cfg80211/mac80211: extensible frame processing
[linux-2.6.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25
26 /* the netlink family */
27 static struct genl_family nl80211_fam = {
28         .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
29         .name = "nl80211",      /* have users key off the name instead */
30         .hdrsize = 0,           /* no private header */
31         .version = 1,           /* no particular meaning now */
32         .maxattr = NL80211_ATTR_MAX,
33         .netnsok = true,
34 };
35
36 /* internal helper: get rdev and dev */
37 static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
38                                        struct cfg80211_registered_device **rdev,
39                                        struct net_device **dev)
40 {
41         struct nlattr **attrs = info->attrs;
42         int ifindex;
43
44         if (!attrs[NL80211_ATTR_IFINDEX])
45                 return -EINVAL;
46
47         ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
48         *dev = dev_get_by_index(genl_info_net(info), ifindex);
49         if (!*dev)
50                 return -ENODEV;
51
52         *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex);
53         if (IS_ERR(*rdev)) {
54                 dev_put(*dev);
55                 return PTR_ERR(*rdev);
56         }
57
58         return 0;
59 }
60
61 /* policy for the attributes */
62 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
63         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
64         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
65                                       .len = 20-1 },
66         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
67         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
68         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
69         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
70         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
71         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
72         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
73         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
74
75         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
76         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
77         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
78
79         [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
80         [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
81
82         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
83         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
84                                     .len = WLAN_MAX_KEY_LEN },
85         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
86         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
87         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
88         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
89
90         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
91         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
92         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
93                                        .len = IEEE80211_MAX_DATA_LEN },
94         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
95                                        .len = IEEE80211_MAX_DATA_LEN },
96         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
97         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
98         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
99         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
100                                                .len = NL80211_MAX_SUPP_RATES },
101         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
102         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
103         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
104         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
105                                 .len = IEEE80211_MAX_MESH_ID_LEN },
106         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
107
108         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
109         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
110
111         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
112         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
113         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
114         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
115                                            .len = NL80211_MAX_SUPP_RATES },
116
117         [NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED },
118
119         [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
120                                          .len = NL80211_HT_CAPABILITY_LEN },
121
122         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
123         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
124                               .len = IEEE80211_MAX_DATA_LEN },
125         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
126         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
127
128         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
129                                 .len = IEEE80211_MAX_SSID_LEN },
130         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
131         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
132         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
133         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
134         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
135         [NL80211_ATTR_STA_FLAGS2] = {
136                 .len = sizeof(struct nl80211_sta_flag_update),
137         },
138         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
139         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
140         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
141         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
142         [NL80211_ATTR_PID] = { .type = NLA_U32 },
143         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
144         [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
145                                  .len = WLAN_PMKID_LEN },
146         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
147         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
148         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
149         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
150                                  .len = IEEE80211_MAX_DATA_LEN },
151         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
152         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
153         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
154         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
155         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
156
157         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
158         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
159         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
160 };
161
162 /* policy for the attributes */
163 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
164         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
165         [NL80211_KEY_IDX] = { .type = NLA_U8 },
166         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
167         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
168         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
169         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
170 };
171
172 /* ifidx get helper */
173 static int nl80211_get_ifidx(struct netlink_callback *cb)
174 {
175         int res;
176
177         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
178                           nl80211_fam.attrbuf, nl80211_fam.maxattr,
179                           nl80211_policy);
180         if (res)
181                 return res;
182
183         if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
184                 return -EINVAL;
185
186         res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
187         if (!res)
188                 return -EINVAL;
189         return res;
190 }
191
192 /* IE validation */
193 static bool is_valid_ie_attr(const struct nlattr *attr)
194 {
195         const u8 *pos;
196         int len;
197
198         if (!attr)
199                 return true;
200
201         pos = nla_data(attr);
202         len = nla_len(attr);
203
204         while (len) {
205                 u8 elemlen;
206
207                 if (len < 2)
208                         return false;
209                 len -= 2;
210
211                 elemlen = pos[1];
212                 if (elemlen > len)
213                         return false;
214
215                 len -= elemlen;
216                 pos += 2 + elemlen;
217         }
218
219         return true;
220 }
221
222 /* message building helper */
223 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
224                                    int flags, u8 cmd)
225 {
226         /* since there is no private header just add the generic one */
227         return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
228 }
229
230 static int nl80211_msg_put_channel(struct sk_buff *msg,
231                                    struct ieee80211_channel *chan)
232 {
233         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
234                     chan->center_freq);
235
236         if (chan->flags & IEEE80211_CHAN_DISABLED)
237                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
238         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
239                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
240         if (chan->flags & IEEE80211_CHAN_NO_IBSS)
241                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
242         if (chan->flags & IEEE80211_CHAN_RADAR)
243                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
244
245         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
246                     DBM_TO_MBM(chan->max_power));
247
248         return 0;
249
250  nla_put_failure:
251         return -ENOBUFS;
252 }
253
254 /* netlink command implementations */
255
256 struct key_parse {
257         struct key_params p;
258         int idx;
259         bool def, defmgmt;
260 };
261
262 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
263 {
264         struct nlattr *tb[NL80211_KEY_MAX + 1];
265         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
266                                    nl80211_key_policy);
267         if (err)
268                 return err;
269
270         k->def = !!tb[NL80211_KEY_DEFAULT];
271         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
272
273         if (tb[NL80211_KEY_IDX])
274                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
275
276         if (tb[NL80211_KEY_DATA]) {
277                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
278                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
279         }
280
281         if (tb[NL80211_KEY_SEQ]) {
282                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
283                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
284         }
285
286         if (tb[NL80211_KEY_CIPHER])
287                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
288
289         return 0;
290 }
291
292 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
293 {
294         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
295                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
296                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
297         }
298
299         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
300                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
301                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
302         }
303
304         if (info->attrs[NL80211_ATTR_KEY_IDX])
305                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
306
307         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
308                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
309
310         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
311         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
312
313         return 0;
314 }
315
316 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
317 {
318         int err;
319
320         memset(k, 0, sizeof(*k));
321         k->idx = -1;
322
323         if (info->attrs[NL80211_ATTR_KEY])
324                 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
325         else
326                 err = nl80211_parse_key_old(info, k);
327
328         if (err)
329                 return err;
330
331         if (k->def && k->defmgmt)
332                 return -EINVAL;
333
334         if (k->idx != -1) {
335                 if (k->defmgmt) {
336                         if (k->idx < 4 || k->idx > 5)
337                                 return -EINVAL;
338                 } else if (k->def) {
339                         if (k->idx < 0 || k->idx > 3)
340                                 return -EINVAL;
341                 } else {
342                         if (k->idx < 0 || k->idx > 5)
343                                 return -EINVAL;
344                 }
345         }
346
347         return 0;
348 }
349
350 static struct cfg80211_cached_keys *
351 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
352                        struct nlattr *keys)
353 {
354         struct key_parse parse;
355         struct nlattr *key;
356         struct cfg80211_cached_keys *result;
357         int rem, err, def = 0;
358
359         result = kzalloc(sizeof(*result), GFP_KERNEL);
360         if (!result)
361                 return ERR_PTR(-ENOMEM);
362
363         result->def = -1;
364         result->defmgmt = -1;
365
366         nla_for_each_nested(key, keys, rem) {
367                 memset(&parse, 0, sizeof(parse));
368                 parse.idx = -1;
369
370                 err = nl80211_parse_key_new(key, &parse);
371                 if (err)
372                         goto error;
373                 err = -EINVAL;
374                 if (!parse.p.key)
375                         goto error;
376                 if (parse.idx < 0 || parse.idx > 4)
377                         goto error;
378                 if (parse.def) {
379                         if (def)
380                                 goto error;
381                         def = 1;
382                         result->def = parse.idx;
383                 } else if (parse.defmgmt)
384                         goto error;
385                 err = cfg80211_validate_key_settings(rdev, &parse.p,
386                                                      parse.idx, NULL);
387                 if (err)
388                         goto error;
389                 result->params[parse.idx].cipher = parse.p.cipher;
390                 result->params[parse.idx].key_len = parse.p.key_len;
391                 result->params[parse.idx].key = result->data[parse.idx];
392                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
393         }
394
395         return result;
396  error:
397         kfree(result);
398         return ERR_PTR(err);
399 }
400
401 static int nl80211_key_allowed(struct wireless_dev *wdev)
402 {
403         ASSERT_WDEV_LOCK(wdev);
404
405         if (!netif_running(wdev->netdev))
406                 return -ENETDOWN;
407
408         switch (wdev->iftype) {
409         case NL80211_IFTYPE_AP:
410         case NL80211_IFTYPE_AP_VLAN:
411                 break;
412         case NL80211_IFTYPE_ADHOC:
413                 if (!wdev->current_bss)
414                         return -ENOLINK;
415                 break;
416         case NL80211_IFTYPE_STATION:
417                 if (wdev->sme_state != CFG80211_SME_CONNECTED)
418                         return -ENOLINK;
419                 break;
420         default:
421                 return -EINVAL;
422         }
423
424         return 0;
425 }
426
427 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
428                               struct cfg80211_registered_device *dev)
429 {
430         void *hdr;
431         struct nlattr *nl_bands, *nl_band;
432         struct nlattr *nl_freqs, *nl_freq;
433         struct nlattr *nl_rates, *nl_rate;
434         struct nlattr *nl_modes;
435         struct nlattr *nl_cmds;
436         enum ieee80211_band band;
437         struct ieee80211_channel *chan;
438         struct ieee80211_rate *rate;
439         int i;
440         u16 ifmodes = dev->wiphy.interface_modes;
441         const struct ieee80211_txrx_stypes *mgmt_stypes =
442                                 dev->wiphy.mgmt_stypes;
443
444         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
445         if (!hdr)
446                 return -1;
447
448         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
449         NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
450
451         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
452                     cfg80211_rdev_list_generation);
453
454         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
455                    dev->wiphy.retry_short);
456         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
457                    dev->wiphy.retry_long);
458         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
459                     dev->wiphy.frag_threshold);
460         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
461                     dev->wiphy.rts_threshold);
462         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
463                     dev->wiphy.coverage_class);
464
465         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
466                    dev->wiphy.max_scan_ssids);
467         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
468                     dev->wiphy.max_scan_ie_len);
469
470         NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
471                 sizeof(u32) * dev->wiphy.n_cipher_suites,
472                 dev->wiphy.cipher_suites);
473
474         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
475                    dev->wiphy.max_num_pmkids);
476
477         nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES);
478         if (!nl_modes)
479                 goto nla_put_failure;
480
481         i = 0;
482         while (ifmodes) {
483                 if (ifmodes & 1)
484                         NLA_PUT_FLAG(msg, i);
485                 ifmodes >>= 1;
486                 i++;
487         }
488
489         nla_nest_end(msg, nl_modes);
490
491         nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
492         if (!nl_bands)
493                 goto nla_put_failure;
494
495         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
496                 if (!dev->wiphy.bands[band])
497                         continue;
498
499                 nl_band = nla_nest_start(msg, band);
500                 if (!nl_band)
501                         goto nla_put_failure;
502
503                 /* add HT info */
504                 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
505                         NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
506                                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
507                                 &dev->wiphy.bands[band]->ht_cap.mcs);
508                         NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
509                                 dev->wiphy.bands[band]->ht_cap.cap);
510                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
511                                 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
512                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
513                                 dev->wiphy.bands[band]->ht_cap.ampdu_density);
514                 }
515
516                 /* add frequencies */
517                 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
518                 if (!nl_freqs)
519                         goto nla_put_failure;
520
521                 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
522                         nl_freq = nla_nest_start(msg, i);
523                         if (!nl_freq)
524                                 goto nla_put_failure;
525
526                         chan = &dev->wiphy.bands[band]->channels[i];
527
528                         if (nl80211_msg_put_channel(msg, chan))
529                                 goto nla_put_failure;
530
531                         nla_nest_end(msg, nl_freq);
532                 }
533
534                 nla_nest_end(msg, nl_freqs);
535
536                 /* add bitrates */
537                 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
538                 if (!nl_rates)
539                         goto nla_put_failure;
540
541                 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
542                         nl_rate = nla_nest_start(msg, i);
543                         if (!nl_rate)
544                                 goto nla_put_failure;
545
546                         rate = &dev->wiphy.bands[band]->bitrates[i];
547                         NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
548                                     rate->bitrate);
549                         if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
550                                 NLA_PUT_FLAG(msg,
551                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
552
553                         nla_nest_end(msg, nl_rate);
554                 }
555
556                 nla_nest_end(msg, nl_rates);
557
558                 nla_nest_end(msg, nl_band);
559         }
560         nla_nest_end(msg, nl_bands);
561
562         nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
563         if (!nl_cmds)
564                 goto nla_put_failure;
565
566         i = 0;
567 #define CMD(op, n)                                              \
568          do {                                                   \
569                 if (dev->ops->op) {                             \
570                         i++;                                    \
571                         NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
572                 }                                               \
573         } while (0)
574
575         CMD(add_virtual_intf, NEW_INTERFACE);
576         CMD(change_virtual_intf, SET_INTERFACE);
577         CMD(add_key, NEW_KEY);
578         CMD(add_beacon, NEW_BEACON);
579         CMD(add_station, NEW_STATION);
580         CMD(add_mpath, NEW_MPATH);
581         CMD(set_mesh_params, SET_MESH_PARAMS);
582         CMD(change_bss, SET_BSS);
583         CMD(auth, AUTHENTICATE);
584         CMD(assoc, ASSOCIATE);
585         CMD(deauth, DEAUTHENTICATE);
586         CMD(disassoc, DISASSOCIATE);
587         CMD(join_ibss, JOIN_IBSS);
588         CMD(set_pmksa, SET_PMKSA);
589         CMD(del_pmksa, DEL_PMKSA);
590         CMD(flush_pmksa, FLUSH_PMKSA);
591         CMD(remain_on_channel, REMAIN_ON_CHANNEL);
592         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
593         CMD(mgmt_tx, FRAME);
594         if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
595                 i++;
596                 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
597         }
598         CMD(set_channel, SET_CHANNEL);
599
600 #undef CMD
601
602         if (dev->ops->connect || dev->ops->auth) {
603                 i++;
604                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
605         }
606
607         if (dev->ops->disconnect || dev->ops->deauth) {
608                 i++;
609                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
610         }
611
612         nla_nest_end(msg, nl_cmds);
613
614         if (mgmt_stypes) {
615                 u16 stypes;
616                 struct nlattr *nl_ftypes, *nl_ifs;
617                 enum nl80211_iftype ift;
618
619                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
620                 if (!nl_ifs)
621                         goto nla_put_failure;
622
623                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
624                         nl_ftypes = nla_nest_start(msg, ift);
625                         if (!nl_ftypes)
626                                 goto nla_put_failure;
627                         i = 0;
628                         stypes = mgmt_stypes[ift].tx;
629                         while (stypes) {
630                                 if (stypes & 1)
631                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
632                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
633                                 stypes >>= 1;
634                                 i++;
635                         }
636                         nla_nest_end(msg, nl_ftypes);
637                 }
638
639                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
640                 if (!nl_ifs)
641                         goto nla_put_failure;
642
643                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
644                         nl_ftypes = nla_nest_start(msg, ift);
645                         if (!nl_ftypes)
646                                 goto nla_put_failure;
647                         i = 0;
648                         stypes = mgmt_stypes[ift].rx;
649                         while (stypes) {
650                                 if (stypes & 1)
651                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
652                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
653                                 stypes >>= 1;
654                                 i++;
655                         }
656                         nla_nest_end(msg, nl_ftypes);
657                 }
658                 nla_nest_end(msg, nl_ifs);
659         }
660
661         return genlmsg_end(msg, hdr);
662
663  nla_put_failure:
664         genlmsg_cancel(msg, hdr);
665         return -EMSGSIZE;
666 }
667
668 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
669 {
670         int idx = 0;
671         int start = cb->args[0];
672         struct cfg80211_registered_device *dev;
673
674         mutex_lock(&cfg80211_mutex);
675         list_for_each_entry(dev, &cfg80211_rdev_list, list) {
676                 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
677                         continue;
678                 if (++idx <= start)
679                         continue;
680                 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
681                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
682                                        dev) < 0) {
683                         idx--;
684                         break;
685                 }
686         }
687         mutex_unlock(&cfg80211_mutex);
688
689         cb->args[0] = idx;
690
691         return skb->len;
692 }
693
694 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
695 {
696         struct sk_buff *msg;
697         struct cfg80211_registered_device *dev;
698
699         dev = cfg80211_get_dev_from_info(info);
700         if (IS_ERR(dev))
701                 return PTR_ERR(dev);
702
703         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
704         if (!msg)
705                 goto out_err;
706
707         if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0)
708                 goto out_free;
709
710         cfg80211_unlock_rdev(dev);
711
712         return genlmsg_reply(msg, info);
713
714  out_free:
715         nlmsg_free(msg);
716  out_err:
717         cfg80211_unlock_rdev(dev);
718         return -ENOBUFS;
719 }
720
721 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
722         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
723         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
724         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
725         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
726         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
727 };
728
729 static int parse_txq_params(struct nlattr *tb[],
730                             struct ieee80211_txq_params *txq_params)
731 {
732         if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
733             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
734             !tb[NL80211_TXQ_ATTR_AIFS])
735                 return -EINVAL;
736
737         txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
738         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
739         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
740         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
741         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
742
743         return 0;
744 }
745
746 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
747 {
748         /*
749          * You can only set the channel explicitly for AP, mesh
750          * and WDS type interfaces; all others have their channel
751          * managed via their respective "establish a connection"
752          * command (connect, join, ...)
753          *
754          * Monitors are special as they are normally slaved to
755          * whatever else is going on, so they behave as though
756          * you tried setting the wiphy channel itself.
757          */
758         return !wdev ||
759                 wdev->iftype == NL80211_IFTYPE_AP ||
760                 wdev->iftype == NL80211_IFTYPE_WDS ||
761                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
762                 wdev->iftype == NL80211_IFTYPE_MONITOR;
763 }
764
765 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
766                                  struct wireless_dev *wdev,
767                                  struct genl_info *info)
768 {
769         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
770         u32 freq;
771         int result;
772
773         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
774                 return -EINVAL;
775
776         if (!nl80211_can_set_dev_channel(wdev))
777                 return -EOPNOTSUPP;
778
779         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
780                 channel_type = nla_get_u32(info->attrs[
781                                    NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
782                 if (channel_type != NL80211_CHAN_NO_HT &&
783                     channel_type != NL80211_CHAN_HT20 &&
784                     channel_type != NL80211_CHAN_HT40PLUS &&
785                     channel_type != NL80211_CHAN_HT40MINUS)
786                         return -EINVAL;
787         }
788
789         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
790
791         mutex_lock(&rdev->devlist_mtx);
792         if (wdev) {
793                 wdev_lock(wdev);
794                 result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
795                 wdev_unlock(wdev);
796         } else {
797                 result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
798         }
799         mutex_unlock(&rdev->devlist_mtx);
800
801         return result;
802 }
803
804 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
805 {
806         struct cfg80211_registered_device *rdev;
807         struct net_device *netdev;
808         int result;
809
810         rtnl_lock();
811
812         result = get_rdev_dev_by_info_ifindex(info, &rdev, &netdev);
813         if (result)
814                 goto unlock;
815
816         result = __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
817
818  unlock:
819         rtnl_unlock();
820
821         return result;
822 }
823
824 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
825 {
826         struct cfg80211_registered_device *rdev;
827         struct net_device *netdev = NULL;
828         struct wireless_dev *wdev;
829         int result, rem_txq_params = 0;
830         struct nlattr *nl_txq_params;
831         u32 changed;
832         u8 retry_short = 0, retry_long = 0;
833         u32 frag_threshold = 0, rts_threshold = 0;
834         u8 coverage_class = 0;
835
836         rtnl_lock();
837
838         /*
839          * Try to find the wiphy and netdev. Normally this
840          * function shouldn't need the netdev, but this is
841          * done for backward compatibility -- previously
842          * setting the channel was done per wiphy, but now
843          * it is per netdev. Previous userland like hostapd
844          * also passed a netdev to set_wiphy, so that it is
845          * possible to let that go to the right netdev!
846          */
847         mutex_lock(&cfg80211_mutex);
848
849         if (info->attrs[NL80211_ATTR_IFINDEX]) {
850                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
851
852                 netdev = dev_get_by_index(genl_info_net(info), ifindex);
853                 if (netdev && netdev->ieee80211_ptr) {
854                         rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
855                         mutex_lock(&rdev->mtx);
856                 } else
857                         netdev = NULL;
858         }
859
860         if (!netdev) {
861                 rdev = __cfg80211_rdev_from_info(info);
862                 if (IS_ERR(rdev)) {
863                         mutex_unlock(&cfg80211_mutex);
864                         result = PTR_ERR(rdev);
865                         goto unlock;
866                 }
867                 wdev = NULL;
868                 netdev = NULL;
869                 result = 0;
870
871                 mutex_lock(&rdev->mtx);
872         } else if (netif_running(netdev) &&
873                    nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
874                 wdev = netdev->ieee80211_ptr;
875         else
876                 wdev = NULL;
877
878         /*
879          * end workaround code, by now the rdev is available
880          * and locked, and wdev may or may not be NULL.
881          */
882
883         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
884                 result = cfg80211_dev_rename(
885                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
886
887         mutex_unlock(&cfg80211_mutex);
888
889         if (result)
890                 goto bad_res;
891
892         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
893                 struct ieee80211_txq_params txq_params;
894                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
895
896                 if (!rdev->ops->set_txq_params) {
897                         result = -EOPNOTSUPP;
898                         goto bad_res;
899                 }
900
901                 nla_for_each_nested(nl_txq_params,
902                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
903                                     rem_txq_params) {
904                         nla_parse(tb, NL80211_TXQ_ATTR_MAX,
905                                   nla_data(nl_txq_params),
906                                   nla_len(nl_txq_params),
907                                   txq_params_policy);
908                         result = parse_txq_params(tb, &txq_params);
909                         if (result)
910                                 goto bad_res;
911
912                         result = rdev->ops->set_txq_params(&rdev->wiphy,
913                                                            &txq_params);
914                         if (result)
915                                 goto bad_res;
916                 }
917         }
918
919         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
920                 result = __nl80211_set_channel(rdev, wdev, info);
921                 if (result)
922                         goto bad_res;
923         }
924
925         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
926                 enum nl80211_tx_power_setting type;
927                 int idx, mbm = 0;
928
929                 if (!rdev->ops->set_tx_power) {
930                         result = -EOPNOTSUPP;
931                         goto bad_res;
932                 }
933
934                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
935                 type = nla_get_u32(info->attrs[idx]);
936
937                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
938                     (type != NL80211_TX_POWER_AUTOMATIC)) {
939                         result = -EINVAL;
940                         goto bad_res;
941                 }
942
943                 if (type != NL80211_TX_POWER_AUTOMATIC) {
944                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
945                         mbm = nla_get_u32(info->attrs[idx]);
946                 }
947
948                 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
949                 if (result)
950                         goto bad_res;
951         }
952
953         changed = 0;
954
955         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
956                 retry_short = nla_get_u8(
957                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
958                 if (retry_short == 0) {
959                         result = -EINVAL;
960                         goto bad_res;
961                 }
962                 changed |= WIPHY_PARAM_RETRY_SHORT;
963         }
964
965         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
966                 retry_long = nla_get_u8(
967                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
968                 if (retry_long == 0) {
969                         result = -EINVAL;
970                         goto bad_res;
971                 }
972                 changed |= WIPHY_PARAM_RETRY_LONG;
973         }
974
975         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
976                 frag_threshold = nla_get_u32(
977                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
978                 if (frag_threshold < 256) {
979                         result = -EINVAL;
980                         goto bad_res;
981                 }
982                 if (frag_threshold != (u32) -1) {
983                         /*
984                          * Fragments (apart from the last one) are required to
985                          * have even length. Make the fragmentation code
986                          * simpler by stripping LSB should someone try to use
987                          * odd threshold value.
988                          */
989                         frag_threshold &= ~0x1;
990                 }
991                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
992         }
993
994         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
995                 rts_threshold = nla_get_u32(
996                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
997                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
998         }
999
1000         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1001                 coverage_class = nla_get_u8(
1002                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1003                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
1004         }
1005
1006         if (changed) {
1007                 u8 old_retry_short, old_retry_long;
1008                 u32 old_frag_threshold, old_rts_threshold;
1009                 u8 old_coverage_class;
1010
1011                 if (!rdev->ops->set_wiphy_params) {
1012                         result = -EOPNOTSUPP;
1013                         goto bad_res;
1014                 }
1015
1016                 old_retry_short = rdev->wiphy.retry_short;
1017                 old_retry_long = rdev->wiphy.retry_long;
1018                 old_frag_threshold = rdev->wiphy.frag_threshold;
1019                 old_rts_threshold = rdev->wiphy.rts_threshold;
1020                 old_coverage_class = rdev->wiphy.coverage_class;
1021
1022                 if (changed & WIPHY_PARAM_RETRY_SHORT)
1023                         rdev->wiphy.retry_short = retry_short;
1024                 if (changed & WIPHY_PARAM_RETRY_LONG)
1025                         rdev->wiphy.retry_long = retry_long;
1026                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1027                         rdev->wiphy.frag_threshold = frag_threshold;
1028                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1029                         rdev->wiphy.rts_threshold = rts_threshold;
1030                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1031                         rdev->wiphy.coverage_class = coverage_class;
1032
1033                 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1034                 if (result) {
1035                         rdev->wiphy.retry_short = old_retry_short;
1036                         rdev->wiphy.retry_long = old_retry_long;
1037                         rdev->wiphy.frag_threshold = old_frag_threshold;
1038                         rdev->wiphy.rts_threshold = old_rts_threshold;
1039                         rdev->wiphy.coverage_class = old_coverage_class;
1040                 }
1041         }
1042
1043  bad_res:
1044         mutex_unlock(&rdev->mtx);
1045         if (netdev)
1046                 dev_put(netdev);
1047  unlock:
1048         rtnl_unlock();
1049         return result;
1050 }
1051
1052
1053 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1054                               struct cfg80211_registered_device *rdev,
1055                               struct net_device *dev)
1056 {
1057         void *hdr;
1058
1059         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1060         if (!hdr)
1061                 return -1;
1062
1063         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1064         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1065         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1066         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1067
1068         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1069                     rdev->devlist_generation ^
1070                         (cfg80211_rdev_list_generation << 2));
1071
1072         return genlmsg_end(msg, hdr);
1073
1074  nla_put_failure:
1075         genlmsg_cancel(msg, hdr);
1076         return -EMSGSIZE;
1077 }
1078
1079 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1080 {
1081         int wp_idx = 0;
1082         int if_idx = 0;
1083         int wp_start = cb->args[0];
1084         int if_start = cb->args[1];
1085         struct cfg80211_registered_device *rdev;
1086         struct wireless_dev *wdev;
1087
1088         mutex_lock(&cfg80211_mutex);
1089         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1090                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1091                         continue;
1092                 if (wp_idx < wp_start) {
1093                         wp_idx++;
1094                         continue;
1095                 }
1096                 if_idx = 0;
1097
1098                 mutex_lock(&rdev->devlist_mtx);
1099                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
1100                         if (if_idx < if_start) {
1101                                 if_idx++;
1102                                 continue;
1103                         }
1104                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1105                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
1106                                                rdev, wdev->netdev) < 0) {
1107                                 mutex_unlock(&rdev->devlist_mtx);
1108                                 goto out;
1109                         }
1110                         if_idx++;
1111                 }
1112                 mutex_unlock(&rdev->devlist_mtx);
1113
1114                 wp_idx++;
1115         }
1116  out:
1117         mutex_unlock(&cfg80211_mutex);
1118
1119         cb->args[0] = wp_idx;
1120         cb->args[1] = if_idx;
1121
1122         return skb->len;
1123 }
1124
1125 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1126 {
1127         struct sk_buff *msg;
1128         struct cfg80211_registered_device *dev;
1129         struct net_device *netdev;
1130         int err;
1131
1132         err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev);
1133         if (err)
1134                 return err;
1135
1136         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1137         if (!msg)
1138                 goto out_err;
1139
1140         if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1141                                dev, netdev) < 0)
1142                 goto out_free;
1143
1144         dev_put(netdev);
1145         cfg80211_unlock_rdev(dev);
1146
1147         return genlmsg_reply(msg, info);
1148
1149  out_free:
1150         nlmsg_free(msg);
1151  out_err:
1152         dev_put(netdev);
1153         cfg80211_unlock_rdev(dev);
1154         return -ENOBUFS;
1155 }
1156
1157 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1158         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1159         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1160         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1161         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1162         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1163 };
1164
1165 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1166 {
1167         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1168         int flag;
1169
1170         *mntrflags = 0;
1171
1172         if (!nla)
1173                 return -EINVAL;
1174
1175         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1176                              nla, mntr_flags_policy))
1177                 return -EINVAL;
1178
1179         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1180                 if (flags[flag])
1181                         *mntrflags |= (1<<flag);
1182
1183         return 0;
1184 }
1185
1186 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1187                                struct net_device *netdev, u8 use_4addr,
1188                                enum nl80211_iftype iftype)
1189 {
1190         if (!use_4addr) {
1191                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1192                         return -EBUSY;
1193                 return 0;
1194         }
1195
1196         switch (iftype) {
1197         case NL80211_IFTYPE_AP_VLAN:
1198                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1199                         return 0;
1200                 break;
1201         case NL80211_IFTYPE_STATION:
1202                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1203                         return 0;
1204                 break;
1205         default:
1206                 break;
1207         }
1208
1209         return -EOPNOTSUPP;
1210 }
1211
1212 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1213 {
1214         struct cfg80211_registered_device *rdev;
1215         struct vif_params params;
1216         int err;
1217         enum nl80211_iftype otype, ntype;
1218         struct net_device *dev;
1219         u32 _flags, *flags = NULL;
1220         bool change = false;
1221
1222         memset(&params, 0, sizeof(params));
1223
1224         rtnl_lock();
1225
1226         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1227         if (err)
1228                 goto unlock_rtnl;
1229
1230         otype = ntype = dev->ieee80211_ptr->iftype;
1231
1232         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1233                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1234                 if (otype != ntype)
1235                         change = true;
1236                 if (ntype > NL80211_IFTYPE_MAX) {
1237                         err = -EINVAL;
1238                         goto unlock;
1239                 }
1240         }
1241
1242         if (info->attrs[NL80211_ATTR_MESH_ID]) {
1243                 if (ntype != NL80211_IFTYPE_MESH_POINT) {
1244                         err = -EINVAL;
1245                         goto unlock;
1246                 }
1247                 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
1248                 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1249                 change = true;
1250         }
1251
1252         if (info->attrs[NL80211_ATTR_4ADDR]) {
1253                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1254                 change = true;
1255                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1256                 if (err)
1257                         goto unlock;
1258         } else {
1259                 params.use_4addr = -1;
1260         }
1261
1262         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1263                 if (ntype != NL80211_IFTYPE_MONITOR) {
1264                         err = -EINVAL;
1265                         goto unlock;
1266                 }
1267                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1268                                           &_flags);
1269                 if (err)
1270                         goto unlock;
1271
1272                 flags = &_flags;
1273                 change = true;
1274         }
1275
1276         if (change)
1277                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1278         else
1279                 err = 0;
1280
1281         if (!err && params.use_4addr != -1)
1282                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1283
1284  unlock:
1285         dev_put(dev);
1286         cfg80211_unlock_rdev(rdev);
1287  unlock_rtnl:
1288         rtnl_unlock();
1289         return err;
1290 }
1291
1292 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1293 {
1294         struct cfg80211_registered_device *rdev;
1295         struct vif_params params;
1296         int err;
1297         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1298         u32 flags;
1299
1300         memset(&params, 0, sizeof(params));
1301
1302         if (!info->attrs[NL80211_ATTR_IFNAME])
1303                 return -EINVAL;
1304
1305         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1306                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1307                 if (type > NL80211_IFTYPE_MAX)
1308                         return -EINVAL;
1309         }
1310
1311         rtnl_lock();
1312
1313         rdev = cfg80211_get_dev_from_info(info);
1314         if (IS_ERR(rdev)) {
1315                 err = PTR_ERR(rdev);
1316                 goto unlock_rtnl;
1317         }
1318
1319         if (!rdev->ops->add_virtual_intf ||
1320             !(rdev->wiphy.interface_modes & (1 << type))) {
1321                 err = -EOPNOTSUPP;
1322                 goto unlock;
1323         }
1324
1325         if (type == NL80211_IFTYPE_MESH_POINT &&
1326             info->attrs[NL80211_ATTR_MESH_ID]) {
1327                 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
1328                 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1329         }
1330
1331         if (info->attrs[NL80211_ATTR_4ADDR]) {
1332                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1333                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1334                 if (err)
1335                         goto unlock;
1336         }
1337
1338         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1339                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1340                                   &flags);
1341         err = rdev->ops->add_virtual_intf(&rdev->wiphy,
1342                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1343                 type, err ? NULL : &flags, &params);
1344
1345  unlock:
1346         cfg80211_unlock_rdev(rdev);
1347  unlock_rtnl:
1348         rtnl_unlock();
1349         return err;
1350 }
1351
1352 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1353 {
1354         struct cfg80211_registered_device *rdev;
1355         int err;
1356         struct net_device *dev;
1357
1358         rtnl_lock();
1359
1360         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1361         if (err)
1362                 goto unlock_rtnl;
1363
1364         if (!rdev->ops->del_virtual_intf) {
1365                 err = -EOPNOTSUPP;
1366                 goto out;
1367         }
1368
1369         err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1370
1371  out:
1372         cfg80211_unlock_rdev(rdev);
1373         dev_put(dev);
1374  unlock_rtnl:
1375         rtnl_unlock();
1376         return err;
1377 }
1378
1379 struct get_key_cookie {
1380         struct sk_buff *msg;
1381         int error;
1382         int idx;
1383 };
1384
1385 static void get_key_callback(void *c, struct key_params *params)
1386 {
1387         struct nlattr *key;
1388         struct get_key_cookie *cookie = c;
1389
1390         if (params->key)
1391                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1392                         params->key_len, params->key);
1393
1394         if (params->seq)
1395                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1396                         params->seq_len, params->seq);
1397
1398         if (params->cipher)
1399                 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1400                             params->cipher);
1401
1402         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1403         if (!key)
1404                 goto nla_put_failure;
1405
1406         if (params->key)
1407                 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1408                         params->key_len, params->key);
1409
1410         if (params->seq)
1411                 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1412                         params->seq_len, params->seq);
1413
1414         if (params->cipher)
1415                 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1416                             params->cipher);
1417
1418         NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1419
1420         nla_nest_end(cookie->msg, key);
1421
1422         return;
1423  nla_put_failure:
1424         cookie->error = 1;
1425 }
1426
1427 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1428 {
1429         struct cfg80211_registered_device *rdev;
1430         int err;
1431         struct net_device *dev;
1432         u8 key_idx = 0;
1433         u8 *mac_addr = NULL;
1434         struct get_key_cookie cookie = {
1435                 .error = 0,
1436         };
1437         void *hdr;
1438         struct sk_buff *msg;
1439
1440         if (info->attrs[NL80211_ATTR_KEY_IDX])
1441                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1442
1443         if (key_idx > 5)
1444                 return -EINVAL;
1445
1446         if (info->attrs[NL80211_ATTR_MAC])
1447                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1448
1449         rtnl_lock();
1450
1451         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1452         if (err)
1453                 goto unlock_rtnl;
1454
1455         if (!rdev->ops->get_key) {
1456                 err = -EOPNOTSUPP;
1457                 goto out;
1458         }
1459
1460         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1461         if (!msg) {
1462                 err = -ENOMEM;
1463                 goto out;
1464         }
1465
1466         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1467                              NL80211_CMD_NEW_KEY);
1468
1469         if (IS_ERR(hdr)) {
1470                 err = PTR_ERR(hdr);
1471                 goto free_msg;
1472         }
1473
1474         cookie.msg = msg;
1475         cookie.idx = key_idx;
1476
1477         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1478         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1479         if (mac_addr)
1480                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1481
1482         err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr,
1483                                 &cookie, get_key_callback);
1484
1485         if (err)
1486                 goto free_msg;
1487
1488         if (cookie.error)
1489                 goto nla_put_failure;
1490
1491         genlmsg_end(msg, hdr);
1492         err = genlmsg_reply(msg, info);
1493         goto out;
1494
1495  nla_put_failure:
1496         err = -ENOBUFS;
1497  free_msg:
1498         nlmsg_free(msg);
1499  out:
1500         cfg80211_unlock_rdev(rdev);
1501         dev_put(dev);
1502  unlock_rtnl:
1503         rtnl_unlock();
1504
1505         return err;
1506 }
1507
1508 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1509 {
1510         struct cfg80211_registered_device *rdev;
1511         struct key_parse key;
1512         int err;
1513         struct net_device *dev;
1514         int (*func)(struct wiphy *wiphy, struct net_device *netdev,
1515                     u8 key_index);
1516
1517         err = nl80211_parse_key(info, &key);
1518         if (err)
1519                 return err;
1520
1521         if (key.idx < 0)
1522                 return -EINVAL;
1523
1524         /* only support setting default key */
1525         if (!key.def && !key.defmgmt)
1526                 return -EINVAL;
1527
1528         rtnl_lock();
1529
1530         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1531         if (err)
1532                 goto unlock_rtnl;
1533
1534         if (key.def)
1535                 func = rdev->ops->set_default_key;
1536         else
1537                 func = rdev->ops->set_default_mgmt_key;
1538
1539         if (!func) {
1540                 err = -EOPNOTSUPP;
1541                 goto out;
1542         }
1543
1544         wdev_lock(dev->ieee80211_ptr);
1545         err = nl80211_key_allowed(dev->ieee80211_ptr);
1546         if (!err)
1547                 err = func(&rdev->wiphy, dev, key.idx);
1548
1549 #ifdef CONFIG_CFG80211_WEXT
1550         if (!err) {
1551                 if (func == rdev->ops->set_default_key)
1552                         dev->ieee80211_ptr->wext.default_key = key.idx;
1553                 else
1554                         dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1555         }
1556 #endif
1557         wdev_unlock(dev->ieee80211_ptr);
1558
1559  out:
1560         cfg80211_unlock_rdev(rdev);
1561         dev_put(dev);
1562
1563  unlock_rtnl:
1564         rtnl_unlock();
1565
1566         return err;
1567 }
1568
1569 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1570 {
1571         struct cfg80211_registered_device *rdev;
1572         int err;
1573         struct net_device *dev;
1574         struct key_parse key;
1575         u8 *mac_addr = NULL;
1576
1577         err = nl80211_parse_key(info, &key);
1578         if (err)
1579                 return err;
1580
1581         if (!key.p.key)
1582                 return -EINVAL;
1583
1584         if (info->attrs[NL80211_ATTR_MAC])
1585                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1586
1587         rtnl_lock();
1588
1589         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1590         if (err)
1591                 goto unlock_rtnl;
1592
1593         if (!rdev->ops->add_key) {
1594                 err = -EOPNOTSUPP;
1595                 goto out;
1596         }
1597
1598         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) {
1599                 err = -EINVAL;
1600                 goto out;
1601         }
1602
1603         wdev_lock(dev->ieee80211_ptr);
1604         err = nl80211_key_allowed(dev->ieee80211_ptr);
1605         if (!err)
1606                 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
1607                                          mac_addr, &key.p);
1608         wdev_unlock(dev->ieee80211_ptr);
1609
1610  out:
1611         cfg80211_unlock_rdev(rdev);
1612         dev_put(dev);
1613  unlock_rtnl:
1614         rtnl_unlock();
1615
1616         return err;
1617 }
1618
1619 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1620 {
1621         struct cfg80211_registered_device *rdev;
1622         int err;
1623         struct net_device *dev;
1624         u8 *mac_addr = NULL;
1625         struct key_parse key;
1626
1627         err = nl80211_parse_key(info, &key);
1628         if (err)
1629                 return err;
1630
1631         if (info->attrs[NL80211_ATTR_MAC])
1632                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1633
1634         rtnl_lock();
1635
1636         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1637         if (err)
1638                 goto unlock_rtnl;
1639
1640         if (!rdev->ops->del_key) {
1641                 err = -EOPNOTSUPP;
1642                 goto out;
1643         }
1644
1645         wdev_lock(dev->ieee80211_ptr);
1646         err = nl80211_key_allowed(dev->ieee80211_ptr);
1647         if (!err)
1648                 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr);
1649
1650 #ifdef CONFIG_CFG80211_WEXT
1651         if (!err) {
1652                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
1653                         dev->ieee80211_ptr->wext.default_key = -1;
1654                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
1655                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
1656         }
1657 #endif
1658         wdev_unlock(dev->ieee80211_ptr);
1659
1660  out:
1661         cfg80211_unlock_rdev(rdev);
1662         dev_put(dev);
1663
1664  unlock_rtnl:
1665         rtnl_unlock();
1666
1667         return err;
1668 }
1669
1670 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1671 {
1672         int (*call)(struct wiphy *wiphy, struct net_device *dev,
1673                     struct beacon_parameters *info);
1674         struct cfg80211_registered_device *rdev;
1675         int err;
1676         struct net_device *dev;
1677         struct beacon_parameters params;
1678         int haveinfo = 0;
1679
1680         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]))
1681                 return -EINVAL;
1682
1683         rtnl_lock();
1684
1685         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1686         if (err)
1687                 goto unlock_rtnl;
1688
1689         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1690                 err = -EOPNOTSUPP;
1691                 goto out;
1692         }
1693
1694         switch (info->genlhdr->cmd) {
1695         case NL80211_CMD_NEW_BEACON:
1696                 /* these are required for NEW_BEACON */
1697                 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
1698                     !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
1699                     !info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1700                         err = -EINVAL;
1701                         goto out;
1702                 }
1703
1704                 call = rdev->ops->add_beacon;
1705                 break;
1706         case NL80211_CMD_SET_BEACON:
1707                 call = rdev->ops->set_beacon;
1708                 break;
1709         default:
1710                 WARN_ON(1);
1711                 err = -EOPNOTSUPP;
1712                 goto out;
1713         }
1714
1715         if (!call) {
1716                 err = -EOPNOTSUPP;
1717                 goto out;
1718         }
1719
1720         memset(&params, 0, sizeof(params));
1721
1722         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
1723                 params.interval =
1724                     nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
1725                 haveinfo = 1;
1726         }
1727
1728         if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
1729                 params.dtim_period =
1730                     nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
1731                 haveinfo = 1;
1732         }
1733
1734         if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1735                 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1736                 params.head_len =
1737                     nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1738                 haveinfo = 1;
1739         }
1740
1741         if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
1742                 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1743                 params.tail_len =
1744                     nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1745                 haveinfo = 1;
1746         }
1747
1748         if (!haveinfo) {
1749                 err = -EINVAL;
1750                 goto out;
1751         }
1752
1753         err = call(&rdev->wiphy, dev, &params);
1754
1755  out:
1756         cfg80211_unlock_rdev(rdev);
1757         dev_put(dev);
1758  unlock_rtnl:
1759         rtnl_unlock();
1760
1761         return err;
1762 }
1763
1764 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
1765 {
1766         struct cfg80211_registered_device *rdev;
1767         int err;
1768         struct net_device *dev;
1769
1770         rtnl_lock();
1771
1772         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1773         if (err)
1774                 goto unlock_rtnl;
1775
1776         if (!rdev->ops->del_beacon) {
1777                 err = -EOPNOTSUPP;
1778                 goto out;
1779         }
1780
1781         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1782                 err = -EOPNOTSUPP;
1783                 goto out;
1784         }
1785         err = rdev->ops->del_beacon(&rdev->wiphy, dev);
1786
1787  out:
1788         cfg80211_unlock_rdev(rdev);
1789         dev_put(dev);
1790  unlock_rtnl:
1791         rtnl_unlock();
1792
1793         return err;
1794 }
1795
1796 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
1797         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
1798         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
1799         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
1800         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
1801 };
1802
1803 static int parse_station_flags(struct genl_info *info,
1804                                struct station_parameters *params)
1805 {
1806         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
1807         struct nlattr *nla;
1808         int flag;
1809
1810         /*
1811          * Try parsing the new attribute first so userspace
1812          * can specify both for older kernels.
1813          */
1814         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
1815         if (nla) {
1816                 struct nl80211_sta_flag_update *sta_flags;
1817
1818                 sta_flags = nla_data(nla);
1819                 params->sta_flags_mask = sta_flags->mask;
1820                 params->sta_flags_set = sta_flags->set;
1821                 if ((params->sta_flags_mask |
1822                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
1823                         return -EINVAL;
1824                 return 0;
1825         }
1826
1827         /* if present, parse the old attribute */
1828
1829         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
1830         if (!nla)
1831                 return 0;
1832
1833         if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
1834                              nla, sta_flags_policy))
1835                 return -EINVAL;
1836
1837         params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1;
1838         params->sta_flags_mask &= ~1;
1839
1840         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
1841                 if (flags[flag])
1842                         params->sta_flags_set |= (1<<flag);
1843
1844         return 0;
1845 }
1846
1847 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
1848                                 int flags, struct net_device *dev,
1849                                 const u8 *mac_addr, struct station_info *sinfo)
1850 {
1851         void *hdr;
1852         struct nlattr *sinfoattr, *txrate;
1853         u16 bitrate;
1854
1855         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
1856         if (!hdr)
1857                 return -1;
1858
1859         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1860         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1861
1862         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
1863
1864         sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
1865         if (!sinfoattr)
1866                 goto nla_put_failure;
1867         if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
1868                 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
1869                             sinfo->inactive_time);
1870         if (sinfo->filled & STATION_INFO_RX_BYTES)
1871                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
1872                             sinfo->rx_bytes);
1873         if (sinfo->filled & STATION_INFO_TX_BYTES)
1874                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
1875                             sinfo->tx_bytes);
1876         if (sinfo->filled & STATION_INFO_LLID)
1877                 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
1878                             sinfo->llid);
1879         if (sinfo->filled & STATION_INFO_PLID)
1880                 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
1881                             sinfo->plid);
1882         if (sinfo->filled & STATION_INFO_PLINK_STATE)
1883                 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
1884                             sinfo->plink_state);
1885         if (sinfo->filled & STATION_INFO_SIGNAL)
1886                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
1887                            sinfo->signal);
1888         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
1889                 txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE);
1890                 if (!txrate)
1891                         goto nla_put_failure;
1892
1893                 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
1894                 bitrate = cfg80211_calculate_bitrate(&sinfo->txrate);
1895                 if (bitrate > 0)
1896                         NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
1897
1898                 if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS)
1899                         NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS,
1900                                     sinfo->txrate.mcs);
1901                 if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
1902                         NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
1903                 if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI)
1904                         NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
1905
1906                 nla_nest_end(msg, txrate);
1907         }
1908         if (sinfo->filled & STATION_INFO_RX_PACKETS)
1909                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
1910                             sinfo->rx_packets);
1911         if (sinfo->filled & STATION_INFO_TX_PACKETS)
1912                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
1913                             sinfo->tx_packets);
1914         nla_nest_end(msg, sinfoattr);
1915
1916         return genlmsg_end(msg, hdr);
1917
1918  nla_put_failure:
1919         genlmsg_cancel(msg, hdr);
1920         return -EMSGSIZE;
1921 }
1922
1923 static int nl80211_dump_station(struct sk_buff *skb,
1924                                 struct netlink_callback *cb)
1925 {
1926         struct station_info sinfo;
1927         struct cfg80211_registered_device *dev;
1928         struct net_device *netdev;
1929         u8 mac_addr[ETH_ALEN];
1930         int ifidx = cb->args[0];
1931         int sta_idx = cb->args[1];
1932         int err;
1933
1934         if (!ifidx)
1935                 ifidx = nl80211_get_ifidx(cb);
1936         if (ifidx < 0)
1937                 return ifidx;
1938
1939         rtnl_lock();
1940
1941         netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1942         if (!netdev) {
1943                 err = -ENODEV;
1944                 goto out_rtnl;
1945         }
1946
1947         dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
1948         if (IS_ERR(dev)) {
1949                 err = PTR_ERR(dev);
1950                 goto out_rtnl;
1951         }
1952
1953         if (!dev->ops->dump_station) {
1954                 err = -EOPNOTSUPP;
1955                 goto out_err;
1956         }
1957
1958         while (1) {
1959                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
1960                                              mac_addr, &sinfo);
1961                 if (err == -ENOENT)
1962                         break;
1963                 if (err)
1964                         goto out_err;
1965
1966                 if (nl80211_send_station(skb,
1967                                 NETLINK_CB(cb->skb).pid,
1968                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1969                                 netdev, mac_addr,
1970                                 &sinfo) < 0)
1971                         goto out;
1972
1973                 sta_idx++;
1974         }
1975
1976
1977  out:
1978         cb->args[1] = sta_idx;
1979         err = skb->len;
1980  out_err:
1981         cfg80211_unlock_rdev(dev);
1982  out_rtnl:
1983         rtnl_unlock();
1984
1985         return err;
1986 }
1987
1988 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
1989 {
1990         struct cfg80211_registered_device *rdev;
1991         int err;
1992         struct net_device *dev;
1993         struct station_info sinfo;
1994         struct sk_buff *msg;
1995         u8 *mac_addr = NULL;
1996
1997         memset(&sinfo, 0, sizeof(sinfo));
1998
1999         if (!info->attrs[NL80211_ATTR_MAC])
2000                 return -EINVAL;
2001
2002         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2003
2004         rtnl_lock();
2005
2006         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2007         if (err)
2008                 goto out_rtnl;
2009
2010         if (!rdev->ops->get_station) {
2011                 err = -EOPNOTSUPP;
2012                 goto out;
2013         }
2014
2015         err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2016         if (err)
2017                 goto out;
2018
2019         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2020         if (!msg)
2021                 goto out;
2022
2023         if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2024                                  dev, mac_addr, &sinfo) < 0)
2025                 goto out_free;
2026
2027         err = genlmsg_reply(msg, info);
2028         goto out;
2029
2030  out_free:
2031         nlmsg_free(msg);
2032  out:
2033         cfg80211_unlock_rdev(rdev);
2034         dev_put(dev);
2035  out_rtnl:
2036         rtnl_unlock();
2037
2038         return err;
2039 }
2040
2041 /*
2042  * Get vlan interface making sure it is running and on the right wiphy.
2043  */
2044 static int get_vlan(struct genl_info *info,
2045                     struct cfg80211_registered_device *rdev,
2046                     struct net_device **vlan)
2047 {
2048         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2049         *vlan = NULL;
2050
2051         if (vlanattr) {
2052                 *vlan = dev_get_by_index(genl_info_net(info),
2053                                          nla_get_u32(vlanattr));
2054                 if (!*vlan)
2055                         return -ENODEV;
2056                 if (!(*vlan)->ieee80211_ptr)
2057                         return -EINVAL;
2058                 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
2059                         return -EINVAL;
2060                 if (!netif_running(*vlan))
2061                         return -ENETDOWN;
2062         }
2063         return 0;
2064 }
2065
2066 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2067 {
2068         struct cfg80211_registered_device *rdev;
2069         int err;
2070         struct net_device *dev;
2071         struct station_parameters params;
2072         u8 *mac_addr = NULL;
2073
2074         memset(&params, 0, sizeof(params));
2075
2076         params.listen_interval = -1;
2077
2078         if (info->attrs[NL80211_ATTR_STA_AID])
2079                 return -EINVAL;
2080
2081         if (!info->attrs[NL80211_ATTR_MAC])
2082                 return -EINVAL;
2083
2084         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2085
2086         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2087                 params.supported_rates =
2088                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2089                 params.supported_rates_len =
2090                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2091         }
2092
2093         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2094                 params.listen_interval =
2095                     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2096
2097         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2098                 params.ht_capa =
2099                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2100
2101         if (parse_station_flags(info, &params))
2102                 return -EINVAL;
2103
2104         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2105                 params.plink_action =
2106                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2107
2108         rtnl_lock();
2109
2110         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2111         if (err)
2112                 goto out_rtnl;
2113
2114         err = get_vlan(info, rdev, &params.vlan);
2115         if (err)
2116                 goto out;
2117
2118         /* validate settings */
2119         err = 0;
2120
2121         switch (dev->ieee80211_ptr->iftype) {
2122         case NL80211_IFTYPE_AP:
2123         case NL80211_IFTYPE_AP_VLAN:
2124                 /* disallow mesh-specific things */
2125                 if (params.plink_action)
2126                         err = -EINVAL;
2127                 break;
2128         case NL80211_IFTYPE_STATION:
2129                 /* disallow everything but AUTHORIZED flag */
2130                 if (params.plink_action)
2131                         err = -EINVAL;
2132                 if (params.vlan)
2133                         err = -EINVAL;
2134                 if (params.supported_rates)
2135                         err = -EINVAL;
2136                 if (params.ht_capa)
2137                         err = -EINVAL;
2138                 if (params.listen_interval >= 0)
2139                         err = -EINVAL;
2140                 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2141                         err = -EINVAL;
2142                 break;
2143         case NL80211_IFTYPE_MESH_POINT:
2144                 /* disallow things mesh doesn't support */
2145                 if (params.vlan)
2146                         err = -EINVAL;
2147                 if (params.ht_capa)
2148                         err = -EINVAL;
2149                 if (params.listen_interval >= 0)
2150                         err = -EINVAL;
2151                 if (params.supported_rates)
2152                         err = -EINVAL;
2153                 if (params.sta_flags_mask)
2154                         err = -EINVAL;
2155                 break;
2156         default:
2157                 err = -EINVAL;
2158         }
2159
2160         if (err)
2161                 goto out;
2162
2163         if (!rdev->ops->change_station) {
2164                 err = -EOPNOTSUPP;
2165                 goto out;
2166         }
2167
2168         err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2169
2170  out:
2171         if (params.vlan)
2172                 dev_put(params.vlan);
2173         cfg80211_unlock_rdev(rdev);
2174         dev_put(dev);
2175  out_rtnl:
2176         rtnl_unlock();
2177
2178         return err;
2179 }
2180
2181 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2182 {
2183         struct cfg80211_registered_device *rdev;
2184         int err;
2185         struct net_device *dev;
2186         struct station_parameters params;
2187         u8 *mac_addr = NULL;
2188
2189         memset(&params, 0, sizeof(params));
2190
2191         if (!info->attrs[NL80211_ATTR_MAC])
2192                 return -EINVAL;
2193
2194         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2195                 return -EINVAL;
2196
2197         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2198                 return -EINVAL;
2199
2200         if (!info->attrs[NL80211_ATTR_STA_AID])
2201                 return -EINVAL;
2202
2203         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2204         params.supported_rates =
2205                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2206         params.supported_rates_len =
2207                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2208         params.listen_interval =
2209                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2210
2211         params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2212         if (!params.aid || params.aid > IEEE80211_MAX_AID)
2213                 return -EINVAL;
2214
2215         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2216                 params.ht_capa =
2217                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2218
2219         if (parse_station_flags(info, &params))
2220                 return -EINVAL;
2221
2222         rtnl_lock();
2223
2224         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2225         if (err)
2226                 goto out_rtnl;
2227
2228         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2229             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) {
2230                 err = -EINVAL;
2231                 goto out;
2232         }
2233
2234         err = get_vlan(info, rdev, &params.vlan);
2235         if (err)
2236                 goto out;
2237
2238         /* validate settings */
2239         err = 0;
2240
2241         if (!rdev->ops->add_station) {
2242                 err = -EOPNOTSUPP;
2243                 goto out;
2244         }
2245
2246         if (!netif_running(dev)) {
2247                 err = -ENETDOWN;
2248                 goto out;
2249         }
2250
2251         err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2252
2253  out:
2254         if (params.vlan)
2255                 dev_put(params.vlan);
2256         cfg80211_unlock_rdev(rdev);
2257         dev_put(dev);
2258  out_rtnl:
2259         rtnl_unlock();
2260
2261         return err;
2262 }
2263
2264 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2265 {
2266         struct cfg80211_registered_device *rdev;
2267         int err;
2268         struct net_device *dev;
2269         u8 *mac_addr = NULL;
2270
2271         if (info->attrs[NL80211_ATTR_MAC])
2272                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2273
2274         rtnl_lock();
2275
2276         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2277         if (err)
2278                 goto out_rtnl;
2279
2280         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2281             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2282             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2283                 err = -EINVAL;
2284                 goto out;
2285         }
2286
2287         if (!rdev->ops->del_station) {
2288                 err = -EOPNOTSUPP;
2289                 goto out;
2290         }
2291
2292         err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2293
2294  out:
2295         cfg80211_unlock_rdev(rdev);
2296         dev_put(dev);
2297  out_rtnl:
2298         rtnl_unlock();
2299
2300         return err;
2301 }
2302
2303 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2304                                 int flags, struct net_device *dev,
2305                                 u8 *dst, u8 *next_hop,
2306                                 struct mpath_info *pinfo)
2307 {
2308         void *hdr;
2309         struct nlattr *pinfoattr;
2310
2311         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2312         if (!hdr)
2313                 return -1;
2314
2315         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2316         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2317         NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2318
2319         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2320
2321         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2322         if (!pinfoattr)
2323                 goto nla_put_failure;
2324         if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2325                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2326                             pinfo->frame_qlen);
2327         if (pinfo->filled & MPATH_INFO_SN)
2328                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2329                             pinfo->sn);
2330         if (pinfo->filled & MPATH_INFO_METRIC)
2331                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2332                             pinfo->metric);
2333         if (pinfo->filled & MPATH_INFO_EXPTIME)
2334                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2335                             pinfo->exptime);
2336         if (pinfo->filled & MPATH_INFO_FLAGS)
2337                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2338                             pinfo->flags);
2339         if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2340                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2341                             pinfo->discovery_timeout);
2342         if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2343                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2344                             pinfo->discovery_retries);
2345
2346         nla_nest_end(msg, pinfoattr);
2347
2348         return genlmsg_end(msg, hdr);
2349
2350  nla_put_failure:
2351         genlmsg_cancel(msg, hdr);
2352         return -EMSGSIZE;
2353 }
2354
2355 static int nl80211_dump_mpath(struct sk_buff *skb,
2356                               struct netlink_callback *cb)
2357 {
2358         struct mpath_info pinfo;
2359         struct cfg80211_registered_device *dev;
2360         struct net_device *netdev;
2361         u8 dst[ETH_ALEN];
2362         u8 next_hop[ETH_ALEN];
2363         int ifidx = cb->args[0];
2364         int path_idx = cb->args[1];
2365         int err;
2366
2367         if (!ifidx)
2368                 ifidx = nl80211_get_ifidx(cb);
2369         if (ifidx < 0)
2370                 return ifidx;
2371
2372         rtnl_lock();
2373
2374         netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2375         if (!netdev) {
2376                 err = -ENODEV;
2377                 goto out_rtnl;
2378         }
2379
2380         dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
2381         if (IS_ERR(dev)) {
2382                 err = PTR_ERR(dev);
2383                 goto out_rtnl;
2384         }
2385
2386         if (!dev->ops->dump_mpath) {
2387                 err = -EOPNOTSUPP;
2388                 goto out_err;
2389         }
2390
2391         if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2392                 err = -EOPNOTSUPP;
2393                 goto out_err;
2394         }
2395
2396         while (1) {
2397                 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2398                                            dst, next_hop, &pinfo);
2399                 if (err == -ENOENT)
2400                         break;
2401                 if (err)
2402                         goto out_err;
2403
2404                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2405                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
2406                                        netdev, dst, next_hop,
2407                                        &pinfo) < 0)
2408                         goto out;
2409
2410                 path_idx++;
2411         }
2412
2413
2414  out:
2415         cb->args[1] = path_idx;
2416         err = skb->len;
2417  out_err:
2418         cfg80211_unlock_rdev(dev);
2419  out_rtnl:
2420         rtnl_unlock();
2421
2422         return err;
2423 }
2424
2425 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2426 {
2427         struct cfg80211_registered_device *rdev;
2428         int err;
2429         struct net_device *dev;
2430         struct mpath_info pinfo;
2431         struct sk_buff *msg;
2432         u8 *dst = NULL;
2433         u8 next_hop[ETH_ALEN];
2434
2435         memset(&pinfo, 0, sizeof(pinfo));
2436
2437         if (!info->attrs[NL80211_ATTR_MAC])
2438                 return -EINVAL;
2439
2440         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2441
2442         rtnl_lock();
2443
2444         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2445         if (err)
2446                 goto out_rtnl;
2447
2448         if (!rdev->ops->get_mpath) {
2449                 err = -EOPNOTSUPP;
2450                 goto out;
2451         }
2452
2453         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2454                 err = -EOPNOTSUPP;
2455                 goto out;
2456         }
2457
2458         err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2459         if (err)
2460                 goto out;
2461
2462         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2463         if (!msg)
2464                 goto out;
2465
2466         if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2467                                  dev, dst, next_hop, &pinfo) < 0)
2468                 goto out_free;
2469
2470         err = genlmsg_reply(msg, info);
2471         goto out;
2472
2473  out_free:
2474         nlmsg_free(msg);
2475  out:
2476         cfg80211_unlock_rdev(rdev);
2477         dev_put(dev);
2478  out_rtnl:
2479         rtnl_unlock();
2480
2481         return err;
2482 }
2483
2484 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
2485 {
2486         struct cfg80211_registered_device *rdev;
2487         int err;
2488         struct net_device *dev;
2489         u8 *dst = NULL;
2490         u8 *next_hop = NULL;
2491
2492         if (!info->attrs[NL80211_ATTR_MAC])
2493                 return -EINVAL;
2494
2495         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2496                 return -EINVAL;
2497
2498         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2499         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2500
2501         rtnl_lock();
2502
2503         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2504         if (err)
2505                 goto out_rtnl;
2506
2507         if (!rdev->ops->change_mpath) {
2508                 err = -EOPNOTSUPP;
2509                 goto out;
2510         }
2511
2512         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2513                 err = -EOPNOTSUPP;
2514                 goto out;
2515         }
2516
2517         if (!netif_running(dev)) {
2518                 err = -ENETDOWN;
2519                 goto out;
2520         }
2521
2522         err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
2523
2524  out:
2525         cfg80211_unlock_rdev(rdev);
2526         dev_put(dev);
2527  out_rtnl:
2528         rtnl_unlock();
2529
2530         return err;
2531 }
2532 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
2533 {
2534         struct cfg80211_registered_device *rdev;
2535         int err;
2536         struct net_device *dev;
2537         u8 *dst = NULL;
2538         u8 *next_hop = NULL;
2539
2540         if (!info->attrs[NL80211_ATTR_MAC])
2541                 return -EINVAL;
2542
2543         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2544                 return -EINVAL;
2545
2546         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2547         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2548
2549         rtnl_lock();
2550
2551         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2552         if (err)
2553                 goto out_rtnl;
2554
2555         if (!rdev->ops->add_mpath) {
2556                 err = -EOPNOTSUPP;
2557                 goto out;
2558         }
2559
2560         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2561                 err = -EOPNOTSUPP;
2562                 goto out;
2563         }
2564
2565         if (!netif_running(dev)) {
2566                 err = -ENETDOWN;
2567                 goto out;
2568         }
2569
2570         err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
2571
2572  out:
2573         cfg80211_unlock_rdev(rdev);
2574         dev_put(dev);
2575  out_rtnl:
2576         rtnl_unlock();
2577
2578         return err;
2579 }
2580
2581 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
2582 {
2583         struct cfg80211_registered_device *rdev;
2584         int err;
2585         struct net_device *dev;
2586         u8 *dst = NULL;
2587
2588         if (info->attrs[NL80211_ATTR_MAC])
2589                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2590
2591         rtnl_lock();
2592
2593         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2594         if (err)
2595                 goto out_rtnl;
2596
2597         if (!rdev->ops->del_mpath) {
2598                 err = -EOPNOTSUPP;
2599                 goto out;
2600         }
2601
2602         err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
2603
2604  out:
2605         cfg80211_unlock_rdev(rdev);
2606         dev_put(dev);
2607  out_rtnl:
2608         rtnl_unlock();
2609
2610         return err;
2611 }
2612
2613 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2614 {
2615         struct cfg80211_registered_device *rdev;
2616         int err;
2617         struct net_device *dev;
2618         struct bss_parameters params;
2619
2620         memset(&params, 0, sizeof(params));
2621         /* default to not changing parameters */
2622         params.use_cts_prot = -1;
2623         params.use_short_preamble = -1;
2624         params.use_short_slot_time = -1;
2625         params.ap_isolate = -1;
2626
2627         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
2628                 params.use_cts_prot =
2629                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
2630         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
2631                 params.use_short_preamble =
2632                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
2633         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
2634                 params.use_short_slot_time =
2635                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
2636         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
2637                 params.basic_rates =
2638                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2639                 params.basic_rates_len =
2640                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2641         }
2642         if (info->attrs[NL80211_ATTR_AP_ISOLATE])
2643                 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
2644
2645         rtnl_lock();
2646
2647         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2648         if (err)
2649                 goto out_rtnl;
2650
2651         if (!rdev->ops->change_bss) {
2652                 err = -EOPNOTSUPP;
2653                 goto out;
2654         }
2655
2656         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
2657                 err = -EOPNOTSUPP;
2658                 goto out;
2659         }
2660
2661         err = rdev->ops->change_bss(&rdev->wiphy, dev, &params);
2662
2663  out:
2664         cfg80211_unlock_rdev(rdev);
2665         dev_put(dev);
2666  out_rtnl:
2667         rtnl_unlock();
2668
2669         return err;
2670 }
2671
2672 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2673         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
2674         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
2675         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
2676         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
2677         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
2678         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
2679 };
2680
2681 static int parse_reg_rule(struct nlattr *tb[],
2682         struct ieee80211_reg_rule *reg_rule)
2683 {
2684         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
2685         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
2686
2687         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2688                 return -EINVAL;
2689         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2690                 return -EINVAL;
2691         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2692                 return -EINVAL;
2693         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2694                 return -EINVAL;
2695         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2696                 return -EINVAL;
2697
2698         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2699
2700         freq_range->start_freq_khz =
2701                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2702         freq_range->end_freq_khz =
2703                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2704         freq_range->max_bandwidth_khz =
2705                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2706
2707         power_rule->max_eirp =
2708                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2709
2710         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2711                 power_rule->max_antenna_gain =
2712                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2713
2714         return 0;
2715 }
2716
2717 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2718 {
2719         int r;
2720         char *data = NULL;
2721
2722         /*
2723          * You should only get this when cfg80211 hasn't yet initialized
2724          * completely when built-in to the kernel right between the time
2725          * window between nl80211_init() and regulatory_init(), if that is
2726          * even possible.
2727          */
2728         mutex_lock(&cfg80211_mutex);
2729         if (unlikely(!cfg80211_regdomain)) {
2730                 mutex_unlock(&cfg80211_mutex);
2731                 return -EINPROGRESS;
2732         }
2733         mutex_unlock(&cfg80211_mutex);
2734
2735         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2736                 return -EINVAL;
2737
2738         data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2739
2740         r = regulatory_hint_user(data);
2741
2742         return r;
2743 }
2744
2745 static int nl80211_get_mesh_params(struct sk_buff *skb,
2746         struct genl_info *info)
2747 {
2748         struct cfg80211_registered_device *rdev;
2749         struct mesh_config cur_params;
2750         int err;
2751         struct net_device *dev;
2752         void *hdr;
2753         struct nlattr *pinfoattr;
2754         struct sk_buff *msg;
2755
2756         rtnl_lock();
2757
2758         /* Look up our device */
2759         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2760         if (err)
2761                 goto out_rtnl;
2762
2763         if (!rdev->ops->get_mesh_params) {
2764                 err = -EOPNOTSUPP;
2765                 goto out;
2766         }
2767
2768         /* Get the mesh params */
2769         err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params);
2770         if (err)
2771                 goto out;
2772
2773         /* Draw up a netlink message to send back */
2774         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2775         if (!msg) {
2776                 err = -ENOBUFS;
2777                 goto out;
2778         }
2779         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2780                              NL80211_CMD_GET_MESH_PARAMS);
2781         if (!hdr)
2782                 goto nla_put_failure;
2783         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS);
2784         if (!pinfoattr)
2785                 goto nla_put_failure;
2786         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2787         NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2788                         cur_params.dot11MeshRetryTimeout);
2789         NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2790                         cur_params.dot11MeshConfirmTimeout);
2791         NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2792                         cur_params.dot11MeshHoldingTimeout);
2793         NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2794                         cur_params.dot11MeshMaxPeerLinks);
2795         NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2796                         cur_params.dot11MeshMaxRetries);
2797         NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2798                         cur_params.dot11MeshTTL);
2799         NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2800                         cur_params.auto_open_plinks);
2801         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2802                         cur_params.dot11MeshHWMPmaxPREQretries);
2803         NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2804                         cur_params.path_refresh_time);
2805         NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2806                         cur_params.min_discovery_timeout);
2807         NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2808                         cur_params.dot11MeshHWMPactivePathTimeout);
2809         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2810                         cur_params.dot11MeshHWMPpreqMinInterval);
2811         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2812                         cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2813         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
2814                         cur_params.dot11MeshHWMPRootMode);
2815         nla_nest_end(msg, pinfoattr);
2816         genlmsg_end(msg, hdr);
2817         err = genlmsg_reply(msg, info);
2818         goto out;
2819
2820  nla_put_failure:
2821         genlmsg_cancel(msg, hdr);
2822         nlmsg_free(msg);
2823         err = -EMSGSIZE;
2824  out:
2825         /* Cleanup */
2826         cfg80211_unlock_rdev(rdev);
2827         dev_put(dev);
2828  out_rtnl:
2829         rtnl_unlock();
2830
2831         return err;
2832 }
2833
2834 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
2835 do {\
2836         if (table[attr_num]) {\
2837                 cfg.param = nla_fn(table[attr_num]); \
2838                 mask |= (1 << (attr_num - 1)); \
2839         } \
2840 } while (0);\
2841
2842 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
2843         [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2844         [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2845         [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2846         [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2847         [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2848         [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2849         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2850
2851         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2852         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2853         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2854         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2855         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2856         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2857 };
2858
2859 static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2860 {
2861         int err;
2862         u32 mask;
2863         struct cfg80211_registered_device *rdev;
2864         struct net_device *dev;
2865         struct mesh_config cfg;
2866         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
2867         struct nlattr *parent_attr;
2868
2869         parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS];
2870         if (!parent_attr)
2871                 return -EINVAL;
2872         if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
2873                         parent_attr, nl80211_meshconf_params_policy))
2874                 return -EINVAL;
2875
2876         rtnl_lock();
2877
2878         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2879         if (err)
2880                 goto out_rtnl;
2881
2882         if (!rdev->ops->set_mesh_params) {
2883                 err = -EOPNOTSUPP;
2884                 goto out;
2885         }
2886
2887         /* This makes sure that there aren't more than 32 mesh config
2888          * parameters (otherwise our bitfield scheme would not work.) */
2889         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
2890
2891         /* Fill in the params struct */
2892         mask = 0;
2893         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
2894                         mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
2895         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
2896                         mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
2897         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
2898                         mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
2899         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
2900                         mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
2901         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
2902                         mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
2903         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
2904                         mask, NL80211_MESHCONF_TTL, nla_get_u8);
2905         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
2906                         mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
2907         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
2908                         mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2909                         nla_get_u8);
2910         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
2911                         mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
2912         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
2913                         mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2914                         nla_get_u16);
2915         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
2916                         mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2917                         nla_get_u32);
2918         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
2919                         mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2920                         nla_get_u16);
2921         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2922                         dot11MeshHWMPnetDiameterTraversalTime,
2923                         mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2924                         nla_get_u16);
2925         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2926                         dot11MeshHWMPRootMode, mask,
2927                         NL80211_MESHCONF_HWMP_ROOTMODE,
2928                         nla_get_u8);
2929
2930         /* Apply changes */
2931         err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask);
2932
2933  out:
2934         /* cleanup */
2935         cfg80211_unlock_rdev(rdev);
2936         dev_put(dev);
2937  out_rtnl:
2938         rtnl_unlock();
2939
2940         return err;
2941 }
2942
2943 #undef FILL_IN_MESH_PARAM_IF_SET
2944
2945 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
2946 {
2947         struct sk_buff *msg;
2948         void *hdr = NULL;
2949         struct nlattr *nl_reg_rules;
2950         unsigned int i;
2951         int err = -EINVAL;
2952
2953         mutex_lock(&cfg80211_mutex);
2954
2955         if (!cfg80211_regdomain)
2956                 goto out;
2957
2958         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2959         if (!msg) {
2960                 err = -ENOBUFS;
2961                 goto out;
2962         }
2963
2964         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2965                              NL80211_CMD_GET_REG);
2966         if (!hdr)
2967                 goto nla_put_failure;
2968
2969         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
2970                 cfg80211_regdomain->alpha2);
2971
2972         nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
2973         if (!nl_reg_rules)
2974                 goto nla_put_failure;
2975
2976         for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
2977                 struct nlattr *nl_reg_rule;
2978                 const struct ieee80211_reg_rule *reg_rule;
2979                 const struct ieee80211_freq_range *freq_range;
2980                 const struct ieee80211_power_rule *power_rule;
2981
2982                 reg_rule = &cfg80211_regdomain->reg_rules[i];
2983                 freq_range = &reg_rule->freq_range;
2984                 power_rule = &reg_rule->power_rule;
2985
2986                 nl_reg_rule = nla_nest_start(msg, i);
2987                 if (!nl_reg_rule)
2988                         goto nla_put_failure;
2989
2990                 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
2991                         reg_rule->flags);
2992                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
2993                         freq_range->start_freq_khz);
2994                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
2995                         freq_range->end_freq_khz);
2996                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
2997                         freq_range->max_bandwidth_khz);
2998                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
2999                         power_rule->max_antenna_gain);
3000                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3001                         power_rule->max_eirp);
3002
3003                 nla_nest_end(msg, nl_reg_rule);
3004         }
3005
3006         nla_nest_end(msg, nl_reg_rules);
3007
3008         genlmsg_end(msg, hdr);
3009         err = genlmsg_reply(msg, info);
3010         goto out;
3011
3012 nla_put_failure:
3013         genlmsg_cancel(msg, hdr);
3014         nlmsg_free(msg);
3015         err = -EMSGSIZE;
3016 out:
3017         mutex_unlock(&cfg80211_mutex);
3018         return err;
3019 }
3020
3021 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3022 {
3023         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3024         struct nlattr *nl_reg_rule;
3025         char *alpha2 = NULL;
3026         int rem_reg_rules = 0, r = 0;
3027         u32 num_rules = 0, rule_idx = 0, size_of_regd;
3028         struct ieee80211_regdomain *rd = NULL;
3029
3030         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3031                 return -EINVAL;
3032
3033         if (!info->attrs[NL80211_ATTR_REG_RULES])
3034                 return -EINVAL;
3035
3036         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3037
3038         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3039                         rem_reg_rules) {
3040                 num_rules++;
3041                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3042                         return -EINVAL;
3043         }
3044
3045         mutex_lock(&cfg80211_mutex);
3046
3047         if (!reg_is_valid_request(alpha2)) {
3048                 r = -EINVAL;
3049                 goto bad_reg;
3050         }
3051
3052         size_of_regd = sizeof(struct ieee80211_regdomain) +
3053                 (num_rules * sizeof(struct ieee80211_reg_rule));
3054
3055         rd = kzalloc(size_of_regd, GFP_KERNEL);
3056         if (!rd) {
3057                 r = -ENOMEM;
3058                 goto bad_reg;
3059         }
3060
3061         rd->n_reg_rules = num_rules;
3062         rd->alpha2[0] = alpha2[0];
3063         rd->alpha2[1] = alpha2[1];
3064
3065         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3066                         rem_reg_rules) {
3067                 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3068                         nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3069                         reg_rule_policy);
3070                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3071                 if (r)
3072                         goto bad_reg;
3073
3074                 rule_idx++;
3075
3076                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3077                         r = -EINVAL;
3078                         goto bad_reg;
3079                 }
3080         }
3081
3082         BUG_ON(rule_idx != num_rules);
3083
3084         r = set_regdom(rd);
3085
3086         mutex_unlock(&cfg80211_mutex);
3087
3088         return r;
3089
3090  bad_reg:
3091         mutex_unlock(&cfg80211_mutex);
3092         kfree(rd);
3093         return r;
3094 }
3095
3096 static int validate_scan_freqs(struct nlattr *freqs)
3097 {
3098         struct nlattr *attr1, *attr2;
3099         int n_channels = 0, tmp1, tmp2;
3100
3101         nla_for_each_nested(attr1, freqs, tmp1) {
3102                 n_channels++;
3103                 /*
3104                  * Some hardware has a limited channel list for
3105                  * scanning, and it is pretty much nonsensical
3106                  * to scan for a channel twice, so disallow that
3107                  * and don't require drivers to check that the
3108                  * channel list they get isn't longer than what
3109                  * they can scan, as long as they can scan all
3110                  * the channels they registered at once.
3111                  */
3112                 nla_for_each_nested(attr2, freqs, tmp2)
3113                         if (attr1 != attr2 &&
3114                             nla_get_u32(attr1) == nla_get_u32(attr2))
3115                                 return 0;
3116         }
3117
3118         return n_channels;
3119 }
3120
3121 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3122 {
3123         struct cfg80211_registered_device *rdev;
3124         struct net_device *dev;
3125         struct cfg80211_scan_request *request;
3126         struct cfg80211_ssid *ssid;
3127         struct ieee80211_channel *channel;
3128         struct nlattr *attr;
3129         struct wiphy *wiphy;
3130         int err, tmp, n_ssids = 0, n_channels, i;
3131         enum ieee80211_band band;
3132         size_t ie_len;
3133
3134         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3135                 return -EINVAL;
3136
3137         rtnl_lock();
3138
3139         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3140         if (err)
3141                 goto out_rtnl;
3142
3143         wiphy = &rdev->wiphy;
3144
3145         if (!rdev->ops->scan) {
3146                 err = -EOPNOTSUPP;
3147                 goto out;
3148         }
3149
3150         if (!netif_running(dev)) {
3151                 err = -ENETDOWN;
3152                 goto out;
3153         }
3154
3155         if (rdev->scan_req) {
3156                 err = -EBUSY;
3157                 goto out;
3158         }
3159
3160         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3161                 n_channels = validate_scan_freqs(
3162                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3163                 if (!n_channels) {
3164                         err = -EINVAL;
3165                         goto out;
3166                 }
3167         } else {
3168                 n_channels = 0;
3169
3170                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3171                         if (wiphy->bands[band])
3172                                 n_channels += wiphy->bands[band]->n_channels;
3173         }
3174
3175         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3176                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3177                         n_ssids++;
3178
3179         if (n_ssids > wiphy->max_scan_ssids) {
3180                 err = -EINVAL;
3181                 goto out;
3182         }
3183
3184         if (info->attrs[NL80211_ATTR_IE])
3185                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3186         else
3187                 ie_len = 0;
3188
3189         if (ie_len > wiphy->max_scan_ie_len) {
3190                 err = -EINVAL;
3191                 goto out;
3192         }
3193
3194         request = kzalloc(sizeof(*request)
3195                         + sizeof(*ssid) * n_ssids
3196                         + sizeof(channel) * n_channels
3197                         + ie_len, GFP_KERNEL);
3198         if (!request) {
3199                 err = -ENOMEM;
3200                 goto out;
3201         }
3202
3203         if (n_ssids)
3204                 request->ssids = (void *)&request->channels[n_channels];
3205         request->n_ssids = n_ssids;
3206         if (ie_len) {
3207                 if (request->ssids)
3208                         request->ie = (void *)(request->ssids + n_ssids);
3209                 else
3210                         request->ie = (void *)(request->channels + n_channels);
3211         }
3212
3213         i = 0;
3214         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3215                 /* user specified, bail out if channel not found */
3216                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3217                         struct ieee80211_channel *chan;
3218
3219                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3220
3221                         if (!chan) {
3222                                 err = -EINVAL;
3223                                 goto out_free;
3224                         }
3225
3226                         /* ignore disabled channels */
3227                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3228                                 continue;
3229
3230                         request->channels[i] = chan;
3231                         i++;
3232                 }
3233         } else {
3234                 /* all channels */
3235                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3236                         int j;
3237                         if (!wiphy->bands[band])
3238                                 continue;
3239                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3240                                 struct ieee80211_channel *chan;
3241
3242                                 chan = &wiphy->bands[band]->channels[j];
3243
3244                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3245                                         continue;
3246
3247                                 request->channels[i] = chan;
3248                                 i++;
3249                         }
3250                 }
3251         }
3252
3253         if (!i) {
3254                 err = -EINVAL;
3255                 goto out_free;
3256         }
3257
3258         request->n_channels = i;
3259
3260         i = 0;
3261         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3262                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3263                         if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
3264                                 err = -EINVAL;
3265                                 goto out_free;
3266                         }
3267                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3268                         request->ssids[i].ssid_len = nla_len(attr);
3269                         i++;
3270                 }
3271         }
3272
3273         if (info->attrs[NL80211_ATTR_IE]) {
3274                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3275                 memcpy((void *)request->ie,
3276                        nla_data(info->attrs[NL80211_ATTR_IE]),
3277                        request->ie_len);
3278         }
3279
3280         request->dev = dev;
3281         request->wiphy = &rdev->wiphy;
3282
3283         rdev->scan_req = request;
3284         err = rdev->ops->scan(&rdev->wiphy, dev, request);
3285
3286         if (!err) {
3287                 nl80211_send_scan_start(rdev, dev);
3288                 dev_hold(dev);
3289         }
3290
3291  out_free:
3292         if (err) {
3293                 rdev->scan_req = NULL;
3294                 kfree(request);
3295         }
3296  out:
3297         cfg80211_unlock_rdev(rdev);
3298         dev_put(dev);
3299  out_rtnl:
3300         rtnl_unlock();
3301
3302         return err;
3303 }
3304
3305 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags,
3306                             struct cfg80211_registered_device *rdev,
3307                             struct wireless_dev *wdev,
3308                             struct cfg80211_internal_bss *intbss)
3309 {
3310         struct cfg80211_bss *res = &intbss->pub;
3311         void *hdr;
3312         struct nlattr *bss;
3313         int i;
3314
3315         ASSERT_WDEV_LOCK(wdev);
3316
3317         hdr = nl80211hdr_put(msg, pid, seq, flags,
3318                              NL80211_CMD_NEW_SCAN_RESULTS);
3319         if (!hdr)
3320                 return -1;
3321
3322         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
3323         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
3324
3325         bss = nla_nest_start(msg, NL80211_ATTR_BSS);
3326         if (!bss)
3327                 goto nla_put_failure;
3328         if (!is_zero_ether_addr(res->bssid))
3329                 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
3330         if (res->information_elements && res->len_information_elements)
3331                 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3332                         res->len_information_elements,
3333                         res->information_elements);
3334         if (res->beacon_ies && res->len_beacon_ies &&
3335             res->beacon_ies != res->information_elements)
3336                 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
3337                         res->len_beacon_ies, res->beacon_ies);
3338         if (res->tsf)
3339                 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3340         if (res->beacon_interval)
3341                 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3342         NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3343         NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3344         NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
3345                 jiffies_to_msecs(jiffies - intbss->ts));
3346
3347         switch (rdev->wiphy.signal_type) {
3348         case CFG80211_SIGNAL_TYPE_MBM:
3349                 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
3350                 break;
3351         case CFG80211_SIGNAL_TYPE_UNSPEC:
3352                 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
3353                 break;
3354         default:
3355                 break;
3356         }
3357
3358         switch (wdev->iftype) {
3359         case NL80211_IFTYPE_STATION:
3360                 if (intbss == wdev->current_bss)
3361                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3362                                     NL80211_BSS_STATUS_ASSOCIATED);
3363                 else for (i = 0; i < MAX_AUTH_BSSES; i++) {
3364                         if (intbss != wdev->auth_bsses[i])
3365                                 continue;
3366                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3367                                     NL80211_BSS_STATUS_AUTHENTICATED);
3368                         break;
3369                 }
3370                 break;
3371         case NL80211_IFTYPE_ADHOC:
3372                 if (intbss == wdev->current_bss)
3373                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3374                                     NL80211_BSS_STATUS_IBSS_JOINED);
3375                 break;
3376         default:
3377                 break;
3378         }
3379
3380         nla_nest_end(msg, bss);
3381
3382         return genlmsg_end(msg, hdr);
3383
3384  nla_put_failure:
3385         genlmsg_cancel(msg, hdr);
3386         return -EMSGSIZE;
3387 }
3388
3389 static int nl80211_dump_scan(struct sk_buff *skb,
3390                              struct netlink_callback *cb)
3391 {
3392         struct cfg80211_registered_device *rdev;
3393         struct net_device *dev;
3394         struct cfg80211_internal_bss *scan;
3395         struct wireless_dev *wdev;
3396         int ifidx = cb->args[0];
3397         int start = cb->args[1], idx = 0;
3398         int err;
3399
3400         if (!ifidx)
3401                 ifidx = nl80211_get_ifidx(cb);
3402         if (ifidx < 0)
3403                 return ifidx;
3404         cb->args[0] = ifidx;
3405
3406         dev = dev_get_by_index(sock_net(skb->sk), ifidx);
3407         if (!dev)
3408                 return -ENODEV;
3409
3410         rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3411         if (IS_ERR(rdev)) {
3412                 err = PTR_ERR(rdev);
3413                 goto out_put_netdev;
3414         }
3415
3416         wdev = dev->ieee80211_ptr;
3417
3418         wdev_lock(wdev);
3419         spin_lock_bh(&rdev->bss_lock);
3420         cfg80211_bss_expire(rdev);
3421
3422         list_for_each_entry(scan, &rdev->bss_list, list) {
3423                 if (++idx <= start)
3424                         continue;
3425                 if (nl80211_send_bss(skb,
3426                                 NETLINK_CB(cb->skb).pid,
3427                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3428                                 rdev, wdev, scan) < 0) {
3429                         idx--;
3430                         goto out;
3431                 }
3432         }
3433
3434  out:
3435         spin_unlock_bh(&rdev->bss_lock);
3436         wdev_unlock(wdev);
3437
3438         cb->args[1] = idx;
3439         err = skb->len;
3440         cfg80211_unlock_rdev(rdev);
3441  out_put_netdev:
3442         dev_put(dev);
3443
3444         return err;
3445 }
3446
3447 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
3448                                 int flags, struct net_device *dev,
3449                                 struct survey_info *survey)
3450 {
3451         void *hdr;
3452         struct nlattr *infoattr;
3453
3454         /* Survey without a channel doesn't make sense */
3455         if (!survey->channel)
3456                 return -EINVAL;
3457
3458         hdr = nl80211hdr_put(msg, pid, seq, flags,
3459                              NL80211_CMD_NEW_SURVEY_RESULTS);
3460         if (!hdr)
3461                 return -ENOMEM;
3462
3463         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3464
3465         infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
3466         if (!infoattr)
3467                 goto nla_put_failure;
3468
3469         NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
3470                     survey->channel->center_freq);
3471         if (survey->filled & SURVEY_INFO_NOISE_DBM)
3472                 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
3473                             survey->noise);
3474
3475         nla_nest_end(msg, infoattr);
3476
3477         return genlmsg_end(msg, hdr);
3478
3479  nla_put_failure:
3480         genlmsg_cancel(msg, hdr);
3481         return -EMSGSIZE;
3482 }
3483
3484 static int nl80211_dump_survey(struct sk_buff *skb,
3485                         struct netlink_callback *cb)
3486 {
3487         struct survey_info survey;
3488         struct cfg80211_registered_device *dev;
3489         struct net_device *netdev;
3490         int ifidx = cb->args[0];
3491         int survey_idx = cb->args[1];
3492         int res;
3493
3494         if (!ifidx)
3495                 ifidx = nl80211_get_ifidx(cb);
3496         if (ifidx < 0)
3497                 return ifidx;
3498         cb->args[0] = ifidx;
3499
3500         rtnl_lock();
3501
3502         netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
3503         if (!netdev) {
3504                 res = -ENODEV;
3505                 goto out_rtnl;
3506         }
3507
3508         dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3509         if (IS_ERR(dev)) {
3510                 res = PTR_ERR(dev);
3511                 goto out_rtnl;
3512         }
3513
3514         if (!dev->ops->dump_survey) {
3515                 res = -EOPNOTSUPP;
3516                 goto out_err;
3517         }
3518
3519         while (1) {
3520                 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
3521                                             &survey);
3522                 if (res == -ENOENT)
3523                         break;
3524                 if (res)
3525                         goto out_err;
3526
3527                 if (nl80211_send_survey(skb,
3528                                 NETLINK_CB(cb->skb).pid,
3529                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3530                                 netdev,
3531                                 &survey) < 0)
3532                         goto out;
3533                 survey_idx++;
3534         }
3535
3536  out:
3537         cb->args[1] = survey_idx;
3538         res = skb->len;
3539  out_err:
3540         cfg80211_unlock_rdev(dev);
3541  out_rtnl:
3542         rtnl_unlock();
3543
3544         return res;
3545 }
3546
3547 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3548 {
3549         return auth_type <= NL80211_AUTHTYPE_MAX;
3550 }
3551
3552 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
3553 {
3554         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
3555                                   NL80211_WPA_VERSION_2));
3556 }
3557
3558 static bool nl80211_valid_akm_suite(u32 akm)
3559 {
3560         return akm == WLAN_AKM_SUITE_8021X ||
3561                 akm == WLAN_AKM_SUITE_PSK;
3562 }
3563
3564 static bool nl80211_valid_cipher_suite(u32 cipher)
3565 {
3566         return cipher == WLAN_CIPHER_SUITE_WEP40 ||
3567                 cipher == WLAN_CIPHER_SUITE_WEP104 ||
3568                 cipher == WLAN_CIPHER_SUITE_TKIP ||
3569                 cipher == WLAN_CIPHER_SUITE_CCMP ||
3570                 cipher == WLAN_CIPHER_SUITE_AES_CMAC;
3571 }
3572
3573
3574 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
3575 {
3576         struct cfg80211_registered_device *rdev;
3577         struct net_device *dev;
3578         struct ieee80211_channel *chan;
3579         const u8 *bssid, *ssid, *ie = NULL;
3580         int err, ssid_len, ie_len = 0;
3581         enum nl80211_auth_type auth_type;
3582         struct key_parse key;
3583         bool local_state_change;
3584
3585         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3586                 return -EINVAL;
3587
3588         if (!info->attrs[NL80211_ATTR_MAC])
3589                 return -EINVAL;
3590
3591         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
3592                 return -EINVAL;
3593
3594         if (!info->attrs[NL80211_ATTR_SSID])
3595                 return -EINVAL;
3596
3597         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
3598                 return -EINVAL;
3599
3600         err = nl80211_parse_key(info, &key);
3601         if (err)
3602                 return err;
3603
3604         if (key.idx >= 0) {
3605                 if (!key.p.key || !key.p.key_len)
3606                         return -EINVAL;
3607                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
3608                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
3609                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
3610                      key.p.key_len != WLAN_KEY_LEN_WEP104))
3611                         return -EINVAL;
3612                 if (key.idx > 4)
3613                         return -EINVAL;
3614         } else {
3615                 key.p.key_len = 0;
3616                 key.p.key = NULL;
3617         }
3618
3619         rtnl_lock();
3620
3621         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3622         if (err)
3623                 goto unlock_rtnl;
3624
3625         if (key.idx >= 0) {
3626                 int i;
3627                 bool ok = false;
3628                 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
3629                         if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
3630                                 ok = true;
3631                                 break;
3632                         }
3633                 }
3634                 if (!ok) {
3635                         err = -EINVAL;
3636                         goto out;
3637                 }
3638         }
3639
3640         if (!rdev->ops->auth) {
3641                 err = -EOPNOTSUPP;
3642                 goto out;
3643         }
3644
3645         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3646                 err = -EOPNOTSUPP;
3647                 goto out;
3648         }
3649
3650         if (!netif_running(dev)) {
3651                 err = -ENETDOWN;
3652                 goto out;
3653         }
3654
3655         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3656         chan = ieee80211_get_channel(&rdev->wiphy,
3657                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3658         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3659                 err = -EINVAL;
3660                 goto out;
3661         }
3662
3663         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3664         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3665
3666         if (info->attrs[NL80211_ATTR_IE]) {
3667                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3668                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3669         }
3670
3671         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
3672         if (!nl80211_valid_auth_type(auth_type)) {
3673                 err = -EINVAL;
3674                 goto out;
3675         }
3676
3677         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3678
3679         err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
3680                                  ssid, ssid_len, ie, ie_len,
3681                                  key.p.key, key.p.key_len, key.idx,
3682                                  local_state_change);
3683
3684 out:
3685         cfg80211_unlock_rdev(rdev);
3686         dev_put(dev);
3687 unlock_rtnl:
3688         rtnl_unlock();
3689         return err;
3690 }
3691
3692 static int nl80211_crypto_settings(struct genl_info *info,
3693                                    struct cfg80211_crypto_settings *settings,
3694                                    int cipher_limit)
3695 {
3696         memset(settings, 0, sizeof(*settings));
3697
3698         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
3699
3700         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
3701                 void *data;
3702                 int len, i;
3703
3704                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3705                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3706                 settings->n_ciphers_pairwise = len / sizeof(u32);
3707
3708                 if (len % sizeof(u32))
3709                         return -EINVAL;
3710
3711                 if (settings->n_ciphers_pairwise > cipher_limit)
3712                         return -EINVAL;
3713
3714                 memcpy(settings->ciphers_pairwise, data, len);
3715
3716                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3717                         if (!nl80211_valid_cipher_suite(
3718                                         settings->ciphers_pairwise[i]))
3719                                 return -EINVAL;
3720         }
3721
3722         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
3723                 settings->cipher_group =
3724                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
3725                 if (!nl80211_valid_cipher_suite(settings->cipher_group))
3726                         return -EINVAL;
3727         }
3728
3729         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
3730                 settings->wpa_versions =
3731                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
3732                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
3733                         return -EINVAL;
3734         }
3735
3736         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
3737                 void *data;
3738                 int len, i;
3739
3740                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
3741                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
3742                 settings->n_akm_suites = len / sizeof(u32);
3743
3744                 if (len % sizeof(u32))
3745                         return -EINVAL;
3746
3747                 memcpy(settings->akm_suites, data, len);
3748
3749                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3750                         if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
3751                                 return -EINVAL;
3752         }
3753
3754         return 0;
3755 }
3756
3757 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
3758 {
3759         struct cfg80211_registered_device *rdev;
3760         struct net_device *dev;
3761         struct cfg80211_crypto_settings crypto;
3762         struct ieee80211_channel *chan;
3763         const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
3764         int err, ssid_len, ie_len = 0;
3765         bool use_mfp = false;
3766
3767         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3768                 return -EINVAL;
3769
3770         if (!info->attrs[NL80211_ATTR_MAC] ||
3771             !info->attrs[NL80211_ATTR_SSID] ||
3772             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
3773                 return -EINVAL;
3774
3775         rtnl_lock();
3776
3777         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3778         if (err)
3779                 goto unlock_rtnl;
3780
3781         if (!rdev->ops->assoc) {
3782                 err = -EOPNOTSUPP;
3783                 goto out;
3784         }
3785
3786         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3787                 err = -EOPNOTSUPP;
3788                 goto out;
3789         }
3790
3791         if (!netif_running(dev)) {
3792                 err = -ENETDOWN;
3793                 goto out;
3794         }
3795
3796         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3797
3798         chan = ieee80211_get_channel(&rdev->wiphy,
3799                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3800         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3801                 err = -EINVAL;
3802                 goto out;
3803         }
3804
3805         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3806         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3807
3808         if (info->attrs[NL80211_ATTR_IE]) {
3809                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3810                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3811         }
3812
3813         if (info->attrs[NL80211_ATTR_USE_MFP]) {
3814                 enum nl80211_mfp mfp =
3815                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
3816                 if (mfp == NL80211_MFP_REQUIRED)
3817                         use_mfp = true;
3818                 else if (mfp != NL80211_MFP_NO) {
3819                         err = -EINVAL;
3820                         goto out;
3821                 }
3822         }
3823
3824         if (info->attrs[NL80211_ATTR_PREV_BSSID])
3825                 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
3826
3827         err = nl80211_crypto_settings(info, &crypto, 1);
3828         if (!err)
3829                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
3830                                           ssid, ssid_len, ie, ie_len, use_mfp,
3831                                           &crypto);
3832
3833 out:
3834         cfg80211_unlock_rdev(rdev);
3835         dev_put(dev);
3836 unlock_rtnl:
3837         rtnl_unlock();
3838         return err;
3839 }
3840
3841 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
3842 {
3843         struct cfg80211_registered_device *rdev;
3844         struct net_device *dev;
3845         const u8 *ie = NULL, *bssid;
3846         int err, ie_len = 0;
3847         u16 reason_code;
3848         bool local_state_change;
3849
3850         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3851                 return -EINVAL;
3852
3853         if (!info->attrs[NL80211_ATTR_MAC])
3854                 return -EINVAL;
3855
3856         if (!info->attrs[NL80211_ATTR_REASON_CODE])
3857                 return -EINVAL;
3858
3859         rtnl_lock();
3860
3861         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3862         if (err)
3863                 goto unlock_rtnl;
3864
3865         if (!rdev->ops->deauth) {
3866                 err = -EOPNOTSUPP;
3867                 goto out;
3868         }
3869
3870         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3871                 err = -EOPNOTSUPP;
3872                 goto out;
3873         }
3874
3875         if (!netif_running(dev)) {
3876                 err = -ENETDOWN;
3877                 goto out;
3878         }
3879
3880         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3881
3882         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3883         if (reason_code == 0) {
3884                 /* Reason Code 0 is reserved */
3885                 err = -EINVAL;
3886                 goto out;
3887         }
3888
3889         if (info->attrs[NL80211_ATTR_IE]) {
3890                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3891                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3892         }
3893
3894         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3895
3896         err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
3897                                    local_state_change);
3898
3899 out:
3900         cfg80211_unlock_rdev(rdev);
3901         dev_put(dev);
3902 unlock_rtnl:
3903         rtnl_unlock();
3904         return err;
3905 }
3906
3907 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
3908 {
3909         struct cfg80211_registered_device *rdev;
3910         struct net_device *dev;
3911         const u8 *ie = NULL, *bssid;
3912         int err, ie_len = 0;
3913         u16 reason_code;
3914         bool local_state_change;
3915
3916         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3917                 return -EINVAL;
3918
3919         if (!info->attrs[NL80211_ATTR_MAC])
3920                 return -EINVAL;
3921
3922         if (!info->attrs[NL80211_ATTR_REASON_CODE])
3923                 return -EINVAL;
3924
3925         rtnl_lock();
3926
3927         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3928         if (err)
3929                 goto unlock_rtnl;
3930
3931         if (!rdev->ops->disassoc) {
3932                 err = -EOPNOTSUPP;
3933                 goto out;
3934         }
3935
3936         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3937                 err = -EOPNOTSUPP;
3938                 goto out;
3939         }
3940
3941         if (!netif_running(dev)) {
3942                 err = -ENETDOWN;
3943                 goto out;
3944         }
3945
3946         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3947
3948         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3949         if (reason_code == 0) {
3950                 /* Reason Code 0 is reserved */
3951                 err = -EINVAL;
3952                 goto out;
3953         }
3954
3955         if (info->attrs[NL80211_ATTR_IE]) {
3956                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3957                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3958         }
3959
3960         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
3961
3962         err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
3963                                      local_state_change);
3964
3965 out:
3966         cfg80211_unlock_rdev(rdev);
3967         dev_put(dev);
3968 unlock_rtnl:
3969         rtnl_unlock();
3970         return err;
3971 }
3972
3973 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
3974 {
3975         struct cfg80211_registered_device *rdev;
3976         struct net_device *dev;
3977         struct cfg80211_ibss_params ibss;
3978         struct wiphy *wiphy;
3979         struct cfg80211_cached_keys *connkeys = NULL;
3980         int err;
3981
3982         memset(&ibss, 0, sizeof(ibss));
3983
3984         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3985                 return -EINVAL;
3986
3987         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
3988             !info->attrs[NL80211_ATTR_SSID] ||
3989             !nla_len(info->attrs[NL80211_ATTR_SSID]))
3990                 return -EINVAL;
3991
3992         ibss.beacon_interval = 100;
3993
3994         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
3995                 ibss.beacon_interval =
3996                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3997                 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
3998                         return -EINVAL;
3999         }
4000
4001         rtnl_lock();
4002
4003         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4004         if (err)
4005                 goto unlock_rtnl;
4006
4007         if (!rdev->ops->join_ibss) {
4008                 err = -EOPNOTSUPP;
4009                 goto out;
4010         }
4011
4012         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
4013                 err = -EOPNOTSUPP;
4014                 goto out;
4015         }
4016
4017         if (!netif_running(dev)) {
4018                 err = -ENETDOWN;
4019                 goto out;
4020         }
4021
4022         wiphy = &rdev->wiphy;
4023
4024         if (info->attrs[NL80211_ATTR_MAC])
4025                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4026         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4027         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4028
4029         if (info->attrs[NL80211_ATTR_IE]) {
4030                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4031                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4032         }
4033
4034         ibss.channel = ieee80211_get_channel(wiphy,
4035                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4036         if (!ibss.channel ||
4037             ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4038             ibss.channel->flags & IEEE80211_CHAN_DISABLED) {
4039                 err = -EINVAL;
4040                 goto out;
4041         }
4042
4043         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4044         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4045
4046         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4047                 connkeys = nl80211_parse_connkeys(rdev,
4048                                         info->attrs[NL80211_ATTR_KEYS]);
4049                 if (IS_ERR(connkeys)) {
4050                         err = PTR_ERR(connkeys);
4051                         connkeys = NULL;
4052                         goto out;
4053                 }
4054         }
4055
4056         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4057                 u8 *rates =
4058                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4059                 int n_rates =
4060                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4061                 struct ieee80211_supported_band *sband =
4062                         wiphy->bands[ibss.channel->band];
4063                 int i, j;
4064
4065                 if (n_rates == 0) {
4066                         err = -EINVAL;
4067                         goto out;
4068                 }
4069
4070                 for (i = 0; i < n_rates; i++) {
4071                         int rate = (rates[i] & 0x7f) * 5;
4072                         bool found = false;
4073
4074                         for (j = 0; j < sband->n_bitrates; j++) {
4075                                 if (sband->bitrates[j].bitrate == rate) {
4076                                         found = true;
4077                                         ibss.basic_rates |= BIT(j);
4078                                         break;
4079                                 }
4080                         }
4081                         if (!found) {
4082                                 err = -EINVAL;
4083                                 goto out;
4084                         }
4085                 }
4086         } else {
4087                 /*
4088                 * If no rates were explicitly configured,
4089                 * use the mandatory rate set for 11b or
4090                 * 11a for maximum compatibility.
4091                 */
4092                 struct ieee80211_supported_band *sband =
4093                         wiphy->bands[ibss.channel->band];
4094                 int j;
4095                 u32 flag = ibss.channel->band == IEEE80211_BAND_5GHZ ?
4096                         IEEE80211_RATE_MANDATORY_A :
4097                         IEEE80211_RATE_MANDATORY_B;
4098
4099                 for (j = 0; j < sband->n_bitrates; j++) {
4100                         if (sband->bitrates[j].flags & flag)
4101                                 ibss.basic_rates |= BIT(j);
4102                 }
4103         }
4104
4105         err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4106
4107 out:
4108         cfg80211_unlock_rdev(rdev);
4109         dev_put(dev);
4110 unlock_rtnl:
4111         if (err)
4112                 kfree(connkeys);
4113         rtnl_unlock();
4114         return err;
4115 }
4116
4117 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4118 {
4119         struct cfg80211_registered_device *rdev;
4120         struct net_device *dev;
4121         int err;
4122
4123         rtnl_lock();
4124
4125         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4126         if (err)
4127                 goto unlock_rtnl;
4128
4129         if (!rdev->ops->leave_ibss) {
4130                 err = -EOPNOTSUPP;
4131                 goto out;
4132         }
4133
4134         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
4135                 err = -EOPNOTSUPP;
4136                 goto out;
4137         }
4138
4139         if (!netif_running(dev)) {
4140                 err = -ENETDOWN;
4141                 goto out;
4142         }
4143
4144         err = cfg80211_leave_ibss(rdev, dev, false);
4145
4146 out:
4147         cfg80211_unlock_rdev(rdev);
4148         dev_put(dev);
4149 unlock_rtnl:
4150         rtnl_unlock();
4151         return err;
4152 }
4153
4154 #ifdef CONFIG_NL80211_TESTMODE
4155 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4156         .name = "testmode",
4157 };
4158
4159 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4160 {
4161         struct cfg80211_registered_device *rdev;
4162         int err;
4163
4164         if (!info->attrs[NL80211_ATTR_TESTDATA])
4165                 return -EINVAL;
4166
4167         rtnl_lock();
4168
4169         rdev = cfg80211_get_dev_from_info(info);
4170         if (IS_ERR(rdev)) {
4171                 err = PTR_ERR(rdev);
4172                 goto unlock_rtnl;
4173         }
4174
4175         err = -EOPNOTSUPP;
4176         if (rdev->ops->testmode_cmd) {
4177                 rdev->testmode_info = info;
4178                 err = rdev->ops->testmode_cmd(&rdev->wiphy,
4179                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4180                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4181                 rdev->testmode_info = NULL;
4182         }
4183
4184         cfg80211_unlock_rdev(rdev);
4185
4186  unlock_rtnl:
4187         rtnl_unlock();
4188         return err;
4189 }
4190
4191 static struct sk_buff *
4192 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
4193                               int approxlen, u32 pid, u32 seq, gfp_t gfp)
4194 {
4195         struct sk_buff *skb;
4196         void *hdr;
4197         struct nlattr *data;
4198
4199         skb = nlmsg_new(approxlen + 100, gfp);
4200         if (!skb)
4201                 return NULL;
4202
4203         hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
4204         if (!hdr) {
4205                 kfree_skb(skb);
4206                 return NULL;
4207         }
4208
4209         NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4210         data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4211
4212         ((void **)skb->cb)[0] = rdev;
4213         ((void **)skb->cb)[1] = hdr;
4214         ((void **)skb->cb)[2] = data;
4215
4216         return skb;
4217
4218  nla_put_failure:
4219         kfree_skb(skb);
4220         return NULL;
4221 }
4222
4223 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
4224                                                   int approxlen)
4225 {
4226         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4227
4228         if (WARN_ON(!rdev->testmode_info))
4229                 return NULL;
4230
4231         return __cfg80211_testmode_alloc_skb(rdev, approxlen,
4232                                 rdev->testmode_info->snd_pid,
4233                                 rdev->testmode_info->snd_seq,
4234                                 GFP_KERNEL);
4235 }
4236 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
4237
4238 int cfg80211_testmode_reply(struct sk_buff *skb)
4239 {
4240         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
4241         void *hdr = ((void **)skb->cb)[1];
4242         struct nlattr *data = ((void **)skb->cb)[2];
4243
4244         if (WARN_ON(!rdev->testmode_info)) {
4245                 kfree_skb(skb);
4246                 return -EINVAL;
4247         }
4248
4249         nla_nest_end(skb, data);
4250         genlmsg_end(skb, hdr);
4251         return genlmsg_reply(skb, rdev->testmode_info);
4252 }
4253 EXPORT_SYMBOL(cfg80211_testmode_reply);
4254
4255 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
4256                                                   int approxlen, gfp_t gfp)
4257 {
4258         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4259
4260         return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
4261 }
4262 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
4263
4264 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
4265 {
4266         void *hdr = ((void **)skb->cb)[1];
4267         struct nlattr *data = ((void **)skb->cb)[2];
4268
4269         nla_nest_end(skb, data);
4270         genlmsg_end(skb, hdr);
4271         genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
4272 }
4273 EXPORT_SYMBOL(cfg80211_testmode_event);
4274 #endif
4275
4276 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
4277 {
4278         struct cfg80211_registered_device *rdev;
4279         struct net_device *dev;
4280         struct cfg80211_connect_params connect;
4281         struct wiphy *wiphy;
4282         struct cfg80211_cached_keys *connkeys = NULL;
4283         int err;
4284
4285         memset(&connect, 0, sizeof(connect));
4286
4287         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4288                 return -EINVAL;
4289
4290         if (!info->attrs[NL80211_ATTR_SSID] ||
4291             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4292                 return -EINVAL;
4293
4294         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4295                 connect.auth_type =
4296                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4297                 if (!nl80211_valid_auth_type(connect.auth_type))
4298                         return -EINVAL;
4299         } else
4300                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4301
4302         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
4303
4304         err = nl80211_crypto_settings(info, &connect.crypto,
4305                                       NL80211_MAX_NR_CIPHER_SUITES);
4306         if (err)
4307                 return err;
4308         rtnl_lock();
4309
4310         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4311         if (err)
4312                 goto unlock_rtnl;
4313
4314         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4315                 err = -EOPNOTSUPP;
4316                 goto out;
4317         }
4318
4319         if (!netif_running(dev)) {
4320                 err = -ENETDOWN;
4321                 goto out;
4322         }
4323
4324         wiphy = &rdev->wiphy;
4325
4326         if (info->attrs[NL80211_ATTR_MAC])
4327                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4328         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4329         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4330
4331         if (info->attrs[NL80211_ATTR_IE]) {
4332                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4333                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4334         }
4335
4336         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4337                 connect.channel =
4338                         ieee80211_get_channel(wiphy,
4339                             nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4340                 if (!connect.channel ||
4341                     connect.channel->flags & IEEE80211_CHAN_DISABLED) {
4342                         err = -EINVAL;
4343                         goto out;
4344                 }
4345         }
4346
4347         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4348                 connkeys = nl80211_parse_connkeys(rdev,
4349                                         info->attrs[NL80211_ATTR_KEYS]);
4350                 if (IS_ERR(connkeys)) {
4351                         err = PTR_ERR(connkeys);
4352                         connkeys = NULL;
4353                         goto out;
4354                 }
4355         }
4356
4357         err = cfg80211_connect(rdev, dev, &connect, connkeys);
4358
4359 out:
4360         cfg80211_unlock_rdev(rdev);
4361         dev_put(dev);
4362 unlock_rtnl:
4363         if (err)
4364                 kfree(connkeys);
4365         rtnl_unlock();
4366         return err;
4367 }
4368
4369 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
4370 {
4371         struct cfg80211_registered_device *rdev;
4372         struct net_device *dev;
4373         int err;
4374         u16 reason;
4375
4376         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4377                 reason = WLAN_REASON_DEAUTH_LEAVING;
4378         else
4379                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4380
4381         if (reason == 0)
4382                 return -EINVAL;
4383
4384         rtnl_lock();
4385
4386         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4387         if (err)
4388                 goto unlock_rtnl;
4389
4390         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4391                 err = -EOPNOTSUPP;
4392                 goto out;
4393         }
4394
4395         if (!netif_running(dev)) {
4396                 err = -ENETDOWN;
4397                 goto out;
4398         }
4399
4400         err = cfg80211_disconnect(rdev, dev, reason, true);
4401
4402 out:
4403         cfg80211_unlock_rdev(rdev);
4404         dev_put(dev);
4405 unlock_rtnl:
4406         rtnl_unlock();
4407         return err;
4408 }
4409
4410 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4411 {
4412         struct cfg80211_registered_device *rdev;
4413         struct net *net;
4414         int err;
4415         u32 pid;
4416
4417         if (!info->attrs[NL80211_ATTR_PID])
4418                 return -EINVAL;
4419
4420         pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
4421
4422         rtnl_lock();
4423
4424         rdev = cfg80211_get_dev_from_info(info);
4425         if (IS_ERR(rdev)) {
4426                 err = PTR_ERR(rdev);
4427                 goto out_rtnl;
4428         }
4429
4430         net = get_net_ns_by_pid(pid);
4431         if (IS_ERR(net)) {
4432                 err = PTR_ERR(net);
4433                 goto out;
4434         }
4435
4436         err = 0;
4437
4438         /* check if anything to do */
4439         if (net_eq(wiphy_net(&rdev->wiphy), net))
4440                 goto out_put_net;
4441
4442         err = cfg80211_switch_netns(rdev, net);
4443  out_put_net:
4444         put_net(net);
4445  out:
4446         cfg80211_unlock_rdev(rdev);
4447  out_rtnl:
4448         rtnl_unlock();
4449         return err;
4450 }
4451
4452 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
4453 {
4454         struct cfg80211_registered_device *rdev;
4455         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
4456                         struct cfg80211_pmksa *pmksa) = NULL;
4457         int err;
4458         struct net_device *dev;
4459         struct cfg80211_pmksa pmksa;
4460
4461         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
4462
4463         if (!info->attrs[NL80211_ATTR_MAC])
4464                 return -EINVAL;
4465
4466         if (!info->attrs[NL80211_ATTR_PMKID])
4467                 return -EINVAL;
4468
4469         rtnl_lock();
4470
4471         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4472         if (err)
4473                 goto out_rtnl;
4474
4475         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
4476         pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4477
4478         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4479                 err = -EOPNOTSUPP;
4480                 goto out;
4481         }
4482
4483         switch (info->genlhdr->cmd) {
4484         case NL80211_CMD_SET_PMKSA:
4485                 rdev_ops = rdev->ops->set_pmksa;
4486                 break;
4487         case NL80211_CMD_DEL_PMKSA:
4488                 rdev_ops = rdev->ops->del_pmksa;
4489                 break;
4490         default:
4491                 WARN_ON(1);
4492                 break;
4493         }
4494
4495         if (!rdev_ops) {
4496                 err = -EOPNOTSUPP;
4497                 goto out;
4498         }
4499
4500         err = rdev_ops(&rdev->wiphy, dev, &pmksa);
4501
4502  out:
4503         cfg80211_unlock_rdev(rdev);
4504         dev_put(dev);
4505  out_rtnl:
4506         rtnl_unlock();
4507
4508         return err;
4509 }
4510
4511 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4512 {
4513         struct cfg80211_registered_device *rdev;
4514         int err;
4515         struct net_device *dev;
4516
4517         rtnl_lock();
4518
4519         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4520         if (err)
4521                 goto out_rtnl;
4522
4523         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
4524                 err = -EOPNOTSUPP;
4525                 goto out;
4526         }
4527
4528         if (!rdev->ops->flush_pmksa) {
4529                 err = -EOPNOTSUPP;
4530                 goto out;
4531         }
4532
4533         err = rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4534
4535  out:
4536         cfg80211_unlock_rdev(rdev);
4537         dev_put(dev);
4538  out_rtnl:
4539         rtnl_unlock();
4540
4541         return err;
4542
4543 }
4544
4545 static int nl80211_remain_on_channel(struct sk_buff *skb,
4546                                      struct genl_info *info)
4547 {
4548         struct cfg80211_registered_device *rdev;
4549         struct net_device *dev;
4550         struct ieee80211_channel *chan;
4551         struct sk_buff *msg;
4552         void *hdr;
4553         u64 cookie;
4554         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4555         u32 freq, duration;
4556         int err;
4557
4558         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4559             !info->attrs[NL80211_ATTR_DURATION])
4560                 return -EINVAL;
4561
4562         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4563
4564         /*
4565          * We should be on that channel for at least one jiffie,
4566          * and more than 5 seconds seems excessive.
4567          */
4568         if (!duration || !msecs_to_jiffies(duration) || duration > 5000)
4569                 return -EINVAL;
4570
4571         rtnl_lock();
4572
4573         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4574         if (err)
4575                 goto unlock_rtnl;
4576
4577         if (!rdev->ops->remain_on_channel) {
4578                 err = -EOPNOTSUPP;
4579                 goto out;
4580         }
4581
4582         if (!netif_running(dev)) {
4583                 err = -ENETDOWN;
4584                 goto out;
4585         }
4586
4587         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4588                 channel_type = nla_get_u32(
4589                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4590                 if (channel_type != NL80211_CHAN_NO_HT &&
4591                     channel_type != NL80211_CHAN_HT20 &&
4592                     channel_type != NL80211_CHAN_HT40PLUS &&
4593                     channel_type != NL80211_CHAN_HT40MINUS) {
4594                         err = -EINVAL;
4595                         goto out;
4596                 }
4597         }
4598
4599         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4600         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4601         if (chan == NULL) {
4602                 err = -EINVAL;
4603                 goto out;
4604         }
4605
4606         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4607         if (!msg) {
4608                 err = -ENOMEM;
4609                 goto out;
4610         }
4611
4612         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4613                              NL80211_CMD_REMAIN_ON_CHANNEL);
4614
4615         if (IS_ERR(hdr)) {
4616                 err = PTR_ERR(hdr);
4617                 goto free_msg;
4618         }
4619
4620         err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
4621                                            channel_type, duration, &cookie);
4622
4623         if (err)
4624                 goto free_msg;
4625
4626         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4627
4628         genlmsg_end(msg, hdr);
4629         err = genlmsg_reply(msg, info);
4630         goto out;
4631
4632  nla_put_failure:
4633         err = -ENOBUFS;
4634  free_msg:
4635         nlmsg_free(msg);
4636  out:
4637         cfg80211_unlock_rdev(rdev);
4638         dev_put(dev);
4639  unlock_rtnl:
4640         rtnl_unlock();
4641         return err;
4642 }
4643
4644 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
4645                                             struct genl_info *info)
4646 {
4647         struct cfg80211_registered_device *rdev;
4648         struct net_device *dev;
4649         u64 cookie;
4650         int err;
4651
4652         if (!info->attrs[NL80211_ATTR_COOKIE])
4653                 return -EINVAL;
4654
4655         rtnl_lock();
4656
4657         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4658         if (err)
4659                 goto unlock_rtnl;
4660
4661         if (!rdev->ops->cancel_remain_on_channel) {
4662                 err = -EOPNOTSUPP;
4663                 goto out;
4664         }
4665
4666         if (!netif_running(dev)) {
4667                 err = -ENETDOWN;
4668                 goto out;
4669         }
4670
4671         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
4672
4673         err = rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
4674
4675  out:
4676         cfg80211_unlock_rdev(rdev);
4677         dev_put(dev);
4678  unlock_rtnl:
4679         rtnl_unlock();
4680         return err;
4681 }
4682
4683 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4684                            u8 *rates, u8 rates_len)
4685 {
4686         u8 i;
4687         u32 mask = 0;
4688
4689         for (i = 0; i < rates_len; i++) {
4690                 int rate = (rates[i] & 0x7f) * 5;
4691                 int ridx;
4692                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4693                         struct ieee80211_rate *srate =
4694                                 &sband->bitrates[ridx];
4695                         if (rate == srate->bitrate) {
4696                                 mask |= 1 << ridx;
4697                                 break;
4698                         }
4699                 }
4700                 if (ridx == sband->n_bitrates)
4701                         return 0; /* rate not found */
4702         }
4703
4704         return mask;
4705 }
4706
4707 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4708         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4709                                     .len = NL80211_MAX_SUPP_RATES },
4710 };
4711
4712 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
4713                                        struct genl_info *info)
4714 {
4715         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4716         struct cfg80211_registered_device *rdev;
4717         struct cfg80211_bitrate_mask mask;
4718         int err, rem, i;
4719         struct net_device *dev;
4720         struct nlattr *tx_rates;
4721         struct ieee80211_supported_band *sband;
4722
4723         if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
4724                 return -EINVAL;
4725
4726         rtnl_lock();
4727
4728         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4729         if (err)
4730                 goto unlock_rtnl;
4731
4732         if (!rdev->ops->set_bitrate_mask) {
4733                 err = -EOPNOTSUPP;
4734                 goto unlock;
4735         }
4736
4737         memset(&mask, 0, sizeof(mask));
4738         /* Default to all rates enabled */
4739         for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
4740                 sband = rdev->wiphy.bands[i];
4741                 mask.control[i].legacy =
4742                         sband ? (1 << sband->n_bitrates) - 1 : 0;
4743         }
4744
4745         /*
4746          * The nested attribute uses enum nl80211_band as the index. This maps
4747          * directly to the enum ieee80211_band values used in cfg80211.
4748          */
4749         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
4750         {
4751                 enum ieee80211_band band = nla_type(tx_rates);
4752                 if (band < 0 || band >= IEEE80211_NUM_BANDS) {
4753                         err = -EINVAL;
4754                         goto unlock;
4755                 }
4756                 sband = rdev->wiphy.bands[band];
4757                 if (sband == NULL) {
4758                         err = -EINVAL;
4759                         goto unlock;
4760                 }
4761                 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
4762                           nla_len(tx_rates), nl80211_txattr_policy);
4763                 if (tb[NL80211_TXRATE_LEGACY]) {
4764                         mask.control[band].legacy = rateset_to_mask(
4765                                 sband,
4766                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
4767                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
4768                         if (mask.control[band].legacy == 0) {
4769                                 err = -EINVAL;
4770                                 goto unlock;
4771                         }
4772                 }
4773         }
4774
4775         err = rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
4776
4777  unlock:
4778         dev_put(dev);
4779         cfg80211_unlock_rdev(rdev);
4780  unlock_rtnl:
4781         rtnl_unlock();
4782         return err;
4783 }
4784
4785 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
4786 {
4787         struct cfg80211_registered_device *rdev;
4788         struct net_device *dev;
4789         u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
4790         int err;
4791
4792         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
4793                 return -EINVAL;
4794
4795         if (info->attrs[NL80211_ATTR_FRAME_TYPE])
4796                 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
4797
4798         rtnl_lock();
4799
4800         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4801         if (err)
4802                 goto unlock_rtnl;
4803
4804         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4805             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
4806                 err = -EOPNOTSUPP;
4807                 goto out;
4808         }
4809
4810         /* not much point in registering if we can't reply */
4811         if (!rdev->ops->mgmt_tx) {
4812                 err = -EOPNOTSUPP;
4813                 goto out;
4814         }
4815
4816         err = cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
4817                         frame_type,
4818                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
4819                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
4820  out:
4821         cfg80211_unlock_rdev(rdev);
4822         dev_put(dev);
4823  unlock_rtnl:
4824         rtnl_unlock();
4825         return err;
4826 }
4827
4828 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
4829 {
4830         struct cfg80211_registered_device *rdev;
4831         struct net_device *dev;
4832         struct ieee80211_channel *chan;
4833         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4834         bool channel_type_valid = false;
4835         u32 freq;
4836         int err;
4837         void *hdr;
4838         u64 cookie;
4839         struct sk_buff *msg;
4840
4841         if (!info->attrs[NL80211_ATTR_FRAME] ||
4842             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4843                 return -EINVAL;
4844
4845         rtnl_lock();
4846
4847         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4848         if (err)
4849                 goto unlock_rtnl;
4850
4851         if (!rdev->ops->mgmt_tx) {
4852                 err = -EOPNOTSUPP;
4853                 goto out;
4854         }
4855
4856         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4857             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
4858                 err = -EOPNOTSUPP;
4859                 goto out;
4860         }
4861
4862         if (!netif_running(dev)) {
4863                 err = -ENETDOWN;
4864                 goto out;
4865         }
4866
4867         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4868                 channel_type = nla_get_u32(
4869                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4870                 if (channel_type != NL80211_CHAN_NO_HT &&
4871                     channel_type != NL80211_CHAN_HT20 &&
4872                     channel_type != NL80211_CHAN_HT40PLUS &&
4873                     channel_type != NL80211_CHAN_HT40MINUS) {
4874                         err = -EINVAL;
4875                         goto out;
4876                 }
4877                 channel_type_valid = true;
4878         }
4879
4880         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4881         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4882         if (chan == NULL) {
4883                 err = -EINVAL;
4884                 goto out;
4885         }
4886
4887         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4888         if (!msg) {
4889                 err = -ENOMEM;
4890                 goto out;
4891         }
4892
4893         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4894                              NL80211_CMD_FRAME);
4895
4896         if (IS_ERR(hdr)) {
4897                 err = PTR_ERR(hdr);
4898                 goto free_msg;
4899         }
4900         err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, channel_type,
4901                                     channel_type_valid,
4902                                     nla_data(info->attrs[NL80211_ATTR_FRAME]),
4903                                     nla_len(info->attrs[NL80211_ATTR_FRAME]),
4904                                     &cookie);
4905         if (err)
4906                 goto free_msg;
4907
4908         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4909
4910         genlmsg_end(msg, hdr);
4911         err = genlmsg_reply(msg, info);
4912         goto out;
4913
4914  nla_put_failure:
4915         err = -ENOBUFS;
4916  free_msg:
4917         nlmsg_free(msg);
4918  out:
4919         cfg80211_unlock_rdev(rdev);
4920         dev_put(dev);
4921 unlock_rtnl:
4922         rtnl_unlock();
4923         return err;
4924 }
4925
4926 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
4927 {
4928         struct cfg80211_registered_device *rdev;
4929         struct wireless_dev *wdev;
4930         struct net_device *dev;
4931         u8 ps_state;
4932         bool state;
4933         int err;
4934
4935         if (!info->attrs[NL80211_ATTR_PS_STATE]) {
4936                 err = -EINVAL;
4937                 goto out;
4938         }
4939
4940         ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
4941
4942         if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) {
4943                 err = -EINVAL;
4944                 goto out;
4945         }
4946
4947         rtnl_lock();
4948
4949         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4950         if (err)
4951                 goto unlock_rdev;
4952
4953         wdev = dev->ieee80211_ptr;
4954
4955         if (!rdev->ops->set_power_mgmt) {
4956                 err = -EOPNOTSUPP;
4957                 goto unlock_rdev;
4958         }
4959
4960         state = (ps_state == NL80211_PS_ENABLED) ? true : false;
4961
4962         if (state == wdev->ps)
4963                 goto unlock_rdev;
4964
4965         wdev->ps = state;
4966
4967         if (rdev->ops->set_power_mgmt(wdev->wiphy, dev, wdev->ps,
4968                                       wdev->ps_timeout))
4969                 /* assume this means it's off */
4970                 wdev->ps = false;
4971
4972 unlock_rdev:
4973         cfg80211_unlock_rdev(rdev);
4974         dev_put(dev);
4975         rtnl_unlock();
4976
4977 out:
4978         return err;
4979 }
4980
4981 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
4982 {
4983         struct cfg80211_registered_device *rdev;
4984         enum nl80211_ps_state ps_state;
4985         struct wireless_dev *wdev;
4986         struct net_device *dev;
4987         struct sk_buff *msg;
4988         void *hdr;
4989         int err;
4990
4991         rtnl_lock();
4992
4993         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
4994         if (err)
4995                 goto unlock_rtnl;
4996
4997         wdev = dev->ieee80211_ptr;
4998
4999         if (!rdev->ops->set_power_mgmt) {
5000                 err = -EOPNOTSUPP;
5001                 goto out;
5002         }
5003
5004         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5005         if (!msg) {
5006                 err = -ENOMEM;
5007                 goto out;
5008         }
5009
5010         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5011                              NL80211_CMD_GET_POWER_SAVE);
5012         if (!hdr) {
5013                 err = -ENOMEM;
5014                 goto free_msg;
5015         }
5016
5017         if (wdev->ps)
5018                 ps_state = NL80211_PS_ENABLED;
5019         else
5020                 ps_state = NL80211_PS_DISABLED;
5021
5022         NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
5023
5024         genlmsg_end(msg, hdr);
5025         err = genlmsg_reply(msg, info);
5026         goto out;
5027
5028 nla_put_failure:
5029         err = -ENOBUFS;
5030
5031 free_msg:
5032         nlmsg_free(msg);
5033
5034 out:
5035         cfg80211_unlock_rdev(rdev);
5036         dev_put(dev);
5037
5038 unlock_rtnl:
5039         rtnl_unlock();
5040
5041         return err;
5042 }
5043
5044 static struct nla_policy
5045 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5046         [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5047         [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5048         [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5049 };
5050
5051 static int nl80211_set_cqm_rssi(struct genl_info *info,
5052                                 s32 threshold, u32 hysteresis)
5053 {
5054         struct cfg80211_registered_device *rdev;
5055         struct wireless_dev *wdev;
5056         struct net_device *dev;
5057         int err;
5058
5059         if (threshold > 0)
5060                 return -EINVAL;
5061
5062         rtnl_lock();
5063
5064         err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
5065         if (err)
5066                 goto unlock_rdev;
5067
5068         wdev = dev->ieee80211_ptr;
5069
5070         if (!rdev->ops->set_cqm_rssi_config) {
5071                 err = -EOPNOTSUPP;
5072                 goto unlock_rdev;
5073         }
5074
5075         if (wdev->iftype != NL80211_IFTYPE_STATION) {
5076                 err = -EOPNOTSUPP;
5077                 goto unlock_rdev;
5078         }
5079
5080         err = rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5081                                              threshold, hysteresis);
5082
5083 unlock_rdev:
5084         cfg80211_unlock_rdev(rdev);
5085         dev_put(dev);
5086         rtnl_unlock();
5087
5088         return err;
5089 }
5090
5091 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5092 {
5093         struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5094         struct nlattr *cqm;
5095         int err;
5096
5097         cqm = info->attrs[NL80211_ATTR_CQM];
5098         if (!cqm) {
5099                 err = -EINVAL;
5100                 goto out;
5101         }
5102
5103         err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5104                                nl80211_attr_cqm_policy);
5105         if (err)
5106                 goto out;
5107
5108         if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5109             attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5110                 s32 threshold;
5111                 u32 hysteresis;
5112                 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5113                 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5114                 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5115         } else
5116                 err = -EINVAL;
5117
5118 out:
5119         return err;
5120 }
5121
5122 static struct genl_ops nl80211_ops[] = {
5123         {
5124                 .cmd = NL80211_CMD_GET_WIPHY,
5125                 .doit = nl80211_get_wiphy,
5126                 .dumpit = nl80211_dump_wiphy,
5127                 .policy = nl80211_policy,
5128                 /* can be retrieved by unprivileged users */
5129         },
5130         {
5131                 .cmd = NL80211_CMD_SET_WIPHY,
5132                 .doit = nl80211_set_wiphy,
5133                 .policy = nl80211_policy,
5134                 .flags = GENL_ADMIN_PERM,
5135         },
5136         {
5137                 .cmd = NL80211_CMD_GET_INTERFACE,
5138                 .doit = nl80211_get_interface,
5139                 .dumpit = nl80211_dump_interface,
5140                 .policy = nl80211_policy,
5141                 /* can be retrieved by unprivileged users */
5142         },
5143         {
5144                 .cmd = NL80211_CMD_SET_INTERFACE,
5145                 .doit = nl80211_set_interface,
5146                 .policy = nl80211_policy,
5147                 .flags = GENL_ADMIN_PERM,
5148         },
5149         {
5150                 .cmd = NL80211_CMD_NEW_INTERFACE,
5151                 .doit = nl80211_new_interface,
5152                 .policy = nl80211_policy,
5153                 .flags = GENL_ADMIN_PERM,
5154         },
5155         {
5156                 .cmd = NL80211_CMD_DEL_INTERFACE,
5157                 .doit = nl80211_del_interface,
5158                 .policy = nl80211_policy,
5159                 .flags = GENL_ADMIN_PERM,
5160         },
5161         {
5162                 .cmd = NL80211_CMD_GET_KEY,
5163                 .doit = nl80211_get_key,
5164                 .policy = nl80211_policy,
5165                 .flags = GENL_ADMIN_PERM,
5166         },
5167         {
5168                 .cmd = NL80211_CMD_SET_KEY,
5169                 .doit = nl80211_set_key,
5170                 .policy = nl80211_policy,
5171                 .flags = GENL_ADMIN_PERM,
5172         },
5173         {
5174                 .cmd = NL80211_CMD_NEW_KEY,
5175                 .doit = nl80211_new_key,
5176                 .policy = nl80211_policy,
5177                 .flags = GENL_ADMIN_PERM,
5178         },
5179         {
5180                 .cmd = NL80211_CMD_DEL_KEY,
5181                 .doit = nl80211_del_key,
5182                 .policy = nl80211_policy,
5183                 .flags = GENL_ADMIN_PERM,
5184         },
5185         {
5186                 .cmd = NL80211_CMD_SET_BEACON,
5187                 .policy = nl80211_policy,
5188                 .flags = GENL_ADMIN_PERM,
5189                 .doit = nl80211_addset_beacon,
5190         },
5191         {
5192                 .cmd = NL80211_CMD_NEW_BEACON,
5193                 .policy = nl80211_policy,
5194                 .flags = GENL_ADMIN_PERM,
5195                 .doit = nl80211_addset_beacon,
5196         },
5197         {
5198                 .cmd = NL80211_CMD_DEL_BEACON,
5199                 .policy = nl80211_policy,
5200                 .flags = GENL_ADMIN_PERM,
5201                 .doit = nl80211_del_beacon,
5202         },
5203         {
5204                 .cmd = NL80211_CMD_GET_STATION,
5205                 .doit = nl80211_get_station,
5206                 .dumpit = nl80211_dump_station,
5207                 .policy = nl80211_policy,
5208         },
5209         {
5210                 .cmd = NL80211_CMD_SET_STATION,
5211                 .doit = nl80211_set_station,
5212                 .policy = nl80211_policy,
5213                 .flags = GENL_ADMIN_PERM,
5214         },
5215         {
5216                 .cmd = NL80211_CMD_NEW_STATION,
5217                 .doit = nl80211_new_station,
5218                 .policy = nl80211_policy,
5219                 .flags = GENL_ADMIN_PERM,
5220         },
5221         {
5222                 .cmd = NL80211_CMD_DEL_STATION,
5223                 .doit = nl80211_del_station,
5224                 .policy = nl80211_policy,
5225                 .flags = GENL_ADMIN_PERM,
5226         },
5227         {
5228                 .cmd = NL80211_CMD_GET_MPATH,
5229                 .doit = nl80211_get_mpath,
5230                 .dumpit = nl80211_dump_mpath,
5231                 .policy = nl80211_policy,
5232                 .flags = GENL_ADMIN_PERM,
5233         },
5234         {
5235                 .cmd = NL80211_CMD_SET_MPATH,
5236                 .doit = nl80211_set_mpath,
5237                 .policy = nl80211_policy,
5238                 .flags = GENL_ADMIN_PERM,
5239         },
5240         {
5241                 .cmd = NL80211_CMD_NEW_MPATH,
5242                 .doit = nl80211_new_mpath,
5243                 .policy = nl80211_policy,
5244                 .flags = GENL_ADMIN_PERM,
5245         },
5246         {
5247                 .cmd = NL80211_CMD_DEL_MPATH,
5248                 .doit = nl80211_del_mpath,
5249                 .policy = nl80211_policy,
5250                 .flags = GENL_ADMIN_PERM,
5251         },
5252         {
5253                 .cmd = NL80211_CMD_SET_BSS,
5254                 .doit = nl80211_set_bss,
5255                 .policy = nl80211_policy,
5256                 .flags = GENL_ADMIN_PERM,
5257         },
5258         {
5259                 .cmd = NL80211_CMD_GET_REG,
5260                 .doit = nl80211_get_reg,
5261                 .policy = nl80211_policy,
5262                 /* can be retrieved by unprivileged users */
5263         },
5264         {
5265                 .cmd = NL80211_CMD_SET_REG,
5266                 .doit = nl80211_set_reg,
5267                 .policy = nl80211_policy,
5268                 .flags = GENL_ADMIN_PERM,
5269         },
5270         {
5271                 .cmd = NL80211_CMD_REQ_SET_REG,
5272                 .doit = nl80211_req_set_reg,
5273                 .policy = nl80211_policy,
5274                 .flags = GENL_ADMIN_PERM,
5275         },
5276         {
5277                 .cmd = NL80211_CMD_GET_MESH_PARAMS,
5278                 .doit = nl80211_get_mesh_params,
5279                 .policy = nl80211_policy,
5280                 /* can be retrieved by unprivileged users */
5281         },
5282         {
5283                 .cmd = NL80211_CMD_SET_MESH_PARAMS,
5284                 .doit = nl80211_set_mesh_params,
5285                 .policy = nl80211_policy,
5286                 .flags = GENL_ADMIN_PERM,
5287         },
5288         {
5289                 .cmd = NL80211_CMD_TRIGGER_SCAN,
5290                 .doit = nl80211_trigger_scan,
5291                 .policy = nl80211_policy,
5292                 .flags = GENL_ADMIN_PERM,
5293         },
5294         {
5295                 .cmd = NL80211_CMD_GET_SCAN,
5296                 .policy = nl80211_policy,
5297                 .dumpit = nl80211_dump_scan,
5298         },
5299         {
5300                 .cmd = NL80211_CMD_AUTHENTICATE,
5301                 .doit = nl80211_authenticate,
5302                 .policy = nl80211_policy,
5303                 .flags = GENL_ADMIN_PERM,
5304         },
5305         {
5306                 .cmd = NL80211_CMD_ASSOCIATE,
5307                 .doit = nl80211_associate,
5308                 .policy = nl80211_policy,
5309                 .flags = GENL_ADMIN_PERM,
5310         },
5311         {
5312                 .cmd = NL80211_CMD_DEAUTHENTICATE,
5313                 .doit = nl80211_deauthenticate,
5314                 .policy = nl80211_policy,
5315                 .flags = GENL_ADMIN_PERM,
5316         },
5317         {
5318                 .cmd = NL80211_CMD_DISASSOCIATE,
5319                 .doit = nl80211_disassociate,
5320                 .policy = nl80211_policy,
5321                 .flags = GENL_ADMIN_PERM,
5322         },
5323         {
5324                 .cmd = NL80211_CMD_JOIN_IBSS,
5325                 .doit = nl80211_join_ibss,
5326                 .policy = nl80211_policy,
5327                 .flags = GENL_ADMIN_PERM,
5328         },
5329         {
5330                 .cmd = NL80211_CMD_LEAVE_IBSS,
5331                 .doit = nl80211_leave_ibss,
5332                 .policy = nl80211_policy,
5333                 .flags = GENL_ADMIN_PERM,
5334         },
5335 #ifdef CONFIG_NL80211_TESTMODE
5336         {
5337                 .cmd = NL80211_CMD_TESTMODE,
5338                 .doit = nl80211_testmode_do,
5339                 .policy = nl80211_policy,
5340                 .flags = GENL_ADMIN_PERM,
5341         },
5342 #endif
5343         {
5344                 .cmd = NL80211_CMD_CONNECT,
5345                 .doit = nl80211_connect,
5346                 .policy = nl80211_policy,
5347                 .flags = GENL_ADMIN_PERM,
5348         },
5349         {
5350                 .cmd = NL80211_CMD_DISCONNECT,
5351                 .doit = nl80211_disconnect,
5352                 .policy = nl80211_policy,
5353                 .flags = GENL_ADMIN_PERM,
5354         },
5355         {
5356                 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
5357                 .doit = nl80211_wiphy_netns,
5358                 .policy = nl80211_policy,
5359                 .flags = GENL_ADMIN_PERM,
5360         },
5361         {
5362                 .cmd = NL80211_CMD_GET_SURVEY,
5363                 .policy = nl80211_policy,
5364                 .dumpit = nl80211_dump_survey,
5365         },
5366         {
5367                 .cmd = NL80211_CMD_SET_PMKSA,
5368                 .doit = nl80211_setdel_pmksa,
5369                 .policy = nl80211_policy,
5370                 .flags = GENL_ADMIN_PERM,
5371         },
5372         {
5373                 .cmd = NL80211_CMD_DEL_PMKSA,
5374                 .doit = nl80211_setdel_pmksa,
5375                 .policy = nl80211_policy,
5376                 .flags = GENL_ADMIN_PERM,
5377         },
5378         {
5379                 .cmd = NL80211_CMD_FLUSH_PMKSA,
5380                 .doit = nl80211_flush_pmksa,
5381                 .policy = nl80211_policy,
5382                 .flags = GENL_ADMIN_PERM,
5383         },
5384         {
5385                 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
5386                 .doit = nl80211_remain_on_channel,
5387                 .policy = nl80211_policy,
5388                 .flags = GENL_ADMIN_PERM,
5389         },
5390         {
5391                 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
5392                 .doit = nl80211_cancel_remain_on_channel,
5393                 .policy = nl80211_policy,
5394                 .flags = GENL_ADMIN_PERM,
5395         },
5396         {
5397                 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
5398                 .doit = nl80211_set_tx_bitrate_mask,
5399                 .policy = nl80211_policy,
5400                 .flags = GENL_ADMIN_PERM,
5401         },
5402         {
5403                 .cmd = NL80211_CMD_REGISTER_FRAME,
5404                 .doit = nl80211_register_mgmt,
5405                 .policy = nl80211_policy,
5406                 .flags = GENL_ADMIN_PERM,
5407         },
5408         {
5409                 .cmd = NL80211_CMD_FRAME,
5410                 .doit = nl80211_tx_mgmt,
5411                 .policy = nl80211_policy,
5412                 .flags = GENL_ADMIN_PERM,
5413         },
5414         {
5415                 .cmd = NL80211_CMD_SET_POWER_SAVE,
5416                 .doit = nl80211_set_power_save,
5417                 .policy = nl80211_policy,
5418                 .flags = GENL_ADMIN_PERM,
5419         },
5420         {
5421                 .cmd = NL80211_CMD_GET_POWER_SAVE,
5422                 .doit = nl80211_get_power_save,
5423                 .policy = nl80211_policy,
5424                 /* can be retrieved by unprivileged users */
5425         },
5426         {
5427                 .cmd = NL80211_CMD_SET_CQM,
5428                 .doit = nl80211_set_cqm,
5429                 .policy = nl80211_policy,
5430                 .flags = GENL_ADMIN_PERM,
5431         },
5432         {
5433                 .cmd = NL80211_CMD_SET_CHANNEL,
5434                 .doit = nl80211_set_channel,
5435                 .policy = nl80211_policy,
5436                 .flags = GENL_ADMIN_PERM,
5437         },
5438 };
5439
5440 static struct genl_multicast_group nl80211_mlme_mcgrp = {
5441         .name = "mlme",
5442 };
5443
5444 /* multicast groups */
5445 static struct genl_multicast_group nl80211_config_mcgrp = {
5446         .name = "config",
5447 };
5448 static struct genl_multicast_group nl80211_scan_mcgrp = {
5449         .name = "scan",
5450 };
5451 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
5452         .name = "regulatory",
5453 };
5454
5455 /* notification functions */
5456
5457 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
5458 {
5459         struct sk_buff *msg;
5460
5461         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5462         if (!msg)
5463                 return;
5464
5465         if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
5466                 nlmsg_free(msg);
5467                 return;
5468         }
5469
5470         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5471                                 nl80211_config_mcgrp.id, GFP_KERNEL);
5472 }
5473
5474 static int nl80211_add_scan_req(struct sk_buff *msg,
5475                                 struct cfg80211_registered_device *rdev)
5476 {
5477         struct cfg80211_scan_request *req = rdev->scan_req;
5478         struct nlattr *nest;
5479         int i;
5480
5481         ASSERT_RDEV_LOCK(rdev);
5482
5483         if (WARN_ON(!req))
5484                 return 0;
5485
5486         nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
5487         if (!nest)
5488                 goto nla_put_failure;
5489         for (i = 0; i < req->n_ssids; i++)
5490                 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid);
5491         nla_nest_end(msg, nest);
5492
5493         nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
5494         if (!nest)
5495                 goto nla_put_failure;
5496         for (i = 0; i < req->n_channels; i++)
5497                 NLA_PUT_U32(msg, i, req->channels[i]->center_freq);
5498         nla_nest_end(msg, nest);
5499
5500         if (req->ie)
5501                 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie);
5502
5503         return 0;
5504  nla_put_failure:
5505         return -ENOBUFS;
5506 }
5507
5508 static int nl80211_send_scan_msg(struct sk_buff *msg,
5509                                  struct cfg80211_registered_device *rdev,
5510                                  struct net_device *netdev,
5511                                  u32 pid, u32 seq, int flags,
5512                                  u32 cmd)
5513 {
5514         void *hdr;
5515
5516         hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
5517         if (!hdr)
5518                 return -1;
5519
5520         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5521         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5522
5523         /* ignore errors and send incomplete event anyway */
5524         nl80211_add_scan_req(msg, rdev);
5525
5526         return genlmsg_end(msg, hdr);
5527
5528  nla_put_failure:
5529         genlmsg_cancel(msg, hdr);
5530         return -EMSGSIZE;
5531 }
5532
5533 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
5534                              struct net_device *netdev)
5535 {
5536         struct sk_buff *msg;
5537
5538         msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
5539         if (!msg)
5540                 return;
5541
5542         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5543                                   NL80211_CMD_TRIGGER_SCAN) < 0) {
5544                 nlmsg_free(msg);
5545                 return;
5546         }
5547
5548         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5549                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5550 }
5551
5552 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
5553                             struct net_device *netdev)
5554 {
5555         struct sk_buff *msg;
5556
5557         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5558         if (!msg)
5559                 return;
5560
5561         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5562                                   NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
5563                 nlmsg_free(msg);
5564                 return;
5565         }
5566
5567         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5568                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5569 }
5570
5571 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
5572                                struct net_device *netdev)
5573 {
5574         struct sk_buff *msg;
5575
5576         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5577         if (!msg)
5578                 return;
5579
5580         if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
5581                                   NL80211_CMD_SCAN_ABORTED) < 0) {
5582                 nlmsg_free(msg);
5583                 return;
5584         }
5585
5586         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5587                                 nl80211_scan_mcgrp.id, GFP_KERNEL);
5588 }
5589
5590 /*
5591  * This can happen on global regulatory changes or device specific settings
5592  * based on custom world regulatory domains.
5593  */
5594 void nl80211_send_reg_change_event(struct regulatory_request *request)
5595 {
5596         struct sk_buff *msg;
5597         void *hdr;
5598
5599         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5600         if (!msg)
5601                 return;
5602
5603         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
5604         if (!hdr) {
5605                 nlmsg_free(msg);
5606                 return;
5607         }
5608
5609         /* Userspace can always count this one always being set */
5610         NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator);
5611
5612         if (request->alpha2[0] == '0' && request->alpha2[1] == '0')
5613                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5614                            NL80211_REGDOM_TYPE_WORLD);
5615         else if (request->alpha2[0] == '9' && request->alpha2[1] == '9')
5616                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5617                            NL80211_REGDOM_TYPE_CUSTOM_WORLD);
5618         else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
5619                  request->intersect)
5620                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5621                            NL80211_REGDOM_TYPE_INTERSECTION);
5622         else {
5623                 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
5624                            NL80211_REGDOM_TYPE_COUNTRY);
5625                 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2);
5626         }
5627
5628         if (wiphy_idx_valid(request->wiphy_idx))
5629                 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
5630
5631         if (genlmsg_end(msg, hdr) < 0) {
5632                 nlmsg_free(msg);
5633                 return;
5634         }
5635
5636         rcu_read_lock();
5637         genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
5638                                 GFP_ATOMIC);
5639         rcu_read_unlock();
5640
5641         return;
5642
5643 nla_put_failure:
5644         genlmsg_cancel(msg, hdr);
5645         nlmsg_free(msg);
5646 }
5647
5648 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
5649                                     struct net_device *netdev,
5650                                     const u8 *buf, size_t len,
5651                                     enum nl80211_commands cmd, gfp_t gfp)
5652 {
5653         struct sk_buff *msg;
5654         void *hdr;
5655
5656         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5657         if (!msg)
5658                 return;
5659
5660         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5661         if (!hdr) {
5662                 nlmsg_free(msg);
5663                 return;
5664         }
5665
5666         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5667         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5668         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
5669
5670         if (genlmsg_end(msg, hdr) < 0) {
5671                 nlmsg_free(msg);
5672                 return;
5673         }
5674
5675         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5676                                 nl80211_mlme_mcgrp.id, gfp);
5677         return;
5678
5679  nla_put_failure:
5680         genlmsg_cancel(msg, hdr);
5681         nlmsg_free(msg);
5682 }
5683
5684 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
5685                           struct net_device *netdev, const u8 *buf,
5686                           size_t len, gfp_t gfp)
5687 {
5688         nl80211_send_mlme_event(rdev, netdev, buf, len,
5689                                 NL80211_CMD_AUTHENTICATE, gfp);
5690 }
5691
5692 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
5693                            struct net_device *netdev, const u8 *buf,
5694                            size_t len, gfp_t gfp)
5695 {
5696         nl80211_send_mlme_event(rdev, netdev, buf, len,
5697                                 NL80211_CMD_ASSOCIATE, gfp);
5698 }
5699
5700 void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
5701                          struct net_device *netdev, const u8 *buf,
5702                          size_t len, gfp_t gfp)
5703 {
5704         nl80211_send_mlme_event(rdev, netdev, buf, len,
5705                                 NL80211_CMD_DEAUTHENTICATE, gfp);
5706 }
5707
5708 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
5709                            struct net_device *netdev, const u8 *buf,
5710                            size_t len, gfp_t gfp)
5711 {
5712         nl80211_send_mlme_event(rdev, netdev, buf, len,
5713                                 NL80211_CMD_DISASSOCIATE, gfp);
5714 }
5715
5716 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
5717                                       struct net_device *netdev, int cmd,
5718                                       const u8 *addr, gfp_t gfp)
5719 {
5720         struct sk_buff *msg;
5721         void *hdr;
5722
5723         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5724         if (!msg)
5725                 return;
5726
5727         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
5728         if (!hdr) {
5729                 nlmsg_free(msg);
5730                 return;
5731         }
5732
5733         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5734         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5735         NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT);
5736         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5737
5738         if (genlmsg_end(msg, hdr) < 0) {
5739                 nlmsg_free(msg);
5740                 return;
5741         }
5742
5743         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5744                                 nl80211_mlme_mcgrp.id, gfp);
5745         return;
5746
5747  nla_put_failure:
5748         genlmsg_cancel(msg, hdr);
5749         nlmsg_free(msg);
5750 }
5751
5752 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
5753                                struct net_device *netdev, const u8 *addr,
5754                                gfp_t gfp)
5755 {
5756         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
5757                                   addr, gfp);
5758 }
5759
5760 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
5761                                 struct net_device *netdev, const u8 *addr,
5762                                 gfp_t gfp)
5763 {
5764         nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
5765                                   addr, gfp);
5766 }
5767
5768 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
5769                                  struct net_device *netdev, const u8 *bssid,
5770                                  const u8 *req_ie, size_t req_ie_len,
5771                                  const u8 *resp_ie, size_t resp_ie_len,
5772                                  u16 status, gfp_t gfp)
5773 {
5774         struct sk_buff *msg;
5775         void *hdr;
5776
5777         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5778         if (!msg)
5779                 return;
5780
5781         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
5782         if (!hdr) {
5783                 nlmsg_free(msg);
5784                 return;
5785         }
5786
5787         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5788         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5789         if (bssid)
5790                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5791         NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status);
5792         if (req_ie)
5793                 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
5794         if (resp_ie)
5795                 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
5796
5797         if (genlmsg_end(msg, hdr) < 0) {
5798                 nlmsg_free(msg);
5799                 return;
5800         }
5801
5802         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5803                                 nl80211_mlme_mcgrp.id, gfp);
5804         return;
5805
5806  nla_put_failure:
5807         genlmsg_cancel(msg, hdr);
5808         nlmsg_free(msg);
5809
5810 }
5811
5812 void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
5813                          struct net_device *netdev, const u8 *bssid,
5814                          const u8 *req_ie, size_t req_ie_len,
5815                          const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
5816 {
5817         struct sk_buff *msg;
5818         void *hdr;
5819
5820         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
5821         if (!msg)
5822                 return;
5823
5824         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
5825         if (!hdr) {
5826                 nlmsg_free(msg);
5827                 return;
5828         }
5829
5830         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5831         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5832         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5833         if (req_ie)
5834                 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
5835         if (resp_ie)
5836                 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
5837
5838         if (genlmsg_end(msg, hdr) < 0) {
5839                 nlmsg_free(msg);
5840                 return;
5841         }
5842
5843         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5844                                 nl80211_mlme_mcgrp.id, gfp);
5845         return;
5846
5847  nla_put_failure:
5848         genlmsg_cancel(msg, hdr);
5849         nlmsg_free(msg);
5850
5851 }
5852
5853 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
5854                                struct net_device *netdev, u16 reason,
5855                                const u8 *ie, size_t ie_len, bool from_ap)
5856 {
5857         struct sk_buff *msg;
5858         void *hdr;
5859
5860         msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
5861         if (!msg)
5862                 return;
5863
5864         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
5865         if (!hdr) {
5866                 nlmsg_free(msg);
5867                 return;
5868         }
5869
5870         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5871         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5872         if (from_ap && reason)
5873                 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason);
5874         if (from_ap)
5875                 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP);
5876         if (ie)
5877                 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie);
5878
5879         if (genlmsg_end(msg, hdr) < 0) {
5880                 nlmsg_free(msg);
5881                 return;
5882         }
5883
5884         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5885                                 nl80211_mlme_mcgrp.id, GFP_KERNEL);
5886         return;
5887
5888  nla_put_failure:
5889         genlmsg_cancel(msg, hdr);
5890         nlmsg_free(msg);
5891
5892 }
5893
5894 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
5895                              struct net_device *netdev, const u8 *bssid,
5896                              gfp_t gfp)
5897 {
5898         struct sk_buff *msg;
5899         void *hdr;
5900
5901         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5902         if (!msg)
5903                 return;
5904
5905         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
5906         if (!hdr) {
5907                 nlmsg_free(msg);
5908                 return;
5909         }
5910
5911         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5912         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5913         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
5914
5915         if (genlmsg_end(msg, hdr) < 0) {
5916                 nlmsg_free(msg);
5917                 return;
5918         }
5919
5920         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5921                                 nl80211_mlme_mcgrp.id, gfp);
5922         return;
5923
5924  nla_put_failure:
5925         genlmsg_cancel(msg, hdr);
5926         nlmsg_free(msg);
5927 }
5928
5929 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
5930                                  struct net_device *netdev, const u8 *addr,
5931                                  enum nl80211_key_type key_type, int key_id,
5932                                  const u8 *tsc, gfp_t gfp)
5933 {
5934         struct sk_buff *msg;
5935         void *hdr;
5936
5937         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5938         if (!msg)
5939                 return;
5940
5941         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
5942         if (!hdr) {
5943                 nlmsg_free(msg);
5944                 return;
5945         }
5946
5947         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5948         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
5949         if (addr)
5950                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
5951         NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type);
5952         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id);
5953         if (tsc)
5954                 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc);
5955
5956         if (genlmsg_end(msg, hdr) < 0) {
5957                 nlmsg_free(msg);
5958                 return;
5959         }
5960
5961         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
5962                                 nl80211_mlme_mcgrp.id, gfp);
5963         return;
5964
5965  nla_put_failure:
5966         genlmsg_cancel(msg, hdr);
5967         nlmsg_free(msg);
5968 }
5969
5970 void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
5971                                     struct ieee80211_channel *channel_before,
5972                                     struct ieee80211_channel *channel_after)
5973 {
5974         struct sk_buff *msg;
5975         void *hdr;
5976         struct nlattr *nl_freq;
5977
5978         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
5979         if (!msg)
5980                 return;
5981
5982         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
5983         if (!hdr) {
5984                 nlmsg_free(msg);
5985                 return;
5986         }
5987
5988         /*
5989          * Since we are applying the beacon hint to a wiphy we know its
5990          * wiphy_idx is valid
5991          */
5992         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy));
5993
5994         /* Before */
5995         nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
5996         if (!nl_freq)
5997                 goto nla_put_failure;
5998         if (nl80211_msg_put_channel(msg, channel_before))
5999                 goto nla_put_failure;
6000         nla_nest_end(msg, nl_freq);
6001
6002         /* After */
6003         nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
6004         if (!nl_freq)
6005                 goto nla_put_failure;
6006         if (nl80211_msg_put_channel(msg, channel_after))
6007                 goto nla_put_failure;
6008         nla_nest_end(msg, nl_freq);
6009
6010         if (genlmsg_end(msg, hdr) < 0) {
6011                 nlmsg_free(msg);
6012                 return;
6013         }
6014
6015         rcu_read_lock();
6016         genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
6017                                 GFP_ATOMIC);
6018         rcu_read_unlock();
6019
6020         return;
6021
6022 nla_put_failure:
6023         genlmsg_cancel(msg, hdr);
6024         nlmsg_free(msg);
6025 }
6026
6027 static void nl80211_send_remain_on_chan_event(
6028         int cmd, struct cfg80211_registered_device *rdev,
6029         struct net_device *netdev, u64 cookie,
6030         struct ieee80211_channel *chan,
6031         enum nl80211_channel_type channel_type,
6032         unsigned int duration, gfp_t gfp)
6033 {
6034         struct sk_buff *msg;
6035         void *hdr;
6036
6037         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
6038         if (!msg)
6039                 return;
6040
6041         hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
6042         if (!hdr) {
6043                 nlmsg_free(msg);
6044                 return;
6045         }
6046
6047         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6048         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6049         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq);
6050         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type);
6051         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
6052
6053         if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL)
6054                 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration);
6055
6056         if (genlmsg_end(msg, hdr) < 0) {
6057                 nlmsg_free(msg);
6058                 return;
6059         }
6060
6061         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6062                                 nl80211_mlme_mcgrp.id, gfp);
6063         return;
6064
6065  nla_put_failure:
6066         genlmsg_cancel(msg, hdr);
6067         nlmsg_free(msg);
6068 }
6069
6070 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev,
6071                                     struct net_device *netdev, u64 cookie,
6072                                     struct ieee80211_channel *chan,
6073                                     enum nl80211_channel_type channel_type,
6074                                     unsigned int duration, gfp_t gfp)
6075 {
6076         nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL,
6077                                           rdev, netdev, cookie, chan,
6078                                           channel_type, duration, gfp);
6079 }
6080
6081 void nl80211_send_remain_on_channel_cancel(
6082         struct cfg80211_registered_device *rdev, struct net_device *netdev,
6083         u64 cookie, struct ieee80211_channel *chan,
6084         enum nl80211_channel_type channel_type, gfp_t gfp)
6085 {
6086         nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
6087                                           rdev, netdev, cookie, chan,
6088                                           channel_type, 0, gfp);
6089 }
6090
6091 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev,
6092                             struct net_device *dev, const u8 *mac_addr,
6093                             struct station_info *sinfo, gfp_t gfp)
6094 {
6095         struct sk_buff *msg;
6096
6097         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
6098         if (!msg)
6099                 return;
6100
6101         if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) {
6102                 nlmsg_free(msg);
6103                 return;
6104         }
6105
6106         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6107                                 nl80211_mlme_mcgrp.id, gfp);
6108 }
6109
6110 int nl80211_send_mgmt(struct cfg80211_registered_device *rdev,
6111                       struct net_device *netdev, u32 nlpid,
6112                       int freq, const u8 *buf, size_t len, gfp_t gfp)
6113 {
6114         struct sk_buff *msg;
6115         void *hdr;
6116         int err;
6117
6118         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
6119         if (!msg)
6120                 return -ENOMEM;
6121
6122         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME);
6123         if (!hdr) {
6124                 nlmsg_free(msg);
6125                 return -ENOMEM;
6126         }
6127
6128         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6129         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6130         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq);
6131         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
6132
6133         err = genlmsg_end(msg, hdr);
6134         if (err < 0) {
6135                 nlmsg_free(msg);
6136                 return err;
6137         }
6138
6139         err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid);
6140         if (err < 0)
6141                 return err;
6142         return 0;
6143
6144  nla_put_failure:
6145         genlmsg_cancel(msg, hdr);
6146         nlmsg_free(msg);
6147         return -ENOBUFS;
6148 }
6149
6150 void nl80211_send_mgmt_tx_status(struct cfg80211_registered_device *rdev,
6151                                  struct net_device *netdev, u64 cookie,
6152                                  const u8 *buf, size_t len, bool ack,
6153                                  gfp_t gfp)
6154 {
6155         struct sk_buff *msg;
6156         void *hdr;
6157
6158         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
6159         if (!msg)
6160                 return;
6161
6162         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
6163         if (!hdr) {
6164                 nlmsg_free(msg);
6165                 return;
6166         }
6167
6168         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6169         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6170         NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
6171         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
6172         if (ack)
6173                 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK);
6174
6175         if (genlmsg_end(msg, hdr) < 0) {
6176                 nlmsg_free(msg);
6177                 return;
6178         }
6179
6180         genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp);
6181         return;
6182
6183  nla_put_failure:
6184         genlmsg_cancel(msg, hdr);
6185         nlmsg_free(msg);
6186 }
6187
6188 void
6189 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev,
6190                              struct net_device *netdev,
6191                              enum nl80211_cqm_rssi_threshold_event rssi_event,
6192                              gfp_t gfp)
6193 {
6194         struct sk_buff *msg;
6195         struct nlattr *pinfoattr;
6196         void *hdr;
6197
6198         msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
6199         if (!msg)
6200                 return;
6201
6202         hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM);
6203         if (!hdr) {
6204                 nlmsg_free(msg);
6205                 return;
6206         }
6207
6208         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
6209         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
6210
6211         pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM);
6212         if (!pinfoattr)
6213                 goto nla_put_failure;
6214
6215         NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT,
6216                     rssi_event);
6217
6218         nla_nest_end(msg, pinfoattr);
6219
6220         if (genlmsg_end(msg, hdr) < 0) {
6221                 nlmsg_free(msg);
6222                 return;
6223         }
6224
6225         genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
6226                                 nl80211_mlme_mcgrp.id, gfp);
6227         return;
6228
6229  nla_put_failure:
6230         genlmsg_cancel(msg, hdr);
6231         nlmsg_free(msg);
6232 }
6233
6234 static int nl80211_netlink_notify(struct notifier_block * nb,
6235                                   unsigned long state,
6236                                   void *_notify)
6237 {
6238         struct netlink_notify *notify = _notify;
6239         struct cfg80211_registered_device *rdev;
6240         struct wireless_dev *wdev;
6241
6242         if (state != NETLINK_URELEASE)
6243                 return NOTIFY_DONE;
6244
6245         rcu_read_lock();
6246
6247         list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list)
6248                 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list)
6249                         cfg80211_mlme_unregister_socket(wdev, notify->pid);
6250
6251         rcu_read_unlock();
6252
6253         return NOTIFY_DONE;
6254 }
6255
6256 static struct notifier_block nl80211_netlink_notifier = {
6257         .notifier_call = nl80211_netlink_notify,
6258 };
6259
6260 /* initialisation/exit functions */
6261
6262 int nl80211_init(void)
6263 {
6264         int err;
6265
6266         err = genl_register_family_with_ops(&nl80211_fam,
6267                 nl80211_ops, ARRAY_SIZE(nl80211_ops));
6268         if (err)
6269                 return err;
6270
6271         err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
6272         if (err)
6273                 goto err_out;
6274
6275         err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
6276         if (err)
6277                 goto err_out;
6278
6279         err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
6280         if (err)
6281                 goto err_out;
6282
6283         err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
6284         if (err)
6285                 goto err_out;
6286
6287 #ifdef CONFIG_NL80211_TESTMODE
6288         err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
6289         if (err)
6290                 goto err_out;
6291 #endif
6292
6293         err = netlink_register_notifier(&nl80211_netlink_notifier);
6294         if (err)
6295                 goto err_out;
6296
6297         return 0;
6298  err_out:
6299         genl_unregister_family(&nl80211_fam);
6300         return err;
6301 }
6302
6303 void nl80211_exit(void)
6304 {
6305         netlink_unregister_notifier(&nl80211_netlink_notifier);
6306         genl_unregister_family(&nl80211_fam);
6307 }