ipv4: flush route cache after change accept_local
[linux-2.6.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25
26 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
27                             struct genl_info *info);
28 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
29                               struct genl_info *info);
30
31 /* the netlink family */
32 static struct genl_family nl80211_fam = {
33         .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
34         .name = "nl80211",      /* have users key off the name instead */
35         .hdrsize = 0,           /* no private header */
36         .version = 1,           /* no particular meaning now */
37         .maxattr = NL80211_ATTR_MAX,
38         .netnsok = true,
39         .pre_doit = nl80211_pre_doit,
40         .post_doit = nl80211_post_doit,
41 };
42
43 /* internal helper: get rdev and dev */
44 static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
45                                        struct cfg80211_registered_device **rdev,
46                                        struct net_device **dev)
47 {
48         struct nlattr **attrs = info->attrs;
49         int ifindex;
50
51         if (!attrs[NL80211_ATTR_IFINDEX])
52                 return -EINVAL;
53
54         ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
55         *dev = dev_get_by_index(genl_info_net(info), ifindex);
56         if (!*dev)
57                 return -ENODEV;
58
59         *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex);
60         if (IS_ERR(*rdev)) {
61                 dev_put(*dev);
62                 return PTR_ERR(*rdev);
63         }
64
65         return 0;
66 }
67
68 /* policy for the attributes */
69 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
70         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
71         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
72                                       .len = 20-1 },
73         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
74         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
75         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
76         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
77         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
78         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
79         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
80         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
81
82         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
83         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
84         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
85
86         [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
87         [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
88
89         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
90         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
91                                     .len = WLAN_MAX_KEY_LEN },
92         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
93         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
94         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
95         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
96         [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
97
98         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
99         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
100         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
101                                        .len = IEEE80211_MAX_DATA_LEN },
102         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
103                                        .len = IEEE80211_MAX_DATA_LEN },
104         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
105         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
106         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
107         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
108                                                .len = NL80211_MAX_SUPP_RATES },
109         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
110         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
111         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
112         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
113                                 .len = IEEE80211_MAX_MESH_ID_LEN },
114         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
115
116         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
117         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
118
119         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
120         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
121         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
122         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
123                                            .len = NL80211_MAX_SUPP_RATES },
124         [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
125
126         [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
127         [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
128
129         [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
130
131         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
132         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
133                               .len = IEEE80211_MAX_DATA_LEN },
134         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
135         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
136
137         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
138                                 .len = IEEE80211_MAX_SSID_LEN },
139         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
140         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
141         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
142         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
143         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
144         [NL80211_ATTR_STA_FLAGS2] = {
145                 .len = sizeof(struct nl80211_sta_flag_update),
146         },
147         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
148         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
149         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
150         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
151         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
152         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
153         [NL80211_ATTR_PID] = { .type = NLA_U32 },
154         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
155         [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
156                                  .len = WLAN_PMKID_LEN },
157         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
158         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
159         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
160         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
161                                  .len = IEEE80211_MAX_DATA_LEN },
162         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
163         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
164         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
165         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
166         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
167         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
168         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
169         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
170         [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
171         [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
172         [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
173         [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
174         [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
175         [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
176         [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
177         [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
178         [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
179         [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
180 };
181
182 /* policy for the key attributes */
183 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
184         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
185         [NL80211_KEY_IDX] = { .type = NLA_U8 },
186         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
187         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
188         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
189         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
190         [NL80211_KEY_TYPE] = { .type = NLA_U32 },
191         [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
192 };
193
194 /* policy for the key default flags */
195 static const struct nla_policy
196 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
197         [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
198         [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
199 };
200
201 /* policy for WoWLAN attributes */
202 static const struct nla_policy
203 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
204         [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
205         [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
206         [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
207         [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
208         [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
209         [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
210         [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
211         [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
212 };
213
214 /* policy for GTK rekey offload attributes */
215 static const struct nla_policy
216 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
217         [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
218         [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
219         [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
220 };
221
222 /* ifidx get helper */
223 static int nl80211_get_ifidx(struct netlink_callback *cb)
224 {
225         int res;
226
227         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
228                           nl80211_fam.attrbuf, nl80211_fam.maxattr,
229                           nl80211_policy);
230         if (res)
231                 return res;
232
233         if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
234                 return -EINVAL;
235
236         res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
237         if (!res)
238                 return -EINVAL;
239         return res;
240 }
241
242 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
243                                        struct netlink_callback *cb,
244                                        struct cfg80211_registered_device **rdev,
245                                        struct net_device **dev)
246 {
247         int ifidx = cb->args[0];
248         int err;
249
250         if (!ifidx)
251                 ifidx = nl80211_get_ifidx(cb);
252         if (ifidx < 0)
253                 return ifidx;
254
255         cb->args[0] = ifidx;
256
257         rtnl_lock();
258
259         *dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
260         if (!*dev) {
261                 err = -ENODEV;
262                 goto out_rtnl;
263         }
264
265         *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
266         if (IS_ERR(*rdev)) {
267                 err = PTR_ERR(*rdev);
268                 goto out_rtnl;
269         }
270
271         return 0;
272  out_rtnl:
273         rtnl_unlock();
274         return err;
275 }
276
277 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
278 {
279         cfg80211_unlock_rdev(rdev);
280         rtnl_unlock();
281 }
282
283 /* IE validation */
284 static bool is_valid_ie_attr(const struct nlattr *attr)
285 {
286         const u8 *pos;
287         int len;
288
289         if (!attr)
290                 return true;
291
292         pos = nla_data(attr);
293         len = nla_len(attr);
294
295         while (len) {
296                 u8 elemlen;
297
298                 if (len < 2)
299                         return false;
300                 len -= 2;
301
302                 elemlen = pos[1];
303                 if (elemlen > len)
304                         return false;
305
306                 len -= elemlen;
307                 pos += 2 + elemlen;
308         }
309
310         return true;
311 }
312
313 /* message building helper */
314 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
315                                    int flags, u8 cmd)
316 {
317         /* since there is no private header just add the generic one */
318         return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
319 }
320
321 static int nl80211_msg_put_channel(struct sk_buff *msg,
322                                    struct ieee80211_channel *chan)
323 {
324         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
325                     chan->center_freq);
326
327         if (chan->flags & IEEE80211_CHAN_DISABLED)
328                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
329         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
330                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
331         if (chan->flags & IEEE80211_CHAN_NO_IBSS)
332                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
333         if (chan->flags & IEEE80211_CHAN_RADAR)
334                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
335
336         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
337                     DBM_TO_MBM(chan->max_power));
338
339         return 0;
340
341  nla_put_failure:
342         return -ENOBUFS;
343 }
344
345 /* netlink command implementations */
346
347 struct key_parse {
348         struct key_params p;
349         int idx;
350         int type;
351         bool def, defmgmt;
352         bool def_uni, def_multi;
353 };
354
355 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
356 {
357         struct nlattr *tb[NL80211_KEY_MAX + 1];
358         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
359                                    nl80211_key_policy);
360         if (err)
361                 return err;
362
363         k->def = !!tb[NL80211_KEY_DEFAULT];
364         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
365
366         if (k->def) {
367                 k->def_uni = true;
368                 k->def_multi = true;
369         }
370         if (k->defmgmt)
371                 k->def_multi = true;
372
373         if (tb[NL80211_KEY_IDX])
374                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
375
376         if (tb[NL80211_KEY_DATA]) {
377                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
378                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
379         }
380
381         if (tb[NL80211_KEY_SEQ]) {
382                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
383                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
384         }
385
386         if (tb[NL80211_KEY_CIPHER])
387                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
388
389         if (tb[NL80211_KEY_TYPE]) {
390                 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
391                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
392                         return -EINVAL;
393         }
394
395         if (tb[NL80211_KEY_DEFAULT_TYPES]) {
396                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
397                 int err = nla_parse_nested(kdt,
398                                            NUM_NL80211_KEY_DEFAULT_TYPES - 1,
399                                            tb[NL80211_KEY_DEFAULT_TYPES],
400                                            nl80211_key_default_policy);
401                 if (err)
402                         return err;
403
404                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
405                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
406         }
407
408         return 0;
409 }
410
411 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
412 {
413         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
414                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
415                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
416         }
417
418         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
419                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
420                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
421         }
422
423         if (info->attrs[NL80211_ATTR_KEY_IDX])
424                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
425
426         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
427                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
428
429         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
430         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
431
432         if (k->def) {
433                 k->def_uni = true;
434                 k->def_multi = true;
435         }
436         if (k->defmgmt)
437                 k->def_multi = true;
438
439         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
440                 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
441                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
442                         return -EINVAL;
443         }
444
445         if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
446                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
447                 int err = nla_parse_nested(
448                                 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
449                                 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
450                                 nl80211_key_default_policy);
451                 if (err)
452                         return err;
453
454                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
455                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
456         }
457
458         return 0;
459 }
460
461 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
462 {
463         int err;
464
465         memset(k, 0, sizeof(*k));
466         k->idx = -1;
467         k->type = -1;
468
469         if (info->attrs[NL80211_ATTR_KEY])
470                 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
471         else
472                 err = nl80211_parse_key_old(info, k);
473
474         if (err)
475                 return err;
476
477         if (k->def && k->defmgmt)
478                 return -EINVAL;
479
480         if (k->defmgmt) {
481                 if (k->def_uni || !k->def_multi)
482                         return -EINVAL;
483         }
484
485         if (k->idx != -1) {
486                 if (k->defmgmt) {
487                         if (k->idx < 4 || k->idx > 5)
488                                 return -EINVAL;
489                 } else if (k->def) {
490                         if (k->idx < 0 || k->idx > 3)
491                                 return -EINVAL;
492                 } else {
493                         if (k->idx < 0 || k->idx > 5)
494                                 return -EINVAL;
495                 }
496         }
497
498         return 0;
499 }
500
501 static struct cfg80211_cached_keys *
502 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
503                        struct nlattr *keys)
504 {
505         struct key_parse parse;
506         struct nlattr *key;
507         struct cfg80211_cached_keys *result;
508         int rem, err, def = 0;
509
510         result = kzalloc(sizeof(*result), GFP_KERNEL);
511         if (!result)
512                 return ERR_PTR(-ENOMEM);
513
514         result->def = -1;
515         result->defmgmt = -1;
516
517         nla_for_each_nested(key, keys, rem) {
518                 memset(&parse, 0, sizeof(parse));
519                 parse.idx = -1;
520
521                 err = nl80211_parse_key_new(key, &parse);
522                 if (err)
523                         goto error;
524                 err = -EINVAL;
525                 if (!parse.p.key)
526                         goto error;
527                 if (parse.idx < 0 || parse.idx > 4)
528                         goto error;
529                 if (parse.def) {
530                         if (def)
531                                 goto error;
532                         def = 1;
533                         result->def = parse.idx;
534                         if (!parse.def_uni || !parse.def_multi)
535                                 goto error;
536                 } else if (parse.defmgmt)
537                         goto error;
538                 err = cfg80211_validate_key_settings(rdev, &parse.p,
539                                                      parse.idx, false, NULL);
540                 if (err)
541                         goto error;
542                 result->params[parse.idx].cipher = parse.p.cipher;
543                 result->params[parse.idx].key_len = parse.p.key_len;
544                 result->params[parse.idx].key = result->data[parse.idx];
545                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
546         }
547
548         return result;
549  error:
550         kfree(result);
551         return ERR_PTR(err);
552 }
553
554 static int nl80211_key_allowed(struct wireless_dev *wdev)
555 {
556         ASSERT_WDEV_LOCK(wdev);
557
558         switch (wdev->iftype) {
559         case NL80211_IFTYPE_AP:
560         case NL80211_IFTYPE_AP_VLAN:
561         case NL80211_IFTYPE_P2P_GO:
562         case NL80211_IFTYPE_MESH_POINT:
563                 break;
564         case NL80211_IFTYPE_ADHOC:
565                 if (!wdev->current_bss)
566                         return -ENOLINK;
567                 break;
568         case NL80211_IFTYPE_STATION:
569         case NL80211_IFTYPE_P2P_CLIENT:
570                 if (wdev->sme_state != CFG80211_SME_CONNECTED)
571                         return -ENOLINK;
572                 break;
573         default:
574                 return -EINVAL;
575         }
576
577         return 0;
578 }
579
580 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
581 {
582         struct nlattr *nl_modes = nla_nest_start(msg, attr);
583         int i;
584
585         if (!nl_modes)
586                 goto nla_put_failure;
587
588         i = 0;
589         while (ifmodes) {
590                 if (ifmodes & 1)
591                         NLA_PUT_FLAG(msg, i);
592                 ifmodes >>= 1;
593                 i++;
594         }
595
596         nla_nest_end(msg, nl_modes);
597         return 0;
598
599 nla_put_failure:
600         return -ENOBUFS;
601 }
602
603 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
604                                           struct sk_buff *msg)
605 {
606         struct nlattr *nl_combis;
607         int i, j;
608
609         nl_combis = nla_nest_start(msg,
610                                 NL80211_ATTR_INTERFACE_COMBINATIONS);
611         if (!nl_combis)
612                 goto nla_put_failure;
613
614         for (i = 0; i < wiphy->n_iface_combinations; i++) {
615                 const struct ieee80211_iface_combination *c;
616                 struct nlattr *nl_combi, *nl_limits;
617
618                 c = &wiphy->iface_combinations[i];
619
620                 nl_combi = nla_nest_start(msg, i + 1);
621                 if (!nl_combi)
622                         goto nla_put_failure;
623
624                 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
625                 if (!nl_limits)
626                         goto nla_put_failure;
627
628                 for (j = 0; j < c->n_limits; j++) {
629                         struct nlattr *nl_limit;
630
631                         nl_limit = nla_nest_start(msg, j + 1);
632                         if (!nl_limit)
633                                 goto nla_put_failure;
634                         NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX,
635                                     c->limits[j].max);
636                         if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
637                                                 c->limits[j].types))
638                                 goto nla_put_failure;
639                         nla_nest_end(msg, nl_limit);
640                 }
641
642                 nla_nest_end(msg, nl_limits);
643
644                 if (c->beacon_int_infra_match)
645                         NLA_PUT_FLAG(msg,
646                                 NL80211_IFACE_COMB_STA_AP_BI_MATCH);
647                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
648                             c->num_different_channels);
649                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM,
650                             c->max_interfaces);
651
652                 nla_nest_end(msg, nl_combi);
653         }
654
655         nla_nest_end(msg, nl_combis);
656
657         return 0;
658 nla_put_failure:
659         return -ENOBUFS;
660 }
661
662 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
663                               struct cfg80211_registered_device *dev)
664 {
665         void *hdr;
666         struct nlattr *nl_bands, *nl_band;
667         struct nlattr *nl_freqs, *nl_freq;
668         struct nlattr *nl_rates, *nl_rate;
669         struct nlattr *nl_cmds;
670         enum ieee80211_band band;
671         struct ieee80211_channel *chan;
672         struct ieee80211_rate *rate;
673         int i;
674         const struct ieee80211_txrx_stypes *mgmt_stypes =
675                                 dev->wiphy.mgmt_stypes;
676
677         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
678         if (!hdr)
679                 return -1;
680
681         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
682         NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
683
684         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
685                     cfg80211_rdev_list_generation);
686
687         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
688                    dev->wiphy.retry_short);
689         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
690                    dev->wiphy.retry_long);
691         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
692                     dev->wiphy.frag_threshold);
693         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
694                     dev->wiphy.rts_threshold);
695         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
696                     dev->wiphy.coverage_class);
697         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
698                    dev->wiphy.max_scan_ssids);
699         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
700                    dev->wiphy.max_sched_scan_ssids);
701         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
702                     dev->wiphy.max_scan_ie_len);
703         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
704                     dev->wiphy.max_sched_scan_ie_len);
705
706         if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)
707                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN);
708         if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)
709                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
710
711         NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
712                 sizeof(u32) * dev->wiphy.n_cipher_suites,
713                 dev->wiphy.cipher_suites);
714
715         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
716                    dev->wiphy.max_num_pmkids);
717
718         if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL)
719                 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE);
720
721         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
722                     dev->wiphy.available_antennas_tx);
723         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
724                     dev->wiphy.available_antennas_rx);
725
726         if ((dev->wiphy.available_antennas_tx ||
727              dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
728                 u32 tx_ant = 0, rx_ant = 0;
729                 int res;
730                 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
731                 if (!res) {
732                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant);
733                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant);
734                 }
735         }
736
737         if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
738                                 dev->wiphy.interface_modes))
739                 goto nla_put_failure;
740
741         nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
742         if (!nl_bands)
743                 goto nla_put_failure;
744
745         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
746                 if (!dev->wiphy.bands[band])
747                         continue;
748
749                 nl_band = nla_nest_start(msg, band);
750                 if (!nl_band)
751                         goto nla_put_failure;
752
753                 /* add HT info */
754                 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
755                         NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
756                                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
757                                 &dev->wiphy.bands[band]->ht_cap.mcs);
758                         NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
759                                 dev->wiphy.bands[band]->ht_cap.cap);
760                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
761                                 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
762                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
763                                 dev->wiphy.bands[band]->ht_cap.ampdu_density);
764                 }
765
766                 /* add frequencies */
767                 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
768                 if (!nl_freqs)
769                         goto nla_put_failure;
770
771                 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
772                         nl_freq = nla_nest_start(msg, i);
773                         if (!nl_freq)
774                                 goto nla_put_failure;
775
776                         chan = &dev->wiphy.bands[band]->channels[i];
777
778                         if (nl80211_msg_put_channel(msg, chan))
779                                 goto nla_put_failure;
780
781                         nla_nest_end(msg, nl_freq);
782                 }
783
784                 nla_nest_end(msg, nl_freqs);
785
786                 /* add bitrates */
787                 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
788                 if (!nl_rates)
789                         goto nla_put_failure;
790
791                 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
792                         nl_rate = nla_nest_start(msg, i);
793                         if (!nl_rate)
794                                 goto nla_put_failure;
795
796                         rate = &dev->wiphy.bands[band]->bitrates[i];
797                         NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
798                                     rate->bitrate);
799                         if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
800                                 NLA_PUT_FLAG(msg,
801                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
802
803                         nla_nest_end(msg, nl_rate);
804                 }
805
806                 nla_nest_end(msg, nl_rates);
807
808                 nla_nest_end(msg, nl_band);
809         }
810         nla_nest_end(msg, nl_bands);
811
812         nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
813         if (!nl_cmds)
814                 goto nla_put_failure;
815
816         i = 0;
817 #define CMD(op, n)                                              \
818          do {                                                   \
819                 if (dev->ops->op) {                             \
820                         i++;                                    \
821                         NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
822                 }                                               \
823         } while (0)
824
825         CMD(add_virtual_intf, NEW_INTERFACE);
826         CMD(change_virtual_intf, SET_INTERFACE);
827         CMD(add_key, NEW_KEY);
828         CMD(add_beacon, NEW_BEACON);
829         CMD(add_station, NEW_STATION);
830         CMD(add_mpath, NEW_MPATH);
831         CMD(update_mesh_config, SET_MESH_CONFIG);
832         CMD(change_bss, SET_BSS);
833         CMD(auth, AUTHENTICATE);
834         CMD(assoc, ASSOCIATE);
835         CMD(deauth, DEAUTHENTICATE);
836         CMD(disassoc, DISASSOCIATE);
837         CMD(join_ibss, JOIN_IBSS);
838         CMD(join_mesh, JOIN_MESH);
839         CMD(set_pmksa, SET_PMKSA);
840         CMD(del_pmksa, DEL_PMKSA);
841         CMD(flush_pmksa, FLUSH_PMKSA);
842         CMD(remain_on_channel, REMAIN_ON_CHANNEL);
843         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
844         CMD(mgmt_tx, FRAME);
845         CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
846         if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
847                 i++;
848                 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
849         }
850         CMD(set_channel, SET_CHANNEL);
851         CMD(set_wds_peer, SET_WDS_PEER);
852         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
853                 CMD(sched_scan_start, START_SCHED_SCAN);
854
855 #undef CMD
856
857         if (dev->ops->connect || dev->ops->auth) {
858                 i++;
859                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
860         }
861
862         if (dev->ops->disconnect || dev->ops->deauth) {
863                 i++;
864                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
865         }
866
867         nla_nest_end(msg, nl_cmds);
868
869         if (dev->ops->remain_on_channel)
870                 NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
871                             dev->wiphy.max_remain_on_channel_duration);
872
873         /* for now at least assume all drivers have it */
874         if (dev->ops->mgmt_tx)
875                 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
876
877         if (mgmt_stypes) {
878                 u16 stypes;
879                 struct nlattr *nl_ftypes, *nl_ifs;
880                 enum nl80211_iftype ift;
881
882                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
883                 if (!nl_ifs)
884                         goto nla_put_failure;
885
886                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
887                         nl_ftypes = nla_nest_start(msg, ift);
888                         if (!nl_ftypes)
889                                 goto nla_put_failure;
890                         i = 0;
891                         stypes = mgmt_stypes[ift].tx;
892                         while (stypes) {
893                                 if (stypes & 1)
894                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
895                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
896                                 stypes >>= 1;
897                                 i++;
898                         }
899                         nla_nest_end(msg, nl_ftypes);
900                 }
901
902                 nla_nest_end(msg, nl_ifs);
903
904                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
905                 if (!nl_ifs)
906                         goto nla_put_failure;
907
908                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
909                         nl_ftypes = nla_nest_start(msg, ift);
910                         if (!nl_ftypes)
911                                 goto nla_put_failure;
912                         i = 0;
913                         stypes = mgmt_stypes[ift].rx;
914                         while (stypes) {
915                                 if (stypes & 1)
916                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
917                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
918                                 stypes >>= 1;
919                                 i++;
920                         }
921                         nla_nest_end(msg, nl_ftypes);
922                 }
923                 nla_nest_end(msg, nl_ifs);
924         }
925
926         if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
927                 struct nlattr *nl_wowlan;
928
929                 nl_wowlan = nla_nest_start(msg,
930                                 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
931                 if (!nl_wowlan)
932                         goto nla_put_failure;
933
934                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY)
935                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
936                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT)
937                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
938                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT)
939                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
940                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY)
941                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED);
942                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)
943                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
944                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)
945                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
946                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)
947                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
948                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE)
949                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
950                 if (dev->wiphy.wowlan.n_patterns) {
951                         struct nl80211_wowlan_pattern_support pat = {
952                                 .max_patterns = dev->wiphy.wowlan.n_patterns,
953                                 .min_pattern_len =
954                                         dev->wiphy.wowlan.pattern_min_len,
955                                 .max_pattern_len =
956                                         dev->wiphy.wowlan.pattern_max_len,
957                         };
958                         NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
959                                 sizeof(pat), &pat);
960                 }
961
962                 nla_nest_end(msg, nl_wowlan);
963         }
964
965         if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
966                                 dev->wiphy.software_iftypes))
967                 goto nla_put_failure;
968
969         if (nl80211_put_iface_combinations(&dev->wiphy, msg))
970                 goto nla_put_failure;
971
972         return genlmsg_end(msg, hdr);
973
974  nla_put_failure:
975         genlmsg_cancel(msg, hdr);
976         return -EMSGSIZE;
977 }
978
979 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
980 {
981         int idx = 0;
982         int start = cb->args[0];
983         struct cfg80211_registered_device *dev;
984
985         mutex_lock(&cfg80211_mutex);
986         list_for_each_entry(dev, &cfg80211_rdev_list, list) {
987                 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
988                         continue;
989                 if (++idx <= start)
990                         continue;
991                 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
992                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
993                                        dev) < 0) {
994                         idx--;
995                         break;
996                 }
997         }
998         mutex_unlock(&cfg80211_mutex);
999
1000         cb->args[0] = idx;
1001
1002         return skb->len;
1003 }
1004
1005 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1006 {
1007         struct sk_buff *msg;
1008         struct cfg80211_registered_device *dev = info->user_ptr[0];
1009
1010         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1011         if (!msg)
1012                 return -ENOMEM;
1013
1014         if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
1015                 nlmsg_free(msg);
1016                 return -ENOBUFS;
1017         }
1018
1019         return genlmsg_reply(msg, info);
1020 }
1021
1022 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1023         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
1024         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
1025         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
1026         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
1027         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
1028 };
1029
1030 static int parse_txq_params(struct nlattr *tb[],
1031                             struct ieee80211_txq_params *txq_params)
1032 {
1033         if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1034             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1035             !tb[NL80211_TXQ_ATTR_AIFS])
1036                 return -EINVAL;
1037
1038         txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
1039         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1040         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1041         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1042         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1043
1044         return 0;
1045 }
1046
1047 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1048 {
1049         /*
1050          * You can only set the channel explicitly for AP, mesh
1051          * and WDS type interfaces; all others have their channel
1052          * managed via their respective "establish a connection"
1053          * command (connect, join, ...)
1054          *
1055          * Monitors are special as they are normally slaved to
1056          * whatever else is going on, so they behave as though
1057          * you tried setting the wiphy channel itself.
1058          */
1059         return !wdev ||
1060                 wdev->iftype == NL80211_IFTYPE_AP ||
1061                 wdev->iftype == NL80211_IFTYPE_WDS ||
1062                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1063                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1064                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1065 }
1066
1067 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1068                                  struct wireless_dev *wdev,
1069                                  struct genl_info *info)
1070 {
1071         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1072         u32 freq;
1073         int result;
1074
1075         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1076                 return -EINVAL;
1077
1078         if (!nl80211_can_set_dev_channel(wdev))
1079                 return -EOPNOTSUPP;
1080
1081         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1082                 channel_type = nla_get_u32(info->attrs[
1083                                    NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1084                 if (channel_type != NL80211_CHAN_NO_HT &&
1085                     channel_type != NL80211_CHAN_HT20 &&
1086                     channel_type != NL80211_CHAN_HT40PLUS &&
1087                     channel_type != NL80211_CHAN_HT40MINUS)
1088                         return -EINVAL;
1089         }
1090
1091         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1092
1093         mutex_lock(&rdev->devlist_mtx);
1094         if (wdev) {
1095                 wdev_lock(wdev);
1096                 result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
1097                 wdev_unlock(wdev);
1098         } else {
1099                 result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
1100         }
1101         mutex_unlock(&rdev->devlist_mtx);
1102
1103         return result;
1104 }
1105
1106 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1107 {
1108         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1109         struct net_device *netdev = info->user_ptr[1];
1110
1111         return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1112 }
1113
1114 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1115 {
1116         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1117         struct net_device *dev = info->user_ptr[1];
1118         struct wireless_dev *wdev = dev->ieee80211_ptr;
1119         const u8 *bssid;
1120
1121         if (!info->attrs[NL80211_ATTR_MAC])
1122                 return -EINVAL;
1123
1124         if (netif_running(dev))
1125                 return -EBUSY;
1126
1127         if (!rdev->ops->set_wds_peer)
1128                 return -EOPNOTSUPP;
1129
1130         if (wdev->iftype != NL80211_IFTYPE_WDS)
1131                 return -EOPNOTSUPP;
1132
1133         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1134         return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1135 }
1136
1137
1138 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1139 {
1140         struct cfg80211_registered_device *rdev;
1141         struct net_device *netdev = NULL;
1142         struct wireless_dev *wdev;
1143         int result = 0, rem_txq_params = 0;
1144         struct nlattr *nl_txq_params;
1145         u32 changed;
1146         u8 retry_short = 0, retry_long = 0;
1147         u32 frag_threshold = 0, rts_threshold = 0;
1148         u8 coverage_class = 0;
1149
1150         /*
1151          * Try to find the wiphy and netdev. Normally this
1152          * function shouldn't need the netdev, but this is
1153          * done for backward compatibility -- previously
1154          * setting the channel was done per wiphy, but now
1155          * it is per netdev. Previous userland like hostapd
1156          * also passed a netdev to set_wiphy, so that it is
1157          * possible to let that go to the right netdev!
1158          */
1159         mutex_lock(&cfg80211_mutex);
1160
1161         if (info->attrs[NL80211_ATTR_IFINDEX]) {
1162                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1163
1164                 netdev = dev_get_by_index(genl_info_net(info), ifindex);
1165                 if (netdev && netdev->ieee80211_ptr) {
1166                         rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1167                         mutex_lock(&rdev->mtx);
1168                 } else
1169                         netdev = NULL;
1170         }
1171
1172         if (!netdev) {
1173                 rdev = __cfg80211_rdev_from_info(info);
1174                 if (IS_ERR(rdev)) {
1175                         mutex_unlock(&cfg80211_mutex);
1176                         return PTR_ERR(rdev);
1177                 }
1178                 wdev = NULL;
1179                 netdev = NULL;
1180                 result = 0;
1181
1182                 mutex_lock(&rdev->mtx);
1183         } else if (netif_running(netdev) &&
1184                    nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1185                 wdev = netdev->ieee80211_ptr;
1186         else
1187                 wdev = NULL;
1188
1189         /*
1190          * end workaround code, by now the rdev is available
1191          * and locked, and wdev may or may not be NULL.
1192          */
1193
1194         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1195                 result = cfg80211_dev_rename(
1196                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1197
1198         mutex_unlock(&cfg80211_mutex);
1199
1200         if (result)
1201                 goto bad_res;
1202
1203         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1204                 struct ieee80211_txq_params txq_params;
1205                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1206
1207                 if (!rdev->ops->set_txq_params) {
1208                         result = -EOPNOTSUPP;
1209                         goto bad_res;
1210                 }
1211
1212                 nla_for_each_nested(nl_txq_params,
1213                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1214                                     rem_txq_params) {
1215                         nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1216                                   nla_data(nl_txq_params),
1217                                   nla_len(nl_txq_params),
1218                                   txq_params_policy);
1219                         result = parse_txq_params(tb, &txq_params);
1220                         if (result)
1221                                 goto bad_res;
1222
1223                         result = rdev->ops->set_txq_params(&rdev->wiphy,
1224                                                            &txq_params);
1225                         if (result)
1226                                 goto bad_res;
1227                 }
1228         }
1229
1230         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1231                 result = __nl80211_set_channel(rdev, wdev, info);
1232                 if (result)
1233                         goto bad_res;
1234         }
1235
1236         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1237                 enum nl80211_tx_power_setting type;
1238                 int idx, mbm = 0;
1239
1240                 if (!rdev->ops->set_tx_power) {
1241                         result = -EOPNOTSUPP;
1242                         goto bad_res;
1243                 }
1244
1245                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1246                 type = nla_get_u32(info->attrs[idx]);
1247
1248                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1249                     (type != NL80211_TX_POWER_AUTOMATIC)) {
1250                         result = -EINVAL;
1251                         goto bad_res;
1252                 }
1253
1254                 if (type != NL80211_TX_POWER_AUTOMATIC) {
1255                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1256                         mbm = nla_get_u32(info->attrs[idx]);
1257                 }
1258
1259                 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1260                 if (result)
1261                         goto bad_res;
1262         }
1263
1264         if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1265             info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1266                 u32 tx_ant, rx_ant;
1267                 if ((!rdev->wiphy.available_antennas_tx &&
1268                      !rdev->wiphy.available_antennas_rx) ||
1269                     !rdev->ops->set_antenna) {
1270                         result = -EOPNOTSUPP;
1271                         goto bad_res;
1272                 }
1273
1274                 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1275                 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1276
1277                 /* reject antenna configurations which don't match the
1278                  * available antenna masks, except for the "all" mask */
1279                 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1280                     (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1281                         result = -EINVAL;
1282                         goto bad_res;
1283                 }
1284
1285                 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1286                 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1287
1288                 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1289                 if (result)
1290                         goto bad_res;
1291         }
1292
1293         changed = 0;
1294
1295         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1296                 retry_short = nla_get_u8(
1297                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1298                 if (retry_short == 0) {
1299                         result = -EINVAL;
1300                         goto bad_res;
1301                 }
1302                 changed |= WIPHY_PARAM_RETRY_SHORT;
1303         }
1304
1305         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1306                 retry_long = nla_get_u8(
1307                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1308                 if (retry_long == 0) {
1309                         result = -EINVAL;
1310                         goto bad_res;
1311                 }
1312                 changed |= WIPHY_PARAM_RETRY_LONG;
1313         }
1314
1315         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1316                 frag_threshold = nla_get_u32(
1317                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1318                 if (frag_threshold < 256) {
1319                         result = -EINVAL;
1320                         goto bad_res;
1321                 }
1322                 if (frag_threshold != (u32) -1) {
1323                         /*
1324                          * Fragments (apart from the last one) are required to
1325                          * have even length. Make the fragmentation code
1326                          * simpler by stripping LSB should someone try to use
1327                          * odd threshold value.
1328                          */
1329                         frag_threshold &= ~0x1;
1330                 }
1331                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1332         }
1333
1334         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1335                 rts_threshold = nla_get_u32(
1336                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1337                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
1338         }
1339
1340         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1341                 coverage_class = nla_get_u8(
1342                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1343                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
1344         }
1345
1346         if (changed) {
1347                 u8 old_retry_short, old_retry_long;
1348                 u32 old_frag_threshold, old_rts_threshold;
1349                 u8 old_coverage_class;
1350
1351                 if (!rdev->ops->set_wiphy_params) {
1352                         result = -EOPNOTSUPP;
1353                         goto bad_res;
1354                 }
1355
1356                 old_retry_short = rdev->wiphy.retry_short;
1357                 old_retry_long = rdev->wiphy.retry_long;
1358                 old_frag_threshold = rdev->wiphy.frag_threshold;
1359                 old_rts_threshold = rdev->wiphy.rts_threshold;
1360                 old_coverage_class = rdev->wiphy.coverage_class;
1361
1362                 if (changed & WIPHY_PARAM_RETRY_SHORT)
1363                         rdev->wiphy.retry_short = retry_short;
1364                 if (changed & WIPHY_PARAM_RETRY_LONG)
1365                         rdev->wiphy.retry_long = retry_long;
1366                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1367                         rdev->wiphy.frag_threshold = frag_threshold;
1368                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1369                         rdev->wiphy.rts_threshold = rts_threshold;
1370                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1371                         rdev->wiphy.coverage_class = coverage_class;
1372
1373                 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1374                 if (result) {
1375                         rdev->wiphy.retry_short = old_retry_short;
1376                         rdev->wiphy.retry_long = old_retry_long;
1377                         rdev->wiphy.frag_threshold = old_frag_threshold;
1378                         rdev->wiphy.rts_threshold = old_rts_threshold;
1379                         rdev->wiphy.coverage_class = old_coverage_class;
1380                 }
1381         }
1382
1383  bad_res:
1384         mutex_unlock(&rdev->mtx);
1385         if (netdev)
1386                 dev_put(netdev);
1387         return result;
1388 }
1389
1390
1391 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1392                               struct cfg80211_registered_device *rdev,
1393                               struct net_device *dev)
1394 {
1395         void *hdr;
1396
1397         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1398         if (!hdr)
1399                 return -1;
1400
1401         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1402         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1403         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1404         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1405
1406         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1407                     rdev->devlist_generation ^
1408                         (cfg80211_rdev_list_generation << 2));
1409
1410         return genlmsg_end(msg, hdr);
1411
1412  nla_put_failure:
1413         genlmsg_cancel(msg, hdr);
1414         return -EMSGSIZE;
1415 }
1416
1417 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1418 {
1419         int wp_idx = 0;
1420         int if_idx = 0;
1421         int wp_start = cb->args[0];
1422         int if_start = cb->args[1];
1423         struct cfg80211_registered_device *rdev;
1424         struct wireless_dev *wdev;
1425
1426         mutex_lock(&cfg80211_mutex);
1427         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1428                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1429                         continue;
1430                 if (wp_idx < wp_start) {
1431                         wp_idx++;
1432                         continue;
1433                 }
1434                 if_idx = 0;
1435
1436                 mutex_lock(&rdev->devlist_mtx);
1437                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
1438                         if (if_idx < if_start) {
1439                                 if_idx++;
1440                                 continue;
1441                         }
1442                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1443                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
1444                                                rdev, wdev->netdev) < 0) {
1445                                 mutex_unlock(&rdev->devlist_mtx);
1446                                 goto out;
1447                         }
1448                         if_idx++;
1449                 }
1450                 mutex_unlock(&rdev->devlist_mtx);
1451
1452                 wp_idx++;
1453         }
1454  out:
1455         mutex_unlock(&cfg80211_mutex);
1456
1457         cb->args[0] = wp_idx;
1458         cb->args[1] = if_idx;
1459
1460         return skb->len;
1461 }
1462
1463 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1464 {
1465         struct sk_buff *msg;
1466         struct cfg80211_registered_device *dev = info->user_ptr[0];
1467         struct net_device *netdev = info->user_ptr[1];
1468
1469         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1470         if (!msg)
1471                 return -ENOMEM;
1472
1473         if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1474                                dev, netdev) < 0) {
1475                 nlmsg_free(msg);
1476                 return -ENOBUFS;
1477         }
1478
1479         return genlmsg_reply(msg, info);
1480 }
1481
1482 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1483         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1484         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1485         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1486         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1487         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1488 };
1489
1490 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1491 {
1492         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1493         int flag;
1494
1495         *mntrflags = 0;
1496
1497         if (!nla)
1498                 return -EINVAL;
1499
1500         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1501                              nla, mntr_flags_policy))
1502                 return -EINVAL;
1503
1504         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1505                 if (flags[flag])
1506                         *mntrflags |= (1<<flag);
1507
1508         return 0;
1509 }
1510
1511 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1512                                struct net_device *netdev, u8 use_4addr,
1513                                enum nl80211_iftype iftype)
1514 {
1515         if (!use_4addr) {
1516                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1517                         return -EBUSY;
1518                 return 0;
1519         }
1520
1521         switch (iftype) {
1522         case NL80211_IFTYPE_AP_VLAN:
1523                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1524                         return 0;
1525                 break;
1526         case NL80211_IFTYPE_STATION:
1527                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1528                         return 0;
1529                 break;
1530         default:
1531                 break;
1532         }
1533
1534         return -EOPNOTSUPP;
1535 }
1536
1537 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1538 {
1539         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1540         struct vif_params params;
1541         int err;
1542         enum nl80211_iftype otype, ntype;
1543         struct net_device *dev = info->user_ptr[1];
1544         u32 _flags, *flags = NULL;
1545         bool change = false;
1546
1547         memset(&params, 0, sizeof(params));
1548
1549         otype = ntype = dev->ieee80211_ptr->iftype;
1550
1551         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1552                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1553                 if (otype != ntype)
1554                         change = true;
1555                 if (ntype > NL80211_IFTYPE_MAX)
1556                         return -EINVAL;
1557         }
1558
1559         if (info->attrs[NL80211_ATTR_MESH_ID]) {
1560                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1561
1562                 if (ntype != NL80211_IFTYPE_MESH_POINT)
1563                         return -EINVAL;
1564                 if (netif_running(dev))
1565                         return -EBUSY;
1566
1567                 wdev_lock(wdev);
1568                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1569                              IEEE80211_MAX_MESH_ID_LEN);
1570                 wdev->mesh_id_up_len =
1571                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1572                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1573                        wdev->mesh_id_up_len);
1574                 wdev_unlock(wdev);
1575         }
1576
1577         if (info->attrs[NL80211_ATTR_4ADDR]) {
1578                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1579                 change = true;
1580                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1581                 if (err)
1582                         return err;
1583         } else {
1584                 params.use_4addr = -1;
1585         }
1586
1587         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1588                 if (ntype != NL80211_IFTYPE_MONITOR)
1589                         return -EINVAL;
1590                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1591                                           &_flags);
1592                 if (err)
1593                         return err;
1594
1595                 flags = &_flags;
1596                 change = true;
1597         }
1598
1599         if (change)
1600                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1601         else
1602                 err = 0;
1603
1604         if (!err && params.use_4addr != -1)
1605                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1606
1607         return err;
1608 }
1609
1610 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1611 {
1612         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1613         struct vif_params params;
1614         struct net_device *dev;
1615         int err;
1616         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1617         u32 flags;
1618
1619         memset(&params, 0, sizeof(params));
1620
1621         if (!info->attrs[NL80211_ATTR_IFNAME])
1622                 return -EINVAL;
1623
1624         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1625                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1626                 if (type > NL80211_IFTYPE_MAX)
1627                         return -EINVAL;
1628         }
1629
1630         if (!rdev->ops->add_virtual_intf ||
1631             !(rdev->wiphy.interface_modes & (1 << type)))
1632                 return -EOPNOTSUPP;
1633
1634         if (info->attrs[NL80211_ATTR_4ADDR]) {
1635                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1636                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1637                 if (err)
1638                         return err;
1639         }
1640
1641         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1642                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1643                                   &flags);
1644         dev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1645                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1646                 type, err ? NULL : &flags, &params);
1647         if (IS_ERR(dev))
1648                 return PTR_ERR(dev);
1649
1650         if (type == NL80211_IFTYPE_MESH_POINT &&
1651             info->attrs[NL80211_ATTR_MESH_ID]) {
1652                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1653
1654                 wdev_lock(wdev);
1655                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1656                              IEEE80211_MAX_MESH_ID_LEN);
1657                 wdev->mesh_id_up_len =
1658                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1659                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1660                        wdev->mesh_id_up_len);
1661                 wdev_unlock(wdev);
1662         }
1663
1664         return 0;
1665 }
1666
1667 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1668 {
1669         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1670         struct net_device *dev = info->user_ptr[1];
1671
1672         if (!rdev->ops->del_virtual_intf)
1673                 return -EOPNOTSUPP;
1674
1675         return rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1676 }
1677
1678 struct get_key_cookie {
1679         struct sk_buff *msg;
1680         int error;
1681         int idx;
1682 };
1683
1684 static void get_key_callback(void *c, struct key_params *params)
1685 {
1686         struct nlattr *key;
1687         struct get_key_cookie *cookie = c;
1688
1689         if (params->key)
1690                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1691                         params->key_len, params->key);
1692
1693         if (params->seq)
1694                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1695                         params->seq_len, params->seq);
1696
1697         if (params->cipher)
1698                 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1699                             params->cipher);
1700
1701         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1702         if (!key)
1703                 goto nla_put_failure;
1704
1705         if (params->key)
1706                 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1707                         params->key_len, params->key);
1708
1709         if (params->seq)
1710                 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1711                         params->seq_len, params->seq);
1712
1713         if (params->cipher)
1714                 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1715                             params->cipher);
1716
1717         NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1718
1719         nla_nest_end(cookie->msg, key);
1720
1721         return;
1722  nla_put_failure:
1723         cookie->error = 1;
1724 }
1725
1726 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1727 {
1728         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1729         int err;
1730         struct net_device *dev = info->user_ptr[1];
1731         u8 key_idx = 0;
1732         const u8 *mac_addr = NULL;
1733         bool pairwise;
1734         struct get_key_cookie cookie = {
1735                 .error = 0,
1736         };
1737         void *hdr;
1738         struct sk_buff *msg;
1739
1740         if (info->attrs[NL80211_ATTR_KEY_IDX])
1741                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1742
1743         if (key_idx > 5)
1744                 return -EINVAL;
1745
1746         if (info->attrs[NL80211_ATTR_MAC])
1747                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1748
1749         pairwise = !!mac_addr;
1750         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
1751                 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1752                 if (kt >= NUM_NL80211_KEYTYPES)
1753                         return -EINVAL;
1754                 if (kt != NL80211_KEYTYPE_GROUP &&
1755                     kt != NL80211_KEYTYPE_PAIRWISE)
1756                         return -EINVAL;
1757                 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
1758         }
1759
1760         if (!rdev->ops->get_key)
1761                 return -EOPNOTSUPP;
1762
1763         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1764         if (!msg)
1765                 return -ENOMEM;
1766
1767         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1768                              NL80211_CMD_NEW_KEY);
1769         if (IS_ERR(hdr))
1770                 return PTR_ERR(hdr);
1771
1772         cookie.msg = msg;
1773         cookie.idx = key_idx;
1774
1775         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1776         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1777         if (mac_addr)
1778                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1779
1780         if (pairwise && mac_addr &&
1781             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1782                 return -ENOENT;
1783
1784         err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
1785                                  mac_addr, &cookie, get_key_callback);
1786
1787         if (err)
1788                 goto free_msg;
1789
1790         if (cookie.error)
1791                 goto nla_put_failure;
1792
1793         genlmsg_end(msg, hdr);
1794         return genlmsg_reply(msg, info);
1795
1796  nla_put_failure:
1797         err = -ENOBUFS;
1798  free_msg:
1799         nlmsg_free(msg);
1800         return err;
1801 }
1802
1803 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1804 {
1805         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1806         struct key_parse key;
1807         int err;
1808         struct net_device *dev = info->user_ptr[1];
1809
1810         err = nl80211_parse_key(info, &key);
1811         if (err)
1812                 return err;
1813
1814         if (key.idx < 0)
1815                 return -EINVAL;
1816
1817         /* only support setting default key */
1818         if (!key.def && !key.defmgmt)
1819                 return -EINVAL;
1820
1821         wdev_lock(dev->ieee80211_ptr);
1822
1823         if (key.def) {
1824                 if (!rdev->ops->set_default_key) {
1825                         err = -EOPNOTSUPP;
1826                         goto out;
1827                 }
1828
1829                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1830                 if (err)
1831                         goto out;
1832
1833                 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
1834                                                  key.def_uni, key.def_multi);
1835
1836                 if (err)
1837                         goto out;
1838
1839 #ifdef CONFIG_CFG80211_WEXT
1840                 dev->ieee80211_ptr->wext.default_key = key.idx;
1841 #endif
1842         } else {
1843                 if (key.def_uni || !key.def_multi) {
1844                         err = -EINVAL;
1845                         goto out;
1846                 }
1847
1848                 if (!rdev->ops->set_default_mgmt_key) {
1849                         err = -EOPNOTSUPP;
1850                         goto out;
1851                 }
1852
1853                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1854                 if (err)
1855                         goto out;
1856
1857                 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
1858                                                       dev, key.idx);
1859                 if (err)
1860                         goto out;
1861
1862 #ifdef CONFIG_CFG80211_WEXT
1863                 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1864 #endif
1865         }
1866
1867  out:
1868         wdev_unlock(dev->ieee80211_ptr);
1869
1870         return err;
1871 }
1872
1873 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1874 {
1875         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1876         int err;
1877         struct net_device *dev = info->user_ptr[1];
1878         struct key_parse key;
1879         const u8 *mac_addr = NULL;
1880
1881         err = nl80211_parse_key(info, &key);
1882         if (err)
1883                 return err;
1884
1885         if (!key.p.key)
1886                 return -EINVAL;
1887
1888         if (info->attrs[NL80211_ATTR_MAC])
1889                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1890
1891         if (key.type == -1) {
1892                 if (mac_addr)
1893                         key.type = NL80211_KEYTYPE_PAIRWISE;
1894                 else
1895                         key.type = NL80211_KEYTYPE_GROUP;
1896         }
1897
1898         /* for now */
1899         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
1900             key.type != NL80211_KEYTYPE_GROUP)
1901                 return -EINVAL;
1902
1903         if (!rdev->ops->add_key)
1904                 return -EOPNOTSUPP;
1905
1906         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
1907                                            key.type == NL80211_KEYTYPE_PAIRWISE,
1908                                            mac_addr))
1909                 return -EINVAL;
1910
1911         wdev_lock(dev->ieee80211_ptr);
1912         err = nl80211_key_allowed(dev->ieee80211_ptr);
1913         if (!err)
1914                 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
1915                                          key.type == NL80211_KEYTYPE_PAIRWISE,
1916                                          mac_addr, &key.p);
1917         wdev_unlock(dev->ieee80211_ptr);
1918
1919         return err;
1920 }
1921
1922 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1923 {
1924         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1925         int err;
1926         struct net_device *dev = info->user_ptr[1];
1927         u8 *mac_addr = NULL;
1928         struct key_parse key;
1929
1930         err = nl80211_parse_key(info, &key);
1931         if (err)
1932                 return err;
1933
1934         if (info->attrs[NL80211_ATTR_MAC])
1935                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1936
1937         if (key.type == -1) {
1938                 if (mac_addr)
1939                         key.type = NL80211_KEYTYPE_PAIRWISE;
1940                 else
1941                         key.type = NL80211_KEYTYPE_GROUP;
1942         }
1943
1944         /* for now */
1945         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
1946             key.type != NL80211_KEYTYPE_GROUP)
1947                 return -EINVAL;
1948
1949         if (!rdev->ops->del_key)
1950                 return -EOPNOTSUPP;
1951
1952         wdev_lock(dev->ieee80211_ptr);
1953         err = nl80211_key_allowed(dev->ieee80211_ptr);
1954
1955         if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
1956             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1957                 err = -ENOENT;
1958
1959         if (!err)
1960                 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
1961                                          key.type == NL80211_KEYTYPE_PAIRWISE,
1962                                          mac_addr);
1963
1964 #ifdef CONFIG_CFG80211_WEXT
1965         if (!err) {
1966                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
1967                         dev->ieee80211_ptr->wext.default_key = -1;
1968                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
1969                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
1970         }
1971 #endif
1972         wdev_unlock(dev->ieee80211_ptr);
1973
1974         return err;
1975 }
1976
1977 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1978 {
1979         int (*call)(struct wiphy *wiphy, struct net_device *dev,
1980                     struct beacon_parameters *info);
1981         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1982         struct net_device *dev = info->user_ptr[1];
1983         struct wireless_dev *wdev = dev->ieee80211_ptr;
1984         struct beacon_parameters params;
1985         int haveinfo = 0, err;
1986
1987         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]))
1988                 return -EINVAL;
1989
1990         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1991             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
1992                 return -EOPNOTSUPP;
1993
1994         memset(&params, 0, sizeof(params));
1995
1996         switch (info->genlhdr->cmd) {
1997         case NL80211_CMD_NEW_BEACON:
1998                 /* these are required for NEW_BEACON */
1999                 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2000                     !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2001                     !info->attrs[NL80211_ATTR_BEACON_HEAD])
2002                         return -EINVAL;
2003
2004                 params.interval =
2005                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2006                 params.dtim_period =
2007                         nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2008
2009                 err = cfg80211_validate_beacon_int(rdev, params.interval);
2010                 if (err)
2011                         return err;
2012
2013                 call = rdev->ops->add_beacon;
2014                 break;
2015         case NL80211_CMD_SET_BEACON:
2016                 call = rdev->ops->set_beacon;
2017                 break;
2018         default:
2019                 WARN_ON(1);
2020                 return -EOPNOTSUPP;
2021         }
2022
2023         if (!call)
2024                 return -EOPNOTSUPP;
2025
2026         if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2027                 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2028                 params.head_len =
2029                     nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2030                 haveinfo = 1;
2031         }
2032
2033         if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2034                 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2035                 params.tail_len =
2036                     nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2037                 haveinfo = 1;
2038         }
2039
2040         if (!haveinfo)
2041                 return -EINVAL;
2042
2043         err = call(&rdev->wiphy, dev, &params);
2044         if (!err && params.interval)
2045                 wdev->beacon_interval = params.interval;
2046         return err;
2047 }
2048
2049 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
2050 {
2051         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2052         struct net_device *dev = info->user_ptr[1];
2053         struct wireless_dev *wdev = dev->ieee80211_ptr;
2054         int err;
2055
2056         if (!rdev->ops->del_beacon)
2057                 return -EOPNOTSUPP;
2058
2059         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2060             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2061                 return -EOPNOTSUPP;
2062
2063         err = rdev->ops->del_beacon(&rdev->wiphy, dev);
2064         if (!err)
2065                 wdev->beacon_interval = 0;
2066         return err;
2067 }
2068
2069 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2070         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2071         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2072         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2073         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2074         [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2075 };
2076
2077 static int parse_station_flags(struct genl_info *info,
2078                                struct station_parameters *params)
2079 {
2080         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2081         struct nlattr *nla;
2082         int flag;
2083
2084         /*
2085          * Try parsing the new attribute first so userspace
2086          * can specify both for older kernels.
2087          */
2088         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2089         if (nla) {
2090                 struct nl80211_sta_flag_update *sta_flags;
2091
2092                 sta_flags = nla_data(nla);
2093                 params->sta_flags_mask = sta_flags->mask;
2094                 params->sta_flags_set = sta_flags->set;
2095                 if ((params->sta_flags_mask |
2096                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2097                         return -EINVAL;
2098                 return 0;
2099         }
2100
2101         /* if present, parse the old attribute */
2102
2103         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2104         if (!nla)
2105                 return 0;
2106
2107         if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2108                              nla, sta_flags_policy))
2109                 return -EINVAL;
2110
2111         params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1;
2112         params->sta_flags_mask &= ~1;
2113
2114         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
2115                 if (flags[flag])
2116                         params->sta_flags_set |= (1<<flag);
2117
2118         return 0;
2119 }
2120
2121 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2122                                  int attr)
2123 {
2124         struct nlattr *rate;
2125         u16 bitrate;
2126
2127         rate = nla_nest_start(msg, attr);
2128         if (!rate)
2129                 goto nla_put_failure;
2130
2131         /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2132         bitrate = cfg80211_calculate_bitrate(info);
2133         if (bitrate > 0)
2134                 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
2135
2136         if (info->flags & RATE_INFO_FLAGS_MCS)
2137                 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs);
2138         if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
2139                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
2140         if (info->flags & RATE_INFO_FLAGS_SHORT_GI)
2141                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
2142
2143         nla_nest_end(msg, rate);
2144         return true;
2145
2146 nla_put_failure:
2147         return false;
2148 }
2149
2150 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2151                                 int flags, struct net_device *dev,
2152                                 const u8 *mac_addr, struct station_info *sinfo)
2153 {
2154         void *hdr;
2155         struct nlattr *sinfoattr, *bss_param;
2156
2157         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2158         if (!hdr)
2159                 return -1;
2160
2161         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2162         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
2163
2164         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
2165
2166         sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2167         if (!sinfoattr)
2168                 goto nla_put_failure;
2169         if (sinfo->filled & STATION_INFO_CONNECTED_TIME)
2170                 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2171                             sinfo->connected_time);
2172         if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
2173                 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2174                             sinfo->inactive_time);
2175         if (sinfo->filled & STATION_INFO_RX_BYTES)
2176                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
2177                             sinfo->rx_bytes);
2178         if (sinfo->filled & STATION_INFO_TX_BYTES)
2179                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
2180                             sinfo->tx_bytes);
2181         if (sinfo->filled & STATION_INFO_LLID)
2182                 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
2183                             sinfo->llid);
2184         if (sinfo->filled & STATION_INFO_PLID)
2185                 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
2186                             sinfo->plid);
2187         if (sinfo->filled & STATION_INFO_PLINK_STATE)
2188                 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
2189                             sinfo->plink_state);
2190         if (sinfo->filled & STATION_INFO_SIGNAL)
2191                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
2192                            sinfo->signal);
2193         if (sinfo->filled & STATION_INFO_SIGNAL_AVG)
2194                 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2195                            sinfo->signal_avg);
2196         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2197                 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2198                                           NL80211_STA_INFO_TX_BITRATE))
2199                         goto nla_put_failure;
2200         }
2201         if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2202                 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2203                                           NL80211_STA_INFO_RX_BITRATE))
2204                         goto nla_put_failure;
2205         }
2206         if (sinfo->filled & STATION_INFO_RX_PACKETS)
2207                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
2208                             sinfo->rx_packets);
2209         if (sinfo->filled & STATION_INFO_TX_PACKETS)
2210                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
2211                             sinfo->tx_packets);
2212         if (sinfo->filled & STATION_INFO_TX_RETRIES)
2213                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES,
2214                             sinfo->tx_retries);
2215         if (sinfo->filled & STATION_INFO_TX_FAILED)
2216                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED,
2217                             sinfo->tx_failed);
2218         if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2219                 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2220                 if (!bss_param)
2221                         goto nla_put_failure;
2222
2223                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT)
2224                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT);
2225                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE)
2226                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE);
2227                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME)
2228                         NLA_PUT_FLAG(msg,
2229                                      NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME);
2230                 NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2231                            sinfo->bss_param.dtim_period);
2232                 NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2233                             sinfo->bss_param.beacon_interval);
2234
2235                 nla_nest_end(msg, bss_param);
2236         }
2237         nla_nest_end(msg, sinfoattr);
2238
2239         return genlmsg_end(msg, hdr);
2240
2241  nla_put_failure:
2242         genlmsg_cancel(msg, hdr);
2243         return -EMSGSIZE;
2244 }
2245
2246 static int nl80211_dump_station(struct sk_buff *skb,
2247                                 struct netlink_callback *cb)
2248 {
2249         struct station_info sinfo;
2250         struct cfg80211_registered_device *dev;
2251         struct net_device *netdev;
2252         u8 mac_addr[ETH_ALEN];
2253         int sta_idx = cb->args[1];
2254         int err;
2255
2256         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2257         if (err)
2258                 return err;
2259
2260         if (!dev->ops->dump_station) {
2261                 err = -EOPNOTSUPP;
2262                 goto out_err;
2263         }
2264
2265         while (1) {
2266                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2267                                              mac_addr, &sinfo);
2268                 if (err == -ENOENT)
2269                         break;
2270                 if (err)
2271                         goto out_err;
2272
2273                 if (nl80211_send_station(skb,
2274                                 NETLINK_CB(cb->skb).pid,
2275                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2276                                 netdev, mac_addr,
2277                                 &sinfo) < 0)
2278                         goto out;
2279
2280                 sta_idx++;
2281         }
2282
2283
2284  out:
2285         cb->args[1] = sta_idx;
2286         err = skb->len;
2287  out_err:
2288         nl80211_finish_netdev_dump(dev);
2289
2290         return err;
2291 }
2292
2293 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2294 {
2295         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2296         struct net_device *dev = info->user_ptr[1];
2297         struct station_info sinfo;
2298         struct sk_buff *msg;
2299         u8 *mac_addr = NULL;
2300         int err;
2301
2302         memset(&sinfo, 0, sizeof(sinfo));
2303
2304         if (!info->attrs[NL80211_ATTR_MAC])
2305                 return -EINVAL;
2306
2307         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2308
2309         if (!rdev->ops->get_station)
2310                 return -EOPNOTSUPP;
2311
2312         err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2313         if (err)
2314                 return err;
2315
2316         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2317         if (!msg)
2318                 return -ENOMEM;
2319
2320         if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2321                                  dev, mac_addr, &sinfo) < 0) {
2322                 nlmsg_free(msg);
2323                 return -ENOBUFS;
2324         }
2325
2326         return genlmsg_reply(msg, info);
2327 }
2328
2329 /*
2330  * Get vlan interface making sure it is running and on the right wiphy.
2331  */
2332 static int get_vlan(struct genl_info *info,
2333                     struct cfg80211_registered_device *rdev,
2334                     struct net_device **vlan)
2335 {
2336         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2337         *vlan = NULL;
2338
2339         if (vlanattr) {
2340                 *vlan = dev_get_by_index(genl_info_net(info),
2341                                          nla_get_u32(vlanattr));
2342                 if (!*vlan)
2343                         return -ENODEV;
2344                 if (!(*vlan)->ieee80211_ptr)
2345                         return -EINVAL;
2346                 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
2347                         return -EINVAL;
2348                 if (!netif_running(*vlan))
2349                         return -ENETDOWN;
2350         }
2351         return 0;
2352 }
2353
2354 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2355 {
2356         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2357         int err;
2358         struct net_device *dev = info->user_ptr[1];
2359         struct station_parameters params;
2360         u8 *mac_addr = NULL;
2361
2362         memset(&params, 0, sizeof(params));
2363
2364         params.listen_interval = -1;
2365         params.plink_state = -1;
2366
2367         if (info->attrs[NL80211_ATTR_STA_AID])
2368                 return -EINVAL;
2369
2370         if (!info->attrs[NL80211_ATTR_MAC])
2371                 return -EINVAL;
2372
2373         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2374
2375         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2376                 params.supported_rates =
2377                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2378                 params.supported_rates_len =
2379                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2380         }
2381
2382         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2383                 params.listen_interval =
2384                     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2385
2386         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2387                 params.ht_capa =
2388                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2389
2390         if (parse_station_flags(info, &params))
2391                 return -EINVAL;
2392
2393         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2394                 params.plink_action =
2395                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2396
2397         if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
2398                 params.plink_state =
2399                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
2400
2401         err = get_vlan(info, rdev, &params.vlan);
2402         if (err)
2403                 goto out;
2404
2405         /* validate settings */
2406         err = 0;
2407
2408         switch (dev->ieee80211_ptr->iftype) {
2409         case NL80211_IFTYPE_AP:
2410         case NL80211_IFTYPE_AP_VLAN:
2411         case NL80211_IFTYPE_P2P_GO:
2412                 /* disallow mesh-specific things */
2413                 if (params.plink_action)
2414                         err = -EINVAL;
2415                 break;
2416         case NL80211_IFTYPE_P2P_CLIENT:
2417         case NL80211_IFTYPE_STATION:
2418                 /* disallow everything but AUTHORIZED flag */
2419                 if (params.plink_action)
2420                         err = -EINVAL;
2421                 if (params.vlan)
2422                         err = -EINVAL;
2423                 if (params.supported_rates)
2424                         err = -EINVAL;
2425                 if (params.ht_capa)
2426                         err = -EINVAL;
2427                 if (params.listen_interval >= 0)
2428                         err = -EINVAL;
2429                 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2430                         err = -EINVAL;
2431                 break;
2432         case NL80211_IFTYPE_MESH_POINT:
2433                 /* disallow things mesh doesn't support */
2434                 if (params.vlan)
2435                         err = -EINVAL;
2436                 if (params.ht_capa)
2437                         err = -EINVAL;
2438                 if (params.listen_interval >= 0)
2439                         err = -EINVAL;
2440                 if (params.sta_flags_mask &
2441                                 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2442                                   BIT(NL80211_STA_FLAG_MFP) |
2443                                   BIT(NL80211_STA_FLAG_AUTHORIZED)))
2444                         err = -EINVAL;
2445                 break;
2446         default:
2447                 err = -EINVAL;
2448         }
2449
2450         if (err)
2451                 goto out;
2452
2453         if (!rdev->ops->change_station) {
2454                 err = -EOPNOTSUPP;
2455                 goto out;
2456         }
2457
2458         err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2459
2460  out:
2461         if (params.vlan)
2462                 dev_put(params.vlan);
2463
2464         return err;
2465 }
2466
2467 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2468 {
2469         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2470         int err;
2471         struct net_device *dev = info->user_ptr[1];
2472         struct station_parameters params;
2473         u8 *mac_addr = NULL;
2474
2475         memset(&params, 0, sizeof(params));
2476
2477         if (!info->attrs[NL80211_ATTR_MAC])
2478                 return -EINVAL;
2479
2480         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2481                 return -EINVAL;
2482
2483         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2484                 return -EINVAL;
2485
2486         if (!info->attrs[NL80211_ATTR_STA_AID])
2487                 return -EINVAL;
2488
2489         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2490         params.supported_rates =
2491                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2492         params.supported_rates_len =
2493                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2494         params.listen_interval =
2495                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2496
2497         params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2498         if (!params.aid || params.aid > IEEE80211_MAX_AID)
2499                 return -EINVAL;
2500
2501         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2502                 params.ht_capa =
2503                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2504
2505         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2506                 params.plink_action =
2507                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2508
2509         if (parse_station_flags(info, &params))
2510                 return -EINVAL;
2511
2512         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2513             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2514             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2515             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2516                 return -EINVAL;
2517
2518         err = get_vlan(info, rdev, &params.vlan);
2519         if (err)
2520                 goto out;
2521
2522         /* validate settings */
2523         err = 0;
2524
2525         if (!rdev->ops->add_station) {
2526                 err = -EOPNOTSUPP;
2527                 goto out;
2528         }
2529
2530         err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2531
2532  out:
2533         if (params.vlan)
2534                 dev_put(params.vlan);
2535         return err;
2536 }
2537
2538 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2539 {
2540         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2541         struct net_device *dev = info->user_ptr[1];
2542         u8 *mac_addr = NULL;
2543
2544         if (info->attrs[NL80211_ATTR_MAC])
2545                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2546
2547         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2548             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2549             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2550             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2551                 return -EINVAL;
2552
2553         if (!rdev->ops->del_station)
2554                 return -EOPNOTSUPP;
2555
2556         return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2557 }
2558
2559 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2560                                 int flags, struct net_device *dev,
2561                                 u8 *dst, u8 *next_hop,
2562                                 struct mpath_info *pinfo)
2563 {
2564         void *hdr;
2565         struct nlattr *pinfoattr;
2566
2567         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2568         if (!hdr)
2569                 return -1;
2570
2571         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2572         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2573         NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2574
2575         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2576
2577         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2578         if (!pinfoattr)
2579                 goto nla_put_failure;
2580         if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2581                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2582                             pinfo->frame_qlen);
2583         if (pinfo->filled & MPATH_INFO_SN)
2584                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2585                             pinfo->sn);
2586         if (pinfo->filled & MPATH_INFO_METRIC)
2587                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2588                             pinfo->metric);
2589         if (pinfo->filled & MPATH_INFO_EXPTIME)
2590                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2591                             pinfo->exptime);
2592         if (pinfo->filled & MPATH_INFO_FLAGS)
2593                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2594                             pinfo->flags);
2595         if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2596                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2597                             pinfo->discovery_timeout);
2598         if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2599                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2600                             pinfo->discovery_retries);
2601
2602         nla_nest_end(msg, pinfoattr);
2603
2604         return genlmsg_end(msg, hdr);
2605
2606  nla_put_failure:
2607         genlmsg_cancel(msg, hdr);
2608         return -EMSGSIZE;
2609 }
2610
2611 static int nl80211_dump_mpath(struct sk_buff *skb,
2612                               struct netlink_callback *cb)
2613 {
2614         struct mpath_info pinfo;
2615         struct cfg80211_registered_device *dev;
2616         struct net_device *netdev;
2617         u8 dst[ETH_ALEN];
2618         u8 next_hop[ETH_ALEN];
2619         int path_idx = cb->args[1];
2620         int err;
2621
2622         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2623         if (err)
2624                 return err;
2625
2626         if (!dev->ops->dump_mpath) {
2627                 err = -EOPNOTSUPP;
2628                 goto out_err;
2629         }
2630
2631         if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2632                 err = -EOPNOTSUPP;
2633                 goto out_err;
2634         }
2635
2636         while (1) {
2637                 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2638                                            dst, next_hop, &pinfo);
2639                 if (err == -ENOENT)
2640                         break;
2641                 if (err)
2642                         goto out_err;
2643
2644                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2645                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
2646                                        netdev, dst, next_hop,
2647                                        &pinfo) < 0)
2648                         goto out;
2649
2650                 path_idx++;
2651         }
2652
2653
2654  out:
2655         cb->args[1] = path_idx;
2656         err = skb->len;
2657  out_err:
2658         nl80211_finish_netdev_dump(dev);
2659         return err;
2660 }
2661
2662 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2663 {
2664         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2665         int err;
2666         struct net_device *dev = info->user_ptr[1];
2667         struct mpath_info pinfo;
2668         struct sk_buff *msg;
2669         u8 *dst = NULL;
2670         u8 next_hop[ETH_ALEN];
2671
2672         memset(&pinfo, 0, sizeof(pinfo));
2673
2674         if (!info->attrs[NL80211_ATTR_MAC])
2675                 return -EINVAL;
2676
2677         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2678
2679         if (!rdev->ops->get_mpath)
2680                 return -EOPNOTSUPP;
2681
2682         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2683                 return -EOPNOTSUPP;
2684
2685         err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2686         if (err)
2687                 return err;
2688
2689         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2690         if (!msg)
2691                 return -ENOMEM;
2692
2693         if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2694                                  dev, dst, next_hop, &pinfo) < 0) {
2695                 nlmsg_free(msg);
2696                 return -ENOBUFS;
2697         }
2698
2699         return genlmsg_reply(msg, info);
2700 }
2701
2702 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
2703 {
2704         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2705         struct net_device *dev = info->user_ptr[1];
2706         u8 *dst = NULL;
2707         u8 *next_hop = NULL;
2708
2709         if (!info->attrs[NL80211_ATTR_MAC])
2710                 return -EINVAL;
2711
2712         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2713                 return -EINVAL;
2714
2715         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2716         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2717
2718         if (!rdev->ops->change_mpath)
2719                 return -EOPNOTSUPP;
2720
2721         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2722                 return -EOPNOTSUPP;
2723
2724         return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
2725 }
2726
2727 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
2728 {
2729         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2730         struct net_device *dev = info->user_ptr[1];
2731         u8 *dst = NULL;
2732         u8 *next_hop = NULL;
2733
2734         if (!info->attrs[NL80211_ATTR_MAC])
2735                 return -EINVAL;
2736
2737         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2738                 return -EINVAL;
2739
2740         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2741         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2742
2743         if (!rdev->ops->add_mpath)
2744                 return -EOPNOTSUPP;
2745
2746         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
2747                 return -EOPNOTSUPP;
2748
2749         return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
2750 }
2751
2752 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
2753 {
2754         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2755         struct net_device *dev = info->user_ptr[1];
2756         u8 *dst = NULL;
2757
2758         if (info->attrs[NL80211_ATTR_MAC])
2759                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2760
2761         if (!rdev->ops->del_mpath)
2762                 return -EOPNOTSUPP;
2763
2764         return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
2765 }
2766
2767 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2768 {
2769         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2770         struct net_device *dev = info->user_ptr[1];
2771         struct bss_parameters params;
2772
2773         memset(&params, 0, sizeof(params));
2774         /* default to not changing parameters */
2775         params.use_cts_prot = -1;
2776         params.use_short_preamble = -1;
2777         params.use_short_slot_time = -1;
2778         params.ap_isolate = -1;
2779         params.ht_opmode = -1;
2780
2781         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
2782                 params.use_cts_prot =
2783                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
2784         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
2785                 params.use_short_preamble =
2786                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
2787         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
2788                 params.use_short_slot_time =
2789                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
2790         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
2791                 params.basic_rates =
2792                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2793                 params.basic_rates_len =
2794                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2795         }
2796         if (info->attrs[NL80211_ATTR_AP_ISOLATE])
2797                 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
2798         if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
2799                 params.ht_opmode =
2800                         nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
2801
2802         if (!rdev->ops->change_bss)
2803                 return -EOPNOTSUPP;
2804
2805         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2806             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2807                 return -EOPNOTSUPP;
2808
2809         return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
2810 }
2811
2812 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2813         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
2814         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
2815         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
2816         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
2817         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
2818         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
2819 };
2820
2821 static int parse_reg_rule(struct nlattr *tb[],
2822         struct ieee80211_reg_rule *reg_rule)
2823 {
2824         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
2825         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
2826
2827         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2828                 return -EINVAL;
2829         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2830                 return -EINVAL;
2831         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2832                 return -EINVAL;
2833         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2834                 return -EINVAL;
2835         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2836                 return -EINVAL;
2837
2838         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2839
2840         freq_range->start_freq_khz =
2841                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2842         freq_range->end_freq_khz =
2843                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2844         freq_range->max_bandwidth_khz =
2845                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2846
2847         power_rule->max_eirp =
2848                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2849
2850         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2851                 power_rule->max_antenna_gain =
2852                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2853
2854         return 0;
2855 }
2856
2857 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2858 {
2859         int r;
2860         char *data = NULL;
2861
2862         /*
2863          * You should only get this when cfg80211 hasn't yet initialized
2864          * completely when built-in to the kernel right between the time
2865          * window between nl80211_init() and regulatory_init(), if that is
2866          * even possible.
2867          */
2868         mutex_lock(&cfg80211_mutex);
2869         if (unlikely(!cfg80211_regdomain)) {
2870                 mutex_unlock(&cfg80211_mutex);
2871                 return -EINPROGRESS;
2872         }
2873         mutex_unlock(&cfg80211_mutex);
2874
2875         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2876                 return -EINVAL;
2877
2878         data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2879
2880         r = regulatory_hint_user(data);
2881
2882         return r;
2883 }
2884
2885 static int nl80211_get_mesh_config(struct sk_buff *skb,
2886                                    struct genl_info *info)
2887 {
2888         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2889         struct net_device *dev = info->user_ptr[1];
2890         struct wireless_dev *wdev = dev->ieee80211_ptr;
2891         struct mesh_config cur_params;
2892         int err = 0;
2893         void *hdr;
2894         struct nlattr *pinfoattr;
2895         struct sk_buff *msg;
2896
2897         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
2898                 return -EOPNOTSUPP;
2899
2900         if (!rdev->ops->get_mesh_config)
2901                 return -EOPNOTSUPP;
2902
2903         wdev_lock(wdev);
2904         /* If not connected, get default parameters */
2905         if (!wdev->mesh_id_len)
2906                 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
2907         else
2908                 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
2909                                                  &cur_params);
2910         wdev_unlock(wdev);
2911
2912         if (err)
2913                 return err;
2914
2915         /* Draw up a netlink message to send back */
2916         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2917         if (!msg)
2918                 return -ENOMEM;
2919         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2920                              NL80211_CMD_GET_MESH_CONFIG);
2921         if (!hdr)
2922                 goto out;
2923         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
2924         if (!pinfoattr)
2925                 goto nla_put_failure;
2926         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2927         NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2928                         cur_params.dot11MeshRetryTimeout);
2929         NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2930                         cur_params.dot11MeshConfirmTimeout);
2931         NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2932                         cur_params.dot11MeshHoldingTimeout);
2933         NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2934                         cur_params.dot11MeshMaxPeerLinks);
2935         NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2936                         cur_params.dot11MeshMaxRetries);
2937         NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2938                         cur_params.dot11MeshTTL);
2939         NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL,
2940                         cur_params.element_ttl);
2941         NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2942                         cur_params.auto_open_plinks);
2943         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2944                         cur_params.dot11MeshHWMPmaxPREQretries);
2945         NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2946                         cur_params.path_refresh_time);
2947         NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2948                         cur_params.min_discovery_timeout);
2949         NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2950                         cur_params.dot11MeshHWMPactivePathTimeout);
2951         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2952                         cur_params.dot11MeshHWMPpreqMinInterval);
2953         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2954                         cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2955         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
2956                         cur_params.dot11MeshHWMPRootMode);
2957         nla_nest_end(msg, pinfoattr);
2958         genlmsg_end(msg, hdr);
2959         return genlmsg_reply(msg, info);
2960
2961  nla_put_failure:
2962         genlmsg_cancel(msg, hdr);
2963  out:
2964         nlmsg_free(msg);
2965         return -ENOBUFS;
2966 }
2967
2968 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
2969         [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2970         [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2971         [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2972         [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2973         [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2974         [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2975         [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
2976         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2977
2978         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2979         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2980         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2981         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2982         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2983         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2984 };
2985
2986 static const struct nla_policy
2987         nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
2988         [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
2989         [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
2990         [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
2991         [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
2992                 .len = IEEE80211_MAX_DATA_LEN },
2993         [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
2994 };
2995
2996 static int nl80211_parse_mesh_config(struct genl_info *info,
2997                                      struct mesh_config *cfg,
2998                                      u32 *mask_out)
2999 {
3000         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
3001         u32 mask = 0;
3002
3003 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
3004 do {\
3005         if (table[attr_num]) {\
3006                 cfg->param = nla_fn(table[attr_num]); \
3007                 mask |= (1 << (attr_num - 1)); \
3008         } \
3009 } while (0);\
3010
3011
3012         if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
3013                 return -EINVAL;
3014         if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
3015                              info->attrs[NL80211_ATTR_MESH_CONFIG],
3016                              nl80211_meshconf_params_policy))
3017                 return -EINVAL;
3018
3019         /* This makes sure that there aren't more than 32 mesh config
3020          * parameters (otherwise our bitfield scheme would not work.) */
3021         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3022
3023         /* Fill in the params struct */
3024         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3025                         mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
3026         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3027                         mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
3028         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3029                         mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
3030         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3031                         mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
3032         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3033                         mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
3034         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3035                         mask, NL80211_MESHCONF_TTL, nla_get_u8);
3036         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3037                         mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
3038         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3039                         mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
3040         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3041                         mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3042                         nla_get_u8);
3043         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3044                         mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
3045         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3046                         mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3047                         nla_get_u16);
3048         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
3049                         mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3050                         nla_get_u32);
3051         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3052                         mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3053                         nla_get_u16);
3054         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3055                         dot11MeshHWMPnetDiameterTraversalTime,
3056                         mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3057                         nla_get_u16);
3058         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3059                         dot11MeshHWMPRootMode, mask,
3060                         NL80211_MESHCONF_HWMP_ROOTMODE,
3061                         nla_get_u8);
3062         if (mask_out)
3063                 *mask_out = mask;
3064
3065         return 0;
3066
3067 #undef FILL_IN_MESH_PARAM_IF_SET
3068 }
3069
3070 static int nl80211_parse_mesh_setup(struct genl_info *info,
3071                                      struct mesh_setup *setup)
3072 {
3073         struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3074
3075         if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3076                 return -EINVAL;
3077         if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3078                              info->attrs[NL80211_ATTR_MESH_SETUP],
3079                              nl80211_mesh_setup_params_policy))
3080                 return -EINVAL;
3081
3082         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3083                 setup->path_sel_proto =
3084                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3085                  IEEE80211_PATH_PROTOCOL_VENDOR :
3086                  IEEE80211_PATH_PROTOCOL_HWMP;
3087
3088         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3089                 setup->path_metric =
3090                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3091                  IEEE80211_PATH_METRIC_VENDOR :
3092                  IEEE80211_PATH_METRIC_AIRTIME;
3093
3094
3095         if (tb[NL80211_MESH_SETUP_IE]) {
3096                 struct nlattr *ieattr =
3097                         tb[NL80211_MESH_SETUP_IE];
3098                 if (!is_valid_ie_attr(ieattr))
3099                         return -EINVAL;
3100                 setup->ie = nla_data(ieattr);
3101                 setup->ie_len = nla_len(ieattr);
3102         }
3103         setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3104         setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3105
3106         return 0;
3107 }
3108
3109 static int nl80211_update_mesh_config(struct sk_buff *skb,
3110                                       struct genl_info *info)
3111 {
3112         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3113         struct net_device *dev = info->user_ptr[1];
3114         struct wireless_dev *wdev = dev->ieee80211_ptr;
3115         struct mesh_config cfg;
3116         u32 mask;
3117         int err;
3118
3119         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3120                 return -EOPNOTSUPP;
3121
3122         if (!rdev->ops->update_mesh_config)
3123                 return -EOPNOTSUPP;
3124
3125         err = nl80211_parse_mesh_config(info, &cfg, &mask);
3126         if (err)
3127                 return err;
3128
3129         wdev_lock(wdev);
3130         if (!wdev->mesh_id_len)
3131                 err = -ENOLINK;
3132
3133         if (!err)
3134                 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3135                                                     mask, &cfg);
3136
3137         wdev_unlock(wdev);
3138
3139         return err;
3140 }
3141
3142 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3143 {
3144         struct sk_buff *msg;
3145         void *hdr = NULL;
3146         struct nlattr *nl_reg_rules;
3147         unsigned int i;
3148         int err = -EINVAL;
3149
3150         mutex_lock(&cfg80211_mutex);
3151
3152         if (!cfg80211_regdomain)
3153                 goto out;
3154
3155         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3156         if (!msg) {
3157                 err = -ENOBUFS;
3158                 goto out;
3159         }
3160
3161         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3162                              NL80211_CMD_GET_REG);
3163         if (!hdr)
3164                 goto put_failure;
3165
3166         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
3167                 cfg80211_regdomain->alpha2);
3168
3169         nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3170         if (!nl_reg_rules)
3171                 goto nla_put_failure;
3172
3173         for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
3174                 struct nlattr *nl_reg_rule;
3175                 const struct ieee80211_reg_rule *reg_rule;
3176                 const struct ieee80211_freq_range *freq_range;
3177                 const struct ieee80211_power_rule *power_rule;
3178
3179                 reg_rule = &cfg80211_regdomain->reg_rules[i];
3180                 freq_range = &reg_rule->freq_range;
3181                 power_rule = &reg_rule->power_rule;
3182
3183                 nl_reg_rule = nla_nest_start(msg, i);
3184                 if (!nl_reg_rule)
3185                         goto nla_put_failure;
3186
3187                 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3188                         reg_rule->flags);
3189                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
3190                         freq_range->start_freq_khz);
3191                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
3192                         freq_range->end_freq_khz);
3193                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3194                         freq_range->max_bandwidth_khz);
3195                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3196                         power_rule->max_antenna_gain);
3197                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3198                         power_rule->max_eirp);
3199
3200                 nla_nest_end(msg, nl_reg_rule);
3201         }
3202
3203         nla_nest_end(msg, nl_reg_rules);
3204
3205         genlmsg_end(msg, hdr);
3206         err = genlmsg_reply(msg, info);
3207         goto out;
3208
3209 nla_put_failure:
3210         genlmsg_cancel(msg, hdr);
3211 put_failure:
3212         nlmsg_free(msg);
3213         err = -EMSGSIZE;
3214 out:
3215         mutex_unlock(&cfg80211_mutex);
3216         return err;
3217 }
3218
3219 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3220 {
3221         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3222         struct nlattr *nl_reg_rule;
3223         char *alpha2 = NULL;
3224         int rem_reg_rules = 0, r = 0;
3225         u32 num_rules = 0, rule_idx = 0, size_of_regd;
3226         struct ieee80211_regdomain *rd = NULL;
3227
3228         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3229                 return -EINVAL;
3230
3231         if (!info->attrs[NL80211_ATTR_REG_RULES])
3232                 return -EINVAL;
3233
3234         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3235
3236         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3237                         rem_reg_rules) {
3238                 num_rules++;
3239                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3240                         return -EINVAL;
3241         }
3242
3243         mutex_lock(&cfg80211_mutex);
3244
3245         if (!reg_is_valid_request(alpha2)) {
3246                 r = -EINVAL;
3247                 goto bad_reg;
3248         }
3249
3250         size_of_regd = sizeof(struct ieee80211_regdomain) +
3251                 (num_rules * sizeof(struct ieee80211_reg_rule));
3252
3253         rd = kzalloc(size_of_regd, GFP_KERNEL);
3254         if (!rd) {
3255                 r = -ENOMEM;
3256                 goto bad_reg;
3257         }
3258
3259         rd->n_reg_rules = num_rules;
3260         rd->alpha2[0] = alpha2[0];
3261         rd->alpha2[1] = alpha2[1];
3262
3263         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3264                         rem_reg_rules) {
3265                 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3266                         nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3267                         reg_rule_policy);
3268                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3269                 if (r)
3270                         goto bad_reg;
3271
3272                 rule_idx++;
3273
3274                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3275                         r = -EINVAL;
3276                         goto bad_reg;
3277                 }
3278         }
3279
3280         BUG_ON(rule_idx != num_rules);
3281
3282         r = set_regdom(rd);
3283
3284         mutex_unlock(&cfg80211_mutex);
3285
3286         return r;
3287
3288  bad_reg:
3289         mutex_unlock(&cfg80211_mutex);
3290         kfree(rd);
3291         return r;
3292 }
3293
3294 static int validate_scan_freqs(struct nlattr *freqs)
3295 {
3296         struct nlattr *attr1, *attr2;
3297         int n_channels = 0, tmp1, tmp2;
3298
3299         nla_for_each_nested(attr1, freqs, tmp1) {
3300                 n_channels++;
3301                 /*
3302                  * Some hardware has a limited channel list for
3303                  * scanning, and it is pretty much nonsensical
3304                  * to scan for a channel twice, so disallow that
3305                  * and don't require drivers to check that the
3306                  * channel list they get isn't longer than what
3307                  * they can scan, as long as they can scan all
3308                  * the channels they registered at once.
3309                  */
3310                 nla_for_each_nested(attr2, freqs, tmp2)
3311                         if (attr1 != attr2 &&
3312                             nla_get_u32(attr1) == nla_get_u32(attr2))
3313                                 return 0;
3314         }
3315
3316         return n_channels;
3317 }
3318
3319 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3320 {
3321         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3322         struct net_device *dev = info->user_ptr[1];
3323         struct cfg80211_scan_request *request;
3324         struct nlattr *attr;
3325         struct wiphy *wiphy;
3326         int err, tmp, n_ssids = 0, n_channels, i;
3327         size_t ie_len;
3328
3329         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3330                 return -EINVAL;
3331
3332         wiphy = &rdev->wiphy;
3333
3334         if (!rdev->ops->scan)
3335                 return -EOPNOTSUPP;
3336
3337         if (rdev->scan_req)
3338                 return -EBUSY;
3339
3340         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3341                 n_channels = validate_scan_freqs(
3342                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3343                 if (!n_channels)
3344                         return -EINVAL;
3345         } else {
3346                 enum ieee80211_band band;
3347                 n_channels = 0;
3348
3349                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3350                         if (wiphy->bands[band])
3351                                 n_channels += wiphy->bands[band]->n_channels;
3352         }
3353
3354         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3355                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3356                         n_ssids++;
3357
3358         if (n_ssids > wiphy->max_scan_ssids)
3359                 return -EINVAL;
3360
3361         if (info->attrs[NL80211_ATTR_IE])
3362                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3363         else
3364                 ie_len = 0;
3365
3366         if (ie_len > wiphy->max_scan_ie_len)
3367                 return -EINVAL;
3368
3369         request = kzalloc(sizeof(*request)
3370                         + sizeof(*request->ssids) * n_ssids
3371                         + sizeof(*request->channels) * n_channels
3372                         + ie_len, GFP_KERNEL);
3373         if (!request)
3374                 return -ENOMEM;
3375
3376         if (n_ssids)
3377                 request->ssids = (void *)&request->channels[n_channels];
3378         request->n_ssids = n_ssids;
3379         if (ie_len) {
3380                 if (request->ssids)
3381                         request->ie = (void *)(request->ssids + n_ssids);
3382                 else
3383                         request->ie = (void *)(request->channels + n_channels);
3384         }
3385
3386         i = 0;
3387         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3388                 /* user specified, bail out if channel not found */
3389                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3390                         struct ieee80211_channel *chan;
3391
3392                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3393
3394                         if (!chan) {
3395                                 err = -EINVAL;
3396                                 goto out_free;
3397                         }
3398
3399                         /* ignore disabled channels */
3400                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3401                                 continue;
3402
3403                         request->channels[i] = chan;
3404                         i++;
3405                 }
3406         } else {
3407                 enum ieee80211_band band;
3408
3409                 /* all channels */
3410                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3411                         int j;
3412                         if (!wiphy->bands[band])
3413                                 continue;
3414                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3415                                 struct ieee80211_channel *chan;
3416
3417                                 chan = &wiphy->bands[band]->channels[j];
3418
3419                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3420                                         continue;
3421
3422                                 request->channels[i] = chan;
3423                                 i++;
3424                         }
3425                 }
3426         }
3427
3428         if (!i) {
3429                 err = -EINVAL;
3430                 goto out_free;
3431         }
3432
3433         request->n_channels = i;
3434
3435         i = 0;
3436         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3437                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3438                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3439                                 err = -EINVAL;
3440                                 goto out_free;
3441                         }
3442                         request->ssids[i].ssid_len = nla_len(attr);
3443                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3444                         i++;
3445                 }
3446         }
3447
3448         if (info->attrs[NL80211_ATTR_IE]) {
3449                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3450                 memcpy((void *)request->ie,
3451                        nla_data(info->attrs[NL80211_ATTR_IE]),
3452                        request->ie_len);
3453         }
3454
3455         for (i = 0; i < IEEE80211_NUM_BANDS; i++)
3456                 if (wiphy->bands[i])
3457                         request->rates[i] =
3458                                 (1 << wiphy->bands[i]->n_bitrates) - 1;
3459
3460         if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
3461                 nla_for_each_nested(attr,
3462                                     info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
3463                                     tmp) {
3464                         enum ieee80211_band band = nla_type(attr);
3465
3466                         if (band < 0 || band >= IEEE80211_NUM_BANDS) {
3467                                 err = -EINVAL;
3468                                 goto out_free;
3469                         }
3470                         err = ieee80211_get_ratemask(wiphy->bands[band],
3471                                                      nla_data(attr),
3472                                                      nla_len(attr),
3473                                                      &request->rates[band]);
3474                         if (err)
3475                                 goto out_free;
3476                 }
3477         }
3478
3479         request->dev = dev;
3480         request->wiphy = &rdev->wiphy;
3481
3482         rdev->scan_req = request;
3483         err = rdev->ops->scan(&rdev->wiphy, dev, request);
3484
3485         if (!err) {
3486                 nl80211_send_scan_start(rdev, dev);
3487                 dev_hold(dev);
3488         } else {
3489  out_free:
3490                 rdev->scan_req = NULL;
3491                 kfree(request);
3492         }
3493
3494         return err;
3495 }
3496
3497 static int nl80211_start_sched_scan(struct sk_buff *skb,
3498                                     struct genl_info *info)
3499 {
3500         struct cfg80211_sched_scan_request *request;
3501         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3502         struct net_device *dev = info->user_ptr[1];
3503         struct nlattr *attr;
3504         struct wiphy *wiphy;
3505         int err, tmp, n_ssids = 0, n_channels, i;
3506         u32 interval;
3507         enum ieee80211_band band;
3508         size_t ie_len;
3509
3510         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3511             !rdev->ops->sched_scan_start)
3512                 return -EOPNOTSUPP;
3513
3514         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3515                 return -EINVAL;
3516
3517         if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
3518                 return -EINVAL;
3519
3520         interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
3521         if (interval == 0)
3522                 return -EINVAL;
3523
3524         wiphy = &rdev->wiphy;
3525
3526         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3527                 n_channels = validate_scan_freqs(
3528                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3529                 if (!n_channels)
3530                         return -EINVAL;
3531         } else {
3532                 n_channels = 0;
3533
3534                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3535                         if (wiphy->bands[band])
3536                                 n_channels += wiphy->bands[band]->n_channels;
3537         }
3538
3539         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3540                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3541                                     tmp)
3542                         n_ssids++;
3543
3544         if (n_ssids > wiphy->max_sched_scan_ssids)
3545                 return -EINVAL;
3546
3547         if (info->attrs[NL80211_ATTR_IE])
3548                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3549         else
3550                 ie_len = 0;
3551
3552         if (ie_len > wiphy->max_sched_scan_ie_len)
3553                 return -EINVAL;
3554
3555         mutex_lock(&rdev->sched_scan_mtx);
3556
3557         if (rdev->sched_scan_req) {
3558                 err = -EINPROGRESS;
3559                 goto out;
3560         }
3561
3562         request = kzalloc(sizeof(*request)
3563                         + sizeof(*request->ssids) * n_ssids
3564                         + sizeof(*request->channels) * n_channels
3565                         + ie_len, GFP_KERNEL);
3566         if (!request) {
3567                 err = -ENOMEM;
3568                 goto out;
3569         }
3570
3571         if (n_ssids)
3572                 request->ssids = (void *)&request->channels[n_channels];
3573         request->n_ssids = n_ssids;
3574         if (ie_len) {
3575                 if (request->ssids)
3576                         request->ie = (void *)(request->ssids + n_ssids);
3577                 else
3578                         request->ie = (void *)(request->channels + n_channels);
3579         }
3580
3581         i = 0;
3582         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3583                 /* user specified, bail out if channel not found */
3584                 nla_for_each_nested(attr,
3585                                     info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
3586                                     tmp) {
3587                         struct ieee80211_channel *chan;
3588
3589                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3590
3591                         if (!chan) {
3592                                 err = -EINVAL;
3593                                 goto out_free;
3594                         }
3595
3596                         /* ignore disabled channels */
3597                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3598                                 continue;
3599
3600                         request->channels[i] = chan;
3601                         i++;
3602                 }
3603         } else {
3604                 /* all channels */
3605                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3606                         int j;
3607                         if (!wiphy->bands[band])
3608                                 continue;
3609                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3610                                 struct ieee80211_channel *chan;
3611
3612                                 chan = &wiphy->bands[band]->channels[j];
3613
3614                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3615                                         continue;
3616
3617                                 request->channels[i] = chan;
3618                                 i++;
3619                         }
3620                 }
3621         }
3622
3623         if (!i) {
3624                 err = -EINVAL;
3625                 goto out_free;
3626         }
3627
3628         request->n_channels = i;
3629
3630         i = 0;
3631         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3632                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3633                                     tmp) {
3634                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3635                                 err = -EINVAL;
3636                                 goto out_free;
3637                         }
3638                         request->ssids[i].ssid_len = nla_len(attr);
3639                         memcpy(request->ssids[i].ssid, nla_data(attr),
3640                                nla_len(attr));
3641                         i++;
3642                 }
3643         }
3644
3645         if (info->attrs[NL80211_ATTR_IE]) {
3646                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3647                 memcpy((void *)request->ie,
3648                        nla_data(info->attrs[NL80211_ATTR_IE]),
3649                        request->ie_len);
3650         }
3651
3652         request->dev = dev;
3653         request->wiphy = &rdev->wiphy;
3654         request->interval = interval;
3655
3656         err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
3657         if (!err) {
3658                 rdev->sched_scan_req = request;
3659                 nl80211_send_sched_scan(rdev, dev,
3660                                         NL80211_CMD_START_SCHED_SCAN);
3661                 goto out;
3662         }
3663
3664 out_free:
3665         kfree(request);
3666 out:
3667         mutex_unlock(&rdev->sched_scan_mtx);
3668         return err;
3669 }
3670
3671 static int nl80211_stop_sched_scan(struct sk_buff *skb,
3672                                    struct genl_info *info)
3673 {
3674         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3675         int err;
3676
3677         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3678             !rdev->ops->sched_scan_stop)
3679                 return -EOPNOTSUPP;
3680
3681         mutex_lock(&rdev->sched_scan_mtx);
3682         err = __cfg80211_stop_sched_scan(rdev, false);
3683         mutex_unlock(&rdev->sched_scan_mtx);
3684
3685         return err;
3686 }
3687
3688 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
3689                             u32 seq, int flags,
3690                             struct cfg80211_registered_device *rdev,
3691                             struct wireless_dev *wdev,
3692                             struct cfg80211_internal_bss *intbss)
3693 {
3694         struct cfg80211_bss *res = &intbss->pub;
3695         void *hdr;
3696         struct nlattr *bss;
3697         int i;
3698
3699         ASSERT_WDEV_LOCK(wdev);
3700
3701         hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags,
3702                              NL80211_CMD_NEW_SCAN_RESULTS);
3703         if (!hdr)
3704                 return -1;
3705
3706         genl_dump_check_consistent(cb, hdr, &nl80211_fam);
3707
3708         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
3709         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
3710
3711         bss = nla_nest_start(msg, NL80211_ATTR_BSS);
3712         if (!bss)
3713                 goto nla_put_failure;
3714         if (!is_zero_ether_addr(res->bssid))
3715                 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
3716         if (res->information_elements && res->len_information_elements)
3717                 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3718                         res->len_information_elements,
3719                         res->information_elements);
3720         if (res->beacon_ies && res->len_beacon_ies &&
3721             res->beacon_ies != res->information_elements)
3722                 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
3723                         res->len_beacon_ies, res->beacon_ies);
3724         if (res->tsf)
3725                 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3726         if (res->beacon_interval)
3727                 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3728         NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3729         NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3730         NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
3731                 jiffies_to_msecs(jiffies - intbss->ts));
3732
3733         switch (rdev->wiphy.signal_type) {
3734         case CFG80211_SIGNAL_TYPE_MBM:
3735                 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
3736                 break;
3737         case CFG80211_SIGNAL_TYPE_UNSPEC:
3738                 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
3739                 break;
3740         default:
3741                 break;
3742         }
3743
3744         switch (wdev->iftype) {
3745         case NL80211_IFTYPE_P2P_CLIENT:
3746         case NL80211_IFTYPE_STATION:
3747                 if (intbss == wdev->current_bss)
3748                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3749                                     NL80211_BSS_STATUS_ASSOCIATED);
3750                 else for (i = 0; i < MAX_AUTH_BSSES; i++) {
3751                         if (intbss != wdev->auth_bsses[i])
3752                                 continue;
3753                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3754                                     NL80211_BSS_STATUS_AUTHENTICATED);
3755                         break;
3756                 }
3757                 break;
3758         case NL80211_IFTYPE_ADHOC:
3759                 if (intbss == wdev->current_bss)
3760                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3761                                     NL80211_BSS_STATUS_IBSS_JOINED);
3762                 break;
3763         default:
3764                 break;
3765         }
3766
3767         nla_nest_end(msg, bss);
3768
3769         return genlmsg_end(msg, hdr);
3770
3771  nla_put_failure:
3772         genlmsg_cancel(msg, hdr);
3773         return -EMSGSIZE;
3774 }
3775
3776 static int nl80211_dump_scan(struct sk_buff *skb,
3777                              struct netlink_callback *cb)
3778 {
3779         struct cfg80211_registered_device *rdev;
3780         struct net_device *dev;
3781         struct cfg80211_internal_bss *scan;
3782         struct wireless_dev *wdev;
3783         int start = cb->args[1], idx = 0;
3784         int err;
3785
3786         err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
3787         if (err)
3788                 return err;
3789
3790         wdev = dev->ieee80211_ptr;
3791
3792         wdev_lock(wdev);
3793         spin_lock_bh(&rdev->bss_lock);
3794         cfg80211_bss_expire(rdev);
3795
3796         cb->seq = rdev->bss_generation;
3797
3798         list_for_each_entry(scan, &rdev->bss_list, list) {
3799                 if (++idx <= start)
3800                         continue;
3801                 if (nl80211_send_bss(skb, cb,
3802                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3803                                 rdev, wdev, scan) < 0) {
3804                         idx--;
3805                         break;
3806                 }
3807         }
3808
3809         spin_unlock_bh(&rdev->bss_lock);
3810         wdev_unlock(wdev);
3811
3812         cb->args[1] = idx;
3813         nl80211_finish_netdev_dump(rdev);
3814
3815         return skb->len;
3816 }
3817
3818 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
3819                                 int flags, struct net_device *dev,
3820                                 struct survey_info *survey)
3821 {
3822         void *hdr;
3823         struct nlattr *infoattr;
3824
3825         hdr = nl80211hdr_put(msg, pid, seq, flags,
3826                              NL80211_CMD_NEW_SURVEY_RESULTS);
3827         if (!hdr)
3828                 return -ENOMEM;
3829
3830         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3831
3832         infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
3833         if (!infoattr)
3834                 goto nla_put_failure;
3835
3836         NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
3837                     survey->channel->center_freq);
3838         if (survey->filled & SURVEY_INFO_NOISE_DBM)
3839                 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
3840                             survey->noise);
3841         if (survey->filled & SURVEY_INFO_IN_USE)
3842                 NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE);
3843         if (survey->filled & SURVEY_INFO_CHANNEL_TIME)
3844                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
3845                             survey->channel_time);
3846         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
3847                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
3848                             survey->channel_time_busy);
3849         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
3850                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
3851                             survey->channel_time_ext_busy);
3852         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX)
3853                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
3854                             survey->channel_time_rx);
3855         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX)
3856                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
3857                             survey->channel_time_tx);
3858
3859         nla_nest_end(msg, infoattr);
3860
3861         return genlmsg_end(msg, hdr);
3862
3863  nla_put_failure:
3864         genlmsg_cancel(msg, hdr);
3865         return -EMSGSIZE;
3866 }
3867
3868 static int nl80211_dump_survey(struct sk_buff *skb,
3869                         struct netlink_callback *cb)
3870 {
3871         struct survey_info survey;
3872         struct cfg80211_registered_device *dev;
3873         struct net_device *netdev;
3874         int survey_idx = cb->args[1];
3875         int res;
3876
3877         res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
3878         if (res)
3879                 return res;
3880
3881         if (!dev->ops->dump_survey) {
3882                 res = -EOPNOTSUPP;
3883                 goto out_err;
3884         }
3885
3886         while (1) {
3887                 struct ieee80211_channel *chan;
3888
3889                 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
3890                                             &survey);
3891                 if (res == -ENOENT)
3892                         break;
3893                 if (res)
3894                         goto out_err;
3895
3896                 /* Survey without a channel doesn't make sense */
3897                 if (!survey.channel) {
3898                         res = -EINVAL;
3899                         goto out;
3900                 }
3901
3902                 chan = ieee80211_get_channel(&dev->wiphy,
3903                                              survey.channel->center_freq);
3904                 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
3905                         survey_idx++;
3906                         continue;
3907                 }
3908
3909                 if (nl80211_send_survey(skb,
3910                                 NETLINK_CB(cb->skb).pid,
3911                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3912                                 netdev,
3913                                 &survey) < 0)
3914                         goto out;
3915                 survey_idx++;
3916         }
3917
3918  out:
3919         cb->args[1] = survey_idx;
3920         res = skb->len;
3921  out_err:
3922         nl80211_finish_netdev_dump(dev);
3923         return res;
3924 }
3925
3926 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3927 {
3928         return auth_type <= NL80211_AUTHTYPE_MAX;
3929 }
3930
3931 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
3932 {
3933         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
3934                                   NL80211_WPA_VERSION_2));
3935 }
3936
3937 static bool nl80211_valid_akm_suite(u32 akm)
3938 {
3939         return akm == WLAN_AKM_SUITE_8021X ||
3940                 akm == WLAN_AKM_SUITE_PSK;
3941 }
3942
3943 static bool nl80211_valid_cipher_suite(u32 cipher)
3944 {
3945         return cipher == WLAN_CIPHER_SUITE_WEP40 ||
3946                 cipher == WLAN_CIPHER_SUITE_WEP104 ||
3947                 cipher == WLAN_CIPHER_SUITE_TKIP ||
3948                 cipher == WLAN_CIPHER_SUITE_CCMP ||
3949                 cipher == WLAN_CIPHER_SUITE_AES_CMAC;
3950 }
3951
3952
3953 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
3954 {
3955         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3956         struct net_device *dev = info->user_ptr[1];
3957         struct ieee80211_channel *chan;
3958         const u8 *bssid, *ssid, *ie = NULL;
3959         int err, ssid_len, ie_len = 0;
3960         enum nl80211_auth_type auth_type;
3961         struct key_parse key;
3962         bool local_state_change;
3963
3964         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3965                 return -EINVAL;
3966
3967         if (!info->attrs[NL80211_ATTR_MAC])
3968                 return -EINVAL;
3969
3970         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
3971                 return -EINVAL;
3972
3973         if (!info->attrs[NL80211_ATTR_SSID])
3974                 return -EINVAL;
3975
3976         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
3977                 return -EINVAL;
3978
3979         err = nl80211_parse_key(info, &key);
3980         if (err)
3981                 return err;
3982
3983         if (key.idx >= 0) {
3984                 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
3985                         return -EINVAL;
3986                 if (!key.p.key || !key.p.key_len)
3987                         return -EINVAL;
3988                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
3989                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
3990                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
3991                      key.p.key_len != WLAN_KEY_LEN_WEP104))
3992                         return -EINVAL;
3993                 if (key.idx > 4)
3994                         return -EINVAL;
3995         } else {
3996                 key.p.key_len = 0;
3997                 key.p.key = NULL;
3998         }
3999
4000         if (key.idx >= 0) {
4001                 int i;
4002                 bool ok = false;
4003                 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
4004                         if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
4005                                 ok = true;
4006                                 break;
4007                         }
4008                 }
4009                 if (!ok)
4010                         return -EINVAL;
4011         }
4012
4013         if (!rdev->ops->auth)
4014                 return -EOPNOTSUPP;
4015
4016         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4017             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4018                 return -EOPNOTSUPP;
4019
4020         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4021         chan = ieee80211_get_channel(&rdev->wiphy,
4022                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4023         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4024                 return -EINVAL;
4025
4026         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4027         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4028
4029         if (info->attrs[NL80211_ATTR_IE]) {
4030                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4031                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4032         }
4033
4034         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4035         if (!nl80211_valid_auth_type(auth_type))
4036                 return -EINVAL;
4037
4038         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4039
4040         return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
4041                                   ssid, ssid_len, ie, ie_len,
4042                                   key.p.key, key.p.key_len, key.idx,
4043                                   local_state_change);
4044 }
4045
4046 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4047                                    struct genl_info *info,
4048                                    struct cfg80211_crypto_settings *settings,
4049                                    int cipher_limit)
4050 {
4051         memset(settings, 0, sizeof(*settings));
4052
4053         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
4054
4055         if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
4056                 u16 proto;
4057                 proto = nla_get_u16(
4058                         info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
4059                 settings->control_port_ethertype = cpu_to_be16(proto);
4060                 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
4061                     proto != ETH_P_PAE)
4062                         return -EINVAL;
4063                 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
4064                         settings->control_port_no_encrypt = true;
4065         } else
4066                 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
4067
4068         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
4069                 void *data;
4070                 int len, i;
4071
4072                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4073                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4074                 settings->n_ciphers_pairwise = len / sizeof(u32);
4075
4076                 if (len % sizeof(u32))
4077                         return -EINVAL;
4078
4079                 if (settings->n_ciphers_pairwise > cipher_limit)
4080                         return -EINVAL;
4081
4082                 memcpy(settings->ciphers_pairwise, data, len);
4083
4084                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
4085                         if (!nl80211_valid_cipher_suite(
4086                                         settings->ciphers_pairwise[i]))
4087                                 return -EINVAL;
4088         }
4089
4090         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
4091                 settings->cipher_group =
4092                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
4093                 if (!nl80211_valid_cipher_suite(settings->cipher_group))
4094                         return -EINVAL;
4095         }
4096
4097         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
4098                 settings->wpa_versions =
4099                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
4100                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
4101                         return -EINVAL;
4102         }
4103
4104         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
4105                 void *data;
4106                 int len, i;
4107
4108                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
4109                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
4110                 settings->n_akm_suites = len / sizeof(u32);
4111
4112                 if (len % sizeof(u32))
4113                         return -EINVAL;
4114
4115                 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
4116                         return -EINVAL;
4117
4118                 memcpy(settings->akm_suites, data, len);
4119
4120                 for (i = 0; i < settings->n_akm_suites; i++)
4121                         if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
4122                                 return -EINVAL;
4123         }
4124
4125         return 0;
4126 }
4127
4128 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
4129 {
4130         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4131         struct net_device *dev = info->user_ptr[1];
4132         struct cfg80211_crypto_settings crypto;
4133         struct ieee80211_channel *chan;
4134         const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
4135         int err, ssid_len, ie_len = 0;
4136         bool use_mfp = false;
4137
4138         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4139                 return -EINVAL;
4140
4141         if (!info->attrs[NL80211_ATTR_MAC] ||
4142             !info->attrs[NL80211_ATTR_SSID] ||
4143             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4144                 return -EINVAL;
4145
4146         if (!rdev->ops->assoc)
4147                 return -EOPNOTSUPP;
4148
4149         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4150             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4151                 return -EOPNOTSUPP;
4152
4153         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4154
4155         chan = ieee80211_get_channel(&rdev->wiphy,
4156                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4157         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4158                 return -EINVAL;
4159
4160         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4161         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4162
4163         if (info->attrs[NL80211_ATTR_IE]) {
4164                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4165                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4166         }
4167
4168         if (info->attrs[NL80211_ATTR_USE_MFP]) {
4169                 enum nl80211_mfp mfp =
4170                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
4171                 if (mfp == NL80211_MFP_REQUIRED)
4172                         use_mfp = true;
4173                 else if (mfp != NL80211_MFP_NO)
4174                         return -EINVAL;
4175         }
4176
4177         if (info->attrs[NL80211_ATTR_PREV_BSSID])
4178                 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
4179
4180         err = nl80211_crypto_settings(rdev, info, &crypto, 1);
4181         if (!err)
4182                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
4183                                           ssid, ssid_len, ie, ie_len, use_mfp,
4184                                           &crypto);
4185
4186         return err;
4187 }
4188
4189 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
4190 {
4191         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4192         struct net_device *dev = info->user_ptr[1];
4193         const u8 *ie = NULL, *bssid;
4194         int ie_len = 0;
4195         u16 reason_code;
4196         bool local_state_change;
4197
4198         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4199                 return -EINVAL;
4200
4201         if (!info->attrs[NL80211_ATTR_MAC])
4202                 return -EINVAL;
4203
4204         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4205                 return -EINVAL;
4206
4207         if (!rdev->ops->deauth)
4208                 return -EOPNOTSUPP;
4209
4210         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4211             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4212                 return -EOPNOTSUPP;
4213
4214         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4215
4216         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4217         if (reason_code == 0) {
4218                 /* Reason Code 0 is reserved */
4219                 return -EINVAL;
4220         }
4221
4222         if (info->attrs[NL80211_ATTR_IE]) {
4223                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4224                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4225         }
4226
4227         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4228
4229         return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
4230                                     local_state_change);
4231 }
4232
4233 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
4234 {
4235         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4236         struct net_device *dev = info->user_ptr[1];
4237         const u8 *ie = NULL, *bssid;
4238         int ie_len = 0;
4239         u16 reason_code;
4240         bool local_state_change;
4241
4242         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4243                 return -EINVAL;
4244
4245         if (!info->attrs[NL80211_ATTR_MAC])
4246                 return -EINVAL;
4247
4248         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4249                 return -EINVAL;
4250
4251         if (!rdev->ops->disassoc)
4252                 return -EOPNOTSUPP;
4253
4254         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4255             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4256                 return -EOPNOTSUPP;
4257
4258         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4259
4260         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4261         if (reason_code == 0) {
4262                 /* Reason Code 0 is reserved */
4263                 return -EINVAL;
4264         }
4265
4266         if (info->attrs[NL80211_ATTR_IE]) {
4267                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4268                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4269         }
4270
4271         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4272
4273         return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
4274                                       local_state_change);
4275 }
4276
4277 static bool
4278 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
4279                          int mcast_rate[IEEE80211_NUM_BANDS],
4280                          int rateval)
4281 {
4282         struct wiphy *wiphy = &rdev->wiphy;
4283         bool found = false;
4284         int band, i;
4285
4286         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4287                 struct ieee80211_supported_band *sband;
4288
4289                 sband = wiphy->bands[band];
4290                 if (!sband)
4291                         continue;
4292
4293                 for (i = 0; i < sband->n_bitrates; i++) {
4294                         if (sband->bitrates[i].bitrate == rateval) {
4295                                 mcast_rate[band] = i + 1;
4296                                 found = true;
4297                                 break;
4298                         }
4299                 }
4300         }
4301
4302         return found;
4303 }
4304
4305 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
4306 {
4307         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4308         struct net_device *dev = info->user_ptr[1];
4309         struct cfg80211_ibss_params ibss;
4310         struct wiphy *wiphy;
4311         struct cfg80211_cached_keys *connkeys = NULL;
4312         int err;
4313
4314         memset(&ibss, 0, sizeof(ibss));
4315
4316         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4317                 return -EINVAL;
4318
4319         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4320             !info->attrs[NL80211_ATTR_SSID] ||
4321             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4322                 return -EINVAL;
4323
4324         ibss.beacon_interval = 100;
4325
4326         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
4327                 ibss.beacon_interval =
4328                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4329                 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
4330                         return -EINVAL;
4331         }
4332
4333         if (!rdev->ops->join_ibss)
4334                 return -EOPNOTSUPP;
4335
4336         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4337                 return -EOPNOTSUPP;
4338
4339         wiphy = &rdev->wiphy;
4340
4341         if (info->attrs[NL80211_ATTR_MAC])
4342                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4343         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4344         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4345
4346         if (info->attrs[NL80211_ATTR_IE]) {
4347                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4348                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4349         }
4350
4351         ibss.channel = ieee80211_get_channel(wiphy,
4352                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4353         if (!ibss.channel ||
4354             ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4355             ibss.channel->flags & IEEE80211_CHAN_DISABLED)
4356                 return -EINVAL;
4357
4358         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4359         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4360
4361         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4362                 u8 *rates =
4363                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4364                 int n_rates =
4365                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4366                 struct ieee80211_supported_band *sband =
4367                         wiphy->bands[ibss.channel->band];
4368                 int err;
4369
4370                 err = ieee80211_get_ratemask(sband, rates, n_rates,
4371                                              &ibss.basic_rates);
4372                 if (err)
4373                         return err;
4374         }
4375
4376         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
4377             !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
4378                         nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
4379                 return -EINVAL;
4380
4381         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4382                 connkeys = nl80211_parse_connkeys(rdev,
4383                                         info->attrs[NL80211_ATTR_KEYS]);
4384                 if (IS_ERR(connkeys))
4385                         return PTR_ERR(connkeys);
4386         }
4387
4388         err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4389         if (err)
4390                 kfree(connkeys);
4391         return err;
4392 }
4393
4394 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4395 {
4396         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4397         struct net_device *dev = info->user_ptr[1];
4398
4399         if (!rdev->ops->leave_ibss)
4400                 return -EOPNOTSUPP;
4401
4402         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4403                 return -EOPNOTSUPP;
4404
4405         return cfg80211_leave_ibss(rdev, dev, false);
4406 }
4407
4408 #ifdef CONFIG_NL80211_TESTMODE
4409 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4410         .name = "testmode",
4411 };
4412
4413 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4414 {
4415         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4416         int err;
4417
4418         if (!info->attrs[NL80211_ATTR_TESTDATA])
4419                 return -EINVAL;
4420
4421         err = -EOPNOTSUPP;
4422         if (rdev->ops->testmode_cmd) {
4423                 rdev->testmode_info = info;
4424                 err = rdev->ops->testmode_cmd(&rdev->wiphy,
4425                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4426                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4427                 rdev->testmode_info = NULL;
4428         }
4429
4430         return err;
4431 }
4432
4433 static int nl80211_testmode_dump(struct sk_buff *skb,
4434                                  struct netlink_callback *cb)
4435 {
4436         struct cfg80211_registered_device *dev;
4437         int err;
4438         long phy_idx;
4439         void *data = NULL;
4440         int data_len = 0;
4441
4442         if (cb->args[0]) {
4443                 /*
4444                  * 0 is a valid index, but not valid for args[0],
4445                  * so we need to offset by 1.
4446                  */
4447                 phy_idx = cb->args[0] - 1;
4448         } else {
4449                 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
4450                                   nl80211_fam.attrbuf, nl80211_fam.maxattr,
4451                                   nl80211_policy);
4452                 if (err)
4453                         return err;
4454                 if (!nl80211_fam.attrbuf[NL80211_ATTR_WIPHY])
4455                         return -EINVAL;
4456                 phy_idx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]);
4457                 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
4458                         cb->args[1] =
4459                                 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
4460         }
4461
4462         if (cb->args[1]) {
4463                 data = nla_data((void *)cb->args[1]);
4464                 data_len = nla_len((void *)cb->args[1]);
4465         }
4466
4467         mutex_lock(&cfg80211_mutex);
4468         dev = cfg80211_rdev_by_wiphy_idx(phy_idx);
4469         if (!dev) {
4470                 mutex_unlock(&cfg80211_mutex);
4471                 return -ENOENT;
4472         }
4473         cfg80211_lock_rdev(dev);
4474         mutex_unlock(&cfg80211_mutex);
4475
4476         if (!dev->ops->testmode_dump) {
4477                 err = -EOPNOTSUPP;
4478                 goto out_err;
4479         }
4480
4481         while (1) {
4482                 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid,
4483                                            cb->nlh->nlmsg_seq, NLM_F_MULTI,
4484                                            NL80211_CMD_TESTMODE);
4485                 struct nlattr *tmdata;
4486
4487                 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, dev->wiphy_idx) < 0) {
4488                         genlmsg_cancel(skb, hdr);
4489                         break;
4490                 }
4491
4492                 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4493                 if (!tmdata) {
4494                         genlmsg_cancel(skb, hdr);
4495                         break;
4496                 }
4497                 err = dev->ops->testmode_dump(&dev->wiphy, skb, cb,
4498                                               data, data_len);
4499                 nla_nest_end(skb, tmdata);
4500
4501                 if (err == -ENOBUFS || err == -ENOENT) {
4502                         genlmsg_cancel(skb, hdr);
4503                         break;
4504                 } else if (err) {
4505                         genlmsg_cancel(skb, hdr);
4506                         goto out_err;
4507                 }
4508
4509                 genlmsg_end(skb, hdr);
4510         }
4511
4512         err = skb->len;
4513         /* see above */
4514         cb->args[0] = phy_idx + 1;
4515  out_err:
4516         cfg80211_unlock_rdev(dev);
4517         return err;
4518 }
4519
4520 static struct sk_buff *
4521 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
4522                               int approxlen, u32 pid, u32 seq, gfp_t gfp)
4523 {
4524         struct sk_buff *skb;
4525         void *hdr;
4526         struct nlattr *data;
4527
4528         skb = nlmsg_new(approxlen + 100, gfp);
4529         if (!skb)
4530                 return NULL;
4531
4532         hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
4533         if (!hdr) {
4534                 kfree_skb(skb);
4535                 return NULL;
4536         }
4537
4538         NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4539         data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4540
4541         ((void **)skb->cb)[0] = rdev;
4542         ((void **)skb->cb)[1] = hdr;
4543         ((void **)skb->cb)[2] = data;
4544
4545         return skb;
4546
4547  nla_put_failure:
4548         kfree_skb(skb);
4549         return NULL;
4550 }
4551
4552 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
4553                                                   int approxlen)
4554 {
4555         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4556
4557         if (WARN_ON(!rdev->testmode_info))
4558                 return NULL;
4559
4560         return __cfg80211_testmode_alloc_skb(rdev, approxlen,
4561                                 rdev->testmode_info->snd_pid,
4562                                 rdev->testmode_info->snd_seq,
4563                                 GFP_KERNEL);
4564 }
4565 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
4566
4567 int cfg80211_testmode_reply(struct sk_buff *skb)
4568 {
4569         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
4570         void *hdr = ((void **)skb->cb)[1];
4571         struct nlattr *data = ((void **)skb->cb)[2];
4572
4573         if (WARN_ON(!rdev->testmode_info)) {
4574                 kfree_skb(skb);
4575                 return -EINVAL;
4576         }
4577
4578         nla_nest_end(skb, data);
4579         genlmsg_end(skb, hdr);
4580         return genlmsg_reply(skb, rdev->testmode_info);
4581 }
4582 EXPORT_SYMBOL(cfg80211_testmode_reply);
4583
4584 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
4585                                                   int approxlen, gfp_t gfp)
4586 {
4587         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
4588
4589         return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
4590 }
4591 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
4592
4593 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
4594 {
4595         void *hdr = ((void **)skb->cb)[1];
4596         struct nlattr *data = ((void **)skb->cb)[2];
4597
4598         nla_nest_end(skb, data);
4599         genlmsg_end(skb, hdr);
4600         genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
4601 }
4602 EXPORT_SYMBOL(cfg80211_testmode_event);
4603 #endif
4604
4605 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
4606 {
4607         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4608         struct net_device *dev = info->user_ptr[1];
4609         struct cfg80211_connect_params connect;
4610         struct wiphy *wiphy;
4611         struct cfg80211_cached_keys *connkeys = NULL;
4612         int err;
4613
4614         memset(&connect, 0, sizeof(connect));
4615
4616         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4617                 return -EINVAL;
4618
4619         if (!info->attrs[NL80211_ATTR_SSID] ||
4620             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4621                 return -EINVAL;
4622
4623         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
4624                 connect.auth_type =
4625                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4626                 if (!nl80211_valid_auth_type(connect.auth_type))
4627                         return -EINVAL;
4628         } else
4629                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
4630
4631         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
4632
4633         err = nl80211_crypto_settings(rdev, info, &connect.crypto,
4634                                       NL80211_MAX_NR_CIPHER_SUITES);
4635         if (err)
4636                 return err;
4637
4638         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4639             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4640                 return -EOPNOTSUPP;
4641
4642         wiphy = &rdev->wiphy;
4643
4644         if (info->attrs[NL80211_ATTR_MAC])
4645                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4646         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4647         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4648
4649         if (info->attrs[NL80211_ATTR_IE]) {
4650                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4651                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4652         }
4653
4654         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
4655                 connect.channel =
4656                         ieee80211_get_channel(wiphy,
4657                             nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4658                 if (!connect.channel ||
4659                     connect.channel->flags & IEEE80211_CHAN_DISABLED)
4660                         return -EINVAL;
4661         }
4662
4663         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4664                 connkeys = nl80211_parse_connkeys(rdev,
4665                                         info->attrs[NL80211_ATTR_KEYS]);
4666                 if (IS_ERR(connkeys))
4667                         return PTR_ERR(connkeys);
4668         }
4669
4670         err = cfg80211_connect(rdev, dev, &connect, connkeys);
4671         if (err)
4672                 kfree(connkeys);
4673         return err;
4674 }
4675
4676 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
4677 {
4678         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4679         struct net_device *dev = info->user_ptr[1];
4680         u16 reason;
4681
4682         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4683                 reason = WLAN_REASON_DEAUTH_LEAVING;
4684         else
4685                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4686
4687         if (reason == 0)
4688                 return -EINVAL;
4689
4690         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4691             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4692                 return -EOPNOTSUPP;
4693
4694         return cfg80211_disconnect(rdev, dev, reason, true);
4695 }
4696
4697 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4698 {
4699         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4700         struct net *net;
4701         int err;
4702         u32 pid;
4703
4704         if (!info->attrs[NL80211_ATTR_PID])
4705                 return -EINVAL;
4706
4707         pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
4708
4709         net = get_net_ns_by_pid(pid);
4710         if (IS_ERR(net))
4711                 return PTR_ERR(net);
4712
4713         err = 0;
4714
4715         /* check if anything to do */
4716         if (!net_eq(wiphy_net(&rdev->wiphy), net))
4717                 err = cfg80211_switch_netns(rdev, net);
4718
4719         put_net(net);
4720         return err;
4721 }
4722
4723 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
4724 {
4725         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4726         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
4727                         struct cfg80211_pmksa *pmksa) = NULL;
4728         struct net_device *dev = info->user_ptr[1];
4729         struct cfg80211_pmksa pmksa;
4730
4731         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
4732
4733         if (!info->attrs[NL80211_ATTR_MAC])
4734                 return -EINVAL;
4735
4736         if (!info->attrs[NL80211_ATTR_PMKID])
4737                 return -EINVAL;
4738
4739         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
4740         pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4741
4742         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4743             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4744                 return -EOPNOTSUPP;
4745
4746         switch (info->genlhdr->cmd) {
4747         case NL80211_CMD_SET_PMKSA:
4748                 rdev_ops = rdev->ops->set_pmksa;
4749                 break;
4750         case NL80211_CMD_DEL_PMKSA:
4751                 rdev_ops = rdev->ops->del_pmksa;
4752                 break;
4753         default:
4754                 WARN_ON(1);
4755                 break;
4756         }
4757
4758         if (!rdev_ops)
4759                 return -EOPNOTSUPP;
4760
4761         return rdev_ops(&rdev->wiphy, dev, &pmksa);
4762 }
4763
4764 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
4765 {
4766         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4767         struct net_device *dev = info->user_ptr[1];
4768
4769         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4770             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4771                 return -EOPNOTSUPP;
4772
4773         if (!rdev->ops->flush_pmksa)
4774                 return -EOPNOTSUPP;
4775
4776         return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
4777 }
4778
4779 static int nl80211_remain_on_channel(struct sk_buff *skb,
4780                                      struct genl_info *info)
4781 {
4782         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4783         struct net_device *dev = info->user_ptr[1];
4784         struct ieee80211_channel *chan;
4785         struct sk_buff *msg;
4786         void *hdr;
4787         u64 cookie;
4788         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4789         u32 freq, duration;
4790         int err;
4791
4792         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4793             !info->attrs[NL80211_ATTR_DURATION])
4794                 return -EINVAL;
4795
4796         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
4797
4798         /*
4799          * We should be on that channel for at least one jiffie,
4800          * and more than 5 seconds seems excessive.
4801          */
4802         if (!duration || !msecs_to_jiffies(duration) ||
4803             duration > rdev->wiphy.max_remain_on_channel_duration)
4804                 return -EINVAL;
4805
4806         if (!rdev->ops->remain_on_channel)
4807                 return -EOPNOTSUPP;
4808
4809         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4810                 channel_type = nla_get_u32(
4811                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4812                 if (channel_type != NL80211_CHAN_NO_HT &&
4813                     channel_type != NL80211_CHAN_HT20 &&
4814                     channel_type != NL80211_CHAN_HT40PLUS &&
4815                     channel_type != NL80211_CHAN_HT40MINUS)
4816                         return -EINVAL;
4817         }
4818
4819         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
4820         chan = rdev_freq_to_chan(rdev, freq, channel_type);
4821         if (chan == NULL)
4822                 return -EINVAL;
4823
4824         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4825         if (!msg)
4826                 return -ENOMEM;
4827
4828         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
4829                              NL80211_CMD_REMAIN_ON_CHANNEL);
4830
4831         if (IS_ERR(hdr)) {
4832                 err = PTR_ERR(hdr);
4833                 goto free_msg;
4834         }
4835
4836         err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
4837                                            channel_type, duration, &cookie);
4838
4839         if (err)
4840                 goto free_msg;
4841
4842         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
4843
4844         genlmsg_end(msg, hdr);
4845
4846         return genlmsg_reply(msg, info);
4847
4848  nla_put_failure:
4849         err = -ENOBUFS;
4850  free_msg:
4851         nlmsg_free(msg);
4852         return err;
4853 }
4854
4855 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
4856                                             struct genl_info *info)
4857 {
4858         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4859         struct net_device *dev = info->user_ptr[1];
4860         u64 cookie;
4861
4862         if (!info->attrs[NL80211_ATTR_COOKIE])
4863                 return -EINVAL;
4864
4865         if (!rdev->ops->cancel_remain_on_channel)
4866                 return -EOPNOTSUPP;
4867
4868         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
4869
4870         return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
4871 }
4872
4873 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
4874                            u8 *rates, u8 rates_len)
4875 {
4876         u8 i;
4877         u32 mask = 0;
4878
4879         for (i = 0; i < rates_len; i++) {
4880                 int rate = (rates[i] & 0x7f) * 5;
4881                 int ridx;
4882                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
4883                         struct ieee80211_rate *srate =
4884                                 &sband->bitrates[ridx];
4885                         if (rate == srate->bitrate) {
4886                                 mask |= 1 << ridx;
4887                                 break;
4888                         }
4889                 }
4890                 if (ridx == sband->n_bitrates)
4891                         return 0; /* rate not found */
4892         }
4893
4894         return mask;
4895 }
4896
4897 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
4898         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
4899                                     .len = NL80211_MAX_SUPP_RATES },
4900 };
4901
4902 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
4903                                        struct genl_info *info)
4904 {
4905         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
4906         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4907         struct cfg80211_bitrate_mask mask;
4908         int rem, i;
4909         struct net_device *dev = info->user_ptr[1];
4910         struct nlattr *tx_rates;
4911         struct ieee80211_supported_band *sband;
4912
4913         if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
4914                 return -EINVAL;
4915
4916         if (!rdev->ops->set_bitrate_mask)
4917                 return -EOPNOTSUPP;
4918
4919         memset(&mask, 0, sizeof(mask));
4920         /* Default to all rates enabled */
4921         for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
4922                 sband = rdev->wiphy.bands[i];
4923                 mask.control[i].legacy =
4924                         sband ? (1 << sband->n_bitrates) - 1 : 0;
4925         }
4926
4927         /*
4928          * The nested attribute uses enum nl80211_band as the index. This maps
4929          * directly to the enum ieee80211_band values used in cfg80211.
4930          */
4931         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
4932         {
4933                 enum ieee80211_band band = nla_type(tx_rates);
4934                 if (band < 0 || band >= IEEE80211_NUM_BANDS)
4935                         return -EINVAL;
4936                 sband = rdev->wiphy.bands[band];
4937                 if (sband == NULL)
4938                         return -EINVAL;
4939                 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
4940                           nla_len(tx_rates), nl80211_txattr_policy);
4941                 if (tb[NL80211_TXRATE_LEGACY]) {
4942                         mask.control[band].legacy = rateset_to_mask(
4943                                 sband,
4944                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
4945                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
4946                         if (mask.control[band].legacy == 0)
4947                                 return -EINVAL;
4948                 }
4949         }
4950
4951         return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
4952 }
4953
4954 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
4955 {
4956         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4957         struct net_device *dev = info->user_ptr[1];
4958         u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
4959
4960         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
4961                 return -EINVAL;
4962
4963         if (info->attrs[NL80211_ATTR_FRAME_TYPE])
4964                 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
4965
4966         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4967             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
4968             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
4969             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
4970             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
4971             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
4972             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4973                 return -EOPNOTSUPP;
4974
4975         /* not much point in registering if we can't reply */
4976         if (!rdev->ops->mgmt_tx)
4977                 return -EOPNOTSUPP;
4978
4979         return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
4980                         frame_type,
4981                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
4982                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
4983 }
4984
4985 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
4986 {
4987         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4988         struct net_device *dev = info->user_ptr[1];
4989         struct ieee80211_channel *chan;
4990         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
4991         bool channel_type_valid = false;
4992         u32 freq;
4993         int err;
4994         void *hdr;
4995         u64 cookie;
4996         struct sk_buff *msg;
4997         unsigned int wait = 0;
4998         bool offchan;
4999
5000         if (!info->attrs[NL80211_ATTR_FRAME] ||
5001             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
5002                 return -EINVAL;
5003
5004         if (!rdev->ops->mgmt_tx)
5005                 return -EOPNOTSUPP;
5006
5007         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5008             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5009             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5010             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5011             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5012             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5013             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5014                 return -EOPNOTSUPP;
5015
5016         if (info->attrs[NL80211_ATTR_DURATION]) {
5017                 if (!rdev->ops->mgmt_tx_cancel_wait)
5018                         return -EINVAL;
5019                 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5020         }
5021
5022         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5023                 channel_type = nla_get_u32(
5024                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
5025                 if (channel_type != NL80211_CHAN_NO_HT &&
5026                     channel_type != NL80211_CHAN_HT20 &&
5027                     channel_type != NL80211_CHAN_HT40PLUS &&
5028                     channel_type != NL80211_CHAN_HT40MINUS)
5029                         return -EINVAL;
5030                 channel_type_valid = true;
5031         }
5032
5033         offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
5034
5035         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5036         chan = rdev_freq_to_chan(rdev, freq, channel_type);
5037         if (chan == NULL)
5038                 return -EINVAL;
5039
5040         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5041         if (!msg)
5042                 return -ENOMEM;
5043
5044         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5045                              NL80211_CMD_FRAME);
5046
5047         if (IS_ERR(hdr)) {
5048                 err = PTR_ERR(hdr);
5049                 goto free_msg;
5050         }
5051         err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type,
5052                                     channel_type_valid, wait,
5053                                     nla_data(info->attrs[NL80211_ATTR_FRAME]),
5054                                     nla_len(info->attrs[NL80211_ATTR_FRAME]),
5055                                     &cookie);
5056         if (err)
5057                 goto free_msg;
5058
5059         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5060
5061         genlmsg_end(msg, hdr);
5062         return genlmsg_reply(msg, info);
5063
5064  nla_put_failure:
5065         err = -ENOBUFS;
5066  free_msg:
5067         nlmsg_free(msg);
5068         return err;
5069 }
5070
5071 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
5072 {
5073         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5074         struct net_device *dev = info->user_ptr[1];
5075         u64 cookie;
5076
5077         if (!info->attrs[NL80211_ATTR_COOKIE])
5078                 return -EINVAL;
5079
5080         if (!rdev->ops->mgmt_tx_cancel_wait)
5081                 return -EOPNOTSUPP;
5082
5083         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5084             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5085             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5086             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5087             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5088             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5089                 return -EOPNOTSUPP;
5090
5091         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5092
5093         return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie);
5094 }
5095
5096 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
5097 {
5098         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5099         struct wireless_dev *wdev;
5100         struct net_device *dev = info->user_ptr[1];
5101         u8 ps_state;
5102         bool state;
5103         int err;
5104
5105         if (!info->attrs[NL80211_ATTR_PS_STATE])
5106                 return -EINVAL;
5107
5108         ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
5109
5110         if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
5111                 return -EINVAL;
5112
5113         wdev = dev->ieee80211_ptr;
5114
5115         if (!rdev->ops->set_power_mgmt)
5116                 return -EOPNOTSUPP;
5117
5118         state = (ps_state == NL80211_PS_ENABLED) ? true : false;
5119
5120         if (state == wdev->ps)
5121                 return 0;
5122
5123         err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state,
5124                                         wdev->ps_timeout);
5125         if (!err)
5126                 wdev->ps = state;
5127         return err;
5128 }
5129
5130 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5131 {
5132         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5133         enum nl80211_ps_state ps_state;
5134         struct wireless_dev *wdev;
5135         struct net_device *dev = info->user_ptr[1];
5136         struct sk_buff *msg;
5137         void *hdr;
5138         int err;
5139
5140         wdev = dev->ieee80211_ptr;
5141
5142         if (!rdev->ops->set_power_mgmt)
5143                 return -EOPNOTSUPP;
5144
5145         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5146         if (!msg)
5147                 return -ENOMEM;
5148
5149         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5150                              NL80211_CMD_GET_POWER_SAVE);
5151         if (!hdr) {
5152                 err = -ENOBUFS;
5153                 goto free_msg;
5154         }
5155
5156         if (wdev->ps)
5157                 ps_state = NL80211_PS_ENABLED;
5158         else
5159                 ps_state = NL80211_PS_DISABLED;
5160
5161         NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
5162
5163         genlmsg_end(msg, hdr);
5164         return genlmsg_reply(msg, info);
5165
5166  nla_put_failure:
5167         err = -ENOBUFS;
5168  free_msg:
5169         nlmsg_free(msg);
5170         return err;
5171 }
5172
5173 static struct nla_policy
5174 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5175         [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5176         [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5177         [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5178 };
5179
5180 static int nl80211_set_cqm_rssi(struct genl_info *info,
5181                                 s32 threshold, u32 hysteresis)
5182 {
5183         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5184         struct wireless_dev *wdev;
5185         struct net_device *dev = info->user_ptr[1];
5186
5187         if (threshold > 0)
5188                 return -EINVAL;
5189
5190         wdev = dev->ieee80211_ptr;
5191
5192         if (!rdev->ops->set_cqm_rssi_config)
5193                 return -EOPNOTSUPP;
5194
5195         if (wdev->iftype != NL80211_IFTYPE_STATION &&
5196             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
5197                 return -EOPNOTSUPP;
5198
5199         return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5200                                               threshold, hysteresis);
5201 }
5202
5203 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5204 {
5205         struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5206         struct nlattr *cqm;
5207         int err;
5208
5209         cqm = info->attrs[NL80211_ATTR_CQM];
5210         if (!cqm) {
5211                 err = -EINVAL;
5212                 goto out;
5213         }
5214
5215         err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5216                                nl80211_attr_cqm_policy);
5217         if (err)
5218                 goto out;
5219
5220         if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5221             attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5222                 s32 threshold;
5223                 u32 hysteresis;
5224                 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5225                 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5226                 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5227         } else
5228                 err = -EINVAL;
5229
5230 out:
5231         return err;
5232 }
5233
5234 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
5235 {
5236         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5237         struct net_device *dev = info->user_ptr[1];
5238         struct mesh_config cfg;
5239         struct mesh_setup setup;
5240         int err;
5241
5242         /* start with default */
5243         memcpy(&cfg, &default_mesh_config, sizeof(cfg));
5244         memcpy(&setup, &default_mesh_setup, sizeof(setup));
5245
5246         if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
5247                 /* and parse parameters if given */
5248                 err = nl80211_parse_mesh_config(info, &cfg, NULL);
5249                 if (err)
5250                         return err;
5251         }
5252
5253         if (!info->attrs[NL80211_ATTR_MESH_ID] ||
5254             !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
5255                 return -EINVAL;
5256
5257         setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
5258         setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5259
5260         if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
5261                 /* parse additional setup parameters if given */
5262                 err = nl80211_parse_mesh_setup(info, &setup);
5263                 if (err)
5264                         return err;
5265         }
5266
5267         return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
5268 }
5269
5270 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
5271 {
5272         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5273         struct net_device *dev = info->user_ptr[1];
5274
5275         return cfg80211_leave_mesh(rdev, dev);
5276 }
5277
5278 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
5279 {
5280         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5281         struct sk_buff *msg;
5282         void *hdr;
5283
5284         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5285                 return -EOPNOTSUPP;
5286
5287         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5288         if (!msg)
5289                 return -ENOMEM;
5290
5291         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5292                              NL80211_CMD_GET_WOWLAN);
5293         if (!hdr)
5294                 goto nla_put_failure;
5295
5296         if (rdev->wowlan) {
5297                 struct nlattr *nl_wowlan;
5298
5299                 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
5300                 if (!nl_wowlan)
5301                         goto nla_put_failure;
5302
5303                 if (rdev->wowlan->any)
5304                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
5305                 if (rdev->wowlan->disconnect)
5306                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
5307                 if (rdev->wowlan->magic_pkt)
5308                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
5309                 if (rdev->wowlan->gtk_rekey_failure)
5310                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
5311                 if (rdev->wowlan->eap_identity_req)
5312                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
5313                 if (rdev->wowlan->four_way_handshake)
5314                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
5315                 if (rdev->wowlan->rfkill_release)
5316                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
5317                 if (rdev->wowlan->n_patterns) {
5318                         struct nlattr *nl_pats, *nl_pat;
5319                         int i, pat_len;
5320
5321                         nl_pats = nla_nest_start(msg,
5322                                         NL80211_WOWLAN_TRIG_PKT_PATTERN);
5323                         if (!nl_pats)
5324                                 goto nla_put_failure;
5325
5326                         for (i = 0; i < rdev->wowlan->n_patterns; i++) {
5327                                 nl_pat = nla_nest_start(msg, i + 1);
5328                                 if (!nl_pat)
5329                                         goto nla_put_failure;
5330                                 pat_len = rdev->wowlan->patterns[i].pattern_len;
5331                                 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_MASK,
5332                                         DIV_ROUND_UP(pat_len, 8),
5333                                         rdev->wowlan->patterns[i].mask);
5334                                 NLA_PUT(msg, NL80211_WOWLAN_PKTPAT_PATTERN,
5335                                         pat_len,
5336                                         rdev->wowlan->patterns[i].pattern);
5337                                 nla_nest_end(msg, nl_pat);
5338                         }
5339                         nla_nest_end(msg, nl_pats);
5340                 }
5341
5342                 nla_nest_end(msg, nl_wowlan);
5343         }
5344
5345         genlmsg_end(msg, hdr);
5346         return genlmsg_reply(msg, info);
5347
5348 nla_put_failure:
5349         nlmsg_free(msg);
5350         return -ENOBUFS;
5351 }
5352
5353 static int nl80211_set_wowlan(struct sk_buff *skb, struct genl_info *info)
5354 {
5355         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5356         struct nlattr *tb[NUM_NL80211_WOWLAN_TRIG];
5357         struct cfg80211_wowlan no_triggers = {};
5358         struct cfg80211_wowlan new_triggers = {};
5359         struct wiphy_wowlan_support *wowlan = &rdev->wiphy.wowlan;
5360         int err, i;
5361
5362         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5363                 return -EOPNOTSUPP;
5364
5365         if (!info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS])
5366                 goto no_triggers;
5367
5368         err = nla_parse(tb, MAX_NL80211_WOWLAN_TRIG,
5369                         nla_data(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5370                         nla_len(info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS]),
5371                         nl80211_wowlan_policy);
5372         if (err)
5373                 return err;
5374
5375         if (tb[NL80211_WOWLAN_TRIG_ANY]) {
5376                 if (!(wowlan->flags & WIPHY_WOWLAN_ANY))
5377                         return -EINVAL;
5378                 new_triggers.any = true;
5379         }
5380
5381         if (tb[NL80211_WOWLAN_TRIG_DISCONNECT]) {
5382                 if (!(wowlan->flags & WIPHY_WOWLAN_DISCONNECT))
5383                         return -EINVAL;
5384                 new_triggers.disconnect = true;
5385         }
5386
5387         if (tb[NL80211_WOWLAN_TRIG_MAGIC_PKT]) {
5388                 if (!(wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT))
5389                         return -EINVAL;
5390                 new_triggers.magic_pkt = true;
5391         }
5392
5393         if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED])
5394                 return -EINVAL;
5395
5396         if (tb[NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE]) {
5397                 if (!(wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE))
5398                         return -EINVAL;
5399                 new_triggers.gtk_rekey_failure = true;
5400         }
5401
5402         if (tb[NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST]) {
5403                 if (!(wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ))
5404                         return -EINVAL;
5405                 new_triggers.eap_identity_req = true;
5406         }
5407
5408         if (tb[NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE]) {
5409                 if (!(wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE))
5410                         return -EINVAL;
5411                 new_triggers.four_way_handshake = true;
5412         }
5413
5414         if (tb[NL80211_WOWLAN_TRIG_RFKILL_RELEASE]) {
5415                 if (!(wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE))
5416                         return -EINVAL;
5417                 new_triggers.rfkill_release = true;
5418         }
5419
5420         if (tb[NL80211_WOWLAN_TRIG_PKT_PATTERN]) {
5421                 struct nlattr *pat;
5422                 int n_patterns = 0;
5423                 int rem, pat_len, mask_len;
5424                 struct nlattr *pat_tb[NUM_NL80211_WOWLAN_PKTPAT];
5425
5426                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
5427                                     rem)
5428                         n_patterns++;
5429                 if (n_patterns > wowlan->n_patterns)
5430                         return -EINVAL;
5431
5432                 new_triggers.patterns = kcalloc(n_patterns,
5433                                                 sizeof(new_triggers.patterns[0]),
5434                                                 GFP_KERNEL);
5435                 if (!new_triggers.patterns)
5436                         return -ENOMEM;
5437
5438                 new_triggers.n_patterns = n_patterns;
5439                 i = 0;
5440
5441                 nla_for_each_nested(pat, tb[NL80211_WOWLAN_TRIG_PKT_PATTERN],
5442                                     rem) {
5443                         nla_parse(pat_tb, MAX_NL80211_WOWLAN_PKTPAT,
5444                                   nla_data(pat), nla_len(pat), NULL);
5445                         err = -EINVAL;
5446                         if (!pat_tb[NL80211_WOWLAN_PKTPAT_MASK] ||
5447                             !pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN])
5448                                 goto error;
5449                         pat_len = nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]);
5450                         mask_len = DIV_ROUND_UP(pat_len, 8);
5451                         if (nla_len(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]) !=
5452                             mask_len)
5453                                 goto error;
5454                         if (pat_len > wowlan->pattern_max_len ||
5455                             pat_len < wowlan->pattern_min_len)
5456                                 goto error;
5457
5458                         new_triggers.patterns[i].mask =
5459                                 kmalloc(mask_len + pat_len, GFP_KERNEL);
5460                         if (!new_triggers.patterns[i].mask) {
5461                                 err = -ENOMEM;
5462                                 goto error;
5463                         }
5464                         new_triggers.patterns[i].pattern =
5465                                 new_triggers.patterns[i].mask + mask_len;
5466                         memcpy(new_triggers.patterns[i].mask,
5467                                nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_MASK]),
5468                                mask_len);
5469                         new_triggers.patterns[i].pattern_len = pat_len;
5470                         memcpy(new_triggers.patterns[i].pattern,
5471                                nla_data(pat_tb[NL80211_WOWLAN_PKTPAT_PATTERN]),
5472                                pat_len);
5473                         i++;
5474                 }
5475         }
5476
5477         if (memcmp(&new_triggers, &no_triggers, sizeof(new_triggers))) {
5478                 struct cfg80211_wowlan *ntrig;
5479                 ntrig = kmemdup(&new_triggers, sizeof(new_triggers),
5480                                 GFP_KERNEL);
5481                 if (!ntrig) {
5482                         err = -ENOMEM;
5483                         goto error;
5484                 }
5485                 cfg80211_rdev_free_wowlan(rdev);
5486                 rdev->wowlan = ntrig;
5487         } else {
5488  no_triggers:
5489                 cfg80211_rdev_free_wowlan(rdev);
5490                 rdev->wowlan = NULL;
5491         }
5492
5493         return 0;
5494  error:
5495         for (i = 0; i < new_triggers.n_patterns; i++)
5496                 kfree(new_triggers.patterns[i].mask);
5497         kfree(new_triggers.patterns);
5498         return err;
5499 }
5500
5501 static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info)
5502 {
5503         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5504         struct net_device *dev = info->user_ptr[1];
5505         struct wireless_dev *wdev = dev->ieee80211_ptr;
5506         struct nlattr *tb[NUM_NL80211_REKEY_DATA];
5507         struct cfg80211_gtk_rekey_data rekey_data;
5508         int err;
5509
5510         if (!info->attrs[NL80211_ATTR_REKEY_DATA])
5511                 return -EINVAL;
5512
5513         err = nla_parse(tb, MAX_NL80211_REKEY_DATA,
5514                         nla_data(info->attrs[NL80211_ATTR_REKEY_DATA]),
5515                         nla_len(info->attrs[NL80211_ATTR_REKEY_DATA]),
5516                         nl80211_rekey_policy);
5517         if (err)
5518                 return err;
5519
5520         if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
5521                 return -ERANGE;
5522         if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)
5523                 return -ERANGE;
5524         if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
5525                 return -ERANGE;
5526
5527         memcpy(rekey_data.kek, nla_data(tb[NL80211_REKEY_DATA_KEK]),
5528                NL80211_KEK_LEN);
5529         memcpy(rekey_data.kck, nla_data(tb[NL80211_REKEY_DATA_KCK]),
5530                NL80211_KCK_LEN);
5531         memcpy(rekey_data.replay_ctr,
5532                nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]),
5533                NL80211_REPLAY_CTR_LEN);
5534
5535         wdev_lock(wdev);
5536         if (!wdev->current_bss) {
5537                 err = -ENOTCONN;
5538                 goto out;
5539         }
5540
5541         if (!rdev->ops->set_rekey_data) {
5542                 err = -EOPNOTSUPP;
5543                 goto out;
5544         }
5545
5546         err = rdev->ops->set_rekey_data(&rdev->wiphy, dev, &rekey_data);
5547  out:
5548         wdev_unlock(wdev);
5549         return err;
5550 }
5551
5552 #define NL80211_FLAG_NEED_WIPHY         0x01
5553 #define NL80211_FLAG_NEED_NETDEV        0x02
5554 #define NL80211_FLAG_NEED_RTNL          0x04
5555 #define NL80211_FLAG_CHECK_NETDEV_UP    0x08
5556 #define NL80211_FLAG_NEED_NETDEV_UP     (NL80211_FLAG_NEED_NETDEV |\
5557                                          NL80211_FLAG_CHECK_NETDEV_UP)
5558
5559 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
5560                             struct genl_info *info)
5561 {
5562         struct cfg80211_registered_device *rdev;
5563         struct net_device *dev;
5564         int err;
5565         bool rtnl = ops->internal_flags & NL80211_FLAG_NEED_RTNL;
5566
5567         if (rtnl)
5568                 rtnl_lock();
5569
5570         if (ops->internal_flags & NL80211_FLAG_NEED_WIPHY) {
5571                 rdev = cfg80211_get_dev_from_info(info);
5572                 if (IS_ERR(rdev)) {
5573                         if (rtnl)
5574                                 rtnl_unlock();
5575                         return PTR_ERR(rdev);
5576                 }
5577                 info->user_ptr[0] = rdev;
5578         } else if (ops->internal_flags & NL80211_FLAG_NEED_NETDEV) {
5579                 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
5580                 if (err) {
5581                         if (rtnl)
5582                                 rtnl_unlock();
5583                         return err;
5584                 }
5585                 if (ops->internal_flags & NL80211_FLAG_CHECK_NETDEV_UP &&
5586                     !netif_running(dev)) {
5587                         cfg80211_unlock_rdev(rdev);
5588                         dev_put(dev);
5589                         if (rtnl)
5590                                 rtnl_unlock();
5591                         return -ENETDOWN;
5592                 }
5593                 info->user_ptr[0] = rdev;
5594                 info->user_ptr[1] = dev;
5595         }
5596
5597         return 0;
5598 }
5599
5600 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
5601                               struct genl_info *info)
5602 {
5603         if (info->user_ptr[0])
5604                 cfg80211_unlock_rdev(info->user_ptr[0]);
5605         if (info->user_ptr[1])
5606                 dev_put(info->user_ptr[1]);
5607         if (ops->internal_flags & NL80211_FLAG_NEED_RTNL)
5608                 rtnl_unlock();
5609 }
5610
5611 static struct genl_ops nl80211_ops[] = {
5612         {
5613                 .cmd = NL80211_CMD_GET_WIPHY,
5614                 .doit = nl80211_get_wiphy,
5615                 .dumpit = nl80211_dump_wiphy,
5616                 .policy = nl80211_policy,
5617                 /* can be retrieved by unprivileged users */
5618                 .internal_flags = NL80211_FLAG_NEED_WIPHY,
5619         },
5620         {
5621                 .cmd = NL80211_CMD_SET_WIPHY,
5622                 .doit = nl80211_set_wiphy,
5623                 .policy = nl80211_policy,
5624                 .flags = GENL_ADMIN_PERM,
5625                 .internal_flags = NL80211_FLAG_NEED_RTNL,
5626         },
5627         {
5628                 .cmd = NL80211_CMD_GET_INTERFACE,
5629                 .doit = nl80211_get_interface,
5630                 .dumpit = nl80211_dump_interface,
5631                 .policy = nl80211_policy,
5632                 /* can be retrieved by unprivileged users */
5633                 .internal_flags = NL80211_FLAG_NEED_NETDEV,
5634         },
5635         {
5636                 .cmd = NL80211_CMD_SET_INTERFACE,
5637                 .doit = nl80211_set_interface,
5638                 .policy = nl80211_policy,
5639                 .flags = GENL_ADMIN_PERM,
5640                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5641                                   NL80211_FLAG_NEED_RTNL,
5642         },
5643         {
5644                 .cmd = NL80211_CMD_NEW_INTERFACE,
5645                 .doit = nl80211_new_interface,
5646                 .policy = nl80211_policy,
5647                 .flags = GENL_ADMIN_PERM,
5648                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5649                                   NL80211_FLAG_NEED_RTNL,
5650         },
5651         {
5652                 .cmd = NL80211_CMD_DEL_INTERFACE,
5653                 .doit = nl80211_del_interface,
5654                 .policy = nl80211_policy,
5655                 .flags = GENL_ADMIN_PERM,
5656                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5657                                   NL80211_FLAG_NEED_RTNL,
5658         },
5659         {
5660                 .cmd = NL80211_CMD_GET_KEY,
5661                 .doit = nl80211_get_key,
5662                 .policy = nl80211_policy,
5663                 .flags = GENL_ADMIN_PERM,
5664                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5665                                   NL80211_FLAG_NEED_RTNL,
5666         },
5667         {
5668                 .cmd = NL80211_CMD_SET_KEY,
5669                 .doit = nl80211_set_key,
5670                 .policy = nl80211_policy,
5671                 .flags = GENL_ADMIN_PERM,
5672                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5673                                   NL80211_FLAG_NEED_RTNL,
5674         },
5675         {
5676                 .cmd = NL80211_CMD_NEW_KEY,
5677                 .doit = nl80211_new_key,
5678                 .policy = nl80211_policy,
5679                 .flags = GENL_ADMIN_PERM,
5680                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5681                                   NL80211_FLAG_NEED_RTNL,
5682         },
5683         {
5684                 .cmd = NL80211_CMD_DEL_KEY,
5685                 .doit = nl80211_del_key,
5686                 .policy = nl80211_policy,
5687                 .flags = GENL_ADMIN_PERM,
5688                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5689                                   NL80211_FLAG_NEED_RTNL,
5690         },
5691         {
5692                 .cmd = NL80211_CMD_SET_BEACON,
5693                 .policy = nl80211_policy,
5694                 .flags = GENL_ADMIN_PERM,
5695                 .doit = nl80211_addset_beacon,
5696                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5697                                   NL80211_FLAG_NEED_RTNL,
5698         },
5699         {
5700                 .cmd = NL80211_CMD_NEW_BEACON,
5701                 .policy = nl80211_policy,
5702                 .flags = GENL_ADMIN_PERM,
5703                 .doit = nl80211_addset_beacon,
5704                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5705                                   NL80211_FLAG_NEED_RTNL,
5706         },
5707         {
5708                 .cmd = NL80211_CMD_DEL_BEACON,
5709                 .policy = nl80211_policy,
5710                 .flags = GENL_ADMIN_PERM,
5711                 .doit = nl80211_del_beacon,
5712                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5713                                   NL80211_FLAG_NEED_RTNL,
5714         },
5715         {
5716                 .cmd = NL80211_CMD_GET_STATION,
5717                 .doit = nl80211_get_station,
5718                 .dumpit = nl80211_dump_station,
5719                 .policy = nl80211_policy,
5720                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5721                                   NL80211_FLAG_NEED_RTNL,
5722         },
5723         {
5724                 .cmd = NL80211_CMD_SET_STATION,
5725                 .doit = nl80211_set_station,
5726                 .policy = nl80211_policy,
5727                 .flags = GENL_ADMIN_PERM,
5728                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5729                                   NL80211_FLAG_NEED_RTNL,
5730         },
5731         {
5732                 .cmd = NL80211_CMD_NEW_STATION,
5733                 .doit = nl80211_new_station,
5734                 .policy = nl80211_policy,
5735                 .flags = GENL_ADMIN_PERM,
5736                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5737                                   NL80211_FLAG_NEED_RTNL,
5738         },
5739         {
5740                 .cmd = NL80211_CMD_DEL_STATION,
5741                 .doit = nl80211_del_station,
5742                 .policy = nl80211_policy,
5743                 .flags = GENL_ADMIN_PERM,
5744                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5745                                   NL80211_FLAG_NEED_RTNL,
5746         },
5747         {
5748                 .cmd = NL80211_CMD_GET_MPATH,
5749                 .doit = nl80211_get_mpath,
5750                 .dumpit = nl80211_dump_mpath,
5751                 .policy = nl80211_policy,
5752                 .flags = GENL_ADMIN_PERM,
5753                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5754                                   NL80211_FLAG_NEED_RTNL,
5755         },
5756         {
5757                 .cmd = NL80211_CMD_SET_MPATH,
5758                 .doit = nl80211_set_mpath,
5759                 .policy = nl80211_policy,
5760                 .flags = GENL_ADMIN_PERM,
5761                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5762                                   NL80211_FLAG_NEED_RTNL,
5763         },
5764         {
5765                 .cmd = NL80211_CMD_NEW_MPATH,
5766                 .doit = nl80211_new_mpath,
5767                 .policy = nl80211_policy,
5768                 .flags = GENL_ADMIN_PERM,
5769                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5770                                   NL80211_FLAG_NEED_RTNL,
5771         },
5772         {
5773                 .cmd = NL80211_CMD_DEL_MPATH,
5774                 .doit = nl80211_del_mpath,
5775                 .policy = nl80211_policy,
5776                 .flags = GENL_ADMIN_PERM,
5777                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5778                                   NL80211_FLAG_NEED_RTNL,
5779         },
5780         {
5781                 .cmd = NL80211_CMD_SET_BSS,
5782                 .doit = nl80211_set_bss,
5783                 .policy = nl80211_policy,
5784                 .flags = GENL_ADMIN_PERM,
5785                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5786                                   NL80211_FLAG_NEED_RTNL,
5787         },
5788         {
5789                 .cmd = NL80211_CMD_GET_REG,
5790                 .doit = nl80211_get_reg,
5791                 .policy = nl80211_policy,
5792                 /* can be retrieved by unprivileged users */
5793         },
5794         {
5795                 .cmd = NL80211_CMD_SET_REG,
5796                 .doit = nl80211_set_reg,
5797                 .policy = nl80211_policy,
5798                 .flags = GENL_ADMIN_PERM,
5799         },
5800         {
5801                 .cmd = NL80211_CMD_REQ_SET_REG,
5802                 .doit = nl80211_req_set_reg,
5803                 .policy = nl80211_policy,
5804                 .flags = GENL_ADMIN_PERM,
5805         },
5806         {
5807                 .cmd = NL80211_CMD_GET_MESH_CONFIG,
5808                 .doit = nl80211_get_mesh_config,
5809                 .policy = nl80211_policy,
5810                 /* can be retrieved by unprivileged users */
5811                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5812                                   NL80211_FLAG_NEED_RTNL,
5813         },
5814         {
5815                 .cmd = NL80211_CMD_SET_MESH_CONFIG,
5816                 .doit = nl80211_update_mesh_config,
5817                 .policy = nl80211_policy,
5818                 .flags = GENL_ADMIN_PERM,
5819                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5820                                   NL80211_FLAG_NEED_RTNL,
5821         },
5822         {
5823                 .cmd = NL80211_CMD_TRIGGER_SCAN,
5824                 .doit = nl80211_trigger_scan,
5825                 .policy = nl80211_policy,
5826                 .flags = GENL_ADMIN_PERM,
5827                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5828                                   NL80211_FLAG_NEED_RTNL,
5829         },
5830         {
5831                 .cmd = NL80211_CMD_GET_SCAN,
5832                 .policy = nl80211_policy,
5833                 .dumpit = nl80211_dump_scan,
5834         },
5835         {
5836                 .cmd = NL80211_CMD_START_SCHED_SCAN,
5837                 .doit = nl80211_start_sched_scan,
5838                 .policy = nl80211_policy,
5839                 .flags = GENL_ADMIN_PERM,
5840                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5841                                   NL80211_FLAG_NEED_RTNL,
5842         },
5843         {
5844                 .cmd = NL80211_CMD_STOP_SCHED_SCAN,
5845                 .doit = nl80211_stop_sched_scan,
5846                 .policy = nl80211_policy,
5847                 .flags = GENL_ADMIN_PERM,
5848                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5849                                   NL80211_FLAG_NEED_RTNL,
5850         },
5851         {
5852                 .cmd = NL80211_CMD_AUTHENTICATE,
5853                 .doit = nl80211_authenticate,
5854                 .policy = nl80211_policy,
5855                 .flags = GENL_ADMIN_PERM,
5856                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5857                                   NL80211_FLAG_NEED_RTNL,
5858         },
5859         {
5860                 .cmd = NL80211_CMD_ASSOCIATE,
5861                 .doit = nl80211_associate,
5862                 .policy = nl80211_policy,
5863                 .flags = GENL_ADMIN_PERM,
5864                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5865                                   NL80211_FLAG_NEED_RTNL,
5866         },
5867         {
5868                 .cmd = NL80211_CMD_DEAUTHENTICATE,
5869                 .doit = nl80211_deauthenticate,
5870                 .policy = nl80211_policy,
5871                 .flags = GENL_ADMIN_PERM,
5872                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5873                                   NL80211_FLAG_NEED_RTNL,
5874         },
5875         {
5876                 .cmd = NL80211_CMD_DISASSOCIATE,
5877                 .doit = nl80211_disassociate,
5878                 .policy = nl80211_policy,
5879                 .flags = GENL_ADMIN_PERM,
5880                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5881                                   NL80211_FLAG_NEED_RTNL,
5882         },
5883         {
5884                 .cmd = NL80211_CMD_JOIN_IBSS,
5885                 .doit = nl80211_join_ibss,
5886                 .policy = nl80211_policy,
5887                 .flags = GENL_ADMIN_PERM,
5888                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5889                                   NL80211_FLAG_NEED_RTNL,
5890         },
5891         {
5892                 .cmd = NL80211_CMD_LEAVE_IBSS,
5893                 .doit = nl80211_leave_ibss,
5894                 .policy = nl80211_policy,
5895                 .flags = GENL_ADMIN_PERM,
5896                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5897                                   NL80211_FLAG_NEED_RTNL,
5898         },
5899 #ifdef CONFIG_NL80211_TESTMODE
5900         {
5901                 .cmd = NL80211_CMD_TESTMODE,
5902                 .doit = nl80211_testmode_do,
5903                 .dumpit = nl80211_testmode_dump,
5904                 .policy = nl80211_policy,
5905                 .flags = GENL_ADMIN_PERM,
5906                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5907                                   NL80211_FLAG_NEED_RTNL,
5908         },
5909 #endif
5910         {
5911                 .cmd = NL80211_CMD_CONNECT,
5912                 .doit = nl80211_connect,
5913                 .policy = nl80211_policy,
5914                 .flags = GENL_ADMIN_PERM,
5915                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5916                                   NL80211_FLAG_NEED_RTNL,
5917         },
5918         {
5919                 .cmd = NL80211_CMD_DISCONNECT,
5920                 .doit = nl80211_disconnect,
5921                 .policy = nl80211_policy,
5922                 .flags = GENL_ADMIN_PERM,
5923                 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
5924                                   NL80211_FLAG_NEED_RTNL,
5925         },
5926         {
5927                 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
5928                 .doit = nl80211_wiphy_netns,
5929                 .policy = nl80211_policy,
5930                 .flags = GENL_ADMIN_PERM,
5931                 .internal_flags = NL80211_FLAG_NEED_WIPHY |
5932                                   NL80211_FLAG_NEED_RTNL,
5933         },
5934         {
5935                 .cmd = NL80211_CMD_GET_SURVEY,
5936                 .policy = nl80211_policy,
5937                 .dumpit = nl80211_dump_survey,
5938         },
5939         {
5940                 .cmd = NL80211_CMD_SET_PMKSA,
5941                 .doit = nl80211_setdel_pmksa,
5942                 .policy = nl80211_policy,
5943                 .flags = GENL_ADMIN_PERM,
5944                 .internal_flags = NL80211_FLAG_NEED_NETDEV |
5945                                   NL80211_FLAG_NEED_RTNL,
5946         },
5947         {
5948                 .cmd = NL80211_CMD_DEL_PMKSA,