ATTR_IFNAME])
1604                 return -EINVAL;
1605
1606         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1607                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1608                 if (type > NL80211_IFTYPE_MAX)
1609                         return -EINVAL;
1610         }
1611
1612         if (!rdev->ops->add_virtual_intf ||
1613             !(rdev->wiphy.interface_modes & (1 << type)))
1614                 return -EOPNOTSUPP;
1615
1616         if (info->attrs[NL80211_ATTR_4ADDR]) {
1617                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1618                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1619                 if (err)
1620                         return err;
1621         }
1622
1623         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1624                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1625                                   &flags);
1626         dev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1627                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1628                 type, err ? NULL : &flags, &params);
1629         if (IS_ERR(dev))
1630                 return PTR_ERR(dev);
1631
1632         if (type == NL80211_IFTYPE_MESH_POINT &&
1633             info->attrs[NL80211_ATTR_MESH_ID]) {
1634                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1635
1636                 wdev_lock(wdev);
1637                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1638                              IEEE80211_MAX_MESH_ID_LEN);
1639                 wdev->mesh_id_up_len =
1640                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1641                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1642                        wdev->mesh_id_up_len);
1643                 wdev_unlock(wdev);
1644         }
1645
1646         return 0;
1647 }
1648
1649 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1650 {
1651         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1652         struct net_device *dev = info->user_ptr[1];
1653
1654         if (!rdev->ops->del_virtual_intf)
1655                 return -EOPNOTSUPP;
1656
1657         return rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1658 }
1659
1660 struct get_key_cookie {
1661         struct sk_buff *msg;
1662         int error;
1663         int idx;
1664 };
1665
1666 static void get_key_callback(void *c, struct key_params *params)
1667 {
1668         struct nlattr *key;
1669         struct get_key_cookie *cookie = c;
1670
1671         if (params->key)
1672                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1673                         params->key_len, params->key);
1674
1675         if (params->seq)
1676                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1677                         params->seq_len, params->seq);
1678
1679         if (params->cipher)
1680                 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1681                             params->cipher);
1682
1683         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1684         if (!key)
1685                 goto nla_put_failure;
1686
1687         if (params->key)
1688                 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1689                         params->key_len, params->key);
1690
1691         if (params->seq)
1692                 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1693                         params->seq_len, params->seq);
1694
1695         if (params->cipher)
1696                 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1697                             params->cipher);
1698
1699         NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1700
1701         nla_nest_end(cookie->msg, key);
1702
1703         return;
1704  nla_put_failure:
1705         cookie->error = 1;
1706 }
1707
1708 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1709 {
1710         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1711         int err;
1712         struct net_device *dev = info->user_ptr[1];
1713         u8 key_idx = 0;
1714         const u8 *mac_addr = NULL;
1715         bool pairwise;
1716         struct get_key_cookie cookie = {
1717                 .error = 0,
1718         };
1719         void *hdr;
1720         struct sk_buff *msg;
1721
1722         if (info->attrs[NL80211_ATTR_KEY_IDX])
1723                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1724
1725         if (key_idx > 5)
1726                 return -EINVAL;
1727
1728         if (info->attrs[NL80211_ATTR_MAC])
1729                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1730
1731         pairwise = !!mac_addr;
1732         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
1733                 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1734                 if (kt >= NUM_NL80211_KEYTYPES)
1735                         return -EINVAL;
1736                 if (kt != NL80211_KEYTYPE_GROUP &&
1737                     kt != NL80211_KEYTYPE_PAIRWISE)
1738                         return -EINVAL;
1739                 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
1740         }
1741
1742         if (!rdev->ops->get_key)
1743                 return -EOPNOTSUPP;
1744
1745         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1746         if (!msg)
1747                 return -ENOMEM;
1748
1749         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1750                              NL80211_CMD_NEW_KEY);
1751         if (IS_ERR(hdr))
1752                 return PTR_ERR(hdr);
1753
1754         cookie.msg = msg;
1755         cookie.idx = key_idx;
1756
1757         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1758         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1759         if (mac_addr)
1760                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1761
1762         if (pairwise && mac_addr &&
1763             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1764                 return -ENOENT;
1765
1766         err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
1767                                  mac_addr, &cookie, get_key_callback);
1768
1769         if (err)
1770                 goto free_msg;
1771
1772         if (cookie.error)
1773                 goto nla_put_failure;
1774
1775         genlmsg_end(msg, hdr);
1776         return genlmsg_reply(msg, info);
1777
1778  nla_put_failure:
1779         err = -ENOBUFS;
1780  free_msg:
1781         nlmsg_free(msg);
1782         return err;
1783 }
1784
1785 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1786 {
1787         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1788         struct key_parse key;
1789         int err;
1790         struct net_device *dev = info->user_ptr[1];
1791
1792         err = nl80211_parse_key(info, &key);
1793         if (err)
1794                 return err;
1795
1796         if (key.idx < 0)
1797                 return -EINVAL;
1798
1799         /* only support setting default key */
1800         if (!key.def && !key.defmgmt)
1801                 return -EINVAL;
1802
1803         wdev_lock(dev->ieee80211_ptr);
1804
1805         if (key.def) {
1806                 if (!rdev->ops->set_default_key) {
1807                         err = -EOPNOTSUPP;
1808                         goto out;
1809                 }
1810
1811                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1812                 if (err)
1813                         goto out;
1814
1815                 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
1816                                                  key.def_uni, key.def_multi);
1817
1818                 if (err)
1819                         goto out;
1820
1821 #ifdef CONFIG_CFG80211_WEXT
1822                 dev->ieee80211_ptr->wext.default_key = key.idx;
1823 #endif
1824         } else {
1825                 if (key.def_uni || !key.def_multi) {
1826                         err = -EINVAL;
1827                         goto out;
1828                 }
1829
1830                 if (!rdev->ops->set_default_mgmt_key) {
1831                         err = -EOPNOTSUPP;
1832                         goto out;
1833                 }
1834
1835                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1836                 if (err)
1837                         goto out;
1838
1839                 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
1840                                                       dev, key.idx);
1841                 if (err)
1842                         goto out;
1843
1844 #ifdef CONFIG_CFG80211_WEXT
1845                 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1846 #endif
1847         }
1848
1849  out:
1850         wdev_unlock(dev->ieee80211_ptr);
1851
1852         return err;
1853 }
1854
1855 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1856 {
1857         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1858         int err;
1859         struct net_device *dev = info->user_ptr[1];
1860         struct key_parse key;
1861         const u8 *mac_addr = NULL;
1862
1863         err = nl80211_parse_key(info, &key);
1864         if (err)
1865                 return err;
1866
1867         if (!key.p.key)
1868                 return -EINVAL;
1869
1870         if (info->attrs[NL80211_ATTR_MAC])
1871                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1872
1873         if (key.type == -1) {
1874                 if (mac_addr)
1875                         key.type = NL80211_KEYTYPE_PAIRWISE;
1876                 else
1877                         key.type = NL80211_KEYTYPE_GROUP;
1878         }
1879
1880         /* for now */
1881         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
1882             key.type != NL80211_KEYTYPE_GROUP)
1883                 return -EINVAL;
1884
1885         if (!rdev->ops->add_key)
1886                 return -EOPNOTSUPP;
1887
1888         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
1889                                            key.type == NL80211_KEYTYPE_PAIRWISE,
1890                                            mac_addr))
1891                 return -EINVAL;
1892
1893         wdev_lock(dev->ieee80211_ptr);
1894         err = nl80211_key_allowed(dev->ieee80211_ptr);
1895         if (!err)
1896                 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
1897                                          key.type == NL80211_KEYTYPE_PAIRWISE,
1898                                          mac_addr, &key.p);
1899         wdev_unlock(dev->ieee80211_ptr);
1900
1901         return err;
1902 }
1903
1904 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1905 {
1906         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1907         int err;
1908         struct net_device *dev = info->user_ptr[1];
1909         u8 *mac_addr = NULL;
1910         struct key_parse key;
1911
1912         err = nl80211_parse_key(info, &key);
1913         if (err)
1914                 return err;
1915
1916         if (info->attrs[NL80211_ATTR_MAC])
1917                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1918
1919         if (key.type == -1) {
1920                 if (mac_addr)
1921                         key.type = NL80211_KEYTYPE_PAIRWISE;
1922                 else
1923                         key.type = NL80211_KEYTYPE_GROUP;
1924         }
1925
1926         /* for now */
1927         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
1928             key.type != NL80211_KEYTYPE_GROUP)
1929                 return -EINVAL;
1930
1931         if (!rdev->ops->del_key)
1932                 return -EOPNOTSUPP;
1933
1934         wdev_lock(dev->ieee80211_ptr);
1935         err = nl80211_key_allowed(dev->ieee80211_ptr);
1936
1937         if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
1938             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1939                 err = -ENOENT;
1940
1941         if (!err)
1942                 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
1943                                          key.type == NL80211_KEYTYPE_PAIRWISE,
1944                                          mac_addr);
1945
1946 #ifdef CONFIG_CFG80211_WEXT
1947         if (!err) {
1948                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
1949                         dev->ieee80211_ptr->wext.default_key = -1;
1950                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
1951                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
1952         }
1953 #endif
1954         wdev_unlock(dev->ieee80211_ptr);
1955
1956         return err;
1957 }
1958
1959 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1960 {
1961         int (*call)(struct wiphy *wiphy, struct net_device *dev,
1962                     struct beacon_parameters *info);
1963         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1964         struct net_device *dev = info->user_ptr[1];
1965         struct wireless_dev *wdev = dev->ieee80211_ptr;
1966         struct beacon_parameters params;
1967         int haveinfo = 0, err;
1968
1969         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]))
1970                 return -EINVAL;
1971
1972         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1973             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
1974                 return -EOPNOTSUPP;
1975
1976         memset(&params, 0, sizeof(params));
1977
1978         switch (info->genlhdr->cmd) {
1979         case NL80211_CMD_NEW_BEACON:
1980                 /* these are required for NEW_BEACON */
1981                 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
1982                     !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
1983                     !info->attrs[NL80211_ATTR_BEACON_HEAD])
1984                         return -EINVAL;
1985
1986                 params.interval =
1987                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
1988                 params.dtim_period =
1989                         nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
1990
1991                 err = cfg80211_validate_beacon_int(rdev, params.interval);
1992                 if (err)
1993                         return err;
1994
1995                 call = rdev->ops->add_beacon;
1996                 break;
1997         case NL80211_CMD_SET_BEACON:
1998                 call = rdev->ops->set_beacon;
1999                 break;
2000         default:
2001                 WARN_ON(1);
2002                 return -EOPNOTSUPP;
2003         }
2004
2005         if (!call)
2006                 return -EOPNOTSUPP;
2007
2008         if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2009                 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2010                 params.head_len =
2011                     nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2012                 haveinfo = 1;
2013         }
2014
2015         if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2016                 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2017                 params.tail_len =
2018                     nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2019                 haveinfo = 1;
2020         }
2021
2022         if (!haveinfo)
2023                 return -EINVAL;
2024
2025         err = call(&rdev->wiphy, dev, &params);
2026         if (!err && params.interval)
2027                 wdev->beacon_interval = params.interval;
2028         return err;
2029 }
2030
2031 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
2032 {
2033         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2034         struct net_device *dev = info->user_ptr[1];
2035         struct wireless_dev *wdev = dev->ieee80211_ptr;
2036         int err;
2037
2038         if (!rdev->ops->del_beacon)
2039                 return -EOPNOTSUPP;
2040
2041         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2042             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2043                 return -EOPNOTSUPP;
2044
2045         err = rdev->ops->del_beacon(&rdev->wiphy, dev);
2046         if (!err)
2047                 wdev->beacon_interval = 0;
2048         return err;
2049 }
2050
2051 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2052         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2053         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2054         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2055         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2056         [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2057 };
2058
2059 static int parse_station_flags(struct genl_info *info,
2060                                struct station_parameters *params)
2061 {
2062         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2063         struct nlattr *nla;
2064         int flag;
2065
2066         /*
2067          * Try parsing the new attribute first so userspace
2068          * can specify both for older kernels.
2069          */
2070         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2071         if (nla) {
2072                 struct nl80211_sta_flag_update *sta_flags;
2073
2074                 sta_flags = nla_data(nla);
2075                 params->sta_flags_mask = sta_flags->mask;
2076                 params->sta_flags_set = sta_flags->set;
2077                 if ((params->sta_flags_mask |
2078                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2079                         return -EINVAL;
2080                 return 0;
2081         }
2082
2083         /* if present, parse the old attribute */
2084
2085         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2086         if (!nla)
2087                 return 0;
2088
2089         if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2090                              nla, sta_flags_policy))
2091                 return -EINVAL;
2092
2093         params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1;
2094         params->sta_flags_mask &= ~1;
2095
2096         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
2097                 if (flags[flag])
2098                         params->sta_flags_set |= (1<<flag);
2099
2100         return 0;
2101 }
2102
2103 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2104                                  int attr)
2105 {
2106         struct nlattr *rate;
2107         u16 bitrate;
2108
2109         rate = nla_nest_start(msg, attr);
2110         if (!rate)
2111                 goto nla_put_failure;
2112
2113         /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2114         bitrate = cfg80211_calculate_bitrate(info);
2115         if (bitrate > 0)
2116                 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
2117
2118         if (info->flags & RATE_INFO_FLAGS_MCS)
2119                 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs);
2120         if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
2121                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
2122         if (info->flags & RATE_INFO_FLAGS_SHORT_GI)
2123                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
2124
2125         nla_nest_end(msg, rate);
2126         return true;
2127
2128 nla_put_failure:
2129         return false;
2130 }
2131
2132 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2133                                 int flags, struct net_device *dev,
2134                                 const u8 *mac_addr, struct station_info *sinfo)
2135 {
2136         void *hdr;
2137         struct nlattr *sinfoattr, *bss_param;
2138
2139         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2140         if (!hdr)
2141                 return -1;
2142
2143         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2144         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
2145
2146         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
2147
2148         sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2149         if (!sinfoattr)
2150                 goto nla_put_failure;
2151         if (sinfo->filled & STATION_INFO_CONNECTED_TIME)
2152                 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2153                             sinfo->connected_time);
2154         if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
2155                 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2156                             sinfo->inactive_time);
2157         if (sinfo->filled & STATION_INFO_RX_BYTES)
2158                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
2159                             sinfo->rx_bytes);
2160         if (sinfo->filled & STATION_INFO_TX_BYTES)
2161                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
2162                             sinfo->tx_bytes);
2163         if (sinfo->filled & STATION_INFO_LLID)
2164                 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
2165                             sinfo->llid);
2166         if (sinfo->filled & STATION_INFO_PLID)
2167                 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
2168                             sinfo->plid);
2169         if (sinfo->filled & STATION_INFO_PLINK_STATE)
2170                 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
2171                             sinfo->plink_state);
2172         if (sinfo->filled & STATION_INFO_SIGNAL)
2173                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
2174                            sinfo->signal);
2175         if (sinfo->filled & STATION_INFO_SIGNAL_AVG)
2176                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2177                            sinfo->signal_avg);
2178         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2179                 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2180                                           NL80211_STA_INFO_TX_BITRATE))
2181                         goto nla_put_failure;
2182         }
2183         if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2184                 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2185                                           NL80211_STA_INFO_RX_BITRATE))
2186                         goto nla_put_failure;
2187         }
2188         if (sinfo->filled & STATION_INFO_RX_PACKETS)
2189                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
2190                             sinfo->rx_packets);
2191         if (sinfo->filled & STATION_INFO_TX_PACKETS)
2192                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
2193                             sinfo->tx_packets);
2194         if (sinfo->filled & STATION_INFO_TX_RETRIES)
2195                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES,
2196                             sinfo->tx_retries);
2197         if (sinfo->filled & STATION_INFO_TX_FAILED)
2198                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED,
2199                             sinfo->tx_failed);
2200         if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2201                 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2202                 if (!bss_param)
2203                         goto nla_put_failure;
2204
2205                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT)
2206                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT);
2207                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE)
2208                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE);
2209                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME)
2210                         NLA_PUT_FLAG(msg,
2211                                      NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME);
2212                 NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2213                            sinfo->bss_param.dtim_period);
2214                 NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2215                             sinfo->bss_param.beacon_interval);
2216
2217                 nla_nest_end(msg, bss_param);
2218         }
2219         nla_nest_end(msg, sinfoattr);
2220
2221         return genlmsg_end(msg, hdr);
2222
2223  nla_put_failure:
2224         genlmsg_cancel(msg, hdr);
2225         return -EMSGSIZE;
2226 }
2227
2228 static int nl80211_dump_station(struct sk_buff *skb,
2229                                 struct netlink_callback *cb)
2230 {
2231         struct station_info sinfo;
2232         struct cfg80211_registered_device *dev;
2233         struct net_device *netdev;
2234         u8 mac_addr[ETH_ALEN];
2235         int sta_idx = cb->args[1];
2236         int err;
2237
2238         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2239         if (err)
2240                 return err;
2241
2242         if (!dev->ops->dump_station) {
2243                 err = -EOPNOTSUPP;
2244                 goto out_err;
2245         }
2246
2247         while (1) {
2248                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2249                                              mac_addr, &sinfo);
2250                 if (err == -ENOENT)
2251                         break;
2252                 if (err)
2253                         goto out_err;
2254
2255                 if (nl80211_send_station(skb,
2256                                 NETLINK_CB(cb->skb).pid,
2257                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2258                                 netdev, mac_addr,
2259                                 &sinfo) < 0)
2260                         goto out;
2261
2262                 sta_idx++;
2263         }
2264
2265
2266  out:
2267         cb->args[1] = sta_idx;
2268         err = skb->len;
2269  out_err:
2270         nl80211_finish_netdev_dump(dev);
2271
2272         return err;
2273 }
2274
2275 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2276 {
2277         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2278         struct net_device *dev = info->user_ptr[1];
2279         struct station_info sinfo;
2280         struct sk_buff *msg;
2281         u8 *mac_addr = NULL;
2282         int err;
2283
2284         memset(&sinfo, 0, sizeof(sinfo));
2285
2286         if (!info->attrs[NL80211_ATTR_MAC])
2287                 return -EINVAL;
2288
2289         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2290
2291         if (!rdev->ops->get_station)
2292                 return -EOPNOTSUPP;
2293
2294         err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2295         if (err)
2296                 return err;
2297
2298         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2299         if (!msg)
2300                 return -ENOMEM;
2301
2302         if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2303                                  dev, mac_addr, &sinfo) < 0) {
2304                 nlmsg_free(msg);
2305                 return -ENOBUFS;
2306         }
2307
2308         return genlmsg_reply(msg, info);
2309 }
2310
2311 /*
2312  * Get vlan interface making sure it is running and on the right wiphy.
2313  */
2314 static int get_vlan(struct genl_info *info,
2315                     struct cfg80211_registered_device *rdev,
2316                     struct net_device **vlan)
2317 {
2318         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2319         *vlan = NULL;
2320
2321         if (vlanattr) {
2322                 *vlan = dev_get_by_index(genl_info_net(info),
2323                                          nla_get_u32(vlanattr));
2324                 if (!*vlan)
2325                         return -ENODEV;
2326                 if (!(*vlan)->ieee80211_ptr)
2327                         return -EINVAL;
2328                 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
2329                         return -EINVAL;
2330                 if (!netif_running(*vlan))
2331                         return -ENETDOWN;
2332         }
2333         return 0;
2334 }
2335
2336 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2337 {
2338         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2339         int err;
2340         struct net_device *dev = info->user_ptr[1];
2341         struct station_parameters params;
2342         u8 *mac_addr = NULL;
2343
2344         memset(&params, 0, sizeof(params));
2345
2346         params.listen_interval = -1;
2347         params.plink_state = -1;
2348
2349         if (info->attrs[NL80211_ATTR_STA_AID])
2350                 return -EINVAL;
2351
2352         if (!info->attrs[NL80211_ATTR_MAC])
2353                 return -EINVAL;
2354
2355         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2356
2357         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2358                 params.supported_rates =
2359                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2360                 params.supported_rates_len =
2361                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2362         }
2363
2364         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2365                 params.listen_interval =
2366                     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2367
2368         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2369                 params.ht_capa =
2370                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2371
2372         if (parse_station_flags(info, &params))
2373                 return -EINVAL;
2374
2375         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2376                 params.plink_action =
2377                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2378
2379         if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
2380                 params.plink_state =
2381                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
2382
2383         err = get_vlan(info, rdev, &params.vlan);
2384         if (err)
2385                 goto out;
2386
2387         /* validate settings */
2388         err = 0;
2389
2390         switch (dev->ieee80211_ptr->iftype) {
2391         case NL80211_IFTYPE_AP:
2392         case NL80211_IFTYPE_AP_VLAN:
2393         case NL80211_IFTYPE_P2P_GO:
2394                 /* disallow mesh-specific things */
2395                 if (params.plink_action)
2396                         err = -EINVAL;
2397                 break;
2398         case NL80211_IFTYPE_P2P_CLIENT:
2399         case NL80211_IFTYPE_STATION:
2400                 /* disallow everything but AUTHORIZED flag */
2401                 if (params.plink_action)
2402                         err = -EINVAL;
2403                 if (params.vlan)
2404                         err = -EINVAL;
2405                 if (params.supported_rates)
2406                         err = -EINVAL;
2407                 if (params.ht_capa)
2408                         err = -EINVAL;
2409                 if (params.listen_interval >= 0)
2410                         err = -EINVAL;
2411                 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2412                         err = -EINVAL;
2413                 break;
2414         case NL80211_IFTYPE_MESH_POINT:
2415                 /* disallow things mesh doesn't support */
2416                 if (params.vlan)
2417                         err = -EINVAL;
2418                 if (params.ht_capa)
2419                         err = -EINVAL;
2420                 if (params.listen_interval >= 0)
2421                         err = -EINVAL;
2422                 if (params.sta_flags_mask &
2423                                 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2424                                   BIT(NL80211_STA_FLAG_MFP) |
2425                                   BIT(NL80211_STA_FLAG_AUTHORIZED)))
2426                         err = -EINVAL;
2427                 break;
2428         default:
2429                 err = -EINVAL;
2430         }
2431
2432         if (err)
2433                 goto out;
2434
2435         if (!rdev->ops->change_station) {
2436                 err = -EOPNOTSUPP;
2437                 goto out;
2438         }
2439
2440         err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2441
2442  out:
2443         if (params.vlan)
2444                 dev_put(params.vlan);
2445
2446         return err;
2447 }
2448
2449 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2450 {
2451         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2452         int err;
2453         struct net_device *dev = info->user_ptr[1];
2454         struct station_parameters params;
2455         u8 *mac_addr = NULL;
2456
2457         memset(&params, 0, sizeof(params));
2458
2459         if (!info->attrs[NL80211_ATTR_MAC])
2460                 return -EINVAL;
2461
2462         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2463                 return -EINVAL;
2464
2465         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2466                 return -EINVAL;
2467
2468         if (!info->attrs[NL80211_ATTR_STA_AID])
2469                 return -EINVAL;
2470
2471         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2472         params.supported_rates =
2473                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2474         params.supported_rates_len =
2475                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2476         params.listen_interval =
2477                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2478
2479         params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2480         if (!params.aid || params.aid > IEEE80211_MAX_AID)
2481                 return -EINVAL;
2482
2483         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2484                 params.ht_capa =
2485                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2486
2487         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2488                 params.plink_action =
2489                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2490
2491         if (parse_station_flags(info, &params))
2492                 return -EINVAL;
2493
2494         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2495             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2496             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2497             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2498                 return -EINVAL;
2499
2500         err = get_vlan(info, rdev, &params.vlan);
2501         if (err)
2502                 goto out;
2503
2504         /* validate settings */
2505         err = 0;
2506
2507         if (!rdev->ops->add_station) {
2508                 err = -EOPNOTSUPP;
2509                 goto out;
2510         }
2511
2512         err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2513
2514  out:
2515         if (params.vlan)
2516                 dev_put(params.vlan);
2517         return err;
2518 }
2519
2520 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2521 {
2522         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2523         struct net_device *dev = info->user_ptr[1];
2524         u8 *mac_addr = NULL;
2525
2526         if (info->attrs[NL80211_ATTR_MAC])
2527                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2528
2529         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2530             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2531             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2532             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2533                 return -EINVAL;
2534
2535         if (!rdev->ops->del_station)
2536                 return -EOPNOTSUPP;
2537
2538         return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2539 }
2540
2541 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2542                                 int flags, struct net_device *dev,
2543                                 u8 *dst, u8 *next_hop,
2544                                 struct mpath_info *pinfo)
2545 {
2546         void *hdr;
2547         struct nlattr *pinfoattr;
2548
2549         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2550         if (!hdr)
2551                 return -1;
2552
2553         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2554         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2555         NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2556
2557         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2558
2559         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2560         if (!pinfoattr)
2561                 goto nla_put_failure;
2562         if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2563                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2564                             pinfo->frame_qlen);
2565         if (pinfo->filled & MPATH_INFO_SN)
2566                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2567                             pinfo->sn);
2568         if (pinfo->filled & MPATH_INFO_METRIC)
2569                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2570                             pinfo->metric);
2571         if (pinfo->filled & MPATH_INFO_EXPTIME)
2572                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2573                             pinfo->exptime);
2574         if (pinfo->filled & MPATH_INFO_FLAGS)
2575                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2576                             pinfo->flags);
2577         if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2578                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2579                             pinfo->discovery_timeout);
2580         if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2581                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2582                             pinfo->discovery_retries);
2583
2584         nla_nest_end(msg, pinfoattr);
2585
2586         return genlmsg_end(msg, hdr);
2587
2588  nla_put_failure:
2589         genlmsg_cancel(msg, hdr);
2590         return -EMSGSIZE;
2591 }
2592
2593 static int nl80211_dump_mpath(struct sk_buff *skb,
2594                               struct netlink_callback *cb)
2595 {
2596         struct mpath_info pinfo;
2597         struct cfg80211_registered_device *dev;
2598         struct net_device *netdev;
2599         u8 dst[ETH_ALEN];
2600         u8 next_hop[ETH_ALEN];
2601         int path_idx = cb->args[1];
2602         int err;
2603
2604         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2605         if (err)
2606                 return err;
2607
2608         if (!dev->ops->dump_mpath) {
2609                 err = -EOPNOTSUPP;
2610                 goto out_err;
2611         }
2612
2613         if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2614                 err = -EOPNOTSUPP;
2615                 goto out_err;
2616         }
2617
2618         while (1) {
2619                 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2620                                            dst, next_hop, &pinfo);
2621                 if (err == -ENOENT)
2622                         break;
2623                 if (err)
2624                         goto out_err;
2625
2626                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2627                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
2628                                        netdev, dst, next_hop,
2629                                        &pinfo) < 0)
2630                         goto out;
2631
2632                 path_idx++;
2633         }
2634
2635
2636  out:
2637         cb->args[1] = path_idx;
2638         err = skb->len;
2639  out_err:
2640         nl80211_finish_netdev_dump(dev);
2641         return err;
2642 }
2643
2644 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2645 {
2646         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2647         int err;
2648         struct net_device *dev = info->user_ptr[1];
2649         struct mpath_info pinfo;
2650         struct sk_buff *msg;
2651         u8 *dst = NULL;
2652         u8 next_hop[ETH_ALEN];
2653
2654         memset(&pinfo, 0, sizeof(pinfo));
2655
2656         if (!info->attrs[NL80211_ATTR_MAC])
2657                 return -EINVAL;
2658
2659         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2660
2661         if (!rdev->ops->get_mpath)
2662                 return -EOPNOTSUPP;
2663
2664         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2665                 return -EOPNOTSUPP;
2666
2667         err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2668         if (err)
2669                 return err;
2670
2671         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2672         if (!msg)
2673                 return -ENOMEM;
2674
2675         if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2676                                  dev, dst, next_hop, &pinfo) < 0) {
2677                 nlmsg_free(msg);
2678                 return -ENOBUFS;
2679         }
2680
2681         return genlmsg_reply(msg, info);
2682 }
2683
2684 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
2685 {
2686         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2687         struct net_device *dev = info->user_ptr[1];
2688         u8 *dst = NULL;
2689         u8 *next_hop = NULL;
2690
2691         if (!info->attrs[NL80211_ATTR_MAC])
2692                 return -EINVAL;
2693
2694         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2695                 return -EINVAL;
2696
2697         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2698         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2699
2700         if (!rdev->ops->change_mpath)
2701                 return -EOPNOTSUPP;
2702
2703         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2704                 return -EOPNOTSUPP;
2705
2706         return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
2707 }
2708
2709 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
2710 {
2711         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2712         struct net_device *dev = info->user_ptr[1];
2713         u8 *dst = NULL;
2714         u8 *next_hop = NULL;
2715
2716         if (!info->attrs[NL80211_ATTR_MAC])
2717                 return -EINVAL;
2718
2719         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2720                 return -EINVAL;
2721
2722         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2723         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2724
2725         if (!rdev->ops->add_mpath)
2726                 return -EOPNOTSUPP;
2727
2728         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2729                 return -EOPNOTSUPP;
2730
2731         return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
2732 }
2733
2734 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
2735 {
2736         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2737         struct net_device *dev = info->user_ptr[1];
2738         u8 *dst = NULL;
2739
2740         if (info->attrs[NL80211_ATTR_MAC])
2741                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2742
2743         if (!rdev->ops->del_mpath)
2744                 return -EOPNOTSUPP;
2745
2746         return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
2747 }
2748
2749 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2750 {
2751         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2752         struct net_device *dev = info->user_ptr[1];
2753         struct bss_parameters params;
2754
2755         memset(&params, 0, sizeof(params));
2756         /* default to not changing parameters */
2757         params.use_cts_prot = -1;
2758         params.use_short_preamble = -1;
2759         params.use_short_slot_time = -1;
2760         params.ap_isolate = -1;
2761         params.ht_opmode = -1;
2762
2763         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
2764                 params.use_cts_prot =
2765                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
2766         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
2767                 params.use_short_preamble =
2768                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
2769         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
2770                 params.use_short_slot_time =
2771                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
2772         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
2773                 params.basic_rates =
2774                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2775                 params.basic_rates_len =
2776                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2777         }
2778         if (info->attrs[NL80211_ATTR_AP_ISOLATE])
2779                 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
2780         if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
2781                 params.ht_opmode =
2782                         nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
2783
2784         if (!rdev->ops->change_bss)
2785                 return -EOPNOTSUPP;
2786
2787         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2788             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2789                 return -EOPNOTSUPP;
2790
2791         return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
2792 }
2793
2794 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2795         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
2796         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
2797         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
2798         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
2799         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
2800         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
2801 };
2802
2803 static int parse_reg_rule(struct nlattr *tb[],
2804         struct ieee80211_reg_rule *reg_rule)
2805 {
2806         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
2807         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
2808
2809         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2810                 return -EINVAL;
2811         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2812                 return -EINVAL;
2813         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2814                 return -EINVAL;
2815         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2816                 return -EINVAL;
2817         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2818                 return -EINVAL;
2819
2820         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2821
2822         freq_range->start_freq_khz =
2823                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2824         freq_range->end_freq_khz =
2825                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2826         freq_range->max_bandwidth_khz =
2827                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2828
2829         power_rule->max_eirp =
2830                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2831
2832         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2833                 power_rule->max_antenna_gain =
2834                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2835
2836         return 0;
2837 }
2838
2839 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2840 {
2841         int r;
2842         char *data = NULL;
2843
2844         /*
2845          * You should only get this when cfg80211 hasn't yet initialized
2846          * completely when built-in to the kernel right between the time
2847          * window between nl80211_init() and regulatory_init(), if that is
2848          * even possible.
2849          */
2850         mutex_lock(&cfg80211_mutex);
2851         if (unlikely(!cfg80211_regdomain)) {
2852                 mutex_unlock(&cfg80211_mutex);
2853                 return -EINPROGRESS;
2854         }
2855         mutex_unlock(&cfg80211_mutex);
2856
2857         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2858                 return -EINVAL;
2859
2860         data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2861
2862         r = regulatory_hint_user(data);
2863
2864         return r;
2865 }
2866
2867 static int nl80211_get_mesh_config(struct sk_buff *skb,
2868                                    struct genl_info *info)
2869 {
2870         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2871         struct net_device *dev = info->user_ptr[1];
2872         struct wireless_dev *wdev = dev->ieee80211_ptr;
2873         struct mesh_config cur_params;
2874         int err = 0;
2875         void *hdr;
2876         struct nlattr *pinfoattr;
2877         struct sk_buff *msg;
2878
2879         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
2880                 return -EOPNOTSUPP;
2881
2882         if (!rdev->ops->get_mesh_config)
2883                 return -EOPNOTSUPP;
2884
2885         wdev_lock(wdev);
2886         /* If not connected, get default parameters */
2887         if (!wdev->mesh_id_len)
2888                 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
2889         else
2890                 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
2891                                                  &cur_params);
2892         wdev_unlock(wdev);
2893
2894         if (err)
2895                 return err;
2896
2897         /* Draw up a netlink message to send back */
2898         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2899         if (!msg)
2900                 return -ENOMEM;
2901         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2902                              NL80211_CMD_GET_MESH_CONFIG);
2903         if (!hdr)
2904                 goto out;
2905         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
2906         if (!pinfoattr)
2907                 goto nla_put_failure;
2908         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2909         NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2910                         cur_params.dot11MeshRetryTimeout);
2911         NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2912                         cur_params.dot11MeshConfirmTimeout);
2913         NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2914                         cur_params.dot11MeshHoldingTimeout);
2915         NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2916                         cur_params.dot11MeshMaxPeerLinks);
2917         NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2918                         cur_params.dot11MeshMaxRetries);
2919         NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2920                         cur_params.dot11MeshTTL);
2921         NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL,
2922                         cur_params.element_ttl);
2923         NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2924                         cur_params.auto_open_plinks);
2925         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2926                         cur_params.dot11MeshHWMPmaxPREQretries);
2927         NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2928                         cur_params.path_refresh_time);
2929         NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2930                         cur_params.min_discovery_timeout);
2931         NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2932                         cur_params.dot11MeshHWMPactivePathTimeout);
2933         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2934                         cur_params.dot11MeshHWMPpreqMinInterval);
2935         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2936                         cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2937         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
2938                         cur_params.dot11MeshHWMPRootMode);
2939         nla_nest_end(msg, pinfoattr);
2940         genlmsg_end(msg, hdr);
2941         return genlmsg_reply(msg, info);
2942
2943  nla_put_failure:
2944         genlmsg_cancel(msg, hdr);
2945  out:
2946         nlmsg_free(msg);
2947         return -ENOBUFS;
2948 }
2949
2950 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
2951         [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2952         [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2953         [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2954         [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2955         [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2956         [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2957         [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
2958         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2959
2960         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2961         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2962         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2963         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2964         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2965         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2966 };
2967
2968 static const struct nla_policy
2969         nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
2970         [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
2971         [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
2972         [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
2973         [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
2974                 .len = IEEE80211_MAX_DATA_LEN },
2975         [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
2976 };
2977
2978 static int nl80211_parse_mesh_config(struct genl_info *info,
2979                                      struct mesh_config *cfg,
2980                                      u32 *mask_out)
2981 {
2982         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
2983         u32 mask = 0;
2984
2985 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
2986 do {\
2987         if (table[attr_num]) {\
2988                 cfg->param = nla_fn(table[attr_num]); \
2989                 mask |= (1 << (attr_num - 1)); \
2990         } \
2991 } while (0);\
2992
2993
2994         if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
2995                 return -EINVAL;
2996         if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
2997                              info->attrs[NL80211_ATTR_MESH_CONFIG],
2998                              nl80211_meshconf_params_policy))
2999                 return -EINVAL;
3000
3001         /* This makes sure that there aren't more than 32 mesh config
3002          * parameters (otherwise our bitfield scheme would not work.) */
3003         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3004
3005         /* Fill in the params struct */
3006         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3007                         mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
3008         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3009                         mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
3010         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3011                         mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
3012         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3013                         mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
3014         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3015                         mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
3016         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3017                         mask, NL80211_MESHCONF_TTL, nla_get_u8);
3018         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3019                         mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
3020         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3021                         mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
3022         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3023                         mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3024                         nla_get_u8);
3025         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3026                         mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
3027         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3028                         mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3029                         nla_get_u16);
3030         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
3031                         mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3032                         nla_get_u32);
3033         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3034                         mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3035                         nla_get_u16);
3036         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3037                         dot11MeshHWMPnetDiameterTraversalTime,
3038                         mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3039                         nla_get_u16);
3040         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3041                         dot11MeshHWMPRootMode, mask,
3042                         NL80211_MESHCONF_HWMP_ROOTMODE,
3043                         nla_get_u8);
3044         if (mask_out)
3045                 *mask_out = mask;
3046
3047         return 0;
3048
3049 #undef FILL_IN_MESH_PARAM_IF_SET
3050 }
3051
3052 static int nl80211_parse_mesh_setup(struct genl_info *info,
3053                                      struct mesh_setup *setup)
3054 {
3055         struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3056
3057         if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3058                 return -EINVAL;
3059         if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3060                              info->attrs[NL80211_ATTR_MESH_SETUP],
3061                              nl80211_mesh_setup_params_policy))
3062                 return -EINVAL;
3063
3064         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3065                 setup->path_sel_proto =
3066                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3067                  IEEE80211_PATH_PROTOCOL_VENDOR :
3068                  IEEE80211_PATH_PROTOCOL_HWMP;
3069
3070         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3071                 setup->path_metric =
3072                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3073                  IEEE80211_PATH_METRIC_VENDOR :
3074                  IEEE80211_PATH_METRIC_AIRTIME;
3075
3076
3077         if (tb[NL80211_MESH_SETUP_IE]) {
3078                 struct nlattr *ieattr =
3079                         tb[NL80211_MESH_SETUP_IE];
3080                 if (!is_valid_ie_attr(ieattr))
3081                         return -EINVAL;
3082                 setup->ie = nla_data(ieattr);
3083                 setup->ie_len = nla_len(ieattr);
3084         }
3085         setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3086         setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3087
3088         return 0;
3089 }
3090
3091 static int nl80211_update_mesh_config(struct sk_buff *skb,
3092                                       struct genl_info *info)
3093 {
3094         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3095         struct net_device *dev = info->user_ptr[1];
3096         struct wireless_dev *wdev = dev->ieee80211_ptr;
3097         struct mesh_config cfg;
3098         u32 mask;
3099         int err;
3100
3101         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3102                 return -EOPNOTSUPP;
3103
3104         if (!rdev->ops->update_mesh_config)
3105                 return -EOPNOTSUPP;
3106
3107         err = nl80211_parse_mesh_config(info, &cfg, &mask);
3108         if (err)
3109                 return err;
3110
3111         wdev_lock(wdev);
3112         if (!wdev->mesh_id_len)
3113                 err = -ENOLINK;
3114
3115         if (!err)
3116                 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3117                                                     mask, &cfg);
3118
3119         wdev_unlock(wdev);
3120
3121         return err;
3122 }
3123
3124 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3125 {
3126         struct sk_buff *msg;
3127         void *hdr = NULL;
3128         struct nlattr *nl_reg_rules;
3129         unsigned int i;
3130         int err = -EINVAL;
3131
3132         mutex_lock(&cfg80211_mutex);
3133
3134         if (!cfg80211_regdomain)
3135                 goto out;
3136
3137         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3138         if (!msg) {
3139                 err = -ENOBUFS;
3140                 goto out;
3141         }
3142
3143         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3144                              NL80211_CMD_GET_REG);
3145         if (!hdr)
3146                 goto put_failure;
3147
3148         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
3149                 cfg80211_regdomain->alpha2);
3150
3151         nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3152         if (!nl_reg_rules)
3153                 goto nla_put_failure;
3154
3155         for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
3156                 struct nlattr *nl_reg_rule;
3157                 const struct ieee80211_reg_rule *reg_rule;
3158                 const struct ieee80211_freq_range *freq_range;
3159                 const struct ieee80211_power_rule *power_rule;
3160
3161                 reg_rule = &cfg80211_regdomain->reg_rules[i];
3162                 freq_range = &reg_rule->freq_range;
3163                 power_rule = &reg_rule->power_rule;
3164
3165                 nl_reg_rule = nla_nest_start(msg, i);
3166                 if (!nl_reg_rule)
3167                         goto nla_put_failure;
3168
3169                 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3170                         reg_rule->flags);
3171                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
3172                         freq_range->start_freq_khz);
3173                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
3174                         freq_range->end_freq_khz);
3175                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3176                         freq_range->max_bandwidth_khz);
3177                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3178                         power_rule->max_antenna_gain);
3179                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3180                         power_rule->max_eirp);
3181
3182                 nla_nest_end(msg, nl_reg_rule);
3183         }
3184
3185         nla_nest_end(msg, nl_reg_rules);
3186
3187         genlmsg_end(msg, hdr);
3188         err = genlmsg_reply(msg, info);
3189         goto out;
3190
3191 nla_put_failure:
3192         genlmsg_cancel(msg, hdr);
3193 put_failure:
3194         nlmsg_free(msg);
3195         err = -EMSGSIZE;
3196 out:
3197         mutex_unlock(&cfg80211_mutex);
3198         return err;
3199 }
3200
3201 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3202 {
3203         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3204         struct nlattr *nl_reg_rule;
3205         char *alpha2 = NULL;
3206         int rem_reg_rules = 0, r = 0;
3207         u32 num_rules = 0, rule_idx = 0, size_of_regd;
3208         struct ieee80211_regdomain *rd = NULL;
3209
3210         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3211                 return -EINVAL;
3212
3213         if (!info->attrs[NL80211_ATTR_REG_RULES])
3214                 return -EINVAL;
3215
3216         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3217
3218         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3219                         rem_reg_rules) {
3220                 num_rules++;
3221                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3222                         return -EINVAL;
3223         }
3224
3225         mutex_lock(&cfg80211_mutex);
3226
3227         if (!reg_is_valid_request(alpha2)) {
3228                 r = -EINVAL;
3229                 goto bad_reg;
3230         }
3231
3232         size_of_regd = sizeof(struct ieee80211_regdomain) +
3233                 (num_rules * sizeof(struct ieee80211_reg_rule));
3234
3235         rd = kzalloc(size_of_regd, GFP_KERNEL);
3236         if (!rd) {
3237                 r = -ENOMEM;
3238                 goto bad_reg;
3239         }
3240
3241         rd->n_reg_rules = num_rules;
3242         rd->alpha2[0] = alpha2[0];
3243         rd->alpha2[1] = alpha2[1];
3244
3245         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3246                         rem_reg_rules) {
3247                 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3248                         nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3249                         reg_rule_policy);
3250                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3251                 if (r)
3252                         goto bad_reg;
3253
3254                 rule_idx++;
3255
3256                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3257                         r = -EINVAL;
3258                         goto bad_reg;
3259                 }
3260         }
3261
3262         BUG_ON(rule_idx != num_rules);
3263
3264         r = set_regdom(rd);
3265
3266         mutex_unlock(&cfg80211_mutex);
3267
3268         return r;
3269
3270  bad_reg:
3271         mutex_unlock(&cfg80211_mutex);
3272         kfree(rd);
3273         return r;
3274 }
3275
3276 static int validate_scan_freqs(struct nlattr *freqs)
3277 {
3278         struct nlattr *attr1, *attr2;
3279         int n_channels = 0, tmp1, tmp2;
3280
3281         nla_for_each_nested(attr1, freqs, tmp1) {
3282                 n_channels++;
3283                 /*
3284                  * Some hardware has a limited channel list for
3285                  * scanning, and it is pretty much nonsensical
3286                  * to scan for a channel twice, so disallow that
3287                  * and don't require drivers to check that the
3288                  * channel list they get isn't longer than what
3289                  * they can scan, as long as they can scan all
3290                  * the channels they registered at once.
3291                  */
3292                 nla_for_each_nested(attr2, freqs, tmp2)
3293                         if (attr1 != attr2 &&
3294                             nla_get_u32(attr1) == nla_get_u32(attr2))
3295                                 return 0;
3296         }
3297
3298         return n_channels;
3299 }
3300
3301 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3302 {
3303         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3304         struct net_device *dev = info->user_ptr[1];
3305         struct cfg80211_scan_request *request;
3306         struct nlattr *attr;
3307         struct wiphy *wiphy;
3308         int err, tmp, n_ssids = 0, n_channels, i;
3309         enum ieee80211_band band;
3310         size_t ie_len;
3311
3312         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3313                 return -EINVAL;
3314
3315         wiphy = &rdev->wiphy;
3316
3317         if (!rdev->ops->scan)
3318                 return -EOPNOTSUPP;
3319
3320         if (rdev->scan_req)
3321                 return -EBUSY;
3322
3323         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3324                 n_channels = validate_scan_freqs(
3325                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3326                 if (!n_channels)
3327                         return -EINVAL;
3328         } else {
3329                 n_channels = 0;
3330
3331                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3332                         if (wiphy->bands[band])
3333                                 n_channels += wiphy->bands[band]->n_channels;
3334         }
3335
3336         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3337                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3338                         n_ssids++;
3339
3340         if (n_ssids > wiphy->max_scan_ssids)
3341                 return -EINVAL;
3342
3343         if (info->attrs[NL80211_ATTR_IE])
3344                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3345         else
3346                 ie_len = 0;
3347
3348         if (ie_len > wiphy->max_scan_ie_len)
3349                 return -EINVAL;
3350
3351         request = kzalloc(sizeof(*request)
3352                         + sizeof(*request->ssids) * n_ssids
3353                         + sizeof(*request->channels) * n_channels
3354                         + ie_len, GFP_KERNEL);
3355         if (!request)
3356                 return -ENOMEM;
3357
3358         if (n_ssids)
3359                 request->ssids = (void *)&request->channels[n_channels];
3360         request->n_ssids = n_ssids;
3361         if (ie_len) {
3362                 if (request->ssids)
3363                         request->ie = (void *)(request->ssids + n_ssids);
3364                 else
3365                         request->ie = (void *)(request->channels + n_channels);
3366         }
3367
3368         i = 0;
3369         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3370                 /* user specified, bail out if channel not found */
3371                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3372                         struct ieee80211_channel *chan;
3373
3374                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3375
3376                         if (!chan) {
3377                                 err = -EINVAL;
3378                                 goto out_free;
3379                         }
3380
3381                         /* ignore disabled channels */
3382                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3383                                 continue;
3384
3385                         request->channels[i] = chan;
3386                         i++;
3387                 }
3388         } else {
3389                 /* all channels */
3390                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3391                         int j;
3392                         if (!wiphy->bands[band])
3393                                 continue;
3394                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3395                                 struct ieee80211_channel *chan;
3396
3397                                 chan = &wiphy->bands[band]->channels[j];
3398
3399                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3400                                         continue;
3401
3402                                 request->channels[i] = chan;
3403                                 i++;
3404                         }
3405                 }
3406         }
3407
3408         if (!i) {
3409                 err = -EINVAL;
3410                 goto out_free;
3411         }
3412
3413         request->n_channels = i;
3414
3415         i = 0;
3416         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3417                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3418                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3419                                 err = -EINVAL;
3420                                 goto out_free;
3421                         }
3422                         request->ssids[i].ssid_len = nla_len(attr);
3423                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3424                         i++;
3425                 }
3426         }
3427
3428         if (info->attrs[NL80211_ATTR_IE]) {
3429                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3430                 memcpy((void *)request->ie,
3431                        nla_data(info->attrs[NL80211_ATTR_IE]),
3432                        request->ie_len);
3433         }
3434
3435         request->dev = dev;
3436         request->wiphy = &rdev->wiphy;
3437
3438         rdev->scan_req = request;
3439         err = rdev->ops->scan(&rdev->wiphy, dev, request);
3440
3441         if (!err) {
3442                 nl80211_send_scan_start(rdev, dev);
3443                 dev_hold(dev);
3444         } else {
3445  out_free:
3446                 rdev->scan_req = NULL;
3447                 kfree(request);
3448         }
3449
3450         return err;
3451 }
3452
3453 static int nl80211_start_sched_scan(struct sk_buff *skb,
3454                                     struct genl_info *info)
3455 {
3456         struct cfg80211_sched_scan_request *request;
3457         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3458         struct net_device *dev = info->user_ptr[1];
3459         struct nlattr *attr;
3460         struct wiphy *wiphy;
3461         int err, tmp, n_ssids = 0, n_channels, i;
3462         u32 interval;
3463         enum ieee80211_band band;
3464         size_t ie_len;
3465
3466         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3467             !rdev->ops->sched_scan_start)
3468                 return -EOPNOTSUPP;
3469
3470         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3471                 return -EINVAL;
3472
3473         if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
3474                 return -EINVAL;
3475
3476         interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
3477         if (interval == 0)
3478                 return -EINVAL;
3479
3480         wiphy = &rdev->wiphy;
3481
3482         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3483                 n_channels = validate_scan_freqs(
3484                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3485                 if (!n_channels)
3486                         return -EINVAL;
3487         } else {
3488                 n_channels = 0;
3489
3490                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3491                         if (wiphy->bands[band])
3492                                 n_channels += wiphy->bands[band]->n_channels;
3493         }
3494
3495         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3496                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3497                                     tmp)
3498                         n_ssids++;
3499
3500         if (n_ssids > wiphy->max_scan_ssids)
3501                 return -EINVAL;
3502
3503         if (info->attrs[NL80211_ATTR_IE])
3504                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3505         else
3506                 ie_len = 0;
3507
3508         if (ie_len > wiphy->max_scan_ie_len)
3509                 return -EINVAL;
3510
3511         mutex_lock(&rdev->sched_scan_mtx);
3512
3513         if (rdev->sched_scan_req) {
3514                 err = -EINPROGRESS;
3515                 goto out;
3516         }
3517
3518         request = kzalloc(sizeof(*request)
3519                         + sizeof(*request->ssids) * n_ssids
3520                         + sizeof(*request->channels) * n_channels
3521                         + ie_len, GFP_KERNEL);
3522         if (!request) {
3523                 err = -ENOMEM;
3524                 goto out;
3525         }
3526
3527         if (n_ssids)
3528                 request->ssids = (void *)&request->channels[n_channels];
3529         request->n_ssids = n_ssids;
3530         if (ie_len) {
3531                 if (request->ssids)
3532                         request->ie = (void *)(request->ssids + n_ssids);
3533                 else
3534                         request->ie = (void *)(request->channels + n_channels);
3535         }
3536
3537         i = 0;
3538         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3539                 /* user specified, bail out if channel not found */
3540                 nla_for_each_nested(attr,
3541                                     info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
3542                                     tmp) {
3543                         struct ieee80211_channel *chan;
3544
3545                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3546
3547                         if (!chan) {
3548                                 err = -EINVAL;
3549                                 goto out_free;
3550                         }
3551
3552                         /* ignore disabled channels */
3553                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3554                                 continue;
3555
3556                         request->channels[i] = chan;
3557                         i++;
3558                 }
3559         } else {
3560                 /* all channels */
3561                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3562                         int j;
3563                         if (!wiphy->bands[band])
3564                                 continue;
3565                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3566                                 struct ieee80211_channel *chan;
3567
3568                                 chan = &wiphy->bands[band]->channels[j];
3569
3570                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3571                                         continue;
3572
3573                                 request->channels[i] = chan;
3574                                 i++;
3575                         }
3576                 }
3577         }
3578
3579         if (!i) {
3580                 err = -EINVAL;
3581                 goto out_free;
3582         }
3583
3584         request->n_channels = i;
3585
3586         i = 0;
3587         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3588                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3589                                     tmp) {
3590                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3591                                 err = -EINVAL;
3592                                 goto out_free;
3593                         }
3594                         request->ssids[i].ssid_len = nla_len(attr);
3595                         memcpy(request->ssids[i].ssid, nla_data(attr),
3596                                nla_len(attr));
3597                         i++;
3598                 }
3599         }
3600
3601         if (info->attrs[NL80211_ATTR_IE]) {
3602                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3603                 memcpy((void *)request->ie,
3604                        nla_data(info->attrs[NL80211_ATTR_IE]),
3605                        request->ie_len);
3606         }
3607
3608         request->dev = dev;
3609         request->wiphy = &rdev->wiphy;
3610         request->interval = interval;
3611
3612         err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
3613         if (!err) {
3614                 rdev->sched_scan_req = request;
3615                 nl80211_send_sched_scan(rdev, dev,
3616                                         NL80211_CMD_START_SCHED_SCAN);
3617                 goto out;
3618         }
3619
3620 out_free:
3621         kfree(request);
3622 out:
3623         mutex_unlock(&rdev->sched_scan_mtx);
3624         return err;
3625 }
3626
3627 static int nl80211_stop_sched_scan(struct sk_buff *skb,
3628                                    struct genl_info *info)
3629 {
3630         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3631         int err;
3632
3633         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3634             !rdev->ops->sched_scan_stop)
3635                 return -EOPNOTSUPP;
3636
3637         mutex_lock(&rdev->sched_scan_mtx);
3638         err = __cfg80211_stop_sched_scan(rdev, false);
3639         mutex_unlock(&rdev->sched_scan_mtx);
3640
3641         return err;
3642 }
3643
3644 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
3645                             u32 seq, int flags,
3646                             struct cfg80211_registered_device *rdev,
3647                             struct wireless_dev *wdev,
3648                             struct cfg80211_internal_bss *intbss)
3649 {
3650         struct cfg80211_bss *res = &intbss->pub;
3651         void *hdr;
3652         struct nlattr *bss;
3653         int i;
3654
3655         ASSERT_WDEV_LOCK(wdev);
3656
3657         hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags,
3658                              NL80211_CMD_NEW_SCAN_RESULTS);
3659         if (!hdr)
3660                 return -1;
3661
3662         genl_dump_check_consistent(cb, hdr, &nl80211_fam);
3663
3664         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
3665         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
3666
3667         bss = nla_nest_start(msg, NL80211_ATTR_BSS);
3668         if (!bss)
3669                 goto nla_put_failure;
3670         if (!is_zero_ether_addr(res->bssid))
3671                 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
3672         if (res->information_elements && res->len_information_elements)
3673                 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3674                         res->len_information_elements,
3675                         res->information_elements);
3676         if (res->beacon_ies && res->len_beacon_ies &&
3677             res->beacon_ies != res->information_elements)
3678                 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
3679                         res->len_beacon_ies, res->beacon_ies);
3680         if (res->tsf)
3681                 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3682         if (res->beacon_interval)
3683                 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3684         NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3685         NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3686         NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
3687                 jiffies_to_msecs(jiffies - intbss->ts));
3688
3689         switch (rdev->wiphy.signal_type) {
3690         case CFG80211_SIGNAL_TYPE_MBM:
3691                 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
3692                 break;
3693         case CFG80211_SIGNAL_TYPE_UNSPEC:
3694                 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
3695                 break;
3696         default:
3697                 break;
3698         }
3699
3700         switch (wdev->iftype) {
3701         case NL80211_IFTYPE_P2P_CLIENT:
3702         case NL80211_IFTYPE_STATION:
3703                 if (intbss == wdev->current_bss)
3704                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3705                                     NL80211_BSS_STATUS_ASSOCIATED);
3706                 else for (i = 0; i < MAX_AUTH_BSSES; i++) {
3707                         if (intbss != wdev->auth_bsses[i])
3708                                 continue;
3709                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3710                                     NL80211_BSS_STATUS_AUTHENTICATED);
3711                         break;
3712                 }
3713                 break;
3714         case NL80211_IFTYPE_ADHOC:
3715                 if (intbss == wdev->current_bss)
3716                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3717                                     NL80211_BSS_STATUS_IBSS_JOINED);
3718                 break;
3719         default:
3720                 break;
3721         }
3722
3723         nla_nest_end(msg, bss);
3724
3725         return genlmsg_end(msg, hdr);
3726
3727  nla_put_failure:
3728         genlmsg_cancel(msg, hdr);
3729         return -EMSGSIZE;
3730 }
3731
3732 static int nl80211_dump_scan(struct sk_buff *skb,
3733                              struct netlink_callback *cb)
3734 {
3735         struct cfg80211_registered_device *rdev;
3736         struct net_device *dev;
3737         struct cfg80211_internal_bss *scan;
3738         struct wireless_dev *wdev;
3739         int start = cb->args[1], idx = 0;
3740         int err;
3741
3742         err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
3743         if (err)
3744                 return err;
3745
3746         wdev = dev->ieee80211_ptr;
3747
3748         wdev_lock(wdev);
3749         spin_lock_bh(&rdev->bss_lock);
3750         cfg80211_bss_expire(rdev);
3751
3752         cb->seq = rdev->bss_generation;
3753
3754         list_for_each_entry(scan, &rdev->bss_list, list) {
3755                 if (++idx <= start)
3756                         continue;
3757                 if (nl80211_send_bss(skb, cb,
3758                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3759                                 rdev, wdev, scan) < 0) {
3760                         idx--;
3761                         break;
3762                 }
3763         }
3764
3765         spin_unlock_bh(&rdev->bss_lock);
3766         wdev_unlock(wdev);
3767
3768         cb->args[1] = idx;
3769         nl80211_finish_netdev_dump(rdev);
3770
3771         return skb->len;
3772 }
3773
3774 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
3775                                 int flags, struct net_device *dev,
3776                                 struct survey_info *survey)
3777 {
3778         void *hdr;
3779         struct nlattr *infoattr;
3780
3781         hdr = nl80211hdr_put(msg, pid, seq, flags,
3782                              NL80211_CMD_NEW_SURVEY_RESULTS);
3783         if (!hdr)
3784                 return -ENOMEM;
3785
3786         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3787
3788         infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
3789         if (!infoattr)
3790                 goto nla_put_failure;
3791
3792         NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
3793                     survey->channel->center_freq);
3794         if (survey->filled & SURVEY_INFO_NOISE_DBM)
3795                 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
3796                             survey->noise);
3797         if (survey->filled & SURVEY_INFO_IN_USE)
3798                 NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE);
3799         if (survey->filled & SURVEY_INFO_CHANNEL_TIME)
3800                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
3801                             survey->channel_time);
3802         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
3803                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
3804                             survey->channel_time_busy);
3805         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
3806                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
3807                             survey->channel_time_ext_busy);
3808         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX)
3809                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
3810                             survey->channel_time_rx);
3811         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX)
3812                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
3813                             survey->channel_time_tx);
3814
3815         nla_nest_end(msg, infoattr);
3816
3817         return genlmsg_end(msg, hdr);
3818
3819  nla_put_failure:
3820         genlmsg_cancel(msg, hdr);
3821         return -EMSGSIZE;
3822 }
3823
3824 static int nl80211_dump_survey(struct sk_buff *skb,
3825                         struct netlink_callback *cb)
3826 {
3827         struct survey_info survey;
3828         struct cfg80211_registered_device *dev;
3829         struct net_device *netdev;
3830         int survey_idx = cb->args[1];
3831         int res;
3832
3833         res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3834         if (res)
3835                 return res;
3836
3837         if (!dev->ops->dump_survey) {
3838                 res = -EOPNOTSUPP;
3839                 goto out_err;
3840         }
3841
3842         while (1) {
3843                 struct ieee80211_channel *chan;
3844
3845                 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
3846                                             &survey);
3847                 if (res == -ENOENT)
3848                         break;
3849                 if (res)
3850                         goto out_err;
3851
3852                 /* Survey without a channel doesn't make sense */
3853                 if (!survey.channel) {
3854                         res = -EINVAL;
3855                         goto out;
3856                 }
3857
3858                 chan = ieee80211_get_channel(&dev->wiphy,
3859                                              survey.channel->center_freq);
3860                 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
3861                         survey_idx++;
3862                         continue;
3863                 }
3864
3865                 if (nl80211_send_survey(skb,
3866                                 NETLINK_CB(cb->skb).pid,
3867                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3868                                 netdev,
3869                                 &survey) < 0)
3870                         goto out;
3871                 survey_idx++;
3872         }
3873
3874  out:
3875         cb->args[1] = survey_idx;
3876         res = skb->len;
3877  out_err:
3878         nl80211_finish_netdev_dump(dev);
3879         return res;
3880 }
3881
3882 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3883 {
3884         return auth_type <= NL80211_AUTHTYPE_MAX;
3885 }
3886
3887 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
3888 {
3889         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
3890                                   NL80211_WPA_VERSION_2));
3891 }
3892
3893 static bool nl80211_valid_akm_suite(u32 akm)
3894 {
3895         return akm == WLAN_AKM_SUITE_8021X ||
3896                 akm == WLAN_AKM_SUITE_PSK;
3897 }
3898
3899 static bool nl80211_valid_cipher_suite(u32 cipher)
3900 {
3901         return cipher == WLAN_CIPHER_SUITE_WEP40 ||
3902                 cipher == WLAN_CIPHER_SUITE_WEP104 ||
3903                 cipher == WLAN_CIPHER_SUITE_TKIP ||
3904                 cipher == WLAN_CIPHER_SUITE_CCMP ||
3905                 cipher == WLAN_CIPHER_SUITE_AES_CMAC;
3906 }
3907
3908
3909 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
3910 {
3911         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3912         struct net_device *dev = info->user_ptr[1];
3913         struct ieee80211_channel *chan;
3914         const u8 *bssid, *ssid, *ie = NULL;
3915         int err, ssid_len, ie_len = 0;
3916         enum nl80211_auth_type auth_type;
3917         struct key_parse key;
3918         bool local_state_change;
3919
3920         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3921                 return -EINVAL;
3922
3923         if (!info->attrs[NL80211_ATTR_MAC])
3924                 return -EINVAL;
3925
3926         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
3927                 return -EINVAL;
3928
3929         if (!info->attrs[NL80211_ATTR_SSID])
3930                 return -EINVAL;
3931
3932         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
3933                 return -EINVAL;
3934
3935         err = nl80211_parse_key(info, &key);
3936         if (err)
3937                 return err;
3938
3939         if (key.idx >= 0) {
3940                 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
3941                         return -EINVAL;
3942                 if (!key.p.key || !key.p.key_len)
3943                         return -EINVAL;
3944                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
3945                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
3946                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
3947                      key.p.key_len != WLAN_KEY_LEN_WEP104))
3948                         return -EINVAL;
3949                 if (key.idx > 4)
3950                         return -EINVAL;
3951         } else {
3952                 key.p.key_len = 0;
3953                 key.p.key = NULL;
3954         }
3955
3956         if (key.idx >= 0) {
3957                 int i;
3958                 bool ok = false;
3959                 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
3960                         if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
3961                                 ok = true;
3962                                 break;
3963                         }
3964                 }
3965                 if (!ok)
3966                         return -EINVAL;
3967         }
3968
3969         if (!rdev->ops->auth)
3970                 return -EOPNOTSUPP;
3971
3972         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
3973             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
3974                 return -EOPNOTSUPP;
3975
3976         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3977         chan = ieee80211_get_channel(&rdev->wiphy,
3978                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3979         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
3980                 return -EINVAL;
3981
3982         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3983         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3984
3985         if (info->attrs[NL80211_ATTR_IE]) {
3986                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3987                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3988         }
3989
3990         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
3991         if (!nl80211_valid_auth_type(auth_type))
3992                 return -EINVAL;
3993
3994         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3995
3996         return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
3997                                   ssid, ssid_len, ie, ie_len,
3998                                   key.p.key, key.p.key_len, key.idx,
3999                                   local_state_change);
4000 }
4001
4002 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4003                                    struct genl_info *info,
4004                                    struct cfg80211_crypto_settings *settings,
4005                                    int cipher_limit)
4006 {
4007         memset(settings, 0, sizeof(*settings));
4008
4009         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
4010
4011         if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
4012                 u16 proto;
4013                 proto = nla_get_u16(
4014                         info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
4015                 settings->control_port_ethertype = cpu_to_be16(proto);
4016                 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
4017                     proto != ETH_P_PAE)
4018                         return -EINVAL;
4019                 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
4020                         settings->control_port_no_encrypt = true;
4021         } else
4022                 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
4023
4024         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
4025                 void *data;
4026                 int len, i;
4027
4028                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4029                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4030                 settings->n_ciphers_pairwise = len / sizeof(u32);
4031
4032                 if (len % sizeof(u32))
4033                         return -EINVAL;
4034
4035                 if (settings->n_ciphers_pairwise > cipher_limit)
4036                         return -EINVAL;
4037
4038                 memcpy(settings->ciphers_pairwise, data, len);
4039
4040                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
4041                         if (!nl80211_valid_cipher_suite(
4042                                         settings->ciphers_pairwise[i]))
4043                                 return -EINVAL;
4044         }
4045
4046         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
4047                 settings->cipher_group =
4048                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
4049                 if (!nl80211_valid_cipher_suite(settings->cipher_group))
4050                         return -EINVAL;
4051         }
4052
4053         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
4054                 settings->wpa_versions =
4055                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
4056                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
4057                         return -EINVAL;
4058         }
4059
4060         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
4061                 void *data;
4062                 int len, i;
4063
4064                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
4065                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
4066                 settings->n_akm_suites = len / sizeof(u32);
4067
4068                 if (len % sizeof(u32))
4069                         return -EINVAL;
4070
4071                 memcpy(settings->akm_suites, data, len);
4072
4073                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
4074                         if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
4075                                 return -EINVAL;
4076         }
4077
4078         return 0;
4079 }
4080
4081 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
4082 {
4083         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4084         struct net_device *dev = info->user_ptr[1];
4085         struct cfg80211_crypto_settings crypto;
4086         struct ieee80211_channel *chan;
4087         const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
4088         int err, ssid_len, ie_len = 0;
4089         bool use_mfp = false;
4090
4091         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4092                 return -EINVAL;
4093
4094         if (!info->attrs[NL80211_ATTR_MAC] ||
4095             !info->attrs[NL80211_ATTR_SSID] ||
4096             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4097                 return -EINVAL;
4098
4099         if (!rdev->ops->assoc)
4100                 return -EOPNOTSUPP;
4101
4102         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4103             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4104                 return -EOPNOTSUPP;
4105
4106         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4107
4108         chan = ieee80211_get_channel(&rdev->wiphy,
4109                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4110         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4111                 return -EINVAL;
4112
4113         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4114         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4115
4116         if (info->attrs[NL80211_ATTR_IE]) {
4117                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4118                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4119         }
4120
4121         if (info->attrs[NL80211_ATTR_USE_MFP]) {
4122                 enum nl80211_mfp mfp =
4123                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
4124                 if (mfp == NL80211_MFP_REQUIRED)
4125                         use_mfp = true;
4126                 else if (mfp != NL80211_MFP_NO)
4127                         return -EINVAL;
4128         }
4129
4130         if (info->attrs[NL80211_ATTR_PREV_BSSID])
4131                 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
4132
4133         err = nl80211_crypto_settings(rdev, info, &crypto, 1);
4134         if (!err)
4135                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
4136                                           ssid, ssid_len, ie, ie_len, use_mfp,
4137                                           &crypto);
4138
4139         return err;
4140 }
4141
4142 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
4143 {
4144         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4145         struct net_device *dev = info->user_ptr[1];
4146         const u8 *ie = NULL, *bssid;
4147         int ie_len = 0;
4148         u16 reason_code;
4149         bool local_state_change;
4150
4151         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4152                 return -EINVAL;
4153
4154         if (!info->attrs[NL80211_ATTR_MAC])
4155                 return -EINVAL;
4156
4157         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4158                 return -EINVAL;
4159
4160         if (!rdev->ops->deauth)
4161                 return -EOPNOTSUPP;
4162
4163         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4164             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4165                 return -EOPNOTSUPP;
4166
4167         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4168
4169         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4170         if (reason_code == 0) {
4171                 /* Reason Code 0 is reserved */
4172                 return -EINVAL;
4173         }
4174
4175         if (info->attrs[NL80211_ATTR_IE]) {
4176                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4177                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4178         }
4179
4180         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4181
4182         return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
4183                                     local_state_change);
4184 }
4185
4186 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
4187 {
4188         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4189         struct net_device *dev = info->user_ptr[1];
4190         const u8 *ie = NULL, *bssid;
4191         int ie_len = 0;
4192         u16 reason_code;
4193         bool local_state_change;
4194
4195         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4196                 return -EINVAL;
4197
4198         if (!info->attrs[NL80211_ATTR_MAC])
4199                 return -EINVAL;
4200
4201         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4202                 return -EINVAL;
4203
4204         if (!rdev->ops->disassoc)
4205                 return -EOPNOTSUPP;
4206
4207         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4208             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4209                 return -EOPNOTSUPP;
4210
4211         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4212
4213         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4214         if (reason_code == 0) {
4215                 /* Reason Code 0 is reserved */
4216                 return -EINVAL;
4217         }
4218
4219         if (info->attrs[NL80211_ATTR_IE]) {
4220                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4221                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4222         }
4223
4224         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4225
4226         return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
4227                                       local_state_change);
4228 }
4229
4230 static bool
4231 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
4232                          int mcast_rate[IEEE80211_NUM_BANDS],
4233                          int rateval)
4234 {
4235         struct wiphy *wiphy = &rdev->wiphy;
4236         bool found = false;
4237         int band, i;
4238
4239         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4240                 struct ieee80211_supported_band *sband;
4241
4242                 sband = wiphy->bands[band];
4243                 if (!sband)
4244                         continue;
4245
4246                 for (i = 0; i < sband->n_bitrates; i++) {
4247                         if (sband->bitrates[i].bitrate == rateval) {
4248                                 mcast_rate[band] = i + 1;
4249                                 found = true;
4250                                 break;
4251                         }
4252                 }
4253         }
4254
4255         return found;
4256 }
4257
4258 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
4259 {
4260         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4261         struct net_device *dev = info->user_ptr[1];
4262         struct cfg80211_ibss_params ibss;
4263         struct wiphy *wiphy;
4264         struct cfg80211_cached_keys *connkeys = NULL;
4265         int err;
4266
4267         memset(&ibss, 0, sizeof(ibss));
4268
4269         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4270                 return -EINVAL;
4271
4272         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4273             !info->attrs[NL80211_ATTR_SSID] ||
4274             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4275                 return -EINVAL;
4276
4277         ibss.beacon_interval = 100;
4278
4279         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
4280                 ibss.beacon_interval =
4281                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4282                 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
4283                         return -EINVAL;
4284         }
4285
4286         if (!rdev->ops->join_ibss)
4287                 return -EOPNOTSUPP;
4288
4289         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4290                 return -EOPNOTSUPP;
4291
4292         wiphy = &rdev->wiphy;
4293
4294         if (info->attrs[NL80211_ATTR_MAC])
4295                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4296         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4297         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4298
4299         if (info->attrs[NL80211_ATTR_IE]) {
4300                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4301                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4302         }
4303
4304         ibss.channel = ieee80211_get_channel(wiphy,
4305                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4306         if (!ibss.channel ||
4307             ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4308             ibss.channel->flags & IEEE80211_CHAN_DISABLED)
4309                 return -EINVAL;
4310
4311         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4312         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4313
4314         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4315                 u8 *rates =
4316                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4317                 int n_rates =
4318                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4319                 struct ieee80211_supported_band *sband =
4320                         wiphy->bands[ibss.channel->band];
4321                 int i, j;
4322
4323                 if (n_rates == 0)
4324                         return -EINVAL;
4325
4326                 for (i = 0; i < n_rates; i++) {
4327                         int rate = (rates[i] & 0x7f) * 5;
4328                         bool found = false;
4329
4330                         for (j = 0; j < sband->n_bitrates; j++) {
4331                                 if (sband->bitrates[j].bitrate == rate) {
4332                                         found = true;
4333                                         ibss.basic_rates |= BIT(j);
4334                                         break;
4335                                 }
4336                         }
4337                         if (!found)
4338                                 return -EINVAL;
4339                 }
4340         }
4341
4342         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
4343             !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
4344                         nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
4345                 return -EINVAL;
4346
4347         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4348                 connkeys = nl80211_parse_connkeys(rdev,
4349                                         info->attrs[NL80211_ATTR_KEYS]);
4350                 if (IS_ERR(connkeys))
4351                         return PTR_ERR(connkeys);
4352         }
4353
4354         err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4355         if (err)
4356                 kfree(connkeys);
4357         return err;
4358 }
4359
4360 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4361 {
4362         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4363         struct net_device *dev = info->user_ptr[1];
4364
4365         if (!rdev->ops->leave_ibss)
4366                 return -EOPNOTSUPP;
4367
4368         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4369                 return -EOPNOTSUPP;
4370
4371         return cfg80211_leave_ibss(rdev, dev, false);
4372 }
4373
4374 #ifdef CONFIG_NL80211_TESTMODE
4375 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4376         .name = "testmode",
4377 };
4378
4379 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4380 {
4381         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4382         int err;
4383
4384         if (!info->attrs[NL80211_ATTR_TESTDATA])
4385                 return -EINVAL;
4386
4387         err = -EOPNOTSUPP;
4388         if (rdev->ops->testmode_cmd) {
4389                 rdev->testmode_info = info;
4390                 err = rdev->ops->testmode_cmd(&rdev->wiphy,
4391                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4392                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4393                 rdev->testmode_info = NULL;
4394         }
4395
4396         return err;
4397 }
4398
4399 static int nl80211_testmode_dump(struct sk_buff *skb,
4400                                  struct netlink_callback *cb)
4401 {
4402         struct cfg80211_registered_device *dev;
4403         int err;
4404         long phy_idx;
4405         void *data = NULL;
4406         int data_len = 0;
4407
4408         if (cb->args[0]) {
4409                 /*
4410                  * 0 is a valid index, but not valid for args[0],
4411                  * so we need to offset by 1.
4412                  */
4413                 phy_idx = cb->args[0] - 1;
4414         } else {
4415                 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
4416                                   nl80211_fam.attrbuf, nl80211_fam.maxattr,
4417                                   nl80211_policy);
4418                 if (err)
4419                         return err;
4420                 if (!nl80211_fam.attrbuf[NL80211_ATTR_WIPHY])
4421                         return -EINVAL;
4422                 phy_idx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]);
4423                 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
4424                         cb->args[1] =
4425                                 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
4426         }
4427
4428         if (cb->args[1]) {
4429                 data = nla_data((void *)cb->args[1]);
4430                 data_len = nla_len((void *)cb->args[1]);
4431         }
4432
4433         mutex_lock(&cfg80211_mutex);
4434         dev = cfg80211_rdev_by_wiphy_idx(phy_idx);
4435         if (!dev) {
4436                 mutex_unlock(&cfg80211_mutex);
4437                 return -ENOENT;
4438         }
4439         cfg80211_lock_rdev(dev);
4440         mutex_unlock(&cfg80211_mutex);
4441
4442         if (!dev->ops->testmode_dump) {
4443                 err = -EOPNOTSUPP;
4444                 goto out_err;
4445         }
4446
4447         while (1) {
4448                 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid,
4449                                            cb->nlh->nlmsg_seq, NLM_F_MULTI,
4450                                            NL80211_CMD_TESTMODE);
4451                 struct nlattr *tmdata;
4452
4453                 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, dev->wiphy_idx) < 0) {
4454                         genlmsg_cancel(skb, hdr);
4455                         break;
4456                 }
4457
4458                 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4459                 if (!tmdata) {
4460                         genlmsg_cancel(skb, hdr);
4461                         break;
4462                 }
4463                 err = dev->ops->testmode_dump(&dev->wiphy, skb, cb,
4464                                               data, data_len);
4465                 nla_nest_end(skb, tmdata);
4466
4467                 if (err == -ENOBUFS || err == -ENOENT) {
4468                         genlmsg_cancel(skb, hdr);
4469                         break;
4470                 } else if (err) {
4471                         genlmsg_cancel(skb, hdr);
4472                         goto out_err;
4473                 }
4474
4475                 genlmsg_end(skb, hdr);
4476         }
4477
4478         err = skb->len;
4479         /* see above */
4480         cb->args[0] = phy_idx + 1;
4481  out_err:
4482         cfg80211_unlock_rdev(dev);
4483         return err;
4484 }
4485
4486 static struct sk_buff *
4487 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
4488                               int approxlen, u32 pid, u32 seq, gfp_t gfp)
4489 {
4490         struct sk_buff *skb;
4491         void *hdr;
4492         struct nlattr *data;
4493
4494         skb = nlmsg_new(approxlen + 100, gfp);
4495         if (!skb)
4496                 return NULL;
4497
4498         hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
4499         if (!hdr) {
4500                 kfree_skb(skb);
4501                 return NULL;
4502         }
4503
4504         NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4505         data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4506
4507         ((void **)skb->cb)[0] = rdev;
4508         ((void **)skb->cb)[1] = hdr;
4509         ((void **)skb->cb)[2] = data;
4510
4511         return skb;
4512
4513  nla_put_failure:
4514         kfree_skb(skb);
4515         return NULL;
4516 }
4517
4518 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
4519                                                   int approxlen)
4520 {
4521         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4522
4523         if (WARN_ON(!rdev->testmode_info))
4524                 return NULL;
4525
4526         return __cfg80211_testmode_alloc_skb(rdev, approxlen,
4527                                 rdev->testmode_info->snd_pid,
4528                                 rdev->testmode_info->snd_seq,
4529                                 GFP_KERNEL);
4530 }
4531 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
4532
4533 int cfg80211_testmode_reply(struct sk_buff *skb)
4534 {
4535         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
4536         void *hdr = ((void **)skb->cb)[1];
4537         struct nlattr *data = ((void **)skb->cb)[2];
4538
4539         if (WARN_ON(!rdev->testmode_info)) {
4540                 kfree_skb(skb);
4541                 return -EINVAL;
4542         }
4543
4544         nla_nest_end(skb, data);
4545         genlmsg_end(skb, hdr);
4546         return genlmsg_reply(skb, rdev->testmode_info);
4547 }
4548 EXPORT_SYMBOL(cfg80211_testmode_reply);
4549
4550 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
4551                                                   int approxlen, gfp_t gfp)
4552 {
4553         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4554
4555         return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
4556 }
4557 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
4558
4559 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
4560 {
4561         void *hdr = ((void **)skb->cb)[1];
4562         struct nlattr *data = ((void **)skb->cb)[2];
4563
4564         nla_nest_end(skb, data);
4565         genlmsg_end(skb, hdr);
4566         genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
4567 }
4568 EXPORT_SYMBOL(cfg80211_testmode_event);
4569 #endif
4570
4571 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
4572 {
4573         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4574         struct net_device *dev = info->user_ptr[1];
4575         struct cfg80211_connect_params connect;
4576         struct wiphy *wiphy;
4577         struct cfg80211_cached_keys *connkeys = NULL;
4578         int err;
4579
4580         memset(&connect, 0, sizeof(connect));
4581
4582         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4583                 return -EINVAL;
4584
4585         if (!info->attrs[NL80211_ATTR_SSID] ||
4586             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4587                 return -EINVAL;
4588
4589         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4590                 connect.auth_type =
4591                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4592                 if (!nl80211_valid_auth_type(connect.auth_type))
4593                         return -EINVAL;
4594         } else
4595                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4596
4597         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
4598
4599         err = nl80211_crypto_settings(rdev, info, &connect.crypto,
4600                                       NL80211_MAX_NR_CIPHER_SUITES);
4601         if (err)
4602                 return err;
4603
4604         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4605             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4606                 return -EOPNOTSUPP;
4607
4608         wiphy = &rdev->wiphy;
4609
4610         if (info->attrs[NL80211_ATTR_MAC])
4611                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4612         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4613         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4614
4615         if (info->attrs[NL80211_ATTR_IE]) {
4616                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4617                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4618         }
4619
4620         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4621                 connect.channel =
4622                         ieee80211_get_channel(wiphy,
4623                             nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4624                 if (!connect.channel ||
4625                     connect.channel->flags & IEEE80211_CHAN_DISABLED)
4626                         return -EINVAL;
4627         }
4628
4629         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4630                 connkeys = nl80211_parse_connkeys(rdev,
4631                                         info->attrs[NL80211_ATTR_KEYS]);
4632                 if (IS_ERR(connkeys))
4633                         return PTR_ERR(connkeys);
4634         }
4635
4636         err = cfg80211_connect(rdev, dev, &connect, connkeys);
4637         if (err)
4638                 kfree(connkeys);
4639         return err;
4640 }
4641
4642 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
4643 {
4644         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4645         struct net_device *dev = info->user_ptr[1];
4646         u16 reason;
4647
4648         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4649                 reason = WLAN_REASON_DEAUTH_LEAVING;
4650         else
4651                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4652
4653         if (reason == 0)
4654                 return -EINVAL;
4655
4656         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4657             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4658                 return -EOPNOTSUPP;
4659
4660         return cfg80211_disconnect(rdev, dev, reason, true);
4661 }
4662
4663 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4664 {
4665         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4666         struct net *net;
4667         int err;
4668         u32 pid;
4669
4670         if (!info->attrs[NL80211_ATTR_PID])
4671                 return -EINVAL;
4672
4673         pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
4674
4675         net = get_net_ns_by_pid(pid);
4676         if (IS_ERR(net))
4677                 return PTR_ERR(net);
4678
4679         err = 0;
4680
4681         /* check if anything to do */
4682         if (!net_eq(wiphy_net(&rdev->wiphy), net))
4683                 err = cfg80211_switch_netns(rdev, net);
4684
4685         put_net(net);
4686         return err;
4687 }
4688
4689 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
4690 {
4691         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4692         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
4693                         struct cfg80211_pmksa *pmksa) = NULL;
4694         struct net_device *dev = info->user_ptr[1];
4695         struct cfg80211_pmksa pmksa;
4696
4697         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
4698
4699         if (!info->attrs[NL80211_ATTR_MAC])
4700                 return -EINVAL;
4701
4702         if (!info->attrs[NL80211_ATTR_PMKID])
4703                 return -EINVAL;
4704
4705         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
4706         pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4707
4708         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4709             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4710                 return -EOPNOTSUPP;
4711
4712         switch (info->genlhdr->cmd) {
4713         case NL80211_CMD_SET_PMKSA:
4714                 rdev_ops = rdev->ops->set_pmksa;
4715                 break;
4716         case NL80211_CMD_DEL_PMKSA:
4717                 rdev_ops = rdev->ops->del_pmksa;
4718                 break;
4719         default:
4720                 WARN_ON(1);
4721                 break;
4722         }
4723
4724         if (!rdev_ops)
4725                 return -EOPNOTSUPP;
4726
4727         return rdev_ops(&rdev->wiphy, dev, &pmksa);
4728 }
4729
4730 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4731 {
4732         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4733         struct net_device *dev = info->user_ptr[1];
4734
4735         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4736             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4737                 return -EOPNOTSUPP;
4738
4739         if (!rdev->ops->flush_pmksa)
4740                 return -EOPNOTSUPP;
4741
4742         return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4743 }
4744
4745 static int nl80211_remain_on_channel(struct sk_buff *skb,
4746                                      struct genl_info *info)
4747 {
4748         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4749         struct net_device *dev = info->user_ptr[1];
4750         struct ieee80211_channel *chan;
4751         struct sk_buff *msg;
4752         void *hdr;
4753         u64 cookie;
4754         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4755         u32 freq, duration;
4756         int err;
4757
4758         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4759             !info->attrs[NL80211_ATTR_DURATION])
4760                 return -EINVAL;
4761
4762         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4763
4764         /*
4765          * We should be on that channel for at least one jiffie,
4766          * and more than 5 seconds seems excessive.
4767          */
4768         if (!duration || !msecs_to_jiffies(duration) ||
4769             duration > rdev->wiphy.max_remain_on_channel_duration)
4770                 return -EINVAL;
4771
4772         if (!rdev->ops->remain_on_channel)
4773                 return -EOPNOTSUPP;
4774
4775         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4776                 channel_type = nla_get_u32(
4777                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4778                 if (channel_type != NL80211_CHAN_NO_HT &&
4779                     channel_type != NL80211_CHAN_HT20 &&
4780                     channel_type != NL80211_CHAN_HT40PLUS &&
4781                     channel_type != NL80211_CHAN_HT40MINUS)
4782                         return -EINVAL;
4783         }
4784
4785         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4786         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4787         if (chan == NULL)
4788                 return -EINVAL;
4789
4790         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4791         if (!msg)
4792                 return -ENOMEM;
4793
4794         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4795                              NL80211_CMD_REMAIN_ON_CHANNEL);
4796
4797         if (IS_ERR(hdr)) {
4798                 err = PTR_ERR(hdr);
4799                 goto free_msg;
4800         }
4801
4802         err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
4803                                            channel_type, duration, &cookie);
4804
4805         if (err)
4806                 goto free_msg;
4807
4808         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4809
4810         genlmsg_end(msg, hdr);
4811
4812         return genlmsg_reply(msg, info);
4813
4814  nla_put_failure:
4815         err = -ENOBUFS;
4816  free_msg:
4817         nlmsg_free(msg);
4818         return err;
4819 }
4820
4821 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
4822                                             struct genl_info *info)
4823 {
4824         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4825         struct net_device *dev = info->user_ptr[1];
4826         u64 cookie;
4827
4828         if (!info->attrs[NL80211_ATTR_COOKIE])
4829                 return -EINVAL;
4830
4831         if (!rdev->ops->cancel_remain_on_channel)
4832                 return -EOPNOTSUPP;
4833
4834         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
4835
4836         return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
4837 }
4838
4839 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4840                            u8 *rates, u8 rates_len)
4841 {
4842         u8 i;
4843         u32 mask = 0;
4844
4845         for (i = 0; i < rates_len; i++) {
4846                 int rate = (rates[i] & 0x7f) * 5;
4847                 int ridx;
4848                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4849                         struct ieee80211_rate *srate =
4850                                 &sband->bitrates[ridx];
4851                         if (rate == srate->bitrate) {
4852                                 mask |= 1 << ridx;
4853                                 break;
4854                         }
4855                 }
4856                 if (ridx == sband->n_bitrates)
4857                         return 0; /* rate not found */
4858         }
4859
4860         return mask;
4861 }
4862
4863 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4864         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4865                                     .len = NL80211_MAX_SUPP_RATES },
4866 };
4867
4868 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
4869                                        struct genl_info *info)
4870 {
4871         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4872         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4873         struct cfg80211_bitrate_mask mask;
4874         int rem, i;
4875         struct net_device *dev = info->user_ptr[1];
4876         struct nlattr *tx_rates;
4877         struct ieee80211_supported_band *sband;
4878
4879         if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
4880                 return -EINVAL;
4881
4882         if (!rdev->ops->set_bitrate_mask)
4883                 return -EOPNOTSUPP;
4884
4885         memset(&mask, 0, sizeof(mask));
4886         /* Default to all rates enabled */
4887         for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
4888                 sband = rdev->wiphy.bands[i];
4889                 mask.control[i].legacy =
4890                         sband ? (1 << sband->n_bitrates) - 1 : 0;
4891         }
4892
4893         /*
4894          * The nested attribute uses enum nl80211_band as the index. This maps
4895          * directly to the enum ieee80211_band values used in cfg80211.
4896          */
4897         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
4898         {
4899                 enum ieee80211_band band = nla_type(tx_rates);
4900                 if (band < 0 || band >= IEEE80211_NUM_BANDS)
4901                         return -EINVAL;
4902                 sband = rdev->wiphy.bands[band];
4903                 if (sband == NULL)
4904                         return -EINVAL;
4905                 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
4906                           nla_len(tx_rates), nl80211_txattr_policy);
4907                 if (tb[NL80211_TXRATE_LEGACY]) {
4908                         mask.control[band].legacy = rateset_to_mask(
4909                                 sband,
4910                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
4911                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
4912                         if (mask.control[band].legacy == 0)
4913                                 return -EINVAL;
4914                 }
4915         }
4916
4917         return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
4918 }
4919
4920 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
4921 {
4922         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4923         struct net_device *dev = info->user_ptr[1];
4924         u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
4925
4926         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
4927                 return -EINVAL;
4928
4929         if (info->attrs[NL80211_ATTR_FRAME_TYPE])
4930                 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
4931
4932         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4933             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4934             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
4935             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4936             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4937             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4938             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4939                 return -EOPNOTSUPP;
4940
4941         /* not much point in registering if we can't reply */
4942         if (!rdev->ops->mgmt_tx)
4943                 return -EOPNOTSUPP;
4944
4945         return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
4946                         frame_type,
4947                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
4948                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
4949 }
4950
4951 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
4952 {
4953         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4954         struct net_device *dev = info->user_ptr[1];
4955         struct ieee80211_channel *chan;
4956         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4957         bool channel_type_valid = false;
4958         u32 freq;
4959         int err;
4960         void *hdr;
4961         u64 cookie;
4962         struct sk_buff *msg;
4963         unsigned int wait = 0;
4964         bool offchan;
4965
4966         if (!info->attrs[NL80211_ATTR_FRAME] ||
4967             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4968                 return -EINVAL;
4969
4970         if (!rdev->ops->mgmt_tx)
4971                 return -EOPNOTSUPP;
4972
4973         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4974             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4975             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
4976             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4977             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4978             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4979             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4980                 return -EOPNOTSUPP;
4981
4982         if (info->attrs[NL80211_ATTR_DURATION]) {
4983                 if (!rdev->ops->mgmt_tx_cancel_wait)
4984                         return -EINVAL;
4985                 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4986         }
4987
4988         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4989                 channel_type = nla_get_u32(
4990                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4991                 if (channel_type != NL80211_CHAN_NO_HT &&
4992                     channel_type != NL80211_CHAN_HT20 &&
4993                     channel_type != NL80211_CHAN_HT40PLUS &&
4994                     channel_type != NL80211_CHAN_HT40MINUS)
4995                         return -EINVAL;
4996                 channel_type_valid = true;
4997         }
4998
4999         offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
5000
5001         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5002         chan = rdev_freq_to_chan(rdev, freq, channel_type);
5003         if (chan == NULL)
5004                 return -EINVAL;
5005
5006         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5007         if (!msg)
5008                 return -ENOMEM;
5009
5010         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5011                              NL80211_CMD_FRAME);
5012
5013         if (IS_ERR(hdr)) {
5014                 err = PTR_ERR(hdr);
5015                 goto free_msg;
5016         }
5017         err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type,
5018                                     channel_type_valid, wait,
5019                                     nla_data(info->attrs[NL80211_ATTR_FRAME]),
5020                                     nla_len(info->attrs[NL80211_ATTR_FRAME]),
5021                                     &cookie);
5022         if (err)
5023                 goto free_msg;
5024
5025         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5026
5027         genlmsg_end(msg, hdr);
5028         return genlmsg_reply(msg, info);
5029
5030  nla_put_failure:
5031         err = -ENOBUFS;
5032  free_msg:
5033         nlmsg_free(msg);
5034         return err;
5035 }
5036
5037 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
5038 {
5039         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5040         struct net_device *dev = info->user_ptr[1];
5041         u64 cookie;
5042
5043         if (!info->attrs[NL80211_ATTR_COOKIE])
5044                 return -EINVAL;
5045
5046         if (!rdev->ops->mgmt_tx_cancel_wait)
5047                 return -EOPNOTSUPP;
5048
5049         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5050             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5051             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5052             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5053             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5054             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5055                 return -EOPNOTSUPP;
5056
5057         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5058
5059         return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie);
5060 }
5061
5062 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
5063 {
5064         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5065         struct wireless_dev *wdev;
5066         struct net_device *dev = info->user_ptr[1];
5067         u8 ps_state;
5068         bool state;
5069         int err;
5070
5071         if (!info->attrs[NL80211_ATTR_PS_STATE])
5072                 return -EINVAL;
5073
5074         ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
5075
5076         if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
5077                 return -EINVAL;
5078
5079         wdev = dev->ieee80211_ptr;
5080
5081         if (!rdev->ops->set_power_mgmt)
5082                 return -EOPNOTSUPP;
5083
5084         state = (ps_state == NL80211_PS_ENABLED) ? true : false;
5085
5086         if (state == wdev->ps)
5087                 return 0;
5088
5089         err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state,
5090                                         wdev->ps_timeout);
5091         if (!err)
5092                 wdev->ps = state;
5093         return err;
5094 }
5095
5096 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5097 {
5098         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5099         enum nl80211_ps_state ps_state;
5100         struct wireless_dev *wdev;
5101         struct net_device *dev = info->user_ptr[1];
5102         struct sk_buff *msg;
5103         void *hdr;
5104         int err;
5105
5106         wdev = dev->ieee80211_ptr;
5107
5108         if (!rdev->ops->set_power_mgmt)
5109                 return -EOPNOTSUPP;
5110
5111         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5112         if (!msg)
5113                 return -ENOMEM;
5114
5115         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5116                              NL80211_CMD_GET_POWER_SAVE);
5117         if (!hdr) {
5118                 err = -ENOBUFS;
5119                 goto free_msg;
5120         }
5121
5122         if (wdev->ps)
5123                 ps_state = NL80211_PS_ENABLED;
5124         else
5125                 ps_state = NL80211_PS_DISABLED;
5126
5127         NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
5128
5129         genlmsg_end(msg, hdr);
5130         return genlmsg_reply(msg, info);
5131
5132  nla_put_failure:
5133         err = -ENOBUFS;
5134  free_msg:
5135         nlmsg_free(msg);
5136         return err;
5137 }
5138
5139 static struct nla_policy
5140 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5141         [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5142         [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5143         [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5144 };
5145
5146 static int nl80211_set_cqm_rssi(struct genl_info *info,
5147                                 s32 threshold, u32 hysteresis)
5148 {
5149         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5150         struct wireless_dev *wdev;
5151         struct net_device *dev = info->user_ptr[1];
5152
5153         if (threshold > 0)
5154                 return -EINVAL;
5155
5156         wdev = dev->ieee80211_ptr;
5157
5158         if (!rdev->ops->set_cqm_rssi_config)
5159                 return -EOPNOTSUPP;
5160
5161         if (wdev->iftype != NL80211_IFTYPE_STATION &&
5162             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
5163                 return -EOPNOTSUPP;
5164
5165         return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5166                                               threshold, hysteresis);
5167 }
5168
5169 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5170 {
5171         struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5172         struct nlattr *cqm;
5173         int err;
5174
5175         cqm = info->attrs[NL80211_ATTR_CQM];
5176         if (!cqm) {
5177                 err = -EINVAL;
5178                 goto out;
5179         }
5180
5181         err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5182                                nl80211_attr_cqm_policy);
5183         if (err)
5184                 goto out;
5185
5186         if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5187             attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5188                 s32 threshold;
5189                 u32 hysteresis;
5190                 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5191                 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5192                 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5193         } else
5194                 err = -EINVAL;
5195
5196 out:
5197         return err;
5198 }
5199
5200 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
5201 {
5202         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5203         struct net_device *dev = info->user_ptr[1];
5204         struct mesh_config cfg;
5205         struct mesh_setup setup;
5206         int err;
5207
5208         /* start with default */
5209         memcpy(&cfg, &default_mesh_config, sizeof(cfg));
5210         memcpy(&setup, &default_mesh_setup, sizeof(setup));
5211
5212         if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
5213                 /* and parse parameters if given */
5214                 err = nl80211_parse_mesh_config(info, &cfg, NULL);
5215                 if (err)
5216                         return err;
5217         }
5218
5219         if (!info->attrs[NL80211_ATTR_MESH_ID] ||
5220             !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
5221                 return -EINVAL;
5222
5223         setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
5224         setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5225
5226         if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
5227                 /* parse additional setup parameters if given */
5228                 err = nl80211_parse_mesh_setup(info, &setup);
5229                 if (err)
5230                         return err;
5231         }
5232
5233         return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
5234 }
5235
5236 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
5237 {
5238         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5239         struct net_device *dev = info->user_ptr[1];
5240
5241         return cfg80211_leave_mesh(rdev, dev);
5242 }
5243
5244 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
5245 {
5246         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5247         struct sk_buff *msg;
5248         void *hdr;
5249
5250         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5251                 return -EOPNOTSUPP;
5252
5253         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5254         if (!msg)
5255                 return -ENOMEM;
5256
5257         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5258                              NL80211_CMD_GET_WOWLAN);
5259         if (!hdr)
5260                 goto nla_put_failure;
5261
5262         if (rdev->wowlan) {
5263                 struct nlattr *nl_wowlan;
5264
5265                 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
5266                 if (!nl_wowlan)
5267                         goto nla_put_failure;
5268
5269                 if (rdev->wowlan->any)
5270                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
5271                 if (rdev->wowlan->disconnect)
5272                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
5273                 if (rdev->wowlan->magic_pkt)
5274                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
5275                 if (rdev->wowlan->n_patterns) {
5276                         struct nlattr *nl_pats, *nl_pat;
5277                         int i, pat_len;
5278
5279                         nl_pats = nla_nest_start(msg,
5280                                         NL80211_WOWLAN_TRIG_PKT_PATTERN);
5281                         if (!nl_pats)
5282                                 goto nla_put_failure;
5283
5284                         for (i = 0; i < rdev->wowlan->n_patterns; i++) {
5285                                 nl_pat = nla_nest_start(msg, i + 1);
5286                                 if (!nl_pat)
5287                                         goto nla_put_failure;
5288                                 pat_len = rdev->wowlan->patterns[i].pattern_len;
5289                                 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_MASK,
5290                                         DIV_ROUND_UP(pat_len, 8),
5291                                         rdev->wowlan->patterns[i].mask);
5292                                 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
5293                                         pat_len,
5294                                         rdev->wowlan->patterns[i].pattern);
5295                                 nla_nest_end(msg, nl_pat);
5296                         }
5297                         nla_nest_end(msg, nl_pats);
5298                 }
5299
5300                 nla_nest_end(msg, nl_wowlan);
5301         }
5302
5303         genlmsg_end(msg, hdr);
5304         return genlmsg_reply(msg, info);
5305
5306 nla_put_failure:
5307         nlmsg_free(msg);
5308         return -ENOBUFS;
5309 }
5310
5311 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
5312 {
5313         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5314         struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
5315         struct cfg80211_wowlan no_triggers = {};
5316         struct cfg80211_wowlan new_triggers = {};
5317         struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
5318         int err, i;
5319
5320         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5321                 return -EOPNOTSUPP;
5322
5323         if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS])
5324                 goto no_triggers;
5325
5326         err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
5327                         nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5328                         nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5329                         nl80211_wowlan_policy);
5330         if (err)
5331                 return err;
5332
5333         if (tb[NL80211_WOWLAN_TRIG_ANY]) {
5334                 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
5335                         return -EINVAL;
5336                 new_triggers.any = true;
5337         }
5338
5339         if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
5340                 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
5341                         return -EINVAL;
5342                 new_triggers.disconnect = true;
5343         }
5344
5345         if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
5346                 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
5347                         return -EINVAL;
5348                 new_triggers.magic_pkt = true;
5349         }
5350
5351         if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
5352                 struct nlattr *pat;
5353                 int n_patterns = 0;
5354                 int rem, pat_len, mask_len;
5355                 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
5356
5357                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
5358                                     rem)
5359                         n_patterns++;
5360                 if (n_patterns > wowlan->n_patterns)
5361                         return -EINVAL;
5362
5363                 new_triggers.patterns = kcalloc(n_patterns,
5364                                                 sizeof(new_triggers.patterns[0]),
5365                                                 GFP_KERNEL);
5366                 if (!new_triggers.patterns)
5367                         return -ENOMEM;
5368
5369                 new_triggers.n_patterns = n_patterns;
5370                 i = 0;
5371
5372                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
5373                                     rem) {
5374                         nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
5375                                   nla_data(pat), nla_len(pat), NULL);
5376                         err = -EINVAL;
5377                         if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
5378                             !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
5379                                 goto error;
5380                         pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
5381                         mask_len = DIV_ROUND_UP(pat_len, 8);
5382                         if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
5383                             mask_len)
5384                                 goto error;
5385                         if (pat_len > wowlan->pattern_max_len ||
5386                             pat_len < wowlan->pattern_min_len)
5387                                 goto error;
5388
5389                         new_triggers.patterns[i].mask =
5390                                 kmalloc(mask_len + pat_len, GFP_KERNEL);
5391                         if (!new_triggers.patterns[i].mask) {
5392                                 err = -ENOMEM;
5393                                 goto error;
5394                         }
5395                         new_triggers.patterns[i].pattern =
5396                                 new_triggers.patterns[i].mask + mask_len;
5397                         memcpy(new_triggers.patterns[i].mask,
5398                                nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
5399                                mask_len);
5400                         new_triggers.patterns[i].pattern_len = pat_len;
5401                         memcpy(new_triggers.patterns[i].pattern,
5402                                nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
5403                                pat_len);
5404                         i++;
5405                 }
5406         }
5407
5408         if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) {
5409                 struct cfg80211_wowlan *ntrig;
5410                 ntrig = kmemdup(&new_triggers, sizeof(new_triggers),
5411                                 GFP_KERNEL);
5412                 if (!ntrig) {
5413                         err = -ENOMEM;
5414                         goto error;
5415                 }
5416                 cfg80211_rdev_free_wowlan(rdev);
5417                 rdev->wowlan = ntrig;
5418         } else {
5419  no_triggers:
5420                 cfg80211_rdev_free_wowlan(rdev);
5421                 rdev->wowlan = NULL;
5422         }
5423
5424         return 0;
5425  error:
5426         for (i = 0; i < new_triggers.n_patterns; i++)
5427                 kfree(new_triggers.patterns[i].mask);
5428         kfree(new_triggers.patterns);
5429         return err;
5430 }
5431
5432 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
5433 {
5434         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5435         struct net_device *dev = info->user_ptr[1];
5436         struct wireless_dev *wdev = dev->ieee80211_ptr;
5437         struct nlattr *tb[NUM_NL80211_REKEY_DATA];
5438         struct cfg80211_gtk_rekey_data rekey_data;
5439         int err;
5440
5441         if (!info->attrs[NL80211_ATTR_REKEY_DATA])
5442                 return -EINVAL;
5443
5444         err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
5445                         nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
5446                         nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
5447                         nl80211_rekey_policy);
5448         if (err)
5449                 return err;
5450
5451         if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
5452                 return -ERANGE;
5453         if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
5454                 return -ERANGE;
5455         if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
5456                 return -ERANGE;
5457
5458         memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
5459                NL80211_KEK_LEN);
5460         memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
5461                NL80211_KCK_LEN);
5462         memcpy(rekey_data.replay_ctr,
5463                nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
5464                NL80211_REPLAY_CTR_LEN);
5465
5466         wdev_lock(wdev);
5467         if (!wdev->current_bss) {
5468                 err = -ENOTCONN;
5469                 goto out;
5470         }
5471
5472         if (!rdev->ops->set_rekey_data) {
5473                 err = -EOPNOTSUPP;
5474                 goto out;
5475         }
5476
5477         err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data);
5478  out:
5479         wdev_unlock(wdev);
5480         return err;
5481 }
5482
5483 #define NL80211_FLAG_NEED_WIPHY         0x01
5484 #define NL80211_FLAG_NEED_NETDEV        0x02
5485 #define NL80211_FLAG_NEED_RTNL          0x04
5486 #define NL80211_FLAG_CHECK_NETDEV_UP    0x08
5487 #define NL80211_FLAG_NEED_NETDEV_UP     (NL80211_FLAG_NEED_NETDEV |\
5488                                          NL80211_FLAG_CHECK_NETDEV_UP)
5489
5490 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
5491                             struct genl_info *info)
5492 {
5493         struct cfg80211_registered_device *rdev;
5494         struct net_device *dev;
5495         int err;
5496         bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
5497
5498         if (rtnl)
5499                 rtnl_lock();
5500
5501         if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
5502                 rdev = cfg80211_get_dev_from_info(info);
5503                 if (IS_ERR(rdev)) {
5504                         if (rtnl)
5505                                 rtnl_unlock();
5506                         return PTR_ERR(rdev);
5507                 }
5508                 info->user_ptr[0] = rdev;
5509         } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
5510                 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
5511                 if (err) {
5512                         if (rtnl)
5513                                 rtnl_unlock();
5514                         return err;
5515                 }
5516                 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
5517                     !netif_running(dev)) {
5518                         cfg80211_unlock_rdev(rdev);
5519                         dev_put(dev);
5520                         if (rtnl)
5521                                 rtnl_unlock();
5522                         return -ENETDOWN;
5523                 }
5524                 info->user_ptr[0] = rdev;
5525                 info->user_ptr[1] = dev;
5526         }
5527
5528         return 0;
5529 }
5530
5531 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
5532                               struct genl_info *info)
5533 {
5534         if (info->user_ptr[0])
5535                 cfg80211_unlock_rdev(info->user_ptr[0]);
5536         if (info->user_ptr[1])
5537                 dev_put(info->user_ptr[1]);
5538         if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
5539                 rtnl_unlock();
5540 }
5541
5542 static struct genl_ops nl80211_ops[] = {
5543         {
5544                 .cmd = NL80211_CMD_GET_WIPHY,
5545                 .doit = nl80211_get_wiphy,
5546                 .dumpit = nl80211_dump_wiphy,
5547                 .policy = nl80211_policy,
5548                 /* can be retrieved by unprivileged users */
5549                 .internal_flags = NL80211_FLAG_NEED_WIPHY,
5550         },
5551         {
5552                 .cmd = NL80211_CMD_SET_WIPHY,
5553                 .doit = nl80211_set_wiphy,
5554                 .policy = nl80211_policy,
5555                 .flags = GENL_ADMIN_PERM,
5556                 .internal_flags = NL80211_FLAG_NEED_RTNL,
5557         },
5558         {
5559                 .cmd = NL80211_CMD_GET_INTERFACE,
5560                 .doit = nl80211_get_interface,
5561                 .dumpit = nl80211_dump_interface,
5562                 .policy = nl80211_policy,
5563                 /* can be retrieved by unprivileged users */
5564                 .internal_flags = NL80211_FLAG_NEED_NETDEV,
5565         },
5566         {
5567                 .cmd = NL80211_CMD_SET_INTERFACE,
5568                 .doit = nl80211_set_interface,
5569                 .policy = nl80211_policy,
5570                 .flags = GENL_ADMIN_PERM,
5571                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5572                                   NL80211_FLAG_NEED_RTNL,
5573         },
5574         {
5575                 .cmd = NL80211_CMD_NEW_INTERFACE,
5576                 .doit = nl80211_new_interface,
5577                 .policy = nl80211_policy,
5578                 .flags = GENL_ADMIN_PERM,
5579                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5580                                   NL80211_FLAG_NEED_RTNL,
5581         },
5582         {
5583                 .cmd = NL80211_CMD_DEL_INTERFACE,
5584                 .doit = nl80211_del_interface,
5585                 .policy = nl80211_policy,
5586                 .flags = GENL_ADMIN_PERM,
5587                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5588                                   NL80211_FLAG_NEED_RTNL,
5589         },
5590         {
5591                 .cmd = NL80211_CMD_GET_KEY,
5592                 .doit = nl80211_get_key,
5593                 .policy = nl80211_policy,
5594                 .flags = GENL_ADMIN_PERM,
5595                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5596                                   NL80211_FLAG_NEED_RTNL,
5597         },
5598         {
5599                 .cmd = NL80211_CMD_SET_KEY,
5600                 .doit = nl80211_set_key,
5601                 .policy = nl80211_policy,
5602                 .flags = GENL_ADMIN_PERM,
5603                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5604                                   NL80211_FLAG_NEED_RTNL,
5605         },
5606         {
5607                 .cmd = NL80211_CMD_NEW_KEY,
5608                 .doit = nl80211_new_key,
5609                 .policy = nl80211_policy,
5610                 .flags = GENL_ADMIN_PERM,
5611                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5612                                   NL80211_FLAG_NEED_RTNL,
5613         },
5614         {
5615                 .cmd = NL80211_CMD_DEL_KEY,
5616                 .doit = nl80211_del_key,
5617                 .policy = nl80211_policy,
5618                 .flags = GENL_ADMIN_PERM,
5619                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5620                                   NL80211_FLAG_NEED_RTNL,
5621         },
5622         {
5623                 .cmd = NL80211_CMD_SET_BEACON,
5624                 .policy = nl80211_policy,
5625                 .flags = GENL_ADMIN_PERM,
5626                 .doit = nl80211_addset_beacon,
5627                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5628                                   NL80211_FLAG_NEED_RTNL,
5629         },
5630         {
5631                 .cmd = NL80211_CMD_NEW_BEACON,
5632                 .policy = nl80211_policy,
5633                 .flags = GENL_ADMIN_PERM,
5634                 .doit = nl80211_addset_beacon,
5635                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5636                                   NL80211_FLAG_NEED_RTNL,
5637         },
5638         {
5639                 .cmd = NL80211_CMD_DEL_BEACON,
5640                 .policy = nl80211_policy,
5641                 .flags = GENL_ADMIN_PERM,
5642                 .doit = nl80211_del_beacon,
5643                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5644                                   NL80211_FLAG_NEED_RTNL,
5645         },
5646         {
5647                 .cmd = NL80211_CMD_GET_STATION,
5648                 .doit = nl80211_get_station,
5649                 .dumpit = nl80211_dump_station,
5650                 .policy = nl80211_policy,
5651                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5652                                   NL80211_FLAG_NEED_RTNL,
5653         },
5654         {
5655                 .cmd = NL80211_CMD_SET_STATION,
5656                 .doit = nl80211_set_station,
5657                 .policy = nl80211_policy,
5658                 .flags = GENL_ADMIN_PERM,
5659                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5660                                   NL80211_FLAG_NEED_RTNL,
5661         },
5662         {
5663                 .cmd = NL80211_CMD_NEW_STATION,
5664                 .doit = nl80211_new_station,
5665                 .policy = nl80211_policy,
5666                 .flags = GENL_ADMIN_PERM,
5667                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5668                                   NL80211_FLAG_NEED_RTNL,
5669         },
5670         {
5671                 .cmd = NL80211_CMD_DEL_STATION,
5672                 .doit = nl80211_del_station,
5673                 .policy = nl80211_policy,
5674                 .flags = GENL_ADMIN_PERM,
5675                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5676                                   NL80211_FLAG_NEED_RTNL,
5677         },
5678         {
5679                 .cmd = NL80211_CMD_GET_MPATH,
5680                 .doit = nl80211_get_mpath,
5681                 .dumpit = nl80211_dump_mpath,
5682                 .policy = nl80211_policy,
5683                 .flags = GENL_ADMIN_PERM,
5684                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5685                                   NL80211_FLAG_NEED_RTNL,
5686         },
5687         {
5688                 .cmd = NL80211_CMD_SET_MPATH,
5689                 .doit = nl80211_set_mpath,
5690                 .policy = nl80211_policy,
5691                 .flags = GENL_ADMIN_PERM,
5692                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5693                                   NL80211_FLAG_NEED_RTNL,
5694         },
5695         {
5696                 .cmd = NL80211_CMD_NEW_MPATH,
5697                 .doit = nl80211_new_mpath,
5698                 .policy = nl80211_policy,
5699                 .flags = GENL_ADMIN_PERM,
5700                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5701                                   NL80211_FLAG_NEED_RTNL,
5702         },
5703         {
5704                 .cmd = NL80211_CMD_DEL_MPATH,
5705                 .doit = nl80211_del_mpath,
5706                 .policy = nl80211_policy,
5707                 .flags = GENL_ADMIN_PERM,
5708                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5709                                   NL80211_FLAG_NEED_RTNL,
5710         },
5711         {
5712                 .cmd = NL80211_CMD_SET_BSS,
5713                 .doit = nl80211_set_bss,
5714                 .policy = nl80211_policy,
5715                 .flags = GENL_ADMIN_PERM,
5716                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5717                                   NL80211_FLAG_NEED_RTNL,
5718         },
5719         {
5720                 .cmd = NL80211_CMD_GET_REG,
5721                 .doit = nl80211_get_reg,
5722                 .policy = nl80211_policy,
5723                 /* can be retrieved by unprivileged users */
5724         },
5725         {
5726                 .cmd = NL80211_CMD_SET_REG,
5727                 .doit = nl80211_set_reg,
5728                 .policy = nl80211_policy,
5729                 .flags = GENL_ADMIN_PERM,
5730         },
5731         {
5732                 .cmd = NL80211_CMD_REQ_SET_REG,
5733                 .doit = nl80211_req_set_reg,
5734                 .policy = nl80211_policy,
5735                 .flags = GENL_ADMIN_PERM,
5736         },
5737         {
5738                 .cmd = NL80211_CMD_GET_MESH_CONFIG,
5739                 .doit = nl80211_get_mesh_config,
5740                 .policy = nl80211_policy,
5741                 /* can be retrieved by unprivileged users */
5742                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5743                                   NL80211_FLAG_NEED_RTNL,
5744         },
5745         {
5746                 .cmd = NL80211_CMD_SET_MESH_CONFIG,
5747                 .doit = nl80211_update_mesh_config,
5748                 .policy = nl80211_policy,
5749                 .flags = GENL_ADMIN_PERM,
5750                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5751                                   NL80211_FLAG_NEED_RTNL,
5752         },
5753         {
5754                 .cmd = NL80211_CMD_TRIGGER_SCAN,
5755                 .doit = nl80211_trigger_scan,
5756                 .policy = nl80211_policy,
5757                 .flags = GENL_ADMIN_PERM,
5758                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5759                                   NL80211_FLAG_NEED_RTNL,
5760         },
5761         {
5762                 .cmd = NL80211_CMD_GET_SCAN,
5763                 .policy = nl80211_policy,
5764                 .dumpit = nl80211_dump_scan,
5765         },
5766         {
5767                 .cmd = NL80211_CMD_START_SCHED_SCAN,
5768                 .doit = nl80211_start_sched_scan,
5769                 .policy = nl80211_policy,
5770                 .flags = GENL_ADMIN_PERM,
5771                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5772                                   NL80211_FLAG_NEED_RTNL,
5773         },
5774         {
5775                 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
5776                 .doit = nl80211_stop_sched_scan,
5777                 .policy = nl80211_policy,
5778                 .flags = GENL_ADMIN_PERM,
5779                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5780                                   NL80211_FLAG_NEED_RTNL,
5781         },
5782         {
5783                 .cmd = NL80211_CMD_AUTHENTICATE,
5784                 .doit = nl80211_authenticate,
5785                 .policy = nl80211_policy,
5786                 .flags = GENL_ADMIN_PERM,
5787                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5788                                   NL80211_FLAG_NEED_RTNL,
5789         },
5790         {
5791                 .cmd = NL80211_CMD_ASSOCIATE,
5792                 .doit = nl80211_associate,
5793                 .policy = nl80211_policy,
5794                 .flags = GENL_ADMIN_PERM,
5795                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5796                                   NL80211_FLAG_NEED_RTNL,
5797         },
5798         {
5799                 .cmd = NL80211_CMD_DEAUTHENTICATE,
5800                 .doit = nl80211_deauthenticate,
5801                 .policy = nl80211_policy,
5802                 .flags = GENL_ADMIN_PERM,
5803                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5804                                   NL80211_FLAG_NEED_RTNL,
5805         },
5806         {
5807                 .cmd = NL80211_CMD_DISASSOCIATE,
5808                 .doit = nl80211_disassociate,
5809                 .policy = nl80211_policy,
5810                 .flags = GENL_ADMIN_PERM,
5811                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5812                                   NL80211_FLAG_NEED_RTNL,
5813         },
5814         {
5815                 .cmd = NL80211_CMD_JOIN_IBSS,
5816                 .doit = nl80211_join_ibss,
5817                 .policy = nl80211_policy,
5818                 .flags = GENL_ADMIN_PERM,
5819                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5820                                   NL80211_FLAG_NEED_RTNL,
5821         },
5822         {
5823                 .cmd = NL80211_CMD_LEAVE_IBSS,
5824                 .doit = nl80211_leave_ibss,
5825                 .policy = nl80211_policy,
5826                 .flags = GENL_ADMIN_PERM,
5827                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5828                                   NL80211_FLAG_NEED_RTNL,
5829         },
5830 #ifdef CONFIG_NL80211_TESTMODE
5831         {
5832                 .cmd = NL80211_CMD_TESTMODE,
5833                 .doit = nl80211_testmode_do,
5834                 .dumpit = nl80211_testmode_dump,
5835                 .policy = nl80211_policy,
5836                 .flags = GENL_ADMIN_PERM,
5837                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5838                                   NL80211_FLAG_NEED_RTNL,
5839         },
5840 #endif
5841         {
5842                 .cmd = NL80211_CMD_CONNECT,
5843                 .doit = nl80211_connect,
5844                 .policy = nl80211_policy,
5845                 .flags = GENL_ADMIN_PERM,
5846                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5847                                   NL80211_FLAG_NEED_RTNL,
5848         },
5849         {
5850                 .cmd = NL80211_CMD_DISCONNECT,
5851                 .doit = nl80211_disconnect,
5852                 .policy = nl80211_policy,
5853                 .flags = GENL_ADMIN_PERM,
5854                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5855                                   NL80211_FLAG_NEED_RTNL,
5856         },
5857         {
5858                 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
5859                 .doit = nl80211_wiphy_netns,
5860                 .policy = nl80211_policy,
5861                 .flags = GENL_ADMIN_PERM,
5862                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5863                                   NL80211_FLAG_NEED_RTNL,
5864         },
5865         {
5866                 .cmd = NL80211_CMD_GET_SURVEY,
5867                 .policy = nl80211_policy,
5868                 .dumpit = nl80211_dump_survey,
5869         },
5870         {
5871                 .cmd = NL80211_CMD_SET_PMKSA,
5872                 .doit = nl80211_setdel_pmksa,
5873                 .policy = nl80211_policy,
5874                 .flags = GENL_ADMIN_PERM,
5875                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5876                                   NL80211_FLAG_NEED_RTNL,
5877         },
5878         {
5879                 .cmd = NL80211_CMD_DEL_PMKSA,
5880                 .doit = nl80211_setdel_pmksa,
5881                 .policy = nl80211_policy,
5882                 .flags = GENL_ADMIN_PERM,
5883                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5884                                   NL80211_FLAG_NEED_RTNL,
5885         },
5886         {
5887                 .cmd = NL80211_CMD_FLUSH_PMKSA,
5888                 .doit = nl80211_flush_pmksa,
5889                 .policy = nl80211_policy,
5890                 .flags = GENL_ADMIN_PERM,
5891                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5892                                   NL80211_FLAG_NEED_RTNL,
5893         },
5894         {
5895                 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
5896                 .doit = nl80211_remain_on_channel,
5897                 .policy = nl80211_policy,
5898                 .flags = GENL_ADMIN_PERM,
5899                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5900                                   NL80211_FLAG_NEED_RTNL,
5901         },
5902         {
5903                 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
5904                 .doit = nl80211_cancel_remain_on_channel,
5905                 .policy = nl80211_policy,
5906                 .flags = GENL_ADMIN_PERM,
5907                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5908                                   NL80211_FLAG_NEED_RTNL,
5909         },
5910         {
5911                 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
5912                 .doit = nl80211_set_tx_bitrate_mask,
5913                 .policy = nl80211_policy,
5914                 .flags = GENL_ADMIN_PERM,
5915                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5916                                   NL80211_FLAG_NEED_RTNL,
5917         },
5918         {
5919                 .cmd = NL80211_CMD_REGISTER_FRAME,
5920                 .doit = nl80211_register_mgmt,
5921                 .policy = nl80211_policy,
5922                 .flags = GENL_ADMIN_PERM,
5923                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5924                                   NL80211_FLAG_NEED_RTNL,
5925         },
5926         {
5927                 .cmd = NL80211_CMD_FRAME,
5928                 .doit = nl80211_tx_mgmt,
5929                 .policy = nl80211_policy,
5930                 .flags = GENL_ADMIN_PERM,
5931                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5932                                   NL80211_FLAG_NEED_RTNL,
5933         },
5934         {
5935                 .cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
5936                 .doit = nl80211_tx_mgmt_cancel_wait,
5937                 .policy = nl80211_policy,
5938                 .flags = GENL_ADMIN_PERM,
5939                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5940                                   NL80211_FLAG_NEED_RTNL,
5941         },
5942         {
5943                 .cmd = NL80211_CMD_SET_POWER_SAVE,
5944                 .doit = nl80211_set_power_save,
5945                 .policy = nl80211_policy,
5946                 .flags = GENL_ADMIN_PERM,
5947                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5948                                   NL80211_FLAG_NEED_RTNL,
5949         },
5950         {
5951                 .cmd = NL80211_CMD_GET_POWER_SAVE,
5952                 .doit = nl80211_get_power_save,
5953                 .policy = nl80211_policy,
5954                 /* can be retrieved by unprivileged users */
5955                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5956                                   NL80211_FLAG_NEED_RTNL