cfg80211/mac80211: enable proper device_set_wakeup_enable handling
[linux-3.10.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25
26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type);
27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
28                                    struct genl_info *info,
29                                    struct cfg80211_crypto_settings *settings,
30                                    int cipher_limit);
31
32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
33                             struct genl_info *info);
34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
35                               struct genl_info *info);
36
37 /* the netlink family */
38 static struct genl_family nl80211_fam = {
39         .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
40         .name = "nl80211",      /* have users key off the name instead */
41         .hdrsize = 0,           /* no private header */
42         .version = 1,           /* no particular meaning now */
43         .maxattr = NL80211_ATTR_MAX,
44         .netnsok = true,
45         .pre_doit = nl80211_pre_doit,
46         .post_doit = nl80211_post_doit,
47 };
48
49 /* internal helper: get rdev and dev */
50 static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs,
51                                    struct cfg80211_registered_device **rdev,
52                                    struct net_device **dev)
53 {
54         int ifindex;
55
56         if (!attrs[NL80211_ATTR_IFINDEX])
57                 return -EINVAL;
58
59         ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
60         *dev = dev_get_by_index(netns, ifindex);
61         if (!*dev)
62                 return -ENODEV;
63
64         *rdev = cfg80211_get_dev_from_ifindex(netns, ifindex);
65         if (IS_ERR(*rdev)) {
66                 dev_put(*dev);
67                 return PTR_ERR(*rdev);
68         }
69
70         return 0;
71 }
72
73 /* policy for the attributes */
74 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
75         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
76         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
77                                       .len = 20-1 },
78         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
79         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
80         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
81         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
82         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
83         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
84         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
85         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
86
87         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
88         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
89         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
90
91         [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
92         [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
93
94         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
95         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
96                                     .len = WLAN_MAX_KEY_LEN },
97         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
98         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
99         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
100         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
101         [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
102
103         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
104         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
105         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
106                                        .len = IEEE80211_MAX_DATA_LEN },
107         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
108                                        .len = IEEE80211_MAX_DATA_LEN },
109         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
110         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
111         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
112         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
113                                                .len = NL80211_MAX_SUPP_RATES },
114         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
115         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
116         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
117         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
118                                 .len = IEEE80211_MAX_MESH_ID_LEN },
119         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
120
121         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
122         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
123
124         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
125         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
126         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
127         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
128                                            .len = NL80211_MAX_SUPP_RATES },
129         [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
130
131         [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
132         [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
133
134         [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
135
136         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
137         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
138                               .len = IEEE80211_MAX_DATA_LEN },
139         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
140         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
141
142         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
143                                 .len = IEEE80211_MAX_SSID_LEN },
144         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
145         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
146         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
147         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
148         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
149         [NL80211_ATTR_STA_FLAGS2] = {
150                 .len = sizeof(struct nl80211_sta_flag_update),
151         },
152         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
153         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
154         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
155         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
156         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
157         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
158         [NL80211_ATTR_PID] = { .type = NLA_U32 },
159         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
160         [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
161                                  .len = WLAN_PMKID_LEN },
162         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
163         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
164         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
165         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
166                                  .len = IEEE80211_MAX_DATA_LEN },
167         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
168         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
169         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
170         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
171         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
172         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
173         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
174         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
175         [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
176         [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
177         [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
178         [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
179         [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
180         [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
181         [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
182         [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
183         [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
184         [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
185         [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
186         [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
187                                          .len = IEEE80211_MAX_DATA_LEN },
188         [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
189                                          .len = IEEE80211_MAX_DATA_LEN },
190         [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
191         [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
192         [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
193         [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
194         [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
195         [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
196         [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
197         [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
198         [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
199         [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
200                                       .len = IEEE80211_MAX_DATA_LEN },
201         [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
202         [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
203         [NL80211_ATTR_HT_CAPABILITY_MASK] = {
204                 .len = NL80211_HT_CAPABILITY_LEN
205         },
206         [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
207         [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
208         [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
209 };
210
211 /* policy for the key attributes */
212 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
213         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
214         [NL80211_KEY_IDX] = { .type = NLA_U8 },
215         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
216         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
217         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
218         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
219         [NL80211_KEY_TYPE] = { .type = NLA_U32 },
220         [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
221 };
222
223 /* policy for the key default flags */
224 static const struct nla_policy
225 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
226         [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
227         [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
228 };
229
230 /* policy for WoWLAN attributes */
231 static const struct nla_policy
232 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
233         [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
234         [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
235         [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
236         [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
237         [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
238         [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
239         [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
240         [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
241 };
242
243 /* policy for GTK rekey offload attributes */
244 static const struct nla_policy
245 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
246         [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
247         [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
248         [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
249 };
250
251 static const struct nla_policy
252 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
253         [NL80211_ATTR_SCHED_SCAN_MATCH_SSID] = { .type = NLA_BINARY,
254                                                  .len = IEEE80211_MAX_SSID_LEN },
255 };
256
257 /* ifidx get helper */
258 static int nl80211_get_ifidx(struct netlink_callback *cb)
259 {
260         int res;
261
262         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
263                           nl80211_fam.attrbuf, nl80211_fam.maxattr,
264                           nl80211_policy);
265         if (res)
266                 return res;
267
268         if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
269                 return -EINVAL;
270
271         res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
272         if (!res)
273                 return -EINVAL;
274         return res;
275 }
276
277 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
278                                        struct netlink_callback *cb,
279                                        struct cfg80211_registered_device **rdev,
280                                        struct net_device **dev)
281 {
282         int ifidx = cb->args[0];
283         int err;
284
285         if (!ifidx)
286                 ifidx = nl80211_get_ifidx(cb);
287         if (ifidx < 0)
288                 return ifidx;
289
290         cb->args[0] = ifidx;
291
292         rtnl_lock();
293
294         *dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
295         if (!*dev) {
296                 err = -ENODEV;
297                 goto out_rtnl;
298         }
299
300         *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
301         if (IS_ERR(*rdev)) {
302                 err = PTR_ERR(*rdev);
303                 goto out_rtnl;
304         }
305
306         return 0;
307  out_rtnl:
308         rtnl_unlock();
309         return err;
310 }
311
312 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
313 {
314         cfg80211_unlock_rdev(rdev);
315         rtnl_unlock();
316 }
317
318 /* IE validation */
319 static bool is_valid_ie_attr(const struct nlattr *attr)
320 {
321         const u8 *pos;
322         int len;
323
324         if (!attr)
325                 return true;
326
327         pos = nla_data(attr);
328         len = nla_len(attr);
329
330         while (len) {
331                 u8 elemlen;
332
333                 if (len < 2)
334                         return false;
335                 len -= 2;
336
337                 elemlen = pos[1];
338                 if (elemlen > len)
339                         return false;
340
341                 len -= elemlen;
342                 pos += 2 + elemlen;
343         }
344
345         return true;
346 }
347
348 /* message building helper */
349 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
350                                    int flags, u8 cmd)
351 {
352         /* since there is no private header just add the generic one */
353         return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
354 }
355
356 static int nl80211_msg_put_channel(struct sk_buff *msg,
357                                    struct ieee80211_channel *chan)
358 {
359         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
360                     chan->center_freq);
361
362         if (chan->flags & IEEE80211_CHAN_DISABLED)
363                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
364         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
365                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
366         if (chan->flags & IEEE80211_CHAN_NO_IBSS)
367                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
368         if (chan->flags & IEEE80211_CHAN_RADAR)
369                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
370
371         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
372                     DBM_TO_MBM(chan->max_power));
373
374         return 0;
375
376  nla_put_failure:
377         return -ENOBUFS;
378 }
379
380 /* netlink command implementations */
381
382 struct key_parse {
383         struct key_params p;
384         int idx;
385         int type;
386         bool def, defmgmt;
387         bool def_uni, def_multi;
388 };
389
390 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
391 {
392         struct nlattr *tb[NL80211_KEY_MAX + 1];
393         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
394                                    nl80211_key_policy);
395         if (err)
396                 return err;
397
398         k->def = !!tb[NL80211_KEY_DEFAULT];
399         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
400
401         if (k->def) {
402                 k->def_uni = true;
403                 k->def_multi = true;
404         }
405         if (k->defmgmt)
406                 k->def_multi = true;
407
408         if (tb[NL80211_KEY_IDX])
409                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
410
411         if (tb[NL80211_KEY_DATA]) {
412                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
413                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
414         }
415
416         if (tb[NL80211_KEY_SEQ]) {
417                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
418                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
419         }
420
421         if (tb[NL80211_KEY_CIPHER])
422                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
423
424         if (tb[NL80211_KEY_TYPE]) {
425                 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
426                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
427                         return -EINVAL;
428         }
429
430         if (tb[NL80211_KEY_DEFAULT_TYPES]) {
431                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
432                 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
433                                        tb[NL80211_KEY_DEFAULT_TYPES],
434                                        nl80211_key_default_policy);
435                 if (err)
436                         return err;
437
438                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
439                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
440         }
441
442         return 0;
443 }
444
445 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
446 {
447         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
448                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
449                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
450         }
451
452         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
453                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
454                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
455         }
456
457         if (info->attrs[NL80211_ATTR_KEY_IDX])
458                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
459
460         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
461                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
462
463         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
464         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
465
466         if (k->def) {
467                 k->def_uni = true;
468                 k->def_multi = true;
469         }
470         if (k->defmgmt)
471                 k->def_multi = true;
472
473         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
474                 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
475                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
476                         return -EINVAL;
477         }
478
479         if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
480                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
481                 int err = nla_parse_nested(
482                                 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
483                                 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
484                                 nl80211_key_default_policy);
485                 if (err)
486                         return err;
487
488                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
489                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
490         }
491
492         return 0;
493 }
494
495 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
496 {
497         int err;
498
499         memset(k, 0, sizeof(*k));
500         k->idx = -1;
501         k->type = -1;
502
503         if (info->attrs[NL80211_ATTR_KEY])
504                 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
505         else
506                 err = nl80211_parse_key_old(info, k);
507
508         if (err)
509                 return err;
510
511         if (k->def && k->defmgmt)
512                 return -EINVAL;
513
514         if (k->defmgmt) {
515                 if (k->def_uni || !k->def_multi)
516                         return -EINVAL;
517         }
518
519         if (k->idx != -1) {
520                 if (k->defmgmt) {
521                         if (k->idx < 4 || k->idx > 5)
522                                 return -EINVAL;
523                 } else if (k->def) {
524                         if (k->idx < 0 || k->idx > 3)
525                                 return -EINVAL;
526                 } else {
527                         if (k->idx < 0 || k->idx > 5)
528                                 return -EINVAL;
529                 }
530         }
531
532         return 0;
533 }
534
535 static struct cfg80211_cached_keys *
536 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
537                        struct nlattr *keys)
538 {
539         struct key_parse parse;
540         struct nlattr *key;
541         struct cfg80211_cached_keys *result;
542         int rem, err, def = 0;
543
544         result = kzalloc(sizeof(*result), GFP_KERNEL);
545         if (!result)
546                 return ERR_PTR(-ENOMEM);
547
548         result->def = -1;
549         result->defmgmt = -1;
550
551         nla_for_each_nested(key, keys, rem) {
552                 memset(&parse, 0, sizeof(parse));
553                 parse.idx = -1;
554
555                 err = nl80211_parse_key_new(key, &parse);
556                 if (err)
557                         goto error;
558                 err = -EINVAL;
559                 if (!parse.p.key)
560                         goto error;
561                 if (parse.idx < 0 || parse.idx > 4)
562                         goto error;
563                 if (parse.def) {
564                         if (def)
565                                 goto error;
566                         def = 1;
567                         result->def = parse.idx;
568                         if (!parse.def_uni || !parse.def_multi)
569                                 goto error;
570                 } else if (parse.defmgmt)
571                         goto error;
572                 err = cfg80211_validate_key_settings(rdev, &parse.p,
573                                                      parse.idx, false, NULL);
574                 if (err)
575                         goto error;
576                 result->params[parse.idx].cipher = parse.p.cipher;
577                 result->params[parse.idx].key_len = parse.p.key_len;
578                 result->params[parse.idx].key = result->data[parse.idx];
579                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
580         }
581
582         return result;
583  error:
584         kfree(result);
585         return ERR_PTR(err);
586 }
587
588 static int nl80211_key_allowed(struct wireless_dev *wdev)
589 {
590         ASSERT_WDEV_LOCK(wdev);
591
592         switch (wdev->iftype) {
593         case NL80211_IFTYPE_AP:
594         case NL80211_IFTYPE_AP_VLAN:
595         case NL80211_IFTYPE_P2P_GO:
596         case NL80211_IFTYPE_MESH_POINT:
597                 break;
598         case NL80211_IFTYPE_ADHOC:
599                 if (!wdev->current_bss)
600                         return -ENOLINK;
601                 break;
602         case NL80211_IFTYPE_STATION:
603         case NL80211_IFTYPE_P2P_CLIENT:
604                 if (wdev->sme_state != CFG80211_SME_CONNECTED)
605                         return -ENOLINK;
606                 break;
607         default:
608                 return -EINVAL;
609         }
610
611         return 0;
612 }
613
614 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
615 {
616         struct nlattr *nl_modes = nla_nest_start(msg, attr);
617         int i;
618
619         if (!nl_modes)
620                 goto nla_put_failure;
621
622         i = 0;
623         while (ifmodes) {
624                 if (ifmodes & 1)
625                         NLA_PUT_FLAG(msg, i);
626                 ifmodes >>= 1;
627                 i++;
628         }
629
630         nla_nest_end(msg, nl_modes);
631         return 0;
632
633 nla_put_failure:
634         return -ENOBUFS;
635 }
636
637 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
638                                           struct sk_buff *msg)
639 {
640         struct nlattr *nl_combis;
641         int i, j;
642
643         nl_combis = nla_nest_start(msg,
644                                 NL80211_ATTR_INTERFACE_COMBINATIONS);
645         if (!nl_combis)
646                 goto nla_put_failure;
647
648         for (i = 0; i < wiphy->n_iface_combinations; i++) {
649                 const struct ieee80211_iface_combination *c;
650                 struct nlattr *nl_combi, *nl_limits;
651
652                 c = &wiphy->iface_combinations[i];
653
654                 nl_combi = nla_nest_start(msg, i + 1);
655                 if (!nl_combi)
656                         goto nla_put_failure;
657
658                 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
659                 if (!nl_limits)
660                         goto nla_put_failure;
661
662                 for (j = 0; j < c->n_limits; j++) {
663                         struct nlattr *nl_limit;
664
665                         nl_limit = nla_nest_start(msg, j + 1);
666                         if (!nl_limit)
667                                 goto nla_put_failure;
668                         NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX,
669                                     c->limits[j].max);
670                         if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
671                                                 c->limits[j].types))
672                                 goto nla_put_failure;
673                         nla_nest_end(msg, nl_limit);
674                 }
675
676                 nla_nest_end(msg, nl_limits);
677
678                 if (c->beacon_int_infra_match)
679                         NLA_PUT_FLAG(msg,
680                                 NL80211_IFACE_COMB_STA_AP_BI_MATCH);
681                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
682                             c->num_different_channels);
683                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM,
684                             c->max_interfaces);
685
686                 nla_nest_end(msg, nl_combi);
687         }
688
689         nla_nest_end(msg, nl_combis);
690
691         return 0;
692 nla_put_failure:
693         return -ENOBUFS;
694 }
695
696 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
697                               struct cfg80211_registered_device *dev)
698 {
699         void *hdr;
700         struct nlattr *nl_bands, *nl_band;
701         struct nlattr *nl_freqs, *nl_freq;
702         struct nlattr *nl_rates, *nl_rate;
703         struct nlattr *nl_cmds;
704         enum ieee80211_band band;
705         struct ieee80211_channel *chan;
706         struct ieee80211_rate *rate;
707         int i;
708         const struct ieee80211_txrx_stypes *mgmt_stypes =
709                                 dev->wiphy.mgmt_stypes;
710
711         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
712         if (!hdr)
713                 return -1;
714
715         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
716         NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
717
718         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
719                     cfg80211_rdev_list_generation);
720
721         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
722                    dev->wiphy.retry_short);
723         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
724                    dev->wiphy.retry_long);
725         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
726                     dev->wiphy.frag_threshold);
727         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
728                     dev->wiphy.rts_threshold);
729         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
730                     dev->wiphy.coverage_class);
731         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
732                    dev->wiphy.max_scan_ssids);
733         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
734                    dev->wiphy.max_sched_scan_ssids);
735         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
736                     dev->wiphy.max_scan_ie_len);
737         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
738                     dev->wiphy.max_sched_scan_ie_len);
739         NLA_PUT_U8(msg, NL80211_ATTR_MAX_MATCH_SETS,
740                    dev->wiphy.max_match_sets);
741
742         if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)
743                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN);
744         if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)
745                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
746         if (dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD)
747                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_AP_UAPSD);
748         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)
749                 NLA_PUT_FLAG(msg, NL80211_ATTR_ROAM_SUPPORT);
750         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)
751                 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_SUPPORT);
752         if (dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)
753                 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP);
754
755         NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
756                 sizeof(u32) * dev->wiphy.n_cipher_suites,
757                 dev->wiphy.cipher_suites);
758
759         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
760                    dev->wiphy.max_num_pmkids);
761
762         if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL)
763                 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE);
764
765         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
766                     dev->wiphy.available_antennas_tx);
767         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
768                     dev->wiphy.available_antennas_rx);
769
770         if (dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD)
771                 NLA_PUT_U32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
772                             dev->wiphy.probe_resp_offload);
773
774         if ((dev->wiphy.available_antennas_tx ||
775              dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
776                 u32 tx_ant = 0, rx_ant = 0;
777                 int res;
778                 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
779                 if (!res) {
780                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant);
781                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant);
782                 }
783         }
784
785         if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
786                                 dev->wiphy.interface_modes))
787                 goto nla_put_failure;
788
789         nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
790         if (!nl_bands)
791                 goto nla_put_failure;
792
793         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
794                 if (!dev->wiphy.bands[band])
795                         continue;
796
797                 nl_band = nla_nest_start(msg, band);
798                 if (!nl_band)
799                         goto nla_put_failure;
800
801                 /* add HT info */
802                 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
803                         NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
804                                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
805                                 &dev->wiphy.bands[band]->ht_cap.mcs);
806                         NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
807                                 dev->wiphy.bands[band]->ht_cap.cap);
808                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
809                                 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
810                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
811                                 dev->wiphy.bands[band]->ht_cap.ampdu_density);
812                 }
813
814                 /* add frequencies */
815                 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
816                 if (!nl_freqs)
817                         goto nla_put_failure;
818
819                 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
820                         nl_freq = nla_nest_start(msg, i);
821                         if (!nl_freq)
822                                 goto nla_put_failure;
823
824                         chan = &dev->wiphy.bands[band]->channels[i];
825
826                         if (nl80211_msg_put_channel(msg, chan))
827                                 goto nla_put_failure;
828
829                         nla_nest_end(msg, nl_freq);
830                 }
831
832                 nla_nest_end(msg, nl_freqs);
833
834                 /* add bitrates */
835                 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
836                 if (!nl_rates)
837                         goto nla_put_failure;
838
839                 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
840                         nl_rate = nla_nest_start(msg, i);
841                         if (!nl_rate)
842                                 goto nla_put_failure;
843
844                         rate = &dev->wiphy.bands[band]->bitrates[i];
845                         NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
846                                     rate->bitrate);
847                         if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
848                                 NLA_PUT_FLAG(msg,
849                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
850
851                         nla_nest_end(msg, nl_rate);
852                 }
853
854                 nla_nest_end(msg, nl_rates);
855
856                 nla_nest_end(msg, nl_band);
857         }
858         nla_nest_end(msg, nl_bands);
859
860         nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
861         if (!nl_cmds)
862                 goto nla_put_failure;
863
864         i = 0;
865 #define CMD(op, n)                                              \
866          do {                                                   \
867                 if (dev->ops->op) {                             \
868                         i++;                                    \
869                         NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
870                 }                                               \
871         } while (0)
872
873         CMD(add_virtual_intf, NEW_INTERFACE);
874         CMD(change_virtual_intf, SET_INTERFACE);
875         CMD(add_key, NEW_KEY);
876         CMD(start_ap, START_AP);
877         CMD(add_station, NEW_STATION);
878         CMD(add_mpath, NEW_MPATH);
879         CMD(update_mesh_config, SET_MESH_CONFIG);
880         CMD(change_bss, SET_BSS);
881         CMD(auth, AUTHENTICATE);
882         CMD(assoc, ASSOCIATE);
883         CMD(deauth, DEAUTHENTICATE);
884         CMD(disassoc, DISASSOCIATE);
885         CMD(join_ibss, JOIN_IBSS);
886         CMD(join_mesh, JOIN_MESH);
887         CMD(set_pmksa, SET_PMKSA);
888         CMD(del_pmksa, DEL_PMKSA);
889         CMD(flush_pmksa, FLUSH_PMKSA);
890         if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
891                 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
892         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
893         CMD(mgmt_tx, FRAME);
894         CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
895         if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
896                 i++;
897                 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
898         }
899         CMD(set_channel, SET_CHANNEL);
900         CMD(set_wds_peer, SET_WDS_PEER);
901         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
902                 CMD(tdls_mgmt, TDLS_MGMT);
903                 CMD(tdls_oper, TDLS_OPER);
904         }
905         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
906                 CMD(sched_scan_start, START_SCHED_SCAN);
907         CMD(probe_client, PROBE_CLIENT);
908         CMD(set_noack_map, SET_NOACK_MAP);
909         if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
910                 i++;
911                 NLA_PUT_U32(msg, i, NL80211_CMD_REGISTER_BEACONS);
912         }
913
914 #ifdef CONFIG_NL80211_TESTMODE
915         CMD(testmode_cmd, TESTMODE);
916 #endif
917
918 #undef CMD
919
920         if (dev->ops->connect || dev->ops->auth) {
921                 i++;
922                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
923         }
924
925         if (dev->ops->disconnect || dev->ops->deauth) {
926                 i++;
927                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
928         }
929
930         nla_nest_end(msg, nl_cmds);
931
932         if (dev->ops->remain_on_channel &&
933             dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
934                 NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
935                             dev->wiphy.max_remain_on_channel_duration);
936
937         if (dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)
938                 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
939
940         if (mgmt_stypes) {
941                 u16 stypes;
942                 struct nlattr *nl_ftypes, *nl_ifs;
943                 enum nl80211_iftype ift;
944
945                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
946                 if (!nl_ifs)
947                         goto nla_put_failure;
948
949                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
950                         nl_ftypes = nla_nest_start(msg, ift);
951                         if (!nl_ftypes)
952                                 goto nla_put_failure;
953                         i = 0;
954                         stypes = mgmt_stypes[ift].tx;
955                         while (stypes) {
956                                 if (stypes & 1)
957                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
958                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
959                                 stypes >>= 1;
960                                 i++;
961                         }
962                         nla_nest_end(msg, nl_ftypes);
963                 }
964
965                 nla_nest_end(msg, nl_ifs);
966
967                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
968                 if (!nl_ifs)
969                         goto nla_put_failure;
970
971                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
972                         nl_ftypes = nla_nest_start(msg, ift);
973                         if (!nl_ftypes)
974                                 goto nla_put_failure;
975                         i = 0;
976                         stypes = mgmt_stypes[ift].rx;
977                         while (stypes) {
978                                 if (stypes & 1)
979                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
980                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
981                                 stypes >>= 1;
982                                 i++;
983                         }
984                         nla_nest_end(msg, nl_ftypes);
985                 }
986                 nla_nest_end(msg, nl_ifs);
987         }
988
989         if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
990                 struct nlattr *nl_wowlan;
991
992                 nl_wowlan = nla_nest_start(msg,
993                                 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
994                 if (!nl_wowlan)
995                         goto nla_put_failure;
996
997                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY)
998                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
999                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT)
1000                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
1001                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT)
1002                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
1003                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY)
1004                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED);
1005                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)
1006                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
1007                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)
1008                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
1009                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)
1010                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
1011                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE)
1012                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
1013                 if (dev->wiphy.wowlan.n_patterns) {
1014                         struct nl80211_wowlan_pattern_support pat = {
1015                                 .max_patterns = dev->wiphy.wowlan.n_patterns,
1016                                 .min_pattern_len =
1017                                         dev->wiphy.wowlan.pattern_min_len,
1018                                 .max_pattern_len =
1019                                         dev->wiphy.wowlan.pattern_max_len,
1020                         };
1021                         NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1022                                 sizeof(pat), &pat);
1023                 }
1024
1025                 nla_nest_end(msg, nl_wowlan);
1026         }
1027
1028         if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1029                                 dev->wiphy.software_iftypes))
1030                 goto nla_put_failure;
1031
1032         if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1033                 goto nla_put_failure;
1034
1035         if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME)
1036                 NLA_PUT_U32(msg, NL80211_ATTR_DEVICE_AP_SME,
1037                             dev->wiphy.ap_sme_capa);
1038
1039         NLA_PUT_U32(msg, NL80211_ATTR_FEATURE_FLAGS, dev->wiphy.features);
1040
1041         if (dev->wiphy.ht_capa_mod_mask)
1042                 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1043                         sizeof(*dev->wiphy.ht_capa_mod_mask),
1044                         dev->wiphy.ht_capa_mod_mask);
1045
1046         return genlmsg_end(msg, hdr);
1047
1048  nla_put_failure:
1049         genlmsg_cancel(msg, hdr);
1050         return -EMSGSIZE;
1051 }
1052
1053 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1054 {
1055         int idx = 0;
1056         int start = cb->args[0];
1057         struct cfg80211_registered_device *dev;
1058
1059         mutex_lock(&cfg80211_mutex);
1060         list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1061                 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1062                         continue;
1063                 if (++idx <= start)
1064                         continue;
1065                 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
1066                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
1067                                        dev) < 0) {
1068                         idx--;
1069                         break;
1070                 }
1071         }
1072         mutex_unlock(&cfg80211_mutex);
1073
1074         cb->args[0] = idx;
1075
1076         return skb->len;
1077 }
1078
1079 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1080 {
1081         struct sk_buff *msg;
1082         struct cfg80211_registered_device *dev = info->user_ptr[0];
1083
1084         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1085         if (!msg)
1086                 return -ENOMEM;
1087
1088         if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
1089                 nlmsg_free(msg);
1090                 return -ENOBUFS;
1091         }
1092
1093         return genlmsg_reply(msg, info);
1094 }
1095
1096 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1097         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
1098         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
1099         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
1100         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
1101         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
1102 };
1103
1104 static int parse_txq_params(struct nlattr *tb[],
1105                             struct ieee80211_txq_params *txq_params)
1106 {
1107         if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1108             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1109             !tb[NL80211_TXQ_ATTR_AIFS])
1110                 return -EINVAL;
1111
1112         txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1113         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1114         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1115         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1116         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1117
1118         if (txq_params->ac >= NL80211_NUM_ACS)
1119                 return -EINVAL;
1120
1121         return 0;
1122 }
1123
1124 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1125 {
1126         /*
1127          * You can only set the channel explicitly for AP, mesh
1128          * and WDS type interfaces; all others have their channel
1129          * managed via their respective "establish a connection"
1130          * command (connect, join, ...)
1131          *
1132          * Monitors are special as they are normally slaved to
1133          * whatever else is going on, so they behave as though
1134          * you tried setting the wiphy channel itself.
1135          */
1136         return !wdev ||
1137                 wdev->iftype == NL80211_IFTYPE_AP ||
1138                 wdev->iftype == NL80211_IFTYPE_WDS ||
1139                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1140                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1141                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1142 }
1143
1144 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1145                                  struct wireless_dev *wdev,
1146                                  struct genl_info *info)
1147 {
1148         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1149         u32 freq;
1150         int result;
1151
1152         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1153                 return -EINVAL;
1154
1155         if (!nl80211_can_set_dev_channel(wdev))
1156                 return -EOPNOTSUPP;
1157
1158         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1159                 channel_type = nla_get_u32(info->attrs[
1160                                    NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1161                 if (channel_type != NL80211_CHAN_NO_HT &&
1162                     channel_type != NL80211_CHAN_HT20 &&
1163                     channel_type != NL80211_CHAN_HT40PLUS &&
1164                     channel_type != NL80211_CHAN_HT40MINUS)
1165                         return -EINVAL;
1166         }
1167
1168         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1169
1170         mutex_lock(&rdev->devlist_mtx);
1171         if (wdev) {
1172                 wdev_lock(wdev);
1173                 result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
1174                 wdev_unlock(wdev);
1175         } else {
1176                 result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
1177         }
1178         mutex_unlock(&rdev->devlist_mtx);
1179
1180         return result;
1181 }
1182
1183 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1184 {
1185         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1186         struct net_device *netdev = info->user_ptr[1];
1187
1188         return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1189 }
1190
1191 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1192 {
1193         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1194         struct net_device *dev = info->user_ptr[1];
1195         struct wireless_dev *wdev = dev->ieee80211_ptr;
1196         const u8 *bssid;
1197
1198         if (!info->attrs[NL80211_ATTR_MAC])
1199                 return -EINVAL;
1200
1201         if (netif_running(dev))
1202                 return -EBUSY;
1203
1204         if (!rdev->ops->set_wds_peer)
1205                 return -EOPNOTSUPP;
1206
1207         if (wdev->iftype != NL80211_IFTYPE_WDS)
1208                 return -EOPNOTSUPP;
1209
1210         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1211         return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1212 }
1213
1214
1215 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1216 {
1217         struct cfg80211_registered_device *rdev;
1218         struct net_device *netdev = NULL;
1219         struct wireless_dev *wdev;
1220         int result = 0, rem_txq_params = 0;
1221         struct nlattr *nl_txq_params;
1222         u32 changed;
1223         u8 retry_short = 0, retry_long = 0;
1224         u32 frag_threshold = 0, rts_threshold = 0;
1225         u8 coverage_class = 0;
1226
1227         /*
1228          * Try to find the wiphy and netdev. Normally this
1229          * function shouldn't need the netdev, but this is
1230          * done for backward compatibility -- previously
1231          * setting the channel was done per wiphy, but now
1232          * it is per netdev. Previous userland like hostapd
1233          * also passed a netdev to set_wiphy, so that it is
1234          * possible to let that go to the right netdev!
1235          */
1236         mutex_lock(&cfg80211_mutex);
1237
1238         if (info->attrs[NL80211_ATTR_IFINDEX]) {
1239                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1240
1241                 netdev = dev_get_by_index(genl_info_net(info), ifindex);
1242                 if (netdev && netdev->ieee80211_ptr) {
1243                         rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1244                         mutex_lock(&rdev->mtx);
1245                 } else
1246                         netdev = NULL;
1247         }
1248
1249         if (!netdev) {
1250                 rdev = __cfg80211_rdev_from_info(info);
1251                 if (IS_ERR(rdev)) {
1252                         mutex_unlock(&cfg80211_mutex);
1253                         return PTR_ERR(rdev);
1254                 }
1255                 wdev = NULL;
1256                 netdev = NULL;
1257                 result = 0;
1258
1259                 mutex_lock(&rdev->mtx);
1260         } else if (netif_running(netdev) &&
1261                    nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1262                 wdev = netdev->ieee80211_ptr;
1263         else
1264                 wdev = NULL;
1265
1266         /*
1267          * end workaround code, by now the rdev is available
1268          * and locked, and wdev may or may not be NULL.
1269          */
1270
1271         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1272                 result = cfg80211_dev_rename(
1273                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1274
1275         mutex_unlock(&cfg80211_mutex);
1276
1277         if (result)
1278                 goto bad_res;
1279
1280         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1281                 struct ieee80211_txq_params txq_params;
1282                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1283
1284                 if (!rdev->ops->set_txq_params) {
1285                         result = -EOPNOTSUPP;
1286                         goto bad_res;
1287                 }
1288
1289                 if (!netdev) {
1290                         result = -EINVAL;
1291                         goto bad_res;
1292                 }
1293
1294                 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1295                     netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1296                         result = -EINVAL;
1297                         goto bad_res;
1298                 }
1299
1300                 nla_for_each_nested(nl_txq_params,
1301                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1302                                     rem_txq_params) {
1303                         nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1304                                   nla_data(nl_txq_params),
1305                                   nla_len(nl_txq_params),
1306                                   txq_params_policy);
1307                         result = parse_txq_params(tb, &txq_params);
1308                         if (result)
1309                                 goto bad_res;
1310
1311                         result = rdev->ops->set_txq_params(&rdev->wiphy,
1312                                                            netdev,
1313                                                            &txq_params);
1314                         if (result)
1315                                 goto bad_res;
1316                 }
1317         }
1318
1319         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1320                 result = __nl80211_set_channel(rdev, wdev, info);
1321                 if (result)
1322                         goto bad_res;
1323         }
1324
1325         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1326                 enum nl80211_tx_power_setting type;
1327                 int idx, mbm = 0;
1328
1329                 if (!rdev->ops->set_tx_power) {
1330                         result = -EOPNOTSUPP;
1331                         goto bad_res;
1332                 }
1333
1334                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1335                 type = nla_get_u32(info->attrs[idx]);
1336
1337                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1338                     (type != NL80211_TX_POWER_AUTOMATIC)) {
1339                         result = -EINVAL;
1340                         goto bad_res;
1341                 }
1342
1343                 if (type != NL80211_TX_POWER_AUTOMATIC) {
1344                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1345                         mbm = nla_get_u32(info->attrs[idx]);
1346                 }
1347
1348                 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1349                 if (result)
1350                         goto bad_res;
1351         }
1352
1353         if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1354             info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1355                 u32 tx_ant, rx_ant;
1356                 if ((!rdev->wiphy.available_antennas_tx &&
1357                      !rdev->wiphy.available_antennas_rx) ||
1358                     !rdev->ops->set_antenna) {
1359                         result = -EOPNOTSUPP;
1360                         goto bad_res;
1361                 }
1362
1363                 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1364                 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1365
1366                 /* reject antenna configurations which don't match the
1367                  * available antenna masks, except for the "all" mask */
1368                 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1369                     (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1370                         result = -EINVAL;
1371                         goto bad_res;
1372                 }
1373
1374                 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1375                 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1376
1377                 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1378                 if (result)
1379                         goto bad_res;
1380         }
1381
1382         changed = 0;
1383
1384         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1385                 retry_short = nla_get_u8(
1386                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1387                 if (retry_short == 0) {
1388                         result = -EINVAL;
1389                         goto bad_res;
1390                 }
1391                 changed |= WIPHY_PARAM_RETRY_SHORT;
1392         }
1393
1394         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1395                 retry_long = nla_get_u8(
1396                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1397                 if (retry_long == 0) {
1398                         result = -EINVAL;
1399                         goto bad_res;
1400                 }
1401                 changed |= WIPHY_PARAM_RETRY_LONG;
1402         }
1403
1404         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1405                 frag_threshold = nla_get_u32(
1406                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1407                 if (frag_threshold < 256) {
1408                         result = -EINVAL;
1409                         goto bad_res;
1410                 }
1411                 if (frag_threshold != (u32) -1) {
1412                         /*
1413                          * Fragments (apart from the last one) are required to
1414                          * have even length. Make the fragmentation code
1415                          * simpler by stripping LSB should someone try to use
1416                          * odd threshold value.
1417                          */
1418                         frag_threshold &= ~0x1;
1419                 }
1420                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1421         }
1422
1423         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1424                 rts_threshold = nla_get_u32(
1425                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1426                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
1427         }
1428
1429         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1430                 coverage_class = nla_get_u8(
1431                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1432                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
1433         }
1434
1435         if (changed) {
1436                 u8 old_retry_short, old_retry_long;
1437                 u32 old_frag_threshold, old_rts_threshold;
1438                 u8 old_coverage_class;
1439
1440                 if (!rdev->ops->set_wiphy_params) {
1441                         result = -EOPNOTSUPP;
1442                         goto bad_res;
1443                 }
1444
1445                 old_retry_short = rdev->wiphy.retry_short;
1446                 old_retry_long = rdev->wiphy.retry_long;
1447                 old_frag_threshold = rdev->wiphy.frag_threshold;
1448                 old_rts_threshold = rdev->wiphy.rts_threshold;
1449                 old_coverage_class = rdev->wiphy.coverage_class;
1450
1451                 if (changed & WIPHY_PARAM_RETRY_SHORT)
1452                         rdev->wiphy.retry_short = retry_short;
1453                 if (changed & WIPHY_PARAM_RETRY_LONG)
1454                         rdev->wiphy.retry_long = retry_long;
1455                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1456                         rdev->wiphy.frag_threshold = frag_threshold;
1457                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1458                         rdev->wiphy.rts_threshold = rts_threshold;
1459                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1460                         rdev->wiphy.coverage_class = coverage_class;
1461
1462                 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1463                 if (result) {
1464                         rdev->wiphy.retry_short = old_retry_short;
1465                         rdev->wiphy.retry_long = old_retry_long;
1466                         rdev->wiphy.frag_threshold = old_frag_threshold;
1467                         rdev->wiphy.rts_threshold = old_rts_threshold;
1468                         rdev->wiphy.coverage_class = old_coverage_class;
1469                 }
1470         }
1471
1472  bad_res:
1473         mutex_unlock(&rdev->mtx);
1474         if (netdev)
1475                 dev_put(netdev);
1476         return result;
1477 }
1478
1479
1480 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1481                               struct cfg80211_registered_device *rdev,
1482                               struct net_device *dev)
1483 {
1484         void *hdr;
1485
1486         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1487         if (!hdr)
1488                 return -1;
1489
1490         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1491         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1492         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1493         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1494
1495         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1496                     rdev->devlist_generation ^
1497                         (cfg80211_rdev_list_generation << 2));
1498
1499         return genlmsg_end(msg, hdr);
1500
1501  nla_put_failure:
1502         genlmsg_cancel(msg, hdr);
1503         return -EMSGSIZE;
1504 }
1505
1506 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1507 {
1508         int wp_idx = 0;
1509         int if_idx = 0;
1510         int wp_start = cb->args[0];
1511         int if_start = cb->args[1];
1512         struct cfg80211_registered_device *rdev;
1513         struct wireless_dev *wdev;
1514
1515         mutex_lock(&cfg80211_mutex);
1516         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1517                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1518                         continue;
1519                 if (wp_idx < wp_start) {
1520                         wp_idx++;
1521                         continue;
1522                 }
1523                 if_idx = 0;
1524
1525                 mutex_lock(&rdev->devlist_mtx);
1526                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
1527                         if (if_idx < if_start) {
1528                                 if_idx++;
1529                                 continue;
1530                         }
1531                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1532                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
1533                                                rdev, wdev->netdev) < 0) {
1534                                 mutex_unlock(&rdev->devlist_mtx);
1535                                 goto out;
1536                         }
1537                         if_idx++;
1538                 }
1539                 mutex_unlock(&rdev->devlist_mtx);
1540
1541                 wp_idx++;
1542         }
1543  out:
1544         mutex_unlock(&cfg80211_mutex);
1545
1546         cb->args[0] = wp_idx;
1547         cb->args[1] = if_idx;
1548
1549         return skb->len;
1550 }
1551
1552 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1553 {
1554         struct sk_buff *msg;
1555         struct cfg80211_registered_device *dev = info->user_ptr[0];
1556         struct net_device *netdev = info->user_ptr[1];
1557
1558         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1559         if (!msg)
1560                 return -ENOMEM;
1561
1562         if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1563                                dev, netdev) < 0) {
1564                 nlmsg_free(msg);
1565                 return -ENOBUFS;
1566         }
1567
1568         return genlmsg_reply(msg, info);
1569 }
1570
1571 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1572         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1573         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1574         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1575         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1576         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1577 };
1578
1579 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1580 {
1581         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1582         int flag;
1583
1584         *mntrflags = 0;
1585
1586         if (!nla)
1587                 return -EINVAL;
1588
1589         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1590                              nla, mntr_flags_policy))
1591                 return -EINVAL;
1592
1593         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1594                 if (flags[flag])
1595                         *mntrflags |= (1<<flag);
1596
1597         return 0;
1598 }
1599
1600 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1601                                struct net_device *netdev, u8 use_4addr,
1602                                enum nl80211_iftype iftype)
1603 {
1604         if (!use_4addr) {
1605                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1606                         return -EBUSY;
1607                 return 0;
1608         }
1609
1610         switch (iftype) {
1611         case NL80211_IFTYPE_AP_VLAN:
1612                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1613                         return 0;
1614                 break;
1615         case NL80211_IFTYPE_STATION:
1616                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1617                         return 0;
1618                 break;
1619         default:
1620                 break;
1621         }
1622
1623         return -EOPNOTSUPP;
1624 }
1625
1626 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1627 {
1628         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1629         struct vif_params params;
1630         int err;
1631         enum nl80211_iftype otype, ntype;
1632         struct net_device *dev = info->user_ptr[1];
1633         u32 _flags, *flags = NULL;
1634         bool change = false;
1635
1636         memset(&params, 0, sizeof(params));
1637
1638         otype = ntype = dev->ieee80211_ptr->iftype;
1639
1640         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1641                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1642                 if (otype != ntype)
1643                         change = true;
1644                 if (ntype > NL80211_IFTYPE_MAX)
1645                         return -EINVAL;
1646         }
1647
1648         if (info->attrs[NL80211_ATTR_MESH_ID]) {
1649                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1650
1651                 if (ntype != NL80211_IFTYPE_MESH_POINT)
1652                         return -EINVAL;
1653                 if (netif_running(dev))
1654                         return -EBUSY;
1655
1656                 wdev_lock(wdev);
1657                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1658                              IEEE80211_MAX_MESH_ID_LEN);
1659                 wdev->mesh_id_up_len =
1660                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1661                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1662                        wdev->mesh_id_up_len);
1663                 wdev_unlock(wdev);
1664         }
1665
1666         if (info->attrs[NL80211_ATTR_4ADDR]) {
1667                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1668                 change = true;
1669                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1670                 if (err)
1671                         return err;
1672         } else {
1673                 params.use_4addr = -1;
1674         }
1675
1676         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1677                 if (ntype != NL80211_IFTYPE_MONITOR)
1678                         return -EINVAL;
1679                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1680                                           &_flags);
1681                 if (err)
1682                         return err;
1683
1684                 flags = &_flags;
1685                 change = true;
1686         }
1687
1688         if (change)
1689                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1690         else
1691                 err = 0;
1692
1693         if (!err && params.use_4addr != -1)
1694                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1695
1696         return err;
1697 }
1698
1699 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1700 {
1701         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1702         struct vif_params params;
1703         struct net_device *dev;
1704         int err;
1705         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1706         u32 flags;
1707
1708         memset(&params, 0, sizeof(params));
1709
1710         if (!info->attrs[NL80211_ATTR_IFNAME])
1711                 return -EINVAL;
1712
1713         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1714                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1715                 if (type > NL80211_IFTYPE_MAX)
1716                         return -EINVAL;
1717         }
1718
1719         if (!rdev->ops->add_virtual_intf ||
1720             !(rdev->wiphy.interface_modes & (1 << type)))
1721                 return -EOPNOTSUPP;
1722
1723         if (info->attrs[NL80211_ATTR_4ADDR]) {
1724                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1725                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1726                 if (err)
1727                         return err;
1728         }
1729
1730         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1731                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1732                                   &flags);
1733         dev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1734                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1735                 type, err ? NULL : &flags, &params);
1736         if (IS_ERR(dev))
1737                 return PTR_ERR(dev);
1738
1739         if (type == NL80211_IFTYPE_MESH_POINT &&
1740             info->attrs[NL80211_ATTR_MESH_ID]) {
1741                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1742
1743                 wdev_lock(wdev);
1744                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1745                              IEEE80211_MAX_MESH_ID_LEN);
1746                 wdev->mesh_id_up_len =
1747                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1748                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1749                        wdev->mesh_id_up_len);
1750                 wdev_unlock(wdev);
1751         }
1752
1753         return 0;
1754 }
1755
1756 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1757 {
1758         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1759         struct net_device *dev = info->user_ptr[1];
1760
1761         if (!rdev->ops->del_virtual_intf)
1762                 return -EOPNOTSUPP;
1763
1764         return rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1765 }
1766
1767 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
1768 {
1769         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1770         struct net_device *dev = info->user_ptr[1];
1771         u16 noack_map;
1772
1773         if (!info->attrs[NL80211_ATTR_NOACK_MAP])
1774                 return -EINVAL;
1775
1776         if (!rdev->ops->set_noack_map)
1777                 return -EOPNOTSUPP;
1778
1779         noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
1780
1781         return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map);
1782 }
1783
1784 struct get_key_cookie {
1785         struct sk_buff *msg;
1786         int error;
1787         int idx;
1788 };
1789
1790 static void get_key_callback(void *c, struct key_params *params)
1791 {
1792         struct nlattr *key;
1793         struct get_key_cookie *cookie = c;
1794
1795         if (params->key)
1796                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1797                         params->key_len, params->key);
1798
1799         if (params->seq)
1800                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1801                         params->seq_len, params->seq);
1802
1803         if (params->cipher)
1804                 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1805                             params->cipher);
1806
1807         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1808         if (!key)
1809                 goto nla_put_failure;
1810
1811         if (params->key)
1812                 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1813                         params->key_len, params->key);
1814
1815         if (params->seq)
1816                 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1817                         params->seq_len, params->seq);
1818
1819         if (params->cipher)
1820                 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1821                             params->cipher);
1822
1823         NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1824
1825         nla_nest_end(cookie->msg, key);
1826
1827         return;
1828  nla_put_failure:
1829         cookie->error = 1;
1830 }
1831
1832 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1833 {
1834         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1835         int err;
1836         struct net_device *dev = info->user_ptr[1];
1837         u8 key_idx = 0;
1838         const u8 *mac_addr = NULL;
1839         bool pairwise;
1840         struct get_key_cookie cookie = {
1841                 .error = 0,
1842         };
1843         void *hdr;
1844         struct sk_buff *msg;
1845
1846         if (info->attrs[NL80211_ATTR_KEY_IDX])
1847                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1848
1849         if (key_idx > 5)
1850                 return -EINVAL;
1851
1852         if (info->attrs[NL80211_ATTR_MAC])
1853                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1854
1855         pairwise = !!mac_addr;
1856         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
1857                 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1858                 if (kt >= NUM_NL80211_KEYTYPES)
1859                         return -EINVAL;
1860                 if (kt != NL80211_KEYTYPE_GROUP &&
1861                     kt != NL80211_KEYTYPE_PAIRWISE)
1862                         return -EINVAL;
1863                 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
1864         }
1865
1866         if (!rdev->ops->get_key)
1867                 return -EOPNOTSUPP;
1868
1869         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1870         if (!msg)
1871                 return -ENOMEM;
1872
1873         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1874                              NL80211_CMD_NEW_KEY);
1875         if (IS_ERR(hdr))
1876                 return PTR_ERR(hdr);
1877
1878         cookie.msg = msg;
1879         cookie.idx = key_idx;
1880
1881         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1882         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1883         if (mac_addr)
1884                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1885
1886         if (pairwise && mac_addr &&
1887             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1888                 return -ENOENT;
1889
1890         err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
1891                                  mac_addr, &cookie, get_key_callback);
1892
1893         if (err)
1894                 goto free_msg;
1895
1896         if (cookie.error)
1897                 goto nla_put_failure;
1898
1899         genlmsg_end(msg, hdr);
1900         return genlmsg_reply(msg, info);
1901
1902  nla_put_failure:
1903         err = -ENOBUFS;
1904  free_msg:
1905         nlmsg_free(msg);
1906         return err;
1907 }
1908
1909 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1910 {
1911         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1912         struct key_parse key;
1913         int err;
1914         struct net_device *dev = info->user_ptr[1];
1915
1916         err = nl80211_parse_key(info, &key);
1917         if (err)
1918                 return err;
1919
1920         if (key.idx < 0)
1921                 return -EINVAL;
1922
1923         /* only support setting default key */
1924         if (!key.def && !key.defmgmt)
1925                 return -EINVAL;
1926
1927         wdev_lock(dev->ieee80211_ptr);
1928
1929         if (key.def) {
1930                 if (!rdev->ops->set_default_key) {
1931                         err = -EOPNOTSUPP;
1932                         goto out;
1933                 }
1934
1935                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1936                 if (err)
1937                         goto out;
1938
1939                 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
1940                                                  key.def_uni, key.def_multi);
1941
1942                 if (err)
1943                         goto out;
1944
1945 #ifdef CONFIG_CFG80211_WEXT
1946                 dev->ieee80211_ptr->wext.default_key = key.idx;
1947 #endif
1948         } else {
1949                 if (key.def_uni || !key.def_multi) {
1950                         err = -EINVAL;
1951                         goto out;
1952                 }
1953
1954                 if (!rdev->ops->set_default_mgmt_key) {
1955                         err = -EOPNOTSUPP;
1956                         goto out;
1957                 }
1958
1959                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1960                 if (err)
1961                         goto out;
1962
1963                 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
1964                                                       dev, key.idx);
1965                 if (err)
1966                         goto out;
1967
1968 #ifdef CONFIG_CFG80211_WEXT
1969                 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1970 #endif
1971         }
1972
1973  out:
1974         wdev_unlock(dev->ieee80211_ptr);
1975
1976         return err;
1977 }
1978
1979 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1980 {
1981         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1982         int err;
1983         struct net_device *dev = info->user_ptr[1];
1984         struct key_parse key;
1985         const u8 *mac_addr = NULL;
1986
1987         err = nl80211_parse_key(info, &key);
1988         if (err)
1989                 return err;
1990
1991         if (!key.p.key)
1992                 return -EINVAL;
1993
1994         if (info->attrs[NL80211_ATTR_MAC])
1995                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1996
1997         if (key.type == -1) {
1998                 if (mac_addr)
1999                         key.type = NL80211_KEYTYPE_PAIRWISE;
2000                 else
2001                         key.type = NL80211_KEYTYPE_GROUP;
2002         }
2003
2004         /* for now */
2005         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2006             key.type != NL80211_KEYTYPE_GROUP)
2007                 return -EINVAL;
2008
2009         if (!rdev->ops->add_key)
2010                 return -EOPNOTSUPP;
2011
2012         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2013                                            key.type == NL80211_KEYTYPE_PAIRWISE,
2014                                            mac_addr))
2015                 return -EINVAL;
2016
2017         wdev_lock(dev->ieee80211_ptr);
2018         err = nl80211_key_allowed(dev->ieee80211_ptr);
2019         if (!err)
2020                 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
2021                                          key.type == NL80211_KEYTYPE_PAIRWISE,
2022                                          mac_addr, &key.p);
2023         wdev_unlock(dev->ieee80211_ptr);
2024
2025         return err;
2026 }
2027
2028 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2029 {
2030         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2031         int err;
2032         struct net_device *dev = info->user_ptr[1];
2033         u8 *mac_addr = NULL;
2034         struct key_parse key;
2035
2036         err = nl80211_parse_key(info, &key);
2037         if (err)
2038                 return err;
2039
2040         if (info->attrs[NL80211_ATTR_MAC])
2041                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2042
2043         if (key.type == -1) {
2044                 if (mac_addr)
2045                         key.type = NL80211_KEYTYPE_PAIRWISE;
2046                 else
2047                         key.type = NL80211_KEYTYPE_GROUP;
2048         }
2049
2050         /* for now */
2051         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2052             key.type != NL80211_KEYTYPE_GROUP)
2053                 return -EINVAL;
2054
2055         if (!rdev->ops->del_key)
2056                 return -EOPNOTSUPP;
2057
2058         wdev_lock(dev->ieee80211_ptr);
2059         err = nl80211_key_allowed(dev->ieee80211_ptr);
2060
2061         if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2062             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2063                 err = -ENOENT;
2064
2065         if (!err)
2066                 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
2067                                          key.type == NL80211_KEYTYPE_PAIRWISE,
2068                                          mac_addr);
2069
2070 #ifdef CONFIG_CFG80211_WEXT
2071         if (!err) {
2072                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
2073                         dev->ieee80211_ptr->wext.default_key = -1;
2074                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2075                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2076         }
2077 #endif
2078         wdev_unlock(dev->ieee80211_ptr);
2079
2080         return err;
2081 }
2082
2083 static int nl80211_parse_beacon(struct genl_info *info,
2084                                 struct cfg80211_beacon_data *bcn)
2085 {
2086         bool haveinfo = false;
2087
2088         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2089             !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2090             !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2091             !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2092                 return -EINVAL;
2093
2094         memset(bcn, 0, sizeof(*bcn));
2095
2096         if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2097                 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2098                 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2099                 if (!bcn->head_len)
2100                         return -EINVAL;
2101                 haveinfo = true;
2102         }
2103
2104         if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2105                 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2106                 bcn->tail_len =
2107                     nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2108                 haveinfo = true;
2109         }
2110
2111         if (!haveinfo)
2112                 return -EINVAL;
2113
2114         if (info->attrs[NL80211_ATTR_IE]) {
2115                 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
2116                 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2117         }
2118
2119         if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2120                 bcn->proberesp_ies =
2121                         nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2122                 bcn->proberesp_ies_len =
2123                         nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2124         }
2125
2126         if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2127                 bcn->assocresp_ies =
2128                         nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2129                 bcn->assocresp_ies_len =
2130                         nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2131         }
2132
2133         if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
2134                 bcn->probe_resp =
2135                         nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
2136                 bcn->probe_resp_len =
2137                         nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
2138         }
2139
2140         return 0;
2141 }
2142
2143 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
2144 {
2145         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2146         struct net_device *dev = info->user_ptr[1];
2147         struct wireless_dev *wdev = dev->ieee80211_ptr;
2148         struct cfg80211_ap_settings params;
2149         int err;
2150
2151         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2152             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2153                 return -EOPNOTSUPP;
2154
2155         if (!rdev->ops->start_ap)
2156                 return -EOPNOTSUPP;
2157
2158         if (wdev->beacon_interval)
2159                 return -EALREADY;
2160
2161         memset(&params, 0, sizeof(params));
2162
2163         /* these are required for START_AP */
2164         if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2165             !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2166             !info->attrs[NL80211_ATTR_BEACON_HEAD])
2167                 return -EINVAL;
2168
2169         err = nl80211_parse_beacon(info, &params.beacon);
2170         if (err)
2171                 return err;
2172
2173         params.beacon_interval =
2174                 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2175         params.dtim_period =
2176                 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2177
2178         err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
2179         if (err)
2180                 return err;
2181
2182         /*
2183          * In theory, some of these attributes should be required here
2184          * but since they were not used when the command was originally
2185          * added, keep them optional for old user space programs to let
2186          * them continue to work with drivers that do not need the
2187          * additional information -- drivers must check!
2188          */
2189         if (info->attrs[NL80211_ATTR_SSID]) {
2190                 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2191                 params.ssid_len =
2192                         nla_len(info->attrs[NL80211_ATTR_SSID]);
2193                 if (params.ssid_len == 0 ||
2194                     params.ssid_len > IEEE80211_MAX_SSID_LEN)
2195                         return -EINVAL;
2196         }
2197
2198         if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
2199                 params.hidden_ssid = nla_get_u32(
2200                         info->attrs[NL80211_ATTR_HIDDEN_SSID]);
2201                 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
2202                     params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
2203                     params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
2204                         return -EINVAL;
2205         }
2206
2207         params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
2208
2209         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2210                 params.auth_type = nla_get_u32(
2211                         info->attrs[NL80211_ATTR_AUTH_TYPE]);
2212                 if (!nl80211_valid_auth_type(params.auth_type))
2213                         return -EINVAL;
2214         } else
2215                 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
2216
2217         err = nl80211_crypto_settings(rdev, info, &params.crypto,
2218                                       NL80211_MAX_NR_CIPHER_SUITES);
2219         if (err)
2220                 return err;
2221
2222         if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
2223                 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
2224                         return -EOPNOTSUPP;
2225                 params.inactivity_timeout = nla_get_u16(
2226                         info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
2227         }
2228
2229         err = rdev->ops->start_ap(&rdev->wiphy, dev, &params);
2230         if (!err)
2231                 wdev->beacon_interval = params.beacon_interval;
2232         return err;
2233 }
2234
2235 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
2236 {
2237         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2238         struct net_device *dev = info->user_ptr[1];
2239         struct wireless_dev *wdev = dev->ieee80211_ptr;
2240         struct cfg80211_beacon_data params;
2241         int err;
2242
2243         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2244             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2245                 return -EOPNOTSUPP;
2246
2247         if (!rdev->ops->change_beacon)
2248                 return -EOPNOTSUPP;
2249
2250         if (!wdev->beacon_interval)
2251                 return -EINVAL;
2252
2253         err = nl80211_parse_beacon(info, &params);
2254         if (err)
2255                 return err;
2256
2257         return rdev->ops->change_beacon(&rdev->wiphy, dev, &params);
2258 }
2259
2260 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
2261 {
2262         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2263         struct net_device *dev = info->user_ptr[1];
2264         struct wireless_dev *wdev = dev->ieee80211_ptr;
2265         int err;
2266
2267         if (!rdev->ops->stop_ap)
2268                 return -EOPNOTSUPP;
2269
2270         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2271             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2272                 return -EOPNOTSUPP;
2273
2274         if (!wdev->beacon_interval)
2275                 return -ENOENT;
2276
2277         err = rdev->ops->stop_ap(&rdev->wiphy, dev);
2278         if (!err)
2279                 wdev->beacon_interval = 0;
2280         return err;
2281 }
2282
2283 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2284         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2285         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2286         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2287         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2288         [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2289         [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
2290 };
2291
2292 static int parse_station_flags(struct genl_info *info,
2293                                enum nl80211_iftype iftype,
2294                                struct station_parameters *params)
2295 {
2296         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2297         struct nlattr *nla;
2298         int flag;
2299
2300         /*
2301          * Try parsing the new attribute first so userspace
2302          * can specify both for older kernels.
2303          */
2304         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2305         if (nla) {
2306                 struct nl80211_sta_flag_update *sta_flags;
2307
2308                 sta_flags = nla_data(nla);
2309                 params->sta_flags_mask = sta_flags->mask;
2310                 params->sta_flags_set = sta_flags->set;
2311                 if ((params->sta_flags_mask |
2312                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2313                         return -EINVAL;
2314                 return 0;
2315         }
2316
2317         /* if present, parse the old attribute */
2318
2319         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2320         if (!nla)
2321                 return 0;
2322
2323         if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2324                              nla, sta_flags_policy))
2325                 return -EINVAL;
2326
2327         /*
2328          * Only allow certain flags for interface types so that
2329          * other attributes are silently ignored. Remember that
2330          * this is backward compatibility code with old userspace
2331          * and shouldn't be hit in other cases anyway.
2332          */
2333         switch (iftype) {
2334         case NL80211_IFTYPE_AP:
2335         case NL80211_IFTYPE_AP_VLAN:
2336         case NL80211_IFTYPE_P2P_GO:
2337                 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2338                                          BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2339                                          BIT(NL80211_STA_FLAG_WME) |
2340                                          BIT(NL80211_STA_FLAG_MFP);
2341                 break;
2342         case NL80211_IFTYPE_P2P_CLIENT:
2343         case NL80211_IFTYPE_STATION:
2344                 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2345                                          BIT(NL80211_STA_FLAG_TDLS_PEER);
2346                 break;
2347         case NL80211_IFTYPE_MESH_POINT:
2348                 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2349                                          BIT(NL80211_STA_FLAG_MFP) |
2350                                          BIT(NL80211_STA_FLAG_AUTHORIZED);
2351         default:
2352                 return -EINVAL;
2353         }
2354
2355         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
2356                 if (flags[flag])
2357                         params->sta_flags_set |= (1<<flag);
2358
2359         return 0;
2360 }
2361
2362 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2363                                  int attr)
2364 {
2365         struct nlattr *rate;
2366         u16 bitrate;
2367
2368         rate = nla_nest_start(msg, attr);
2369         if (!rate)
2370                 goto nla_put_failure;
2371
2372         /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2373         bitrate = cfg80211_calculate_bitrate(info);
2374         if (bitrate > 0)
2375                 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
2376
2377         if (info->flags & RATE_INFO_FLAGS_MCS)
2378                 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs);
2379         if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
2380                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
2381         if (info->flags & RATE_INFO_FLAGS_SHORT_GI)
2382                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
2383
2384         nla_nest_end(msg, rate);
2385         return true;
2386
2387 nla_put_failure:
2388         return false;
2389 }
2390
2391 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2392                                 int flags,
2393                                 struct cfg80211_registered_device *rdev,
2394                                 struct net_device *dev,
2395                                 const u8 *mac_addr, struct station_info *sinfo)
2396 {
2397         void *hdr;
2398         struct nlattr *sinfoattr, *bss_param;
2399
2400         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2401         if (!hdr)
2402                 return -1;
2403
2404         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2405         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
2406
2407         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
2408
2409         sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2410         if (!sinfoattr)
2411                 goto nla_put_failure;
2412         if (sinfo->filled & STATION_INFO_CONNECTED_TIME)
2413                 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2414                             sinfo->connected_time);
2415         if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
2416                 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2417                             sinfo->inactive_time);
2418         if (sinfo->filled & STATION_INFO_RX_BYTES)
2419                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
2420                             sinfo->rx_bytes);
2421         if (sinfo->filled & STATION_INFO_TX_BYTES)
2422                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
2423                             sinfo->tx_bytes);
2424         if (sinfo->filled & STATION_INFO_LLID)
2425                 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
2426                             sinfo->llid);
2427         if (sinfo->filled & STATION_INFO_PLID)
2428                 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
2429                             sinfo->plid);
2430         if (sinfo->filled & STATION_INFO_PLINK_STATE)
2431                 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
2432                             sinfo->plink_state);
2433         switch (rdev->wiphy.signal_type) {
2434         case CFG80211_SIGNAL_TYPE_MBM:
2435                 if (sinfo->filled & STATION_INFO_SIGNAL)
2436                         NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
2437                                    sinfo->signal);
2438                 if (sinfo->filled & STATION_INFO_SIGNAL_AVG)
2439                         NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2440                                    sinfo->signal_avg);
2441                 break;
2442         default:
2443                 break;
2444         }
2445         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2446                 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2447                                           NL80211_STA_INFO_TX_BITRATE))
2448                         goto nla_put_failure;
2449         }
2450         if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2451                 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2452                                           NL80211_STA_INFO_RX_BITRATE))
2453                         goto nla_put_failure;
2454         }
2455         if (sinfo->filled & STATION_INFO_RX_PACKETS)
2456                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
2457                             sinfo->rx_packets);
2458         if (sinfo->filled & STATION_INFO_TX_PACKETS)
2459                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
2460                             sinfo->tx_packets);
2461         if (sinfo->filled & STATION_INFO_TX_RETRIES)
2462                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES,
2463                             sinfo->tx_retries);
2464         if (sinfo->filled & STATION_INFO_TX_FAILED)
2465                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED,
2466                             sinfo->tx_failed);
2467         if (sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT)
2468                 NLA_PUT_U32(msg, NL80211_STA_INFO_BEACON_LOSS,
2469                             sinfo->beacon_loss_count);
2470         if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2471                 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2472                 if (!bss_param)
2473                         goto nla_put_failure;
2474
2475                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT)
2476                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT);
2477                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE)
2478                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE);
2479                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME)
2480                         NLA_PUT_FLAG(msg,
2481                                      NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME);
2482                 NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2483                            sinfo->bss_param.dtim_period);
2484                 NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2485                             sinfo->bss_param.beacon_interval);
2486
2487                 nla_nest_end(msg, bss_param);
2488         }
2489         if (sinfo->filled & STATION_INFO_STA_FLAGS)
2490                 NLA_PUT(msg, NL80211_STA_INFO_STA_FLAGS,
2491                         sizeof(struct nl80211_sta_flag_update),
2492                         &sinfo->sta_flags);
2493         if (sinfo->filled & STATION_INFO_T_OFFSET)
2494                 NLA_PUT_U64(msg, NL80211_STA_INFO_T_OFFSET,
2495                             sinfo->t_offset);
2496         nla_nest_end(msg, sinfoattr);
2497
2498         if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES)
2499                 NLA_PUT(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
2500                         sinfo->assoc_req_ies);
2501
2502         return genlmsg_end(msg, hdr);
2503
2504  nla_put_failure:
2505         genlmsg_cancel(msg, hdr);
2506         return -EMSGSIZE;
2507 }
2508
2509 static int nl80211_dump_station(struct sk_buff *skb,
2510                                 struct netlink_callback *cb)
2511 {
2512         struct station_info sinfo;
2513         struct cfg80211_registered_device *dev;
2514         struct net_device *netdev;
2515         u8 mac_addr[ETH_ALEN];
2516         int sta_idx = cb->args[1];
2517         int err;
2518
2519         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2520         if (err)
2521                 return err;
2522
2523         if (!dev->ops->dump_station) {
2524                 err = -EOPNOTSUPP;
2525                 goto out_err;
2526         }
2527
2528         while (1) {
2529                 memset(&sinfo, 0, sizeof(sinfo));
2530                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2531                                              mac_addr, &sinfo);
2532                 if (err == -ENOENT)
2533                         break;
2534                 if (err)
2535                         goto out_err;
2536
2537                 if (nl80211_send_station(skb,
2538                                 NETLINK_CB(cb->skb).pid,
2539                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2540                                 dev, netdev, mac_addr,
2541                                 &sinfo) < 0)
2542                         goto out;
2543
2544                 sta_idx++;
2545         }
2546
2547
2548  out:
2549         cb->args[1] = sta_idx;
2550         err = skb->len;
2551  out_err:
2552         nl80211_finish_netdev_dump(dev);
2553
2554         return err;
2555 }
2556
2557 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2558 {
2559         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2560         struct net_device *dev = info->user_ptr[1];
2561         struct station_info sinfo;
2562         struct sk_buff *msg;
2563         u8 *mac_addr = NULL;
2564         int err;
2565
2566         memset(&sinfo, 0, sizeof(sinfo));
2567
2568         if (!info->attrs[NL80211_ATTR_MAC])
2569                 return -EINVAL;
2570
2571         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2572
2573         if (!rdev->ops->get_station)
2574                 return -EOPNOTSUPP;
2575
2576         err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2577         if (err)
2578                 return err;
2579
2580         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2581         if (!msg)
2582                 return -ENOMEM;
2583
2584         if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2585                                  rdev, dev, mac_addr, &sinfo) < 0) {
2586                 nlmsg_free(msg);
2587                 return -ENOBUFS;
2588         }
2589
2590         return genlmsg_reply(msg, info);
2591 }
2592
2593 /*
2594  * Get vlan interface making sure it is running and on the right wiphy.
2595  */
2596 static struct net_device *get_vlan(struct genl_info *info,
2597                                    struct cfg80211_registered_device *rdev)
2598 {
2599         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2600         struct net_device *v;
2601         int ret;
2602
2603         if (!vlanattr)
2604                 return NULL;
2605
2606         v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
2607         if (!v)
2608                 return ERR_PTR(-ENODEV);
2609
2610         if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
2611                 ret = -EINVAL;
2612                 goto error;
2613         }
2614
2615         if (!netif_running(v)) {
2616                 ret = -ENETDOWN;
2617                 goto error;
2618         }
2619
2620         return v;
2621  error:
2622         dev_put(v);
2623         return ERR_PTR(ret);
2624 }
2625
2626 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2627 {
2628         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2629         int err;
2630         struct net_device *dev = info->user_ptr[1];
2631         struct station_parameters params;
2632         u8 *mac_addr = NULL;
2633
2634         memset(&params, 0, sizeof(params));
2635
2636         params.listen_interval = -1;
2637         params.plink_state = -1;
2638
2639         if (info->attrs[NL80211_ATTR_STA_AID])
2640                 return -EINVAL;
2641
2642         if (!info->attrs[NL80211_ATTR_MAC])
2643                 return -EINVAL;
2644
2645         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2646
2647         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2648                 params.supported_rates =
2649                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2650                 params.supported_rates_len =
2651                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2652         }
2653
2654         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2655                 params.listen_interval =
2656                     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2657
2658         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2659                 params.ht_capa =
2660                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2661
2662         if (!rdev->ops->change_station)
2663                 return -EOPNOTSUPP;
2664
2665         if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2666                 return -EINVAL;
2667
2668         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2669                 params.plink_action =
2670                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2671
2672         if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
2673                 params.plink_state =
2674                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
2675
2676         switch (dev->ieee80211_ptr->iftype) {
2677         case NL80211_IFTYPE_AP:
2678         case NL80211_IFTYPE_AP_VLAN:
2679         case NL80211_IFTYPE_P2P_GO:
2680                 /* disallow mesh-specific things */
2681                 if (params.plink_action)
2682                         return -EINVAL;
2683
2684                 /* TDLS can't be set, ... */
2685                 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2686                         return -EINVAL;
2687                 /*
2688                  * ... but don't bother the driver with it. This works around
2689                  * a hostapd/wpa_supplicant issue -- it always includes the
2690                  * TLDS_PEER flag in the mask even for AP mode.
2691                  */
2692                 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2693
2694                 /* accept only the listed bits */
2695                 if (params.sta_flags_mask &
2696                                 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
2697                                   BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2698                                   BIT(NL80211_STA_FLAG_WME) |
2699                                   BIT(NL80211_STA_FLAG_MFP)))
2700                         return -EINVAL;
2701
2702                 /* must be last in here for error handling */
2703                 params.vlan = get_vlan(info, rdev);
2704                 if (IS_ERR(params.vlan))
2705                         return PTR_ERR(params.vlan);
2706                 break;
2707         case NL80211_IFTYPE_P2P_CLIENT:
2708         case NL80211_IFTYPE_STATION:
2709                 /*
2710                  * Don't allow userspace to change the TDLS_PEER flag,
2711                  * but silently ignore attempts to change it since we
2712                  * don't have state here to verify that it doesn't try
2713                  * to change the flag.
2714                  */
2715                 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2716                 /* fall through */
2717         case NL80211_IFTYPE_ADHOC:
2718                 /* disallow things sta doesn't support */
2719                 if (params.plink_action)
2720                         return -EINVAL;
2721                 if (params.ht_capa)
2722                         return -EINVAL;
2723                 if (params.listen_interval >= 0)
2724                         return -EINVAL;
2725                 /* reject any changes other than AUTHORIZED */
2726                 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2727                         return -EINVAL;
2728                 break;
2729         case NL80211_IFTYPE_MESH_POINT:
2730                 /* disallow things mesh doesn't support */
2731                 if (params.vlan)
2732                         return -EINVAL;
2733                 if (params.ht_capa)
2734                         return -EINVAL;
2735                 if (params.listen_interval >= 0)
2736                         return -EINVAL;
2737                 /*
2738                  * No special handling for TDLS here -- the userspace
2739                  * mesh code doesn't have this bug.
2740                  */
2741                 if (params.sta_flags_mask &
2742                                 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2743                                   BIT(NL80211_STA_FLAG_MFP) |
2744                                   BIT(NL80211_STA_FLAG_AUTHORIZED)))
2745                         return -EINVAL;
2746                 break;
2747         default:
2748                 return -EOPNOTSUPP;
2749         }
2750
2751         /* be aware of params.vlan when changing code here */
2752
2753         err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2754
2755         if (params.vlan)
2756                 dev_put(params.vlan);
2757
2758         return err;
2759 }
2760
2761 static struct nla_policy
2762 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
2763         [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
2764         [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
2765 };
2766
2767 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2768 {
2769         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2770         int err;
2771         struct net_device *dev = info->user_ptr[1];
2772         struct station_parameters params;
2773         u8 *mac_addr = NULL;
2774
2775         memset(&params, 0, sizeof(params));
2776
2777         if (!info->attrs[NL80211_ATTR_MAC])
2778                 return -EINVAL;
2779
2780         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2781                 return -EINVAL;
2782
2783         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2784                 return -EINVAL;
2785
2786         if (!info->attrs[NL80211_ATTR_STA_AID])
2787                 return -EINVAL;
2788
2789         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2790         params.supported_rates =
2791                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2792         params.supported_rates_len =
2793                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2794         params.listen_interval =
2795                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2796
2797         params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2798         if (!params.aid || params.aid > IEEE80211_MAX_AID)
2799                 return -EINVAL;
2800
2801         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2802                 params.ht_capa =
2803                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2804
2805         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2806                 params.plink_action =
2807                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2808
2809         if (!rdev->ops->add_station)
2810                 return -EOPNOTSUPP;
2811
2812         if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2813                 return -EINVAL;
2814
2815         switch (dev->ieee80211_ptr->iftype) {
2816         case NL80211_IFTYPE_AP:
2817         case NL80211_IFTYPE_AP_VLAN:
2818         case NL80211_IFTYPE_P2P_GO:
2819                 /* parse WME attributes if sta is WME capable */
2820                 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2821                     (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
2822                     info->attrs[NL80211_ATTR_STA_WME]) {
2823                         struct nlattr *tb[NL80211_STA_WME_MAX + 1];
2824                         struct nlattr *nla;
2825
2826                         nla = info->attrs[NL80211_ATTR_STA_WME];
2827                         err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
2828                                                nl80211_sta_wme_policy);
2829                         if (err)
2830                                 return err;
2831
2832                         if (tb[NL80211_STA_WME_UAPSD_QUEUES])
2833                                 params.uapsd_queues =
2834                                      nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
2835                         if (params.uapsd_queues &
2836                                         ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
2837                                 return -EINVAL;
2838
2839                         if (tb[NL80211_STA_WME_MAX_SP])
2840                                 params.max_sp =
2841                                      nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
2842
2843                         if (params.max_sp &
2844                                         ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
2845                                 return -EINVAL;
2846
2847                         params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
2848                 }
2849                 /* TDLS peers cannot be added */
2850                 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2851                         return -EINVAL;
2852                 /* but don't bother the driver with it */
2853                 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2854
2855                 /* must be last in here for error handling */
2856                 params.vlan = get_vlan(info, rdev);
2857                 if (IS_ERR(params.vlan))
2858                         return PTR_ERR(params.vlan);
2859                 break;
2860         case NL80211_IFTYPE_MESH_POINT:
2861                 /* TDLS peers cannot be added */
2862                 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2863                         return -EINVAL;
2864                 break;
2865         case NL80211_IFTYPE_STATION:
2866                 /* Only TDLS peers can be added */
2867                 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
2868                         return -EINVAL;
2869                 /* Can only add if TDLS ... */
2870                 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
2871                         return -EOPNOTSUPP;
2872                 /* ... with external setup is supported */
2873                 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
2874                         return -EOPNOTSUPP;
2875                 break;
2876         default:
2877                 return -EOPNOTSUPP;
2878         }
2879
2880         /* be aware of params.vlan when changing code here */
2881
2882         err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2883
2884         if (params.vlan)
2885                 dev_put(params.vlan);
2886         return err;
2887 }
2888
2889 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2890 {
2891         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2892         struct net_device *dev = info->user_ptr[1];
2893         u8 *mac_addr = NULL;
2894
2895         if (info->attrs[NL80211_ATTR_MAC])
2896                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2897
2898         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2899             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2900             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2901             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2902                 return -EINVAL;
2903
2904         if (!rdev->ops->del_station)
2905                 return -EOPNOTSUPP;
2906
2907         return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2908 }
2909
2910 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2911                                 int flags, struct net_device *dev,
2912                                 u8 *dst, u8 *next_hop,
2913                                 struct mpath_info *pinfo)
2914 {
2915         void *hdr;
2916         struct nlattr *pinfoattr;
2917
2918         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2919         if (!hdr)
2920                 return -1;
2921
2922         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2923         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2924         NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2925
2926         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2927
2928         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2929         if (!pinfoattr)
2930                 goto nla_put_failure;
2931         if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2932                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2933                             pinfo->frame_qlen);
2934         if (pinfo->filled & MPATH_INFO_SN)
2935                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2936                             pinfo->sn);
2937         if (pinfo->filled & MPATH_INFO_METRIC)
2938                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2939                             pinfo->metric);
2940         if (pinfo->filled & MPATH_INFO_EXPTIME)
2941                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2942                             pinfo->exptime);
2943         if (pinfo->filled & MPATH_INFO_FLAGS)
2944                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2945                             pinfo->flags);
2946         if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2947                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2948                             pinfo->discovery_timeout);
2949         if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2950                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2951                             pinfo->discovery_retries);
2952
2953         nla_nest_end(msg, pinfoattr);
2954
2955         return genlmsg_end(msg, hdr);
2956
2957  nla_put_failure:
2958         genlmsg_cancel(msg, hdr);
2959         return -EMSGSIZE;
2960 }
2961
2962 static int nl80211_dump_mpath(struct sk_buff *skb,
2963                               struct netlink_callback *cb)
2964 {
2965         struct mpath_info pinfo;
2966         struct cfg80211_registered_device *dev;
2967         struct net_device *netdev;
2968         u8 dst[ETH_ALEN];
2969         u8 next_hop[ETH_ALEN];
2970         int path_idx = cb->args[1];
2971         int err;
2972
2973         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2974         if (err)
2975                 return err;
2976
2977         if (!dev->ops->dump_mpath) {
2978                 err = -EOPNOTSUPP;
2979                 goto out_err;
2980         }
2981
2982         if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2983                 err = -EOPNOTSUPP;
2984                 goto out_err;
2985         }
2986
2987         while (1) {
2988                 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2989                                            dst, next_hop, &pinfo);
2990                 if (err == -ENOENT)
2991                         break;
2992                 if (err)
2993                         goto out_err;
2994
2995                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2996                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
2997                                        netdev, dst, next_hop,
2998                                        &pinfo) < 0)
2999                         goto out;
3000
3001                 path_idx++;
3002         }
3003
3004
3005  out:
3006         cb->args[1] = path_idx;
3007         err = skb->len;
3008  out_err:
3009         nl80211_finish_netdev_dump(dev);
3010         return err;
3011 }
3012
3013 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
3014 {
3015         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3016         int err;
3017         struct net_device *dev = info->user_ptr[1];
3018         struct mpath_info pinfo;
3019         struct sk_buff *msg;
3020         u8 *dst = NULL;
3021         u8 next_hop[ETH_ALEN];
3022
3023         memset(&pinfo, 0, sizeof(pinfo));
3024
3025         if (!info->attrs[NL80211_ATTR_MAC])
3026                 return -EINVAL;
3027
3028         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3029
3030         if (!rdev->ops->get_mpath)
3031                 return -EOPNOTSUPP;
3032
3033         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3034                 return -EOPNOTSUPP;
3035
3036         err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
3037         if (err)
3038                 return err;
3039
3040         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3041         if (!msg)
3042                 return -ENOMEM;
3043
3044         if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
3045                                  dev, dst, next_hop, &pinfo) < 0) {
3046                 nlmsg_free(msg);
3047                 return -ENOBUFS;
3048         }
3049
3050         return genlmsg_reply(msg, info);
3051 }
3052
3053 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
3054 {
3055         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3056         struct net_device *dev = info->user_ptr[1];
3057         u8 *dst = NULL;
3058         u8 *next_hop = NULL;
3059
3060         if (!info->attrs[NL80211_ATTR_MAC])
3061                 return -EINVAL;
3062
3063         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3064                 return -EINVAL;
3065
3066         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3067         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3068
3069         if (!rdev->ops->change_mpath)
3070                 return -EOPNOTSUPP;
3071
3072         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3073                 return -EOPNOTSUPP;
3074
3075         return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
3076 }
3077
3078 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
3079 {
3080         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3081         struct net_device *dev = info->user_ptr[1];
3082         u8 *dst = NULL;
3083         u8 *next_hop = NULL;
3084
3085         if (!info->attrs[NL80211_ATTR_MAC])
3086                 return -EINVAL;
3087
3088         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3089                 return -EINVAL;
3090
3091         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3092         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3093
3094         if (!rdev->ops->add_mpath)
3095                 return -EOPNOTSUPP;
3096
3097         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3098                 return -EOPNOTSUPP;
3099
3100         return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
3101 }
3102
3103 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
3104 {
3105         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3106         struct net_device *dev = info->user_ptr[1];
3107         u8 *dst = NULL;
3108
3109         if (info->attrs[NL80211_ATTR_MAC])
3110                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3111
3112         if (!rdev->ops->del_mpath)
3113                 return -EOPNOTSUPP;
3114
3115         return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
3116 }
3117
3118 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
3119 {
3120         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3121         struct net_device *dev = info->user_ptr[1];
3122         struct bss_parameters params;
3123
3124         memset(&params, 0, sizeof(params));
3125         /* default to not changing parameters */
3126         params.use_cts_prot = -1;
3127         params.use_short_preamble = -1;
3128         params.use_short_slot_time = -1;
3129         params.ap_isolate = -1;
3130         params.ht_opmode = -1;
3131
3132         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
3133                 params.use_cts_prot =
3134                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
3135         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
3136                 params.use_short_preamble =
3137                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
3138         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
3139                 params.use_short_slot_time =
3140                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
3141         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
3142                 params.basic_rates =
3143                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3144                 params.basic_rates_len =
3145                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3146         }
3147         if (info->attrs[NL80211_ATTR_AP_ISOLATE])
3148                 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
3149         if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
3150                 params.ht_opmode =
3151                         nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
3152
3153         if (!rdev->ops->change_bss)
3154                 return -EOPNOTSUPP;
3155
3156         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3157             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3158                 return -EOPNOTSUPP;
3159
3160         return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
3161 }
3162
3163 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
3164         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
3165         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
3166         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
3167         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
3168         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
3169         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
3170 };
3171
3172 static int parse_reg_rule(struct nlattr *tb[],
3173         struct ieee80211_reg_rule *reg_rule)
3174 {
3175         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
3176         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
3177
3178         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
3179                 return -EINVAL;
3180         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
3181                 return -EINVAL;
3182         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
3183                 return -EINVAL;
3184         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
3185                 return -EINVAL;
3186         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
3187                 return -EINVAL;
3188
3189         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
3190
3191         freq_range->start_freq_khz =
3192                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
3193         freq_range->end_freq_khz =
3194                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
3195         freq_range->max_bandwidth_khz =
3196                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
3197
3198         power_rule->max_eirp =
3199                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
3200
3201         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
3202                 power_rule->max_antenna_gain =
3203                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
3204
3205         return 0;
3206 }
3207
3208 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3209 {
3210         int r;
3211         char *data = NULL;
3212
3213         /*
3214          * You should only get this when cfg80211 hasn't yet initialized
3215          * completely when built-in to the kernel right between the time
3216          * window between nl80211_init() and regulatory_init(), if that is
3217          * even possible.
3218          */
3219         mutex_lock(&cfg80211_mutex);
3220         if (unlikely(!cfg80211_regdomain)) {
3221                 mutex_unlock(&cfg80211_mutex);
3222                 return -EINPROGRESS;
3223         }
3224         mutex_unlock(&cfg80211_mutex);
3225
3226         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3227                 return -EINVAL;
3228
3229         data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3230
3231         r = regulatory_hint_user(data);
3232
3233         return r;
3234 }
3235
3236 static int nl80211_get_mesh_config(struct sk_buff *skb,
3237                                    struct genl_info *info)
3238 {
3239         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3240         struct net_device *dev = info->user_ptr[1];
3241         struct wireless_dev *wdev = dev->ieee80211_ptr;
3242         struct mesh_config cur_params;
3243         int err = 0;
3244         void *hdr;
3245         struct nlattr *pinfoattr;
3246         struct sk_buff *msg;
3247
3248         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3249                 return -EOPNOTSUPP;
3250
3251         if (!rdev->ops->get_mesh_config)
3252                 return -EOPNOTSUPP;
3253
3254         wdev_lock(wdev);
3255         /* If not connected, get default parameters */
3256         if (!wdev->mesh_id_len)
3257                 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
3258         else
3259                 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
3260                                                  &cur_params);
3261         wdev_unlock(wdev);
3262
3263         if (err)
3264                 return err;
3265
3266         /* Draw up a netlink message to send back */
3267         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3268         if (!msg)
3269                 return -ENOMEM;
3270         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3271                              NL80211_CMD_GET_MESH_CONFIG);
3272         if (!hdr)
3273                 goto out;
3274         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
3275         if (!pinfoattr)
3276                 goto nla_put_failure;
3277         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3278         NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
3279                         cur_params.dot11MeshRetryTimeout);
3280         NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3281                         cur_params.dot11MeshConfirmTimeout);
3282         NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
3283                         cur_params.dot11MeshHoldingTimeout);
3284         NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
3285                         cur_params.dot11MeshMaxPeerLinks);
3286         NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
3287                         cur_params.dot11MeshMaxRetries);
3288         NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
3289                         cur_params.dot11MeshTTL);
3290         NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL,
3291                         cur_params.element_ttl);
3292         NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3293                         cur_params.auto_open_plinks);
3294         NLA_PUT_U32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
3295                         cur_params.dot11MeshNbrOffsetMaxNeighbor);
3296         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3297                         cur_params.dot11MeshHWMPmaxPREQretries);
3298         NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
3299                         cur_params.path_refresh_time);
3300         NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3301                         cur_params.min_discovery_timeout);
3302         NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3303                         cur_params.dot11MeshHWMPactivePathTimeout);
3304         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3305                         cur_params.dot11MeshHWMPpreqMinInterval);
3306         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3307                         cur_params.dot11MeshHWMPperrMinInterval);
3308         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3309                         cur_params.dot11MeshHWMPnetDiameterTraversalTime);
3310         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
3311                         cur_params.dot11MeshHWMPRootMode);
3312         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3313                         cur_params.dot11MeshHWMPRannInterval);
3314         NLA_PUT_U8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3315                         cur_params.dot11MeshGateAnnouncementProtocol);
3316         NLA_PUT_U8(msg, NL80211_MESHCONF_FORWARDING,
3317                         cur_params.dot11MeshForwarding);
3318         NLA_PUT_U32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
3319                         cur_params.rssi_threshold);
3320         nla_nest_end(msg, pinfoattr);
3321         genlmsg_end(msg, hdr);
3322         return genlmsg_reply(msg, info);
3323
3324  nla_put_failure:
3325         genlmsg_cancel(msg, hdr);
3326  out:
3327         nlmsg_free(msg);
3328         return -ENOBUFS;
3329 }
3330
3331 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
3332         [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
3333         [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
3334         [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
3335         [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
3336         [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
3337         [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
3338         [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
3339         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
3340         [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
3341
3342         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
3343         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
3344         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
3345         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
3346         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
3347         [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
3348         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
3349         [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
3350         [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
3351         [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
3352         [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
3353         [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32},
3354 };
3355
3356 static const struct nla_policy
3357         nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
3358         [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
3359         [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
3360         [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
3361         [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
3362         [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
3363                 .len = IEEE80211_MAX_DATA_LEN },
3364         [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
3365 };
3366
3367 static int nl80211_parse_mesh_config(struct genl_info *info,
3368                                      struct mesh_config *cfg,
3369                                      u32 *mask_out)
3370 {
3371         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
3372         u32 mask = 0;
3373
3374 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
3375 do {\
3376         if (table[attr_num]) {\
3377                 cfg->param = nla_fn(table[attr_num]); \
3378                 mask |= (1 << (attr_num - 1)); \
3379         } \
3380 } while (0);\
3381
3382
3383         if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
3384                 return -EINVAL;
3385         if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
3386                              info->attrs[NL80211_ATTR_MESH_CONFIG],
3387                              nl80211_meshconf_params_policy))
3388                 return -EINVAL;
3389
3390         /* This makes sure that there aren't more than 32 mesh config
3391          * parameters (otherwise our bitfield scheme would not work.) */
3392         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3393
3394         /* Fill in the params struct */
3395         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3396                         mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
3397         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3398                         mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
3399         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3400                         mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
3401         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3402                         mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
3403         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3404                         mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
3405         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3406                         mask, NL80211_MESHCONF_TTL, nla_get_u8);
3407         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3408                         mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
3409         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3410                         mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
3411         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
3412                         mask, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
3413                         nla_get_u32);
3414         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3415                         mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3416                         nla_get_u8);
3417         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3418                         mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
3419         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3420                         mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3421                         nla_get_u16);
3422         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
3423                         mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3424                         nla_get_u32);
3425         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3426                         mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3427                         nla_get_u16);
3428         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
3429                         mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3430                         nla_get_u16);
3431         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3432                         dot11MeshHWMPnetDiameterTraversalTime,
3433                         mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3434                         nla_get_u16);
3435         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3436                         dot11MeshHWMPRootMode, mask,
3437                         NL80211_MESHCONF_HWMP_ROOTMODE,
3438                         nla_get_u8);
3439         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3440                         dot11MeshHWMPRannInterval, mask,
3441                         NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3442                         nla_get_u16);
3443         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3444                         dot11MeshGateAnnouncementProtocol, mask,
3445                         NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3446                         nla_get_u8);
3447         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding,
3448                         mask, NL80211_MESHCONF_FORWARDING, nla_get_u8);
3449         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold,
3450                         mask, NL80211_MESHCONF_RSSI_THRESHOLD, nla_get_u32);
3451         if (mask_out)
3452                 *mask_out = mask;
3453
3454         return 0;
3455
3456 #undef FILL_IN_MESH_PARAM_IF_SET
3457 }
3458
3459 static int nl80211_parse_mesh_setup(struct genl_info *info,
3460                                      struct mesh_setup *setup)
3461 {
3462         struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3463
3464         if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3465                 return -EINVAL;
3466         if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3467                              info->attrs[NL80211_ATTR_MESH_SETUP],
3468                              nl80211_mesh_setup_params_policy))
3469                 return -EINVAL;
3470
3471         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
3472                 setup->sync_method =
3473                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
3474                  IEEE80211_SYNC_METHOD_VENDOR :
3475                  IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;
3476
3477         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3478                 setup->path_sel_proto =
3479                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3480                  IEEE80211_PATH_PROTOCOL_VENDOR :
3481                  IEEE80211_PATH_PROTOCOL_HWMP;
3482
3483         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3484                 setup->path_metric =
3485                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3486                  IEEE80211_PATH_METRIC_VENDOR :
3487                  IEEE80211_PATH_METRIC_AIRTIME;
3488
3489
3490         if (tb[NL80211_MESH_SETUP_IE]) {
3491                 struct nlattr *ieattr =
3492                         tb[NL80211_MESH_SETUP_IE];
3493                 if (!is_valid_ie_attr(ieattr))
3494                         return -EINVAL;
3495                 setup->ie = nla_data(ieattr);
3496                 setup->ie_len = nla_len(ieattr);
3497         }
3498         setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3499         setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3500
3501         return 0;
3502 }
3503
3504 static int nl80211_update_mesh_config(struct sk_buff *skb,
3505                                       struct genl_info *info)
3506 {
3507         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3508         struct net_device *dev = info->user_ptr[1];
3509         struct wireless_dev *wdev = dev->ieee80211_ptr;
3510         struct mesh_config cfg;
3511         u32 mask;
3512         int err;
3513
3514         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3515                 return -EOPNOTSUPP;
3516
3517         if (!rdev->ops->update_mesh_config)
3518                 return -EOPNOTSUPP;
3519
3520         err = nl80211_parse_mesh_config(info, &cfg, &mask);
3521         if (err)
3522                 return err;
3523
3524         wdev_lock(wdev);
3525         if (!wdev->mesh_id_len)
3526                 err = -ENOLINK;
3527
3528         if (!err)
3529                 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3530                                                     mask, &cfg);
3531
3532         wdev_unlock(wdev);
3533
3534         return err;
3535 }
3536
3537 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3538 {
3539         struct sk_buff *msg;
3540         void *hdr = NULL;
3541         struct nlattr *nl_reg_rules;
3542         unsigned int i;
3543         int err = -EINVAL;
3544
3545         mutex_lock(&cfg80211_mutex);
3546
3547         if (!cfg80211_regdomain)
3548                 goto out;
3549
3550         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3551         if (!msg) {
3552                 err = -ENOBUFS;
3553                 goto out;
3554         }
3555
3556         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3557                              NL80211_CMD_GET_REG);
3558         if (!hdr)
3559                 goto put_failure;
3560
3561         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
3562                 cfg80211_regdomain->alpha2);
3563         if (cfg80211_regdomain->dfs_region)
3564                 NLA_PUT_U8(msg, NL80211_ATTR_DFS_REGION,
3565                            cfg80211_regdomain->dfs_region);
3566
3567         nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3568         if (!nl_reg_rules)
3569                 goto nla_put_failure;
3570
3571         for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
3572                 struct nlattr *nl_reg_rule;
3573                 const struct ieee80211_reg_rule *reg_rule;
3574                 const struct ieee80211_freq_range *freq_range;
3575                 const struct ieee80211_power_rule *power_rule;
3576
3577                 reg_rule = &cfg80211_regdomain->reg_rules[i];
3578                 freq_range = &reg_rule->freq_range;
3579                 power_rule = &reg_rule->power_rule;
3580
3581                 nl_reg_rule = nla_nest_start(msg, i);
3582                 if (!nl_reg_rule)
3583                         goto nla_put_failure;
3584
3585                 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3586                         reg_rule->flags);
3587                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
3588                         freq_range->start_freq_khz);
3589                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
3590                         freq_range->end_freq_khz);
3591                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3592                         freq_range->max_bandwidth_khz);
3593                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3594                         power_rule->max_antenna_gain);
3595                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3596                         power_rule->max_eirp);
3597
3598                 nla_nest_end(msg, nl_reg_rule);
3599         }
3600
3601         nla_nest_end(msg, nl_reg_rules);
3602
3603         genlmsg_end(msg, hdr);
3604         err = genlmsg_reply(msg, info);
3605         goto out;
3606
3607 nla_put_failure:
3608         genlmsg_cancel(msg, hdr);
3609 put_failure:
3610         nlmsg_free(msg);
3611         err = -EMSGSIZE;
3612 out:
3613         mutex_unlock(&cfg80211_mutex);
3614         return err;
3615 }
3616
3617 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3618 {
3619         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3620         struct nlattr *nl_reg_rule;
3621         char *alpha2 = NULL;
3622         int rem_reg_rules = 0, r = 0;
3623         u32 num_rules = 0, rule_idx = 0, size_of_regd;
3624         u8 dfs_region = 0;
3625         struct ieee80211_regdomain *rd = NULL;
3626
3627         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3628                 return -EINVAL;
3629
3630         if (!info->attrs[NL80211_ATTR_REG_RULES])
3631                 return -EINVAL;
3632
3633         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3634
3635         if (info->attrs[NL80211_ATTR_DFS_REGION])
3636                 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
3637
3638         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3639                         rem_reg_rules) {
3640                 num_rules++;
3641                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3642                         return -EINVAL;
3643         }
3644
3645         mutex_lock(&cfg80211_mutex);
3646
3647         if (!reg_is_valid_request(alpha2)) {
3648                 r = -EINVAL;
3649                 goto bad_reg;
3650         }
3651
3652         size_of_regd = sizeof(struct ieee80211_regdomain) +
3653                 (num_rules * sizeof(struct ieee80211_reg_rule));
3654
3655         rd = kzalloc(size_of_regd, GFP_KERNEL);
3656         if (!rd) {
3657                 r = -ENOMEM;
3658                 goto bad_reg;
3659         }
3660
3661         rd->n_reg_rules = num_rules;
3662         rd->alpha2[0] = alpha2[0];
3663         rd->alpha2[1] = alpha2[1];
3664
3665         /*
3666          * Disable DFS master mode if the DFS region was
3667          * not supported or known on this kernel.
3668          */
3669         if (reg_supported_dfs_region(dfs_region))
3670                 rd->dfs_region = dfs_region;
3671
3672         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3673                         rem_reg_rules) {
3674                 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3675                         nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3676                         reg_rule_policy);
3677                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3678                 if (r)
3679                         goto bad_reg;
3680
3681                 rule_idx++;
3682
3683                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3684                         r = -EINVAL;
3685                         goto bad_reg;
3686                 }
3687         }
3688
3689         BUG_ON(rule_idx != num_rules);
3690
3691         r = set_regdom(rd);
3692
3693         mutex_unlock(&cfg80211_mutex);
3694
3695         return r;
3696
3697  bad_reg:
3698         mutex_unlock(&cfg80211_mutex);
3699         kfree(rd);
3700         return r;
3701 }
3702
3703 static int validate_scan_freqs(struct nlattr *freqs)
3704 {
3705         struct nlattr *attr1, *attr2;
3706         int n_channels = 0, tmp1, tmp2;
3707
3708         nla_for_each_nested(attr1, freqs, tmp1) {
3709                 n_channels++;
3710                 /*
3711                  * Some hardware has a limited channel list for
3712                  * scanning, and it is pretty much nonsensical
3713                  * to scan for a channel twice, so disallow that
3714                  * and don't require drivers to check that the
3715                  * channel list they get isn't longer than what
3716                  * they can scan, as long as they can scan all
3717                  * the channels they registered at once.
3718                  */
3719                 nla_for_each_nested(attr2, freqs, tmp2)
3720                         if (attr1 != attr2 &&
3721                             nla_get_u32(attr1) == nla_get_u32(attr2))
3722                                 return 0;
3723         }
3724
3725         return n_channels;
3726 }
3727
3728 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3729 {
3730         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3731         struct net_device *dev = info->user_ptr[1];
3732         struct cfg80211_scan_request *request;
3733         struct nlattr *attr;
3734         struct wiphy *wiphy;
3735         int err, tmp, n_ssids = 0, n_channels, i;
3736         size_t ie_len;
3737
3738         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3739                 return -EINVAL;
3740
3741         wiphy = &rdev->wiphy;
3742
3743         if (!rdev->ops->scan)
3744                 return -EOPNOTSUPP;
3745
3746         if (rdev->scan_req)
3747                 return -EBUSY;
3748
3749         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3750                 n_channels = validate_scan_freqs(
3751                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3752                 if (!n_channels)
3753                         return -EINVAL;
3754         } else {
3755                 enum ieee80211_band band;
3756                 n_channels = 0;
3757
3758                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3759                         if (wiphy->bands[band])
3760                                 n_channels += wiphy->bands[band]->n_channels;
3761         }
3762
3763         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3764                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3765                         n_ssids++;
3766
3767         if (n_ssids > wiphy->max_scan_ssids)
3768                 return -EINVAL;
3769
3770         if (info->attrs[NL80211_ATTR_IE])
3771                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3772         else
3773                 ie_len = 0;
3774
3775         if (ie_len > wiphy->max_scan_ie_len)
3776                 return -EINVAL;
3777
3778         request = kzalloc(sizeof(*request)
3779                         + sizeof(*request->ssids) * n_ssids
3780                         + sizeof(*request->channels) * n_channels
3781                         + ie_len, GFP_KERNEL);
3782         if (!request)
3783                 return -ENOMEM;
3784
3785         if (n_ssids)
3786                 request->ssids = (void *)&request->channels[n_channels];
3787         request->n_ssids = n_ssids;
3788         if (ie_len) {
3789                 if (request->ssids)
3790                         request->ie = (void *)(request->ssids + n_ssids);
3791                 else
3792                         request->ie = (void *)(request->channels + n_channels);
3793         }
3794
3795         i = 0;
3796         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3797                 /* user specified, bail out if channel not found */
3798                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3799                         struct ieee80211_channel *chan;
3800
3801                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3802
3803                         if (!chan) {
3804                                 err = -EINVAL;
3805                                 goto out_free;
3806                         }
3807
3808                         /* ignore disabled channels */
3809                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3810                                 continue;
3811
3812                         request->channels[i] = chan;
3813                         i++;
3814                 }
3815         } else {
3816                 enum ieee80211_band band;
3817
3818                 /* all channels */
3819                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3820                         int j;
3821                         if (!wiphy->bands[band])
3822                                 continue;
3823                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3824                                 struct ieee80211_channel *chan;
3825
3826                                 chan = &wiphy->bands[band]->channels[j];
3827
3828                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3829                                         continue;
3830
3831                                 request->channels[i] = chan;
3832                                 i++;
3833                         }
3834                 }
3835         }
3836
3837         if (!i) {
3838                 err = -EINVAL;
3839                 goto out_free;
3840         }
3841
3842         request->n_channels = i;
3843
3844         i = 0;
3845         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3846                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3847                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3848                                 err = -EINVAL;
3849                                 goto out_free;
3850                         }
3851                         request->ssids[i].ssid_len = nla_len(attr);
3852                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3853                         i++;
3854                 }
3855         }
3856
3857         if (info->attrs[NL80211_ATTR_IE]) {
3858                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3859                 memcpy((void *)request->ie,
3860                        nla_data(info->attrs[NL80211_ATTR_IE]),
3861                        request->ie_len);
3862         }
3863
3864         for (i = 0; i < IEEE80211_NUM_BANDS; i++)
3865                 if (wiphy->bands[i])
3866                         request->rates[i] =
3867                                 (1 << wiphy->bands[i]->n_bitrates) - 1;
3868
3869         if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
3870                 nla_for_each_nested(attr,
3871                                     info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
3872                                     tmp) {
3873                         enum ieee80211_band band = nla_type(attr);
3874
3875                         if (band < 0 || band >= IEEE80211_NUM_BANDS) {
3876                                 err = -EINVAL;
3877                                 goto out_free;
3878                         }
3879                         err = ieee80211_get_ratemask(wiphy->bands[band],
3880                                                      nla_data(attr),
3881                                                      nla_len(attr),
3882                                                      &request->rates[band]);
3883                         if (err)
3884                                 goto out_free;
3885                 }
3886         }
3887
3888         request->no_cck =
3889                 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
3890
3891         request->dev = dev;
3892         request->wiphy = &rdev->wiphy;
3893
3894         rdev->scan_req = request;
3895         err = rdev->ops->scan(&rdev->wiphy, dev, request);
3896
3897         if (!err) {
3898                 nl80211_send_scan_start(rdev, dev);
3899                 dev_hold(dev);
3900         } else {
3901  out_free:
3902                 rdev->scan_req = NULL;
3903                 kfree(request);
3904         }
3905
3906         return err;
3907 }
3908
3909 static int nl80211_start_sched_scan(struct sk_buff *skb,
3910                                     struct genl_info *info)
3911 {
3912         struct cfg80211_sched_scan_request *request;
3913         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3914         struct net_device *dev = info->user_ptr[1];
3915         struct nlattr *attr;
3916         struct wiphy *wiphy;
3917         int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
3918         u32 interval;
3919         enum ieee80211_band band;
3920         size_t ie_len;
3921         struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
3922
3923         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3924             !rdev->ops->sched_scan_start)
3925                 return -EOPNOTSUPP;
3926
3927         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3928                 return -EINVAL;
3929
3930         if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
3931                 return -EINVAL;
3932
3933         interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
3934         if (interval == 0)
3935                 return -EINVAL;
3936
3937         wiphy = &rdev->wiphy;
3938
3939         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3940                 n_channels = validate_scan_freqs(
3941                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3942                 if (!n_channels)
3943                         return -EINVAL;
3944         } else {
3945                 n_channels = 0;
3946
3947                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3948                         if (wiphy->bands[band])
3949                                 n_channels += wiphy->bands[band]->n_channels;
3950         }
3951
3952         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3953                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3954                                     tmp)
3955                         n_ssids++;
3956
3957         if (n_ssids > wiphy->max_sched_scan_ssids)
3958                 return -EINVAL;
3959
3960         if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
3961                 nla_for_each_nested(attr,
3962                                     info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
3963                                     tmp)
3964                         n_match_sets++;
3965
3966         if (n_match_sets > wiphy->max_match_sets)
3967                 return -EINVAL;
3968
3969         if (info->attrs[NL80211_ATTR_IE])
3970                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3971         else
3972                 ie_len = 0;
3973
3974         if (ie_len > wiphy->max_sched_scan_ie_len)
3975                 return -EINVAL;
3976
3977         mutex_lock(&rdev->sched_scan_mtx);
3978
3979         if (rdev->sched_scan_req) {
3980                 err = -EINPROGRESS;
3981                 goto out;
3982         }
3983
3984         request = kzalloc(sizeof(*request)
3985                         + sizeof(*request->ssids) * n_ssids
3986                         + sizeof(*request->match_sets) * n_match_sets
3987                         + sizeof(*request->channels) * n_channels
3988                         + ie_len, GFP_KERNEL);
3989         if (!request) {
3990                 err = -ENOMEM;
3991                 goto out;
3992         }
3993
3994         if (n_ssids)
3995                 request->ssids = (void *)&request->channels[n_channels];
3996         request->n_ssids = n_ssids;
3997         if (ie_len) {
3998                 if (request->ssids)
3999                         request->ie = (void *)(request->ssids + n_ssids);
4000                 else
4001                         request->ie = (void *)(request->channels + n_channels);
4002         }
4003
4004         if (n_match_sets) {
4005                 if (request->ie)
4006                         request->match_sets = (void *)(request->ie + ie_len);
4007                 else if (request->ssids)
4008                         request->match_sets =
4009                                 (void *)(request->ssids + n_ssids);
4010                 else
4011                         request->match_sets =
4012                                 (void *)(request->channels + n_channels);
4013         }
4014         request->n_match_sets = n_match_sets;
4015
4016         i = 0;
4017         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4018                 /* user specified, bail out if channel not found */
4019                 nla_for_each_nested(attr,
4020                                     info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
4021                                     tmp) {
4022                         struct ieee80211_channel *chan;
4023
4024                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4025
4026                         if (!chan) {
4027                                 err = -EINVAL;
4028                                 goto out_free;
4029                         }
4030
4031                         /* ignore disabled channels */
4032                         if (chan->flags & IEEE80211_CHAN_DISABLED)
4033                                 continue;
4034
4035                         request->channels[i] = chan;
4036                         i++;
4037                 }
4038         } else {
4039                 /* all channels */
4040                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4041                         int j;
4042                         if (!wiphy->bands[band])
4043                                 continue;
4044                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4045                                 struct ieee80211_channel *chan;
4046
4047                                 chan = &wiphy->bands[band]->channels[j];
4048
4049                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
4050                                         continue;
4051
4052                                 request->channels[i] = chan;
4053                                 i++;
4054                         }
4055                 }
4056         }
4057
4058         if (!i) {
4059                 err = -EINVAL;
4060                 goto out_free;
4061         }
4062
4063         request->n_channels = i;
4064
4065         i = 0;
4066         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4067                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4068                                     tmp) {
4069                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4070                                 err = -EINVAL;
4071                                 goto out_free;
4072                         }
4073                         request->ssids[i].ssid_len = nla_len(attr);
4074                         memcpy(request->ssids[i].ssid, nla_data(attr),
4075                                nla_len(attr));
4076                         i++;
4077                 }
4078         }
4079
4080         i = 0;
4081         if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
4082                 nla_for_each_nested(attr,
4083                                     info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4084                                     tmp) {
4085                         struct nlattr *ssid;
4086
4087                         nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
4088                                   nla_data(attr), nla_len(attr),
4089                                   nl80211_match_policy);
4090                         ssid = tb[NL80211_ATTR_SCHED_SCAN_MATCH_SSID];
4091                         if (ssid) {
4092                                 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
4093                                         err = -EINVAL;
4094                                         goto out_free;
4095                                 }
4096                                 memcpy(request->match_sets[i].ssid.ssid,
4097                                        nla_data(ssid), nla_len(ssid));
4098                                 request->match_sets[i].ssid.ssid_len =
4099                                         nla_len(ssid);
4100                         }
4101                         i++;
4102                 }
4103         }
4104
4105         if (info->attrs[NL80211_ATTR_IE]) {
4106                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4107                 memcpy((void *)request->ie,
4108                        nla_data(info->attrs[NL80211_ATTR_IE]),
4109                        request->ie_len);
4110         }
4111
4112         request->dev = dev;
4113         request->wiphy = &rdev->wiphy;
4114         request->interval = interval;
4115
4116         err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
4117         if (!err) {
4118                 rdev->sched_scan_req = request;
4119                 nl80211_send_sched_scan(rdev, dev,
4120                                         NL80211_CMD_START_SCHED_SCAN);
4121                 goto out;
4122         }
4123
4124 out_free:
4125         kfree(request);
4126 out:
4127         mutex_unlock(&rdev->sched_scan_mtx);
4128         return err;
4129 }
4130
4131 static int nl80211_stop_sched_scan(struct sk_buff *skb,
4132                                    struct genl_info *info)
4133 {
4134         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4135         int err;
4136
4137         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4138             !rdev->ops->sched_scan_stop)
4139                 return -EOPNOTSUPP;
4140
4141         mutex_lock(&rdev->sched_scan_mtx);
4142         err = __cfg80211_stop_sched_scan(rdev, false);
4143         mutex_unlock(&rdev->sched_scan_mtx);
4144
4145         return err;
4146 }
4147
4148 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4149                             u32 seq, int flags,
4150                             struct cfg80211_registered_device *rdev,
4151                             struct wireless_dev *wdev,
4152                             struct cfg80211_internal_bss *intbss)
4153 {
4154         struct cfg80211_bss *res = &intbss->pub;
4155         void *hdr;
4156         struct nlattr *bss;
4157
4158         ASSERT_WDEV_LOCK(wdev);
4159
4160         hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags,
4161                              NL80211_CMD_NEW_SCAN_RESULTS);
4162         if (!hdr)
4163                 return -1;
4164
4165         genl_dump_check_consistent(cb, hdr, &nl80211_fam);
4166
4167         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
4168         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
4169
4170         bss = nla_nest_start(msg, NL80211_ATTR_BSS);
4171         if (!bss)
4172                 goto nla_put_failure;
4173         if (!is_zero_ether_addr(res->bssid))
4174                 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
4175         if (res->information_elements && res->len_information_elements)
4176                 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
4177                         res->len_information_elements,
4178                         res->information_elements);
4179         if (res->beacon_ies && res->len_beacon_ies &&
4180             res->beacon_ies != res->information_elements)
4181                 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
4182                         res->len_beacon_ies, res->beacon_ies);
4183         if (res->tsf)
4184                 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
4185         if (res->beacon_interval)
4186                 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
4187         NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
4188         NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
4189         NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
4190                 jiffies_to_msecs(jiffies - intbss->ts));
4191
4192         switch (rdev->wiphy.signal_type) {
4193         case CFG80211_SIGNAL_TYPE_MBM:
4194                 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
4195                 break;
4196         case CFG80211_SIGNAL_TYPE_UNSPEC:
4197                 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
4198                 break;
4199         default:
4200                 break;
4201         }
4202
4203         switch (wdev->iftype) {
4204         case NL80211_IFTYPE_P2P_CLIENT:
4205         case NL80211_IFTYPE_STATION:
4206                 if (intbss == wdev->current_bss)
4207                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
4208                                     NL80211_BSS_STATUS_ASSOCIATED);
4209                 break;
4210         case NL80211_IFTYPE_ADHOC:
4211                 if (intbss == wdev->current_bss)
4212                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
4213                                     NL80211_BSS_STATUS_IBSS_JOINED);
4214                 break;
4215         default:
4216                 break;
4217         }
4218
4219         nla_nest_end(msg, bss);
4220
4221         return genlmsg_end(msg, hdr);
4222
4223  nla_put_failure:
4224         genlmsg_cancel(msg, hdr);
4225         return -EMSGSIZE;
4226 }
4227
4228 static int nl80211_dump_scan(struct sk_buff *skb,
4229                              struct netlink_callback *cb)
4230 {
4231         struct cfg80211_registered_device *rdev;
4232         struct net_device *dev;
4233         struct cfg80211_internal_bss *scan;
4234         struct wireless_dev *wdev;
4235         int start = cb->args[1], idx = 0;
4236         int err;
4237
4238         err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
4239         if (err)
4240                 return err;
4241
4242         wdev = dev->ieee80211_ptr;
4243
4244         wdev_lock(wdev);
4245         spin_lock_bh(&rdev->bss_lock);
4246         cfg80211_bss_expire(rdev);
4247
4248         cb->seq = rdev->bss_generation;
4249
4250         list_for_each_entry(scan, &rdev->bss_list, list) {
4251                 if (++idx <= start)
4252                         continue;
4253                 if (nl80211_send_bss(skb, cb,
4254                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4255                                 rdev, wdev, scan) < 0) {
4256                         idx--;
4257                         break;
4258                 }
4259         }
4260
4261         spin_unlock_bh(&rdev->bss_lock);
4262         wdev_unlock(wdev);
4263
4264         cb->args[1] = idx;
4265         nl80211_finish_netdev_dump(rdev);
4266
4267         return skb->len;
4268 }
4269
4270 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
4271                                 int flags, struct net_device *dev,
4272                                 struct survey_info *survey)
4273 {
4274         void *hdr;
4275         struct nlattr *infoattr;
4276
4277         hdr = nl80211hdr_put(msg, pid, seq, flags,
4278                              NL80211_CMD_NEW_SURVEY_RESULTS);
4279         if (!hdr)
4280                 return -ENOMEM;
4281
4282         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
4283
4284         infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
4285         if (!infoattr)
4286                 goto nla_put_failure;
4287
4288         NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
4289                     survey->channel->center_freq);
4290         if (survey->filled & SURVEY_INFO_NOISE_DBM)
4291                 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
4292                             survey->noise);
4293         if (survey->filled & SURVEY_INFO_IN_USE)
4294                 NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE);
4295         if (survey->filled & SURVEY_INFO_CHANNEL_TIME)
4296                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
4297                             survey->channel_time);
4298         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
4299                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
4300                             survey->channel_time_busy);
4301         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
4302                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
4303                             survey->channel_time_ext_busy);
4304         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX)
4305                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
4306                             survey->channel_time_rx);
4307         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX)
4308                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
4309                             survey->channel_time_tx);
4310
4311         nla_nest_end(msg, infoattr);
4312
4313         return genlmsg_end(msg, hdr);
4314
4315  nla_put_failure:
4316         genlmsg_cancel(msg, hdr);
4317         return -EMSGSIZE;
4318 }
4319
4320 static int nl80211_dump_survey(struct sk_buff *skb,
4321                         struct netlink_callback *cb)
4322 {
4323         struct survey_info survey;
4324         struct cfg80211_registered_device *dev;
4325         struct net_device *netdev;
4326         int survey_idx = cb->args[1];
4327         int res;
4328
4329         res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
4330         if (res)
4331                 return res;
4332
4333         if (!dev->ops->dump_survey) {
4334                 res = -EOPNOTSUPP;
4335                 goto out_err;
4336         }
4337
4338         while (1) {
4339                 struct ieee80211_channel *chan;
4340
4341                 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
4342                                             &survey);
4343                 if (res == -ENOENT)
4344                         break;
4345                 if (res)
4346                         goto out_err;
4347
4348                 /* Survey without a channel doesn't make sense */
4349                 if (!survey.channel) {
4350                         res = -EINVAL;
4351                         goto out;
4352                 }
4353
4354                 chan = ieee80211_get_channel(&dev->wiphy,
4355                                              survey.channel->center_freq);
4356                 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
4357                         survey_idx++;
4358                         continue;
4359                 }
4360
4361                 if (nl80211_send_survey(skb,
4362                                 NETLINK_CB(cb->skb).pid,
4363                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4364                                 netdev,
4365                                 &survey) < 0)
4366                         goto out;
4367                 survey_idx++;
4368         }
4369
4370  out:
4371         cb->args[1] = survey_idx;
4372         res = skb->len;
4373  out_err:
4374         nl80211_finish_netdev_dump(dev);
4375         return res;
4376 }
4377
4378 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
4379 {
4380         return auth_type <= NL80211_AUTHTYPE_MAX;
4381 }
4382
4383 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
4384 {
4385         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
4386                                   NL80211_WPA_VERSION_2));
4387 }
4388
4389 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
4390 {
4391         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4392         struct net_device *dev = info->user_ptr[1];
4393         struct ieee80211_channel *chan;
4394         const u8 *bssid, *ssid, *ie = NULL;
4395         int err, ssid_len, ie_len = 0;
4396         enum nl80211_auth_type auth_type;
4397         struct key_parse key;
4398         bool local_state_change;
4399
4400         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4401                 return -EINVAL;
4402
4403         if (!info->attrs[NL80211_ATTR_MAC])
4404                 return -EINVAL;
4405
4406         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
4407                 return -EINVAL;
4408
4409         if (!info->attrs[NL80211_ATTR_SSID])
4410                 return -EINVAL;
4411
4412         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
4413                 return -EINVAL;
4414
4415         err = nl80211_parse_key(info, &key);
4416         if (err)
4417                 return err;
4418
4419         if (key.idx >= 0) {
4420                 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
4421                         return -EINVAL;
4422                 if (!key.p.key || !key.p.key_len)
4423                         return -EINVAL;
4424                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
4425                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
4426                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
4427                      key.p.key_len != WLAN_KEY_LEN_WEP104))
4428                         return -EINVAL;
4429                 if (key.idx > 4)
4430                         return -EINVAL;
4431         } else {
4432                 key.p.key_len = 0;
4433                 key.p.key = NULL;
4434         }
4435
4436         if (key.idx >= 0) {
4437                 int i;
4438                 bool ok = false;
4439                 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
4440                         if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
4441                                 ok = true;
4442                                 break;
4443                         }
4444                 }
4445                 if (!ok)
4446                         return -EINVAL;
4447         }
4448
4449         if (!rdev->ops->auth)
4450                 return -EOPNOTSUPP;
4451
4452         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4453             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4454                 return -EOPNOTSUPP;
4455
4456         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4457         chan = ieee80211_get_channel(&rdev->wiphy,
4458                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4459         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4460                 return -EINVAL;
4461
4462         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4463         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4464
4465         if (info->attrs[NL80211_ATTR_IE]) {
4466                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4467                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4468         }
4469
4470         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4471         if (!nl80211_valid_auth_type(auth_type))
4472                 return -EINVAL;
4473
4474         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4475
4476         /*
4477          * Since we no longer track auth state, ignore
4478          * requests to only change local state.
4479          */
4480         if (local_state_change)
4481                 return 0;
4482
4483         return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
4484                                   ssid, ssid_len, ie, ie_len,
4485                                   key.p.key, key.p.key_len, key.idx);
4486 }
4487
4488 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4489                                    struct genl_info *info,
4490                                    struct cfg80211_crypto_settings *settings,
4491                                    int cipher_limit)
4492 {
4493         memset(settings, 0, sizeof(*settings));
4494
4495         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
4496
4497         if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
4498                 u16 proto;
4499                 proto = nla_get_u16(
4500                         info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
4501                 settings->control_port_ethertype = cpu_to_be16(proto);
4502                 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
4503                     proto != ETH_P_PAE)
4504                         return -EINVAL;
4505                 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
4506                         settings->control_port_no_encrypt = true;
4507         } else
4508                 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
4509
4510         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
4511                 void *data;
4512                 int len, i;
4513
4514                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4515                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4516                 settings->n_ciphers_pairwise = len / sizeof(u32);
4517
4518                 if (len % sizeof(u32))
4519                         return -EINVAL;
4520
4521                 if (settings->n_ciphers_pairwise > cipher_limit)
4522                         return -EINVAL;
4523
4524                 memcpy(settings->ciphers_pairwise, data, len);
4525
4526                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
4527                         if (!cfg80211_supported_cipher_suite(
4528                                         &rdev->wiphy,
4529                                         settings->ciphers_pairwise[i]))
4530                                 return -EINVAL;
4531         }
4532
4533         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
4534                 settings->cipher_group =
4535                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
4536                 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
4537                                                      settings->cipher_group))
4538                         return -EINVAL;
4539         }
4540
4541         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
4542                 settings->wpa_versions =
4543                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
4544                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
4545                         return -EINVAL;
4546         }
4547
4548         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
4549                 void *data;
4550                 int len;
4551
4552                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
4553                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
4554                 settings->n_akm_suites = len / sizeof(u32);
4555
4556                 if (len % sizeof(u32))
4557                         return -EINVAL;
4558
4559                 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
4560                         return -EINVAL;
4561
4562                 memcpy(settings->akm_suites, data, len);
4563         }
4564
4565         return 0;
4566 }
4567
4568 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
4569 {
4570         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4571         struct net_device *dev = info->user_ptr[1];
4572         struct cfg80211_crypto_settings crypto;
4573         struct ieee80211_channel *chan;
4574         const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
4575         int err, ssid_len, ie_len = 0;
4576         bool use_mfp = false;
4577         u32 flags = 0;
4578         struct ieee80211_ht_cap *ht_capa = NULL;
4579         struct ieee80211_ht_cap *ht_capa_mask = NULL;
4580
4581         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4582                 return -EINVAL;
4583
4584         if (!info->attrs[NL80211_ATTR_MAC] ||
4585             !info->attrs[NL80211_ATTR_SSID] ||
4586             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4587                 return -EINVAL;
4588
4589         if (!rdev->ops->assoc)
4590                 return -EOPNOTSUPP;
4591
4592         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4593             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4594                 return -EOPNOTSUPP;
4595
4596         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4597
4598         chan = ieee80211_get_channel(&rdev->wiphy,
4599                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4600         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4601                 return -EINVAL;
4602
4603         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4604         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4605
4606         if (info->attrs[NL80211_ATTR_IE]) {
4607                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4608                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4609         }
4610
4611         if (info->attrs[NL80211_ATTR_USE_MFP]) {
4612                 enum nl80211_mfp mfp =
4613                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
4614                 if (mfp == NL80211_MFP_REQUIRED)
4615                         use_mfp = true;
4616                 else if (mfp != NL80211_MFP_NO)
4617                         return -EINVAL;
4618         }
4619
4620         if (info->attrs[NL80211_ATTR_PREV_BSSID])
4621                 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
4622
4623         if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
4624                 flags |= ASSOC_REQ_DISABLE_HT;
4625
4626         if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
4627                 ht_capa_mask =
4628                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]);
4629
4630         if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
4631                 if (!ht_capa_mask)
4632                         return -EINVAL;
4633                 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4634         }
4635
4636         err = nl80211_crypto_settings(rdev, info, &crypto, 1);
4637         if (!err)
4638                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
4639                                           ssid, ssid_len, ie, ie_len, use_mfp,
4640                                           &crypto, flags, ht_capa,
4641                                           ht_capa_mask);
4642
4643         return err;
4644 }
4645
4646 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
4647 {
4648         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4649         struct net_device *dev = info->user_ptr[1];
4650         const u8 *ie = NULL, *bssid;
4651         int ie_len = 0;
4652         u16 reason_code;
4653         bool local_state_change;
4654
4655         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4656                 return -EINVAL;
4657
4658         if (!info->attrs[NL80211_ATTR_MAC])
4659                 return -EINVAL;
4660
4661         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4662                 return -EINVAL;
4663
4664         if (!rdev->ops->deauth)
4665                 return -EOPNOTSUPP;
4666
4667         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4668             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4669                 return -EOPNOTSUPP;
4670
4671         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4672
4673         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4674         if (reason_code == 0) {
4675                 /* Reason Code 0 is reserved */
4676                 return -EINVAL;
4677         }
4678
4679         if (info->attrs[NL80211_ATTR_IE]) {
4680                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4681                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4682         }
4683
4684         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4685
4686         return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
4687                                     local_state_change);
4688 }
4689
4690 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
4691 {
4692         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4693         struct net_device *dev = info->user_ptr[1];
4694         const u8 *ie = NULL, *bssid;
4695         int ie_len = 0;
4696         u16 reason_code;
4697         bool local_state_change;
4698
4699         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4700                 return -EINVAL;
4701
4702         if (!info->attrs[NL80211_ATTR_MAC])
4703                 return -EINVAL;
4704
4705         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4706                 return -EINVAL;
4707
4708         if (!rdev->ops->disassoc)
4709                 return -EOPNOTSUPP;
4710
4711         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4712             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4713                 return -EOPNOTSUPP;
4714
4715         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4716
4717         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4718         if (reason_code == 0) {
4719                 /* Reason Code 0 is reserved */
4720                 return -EINVAL;
4721         }
4722
4723         if (info->attrs[NL80211_ATTR_IE]) {
4724                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4725                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4726         }
4727
4728         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4729
4730         return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
4731                                       local_state_change);
4732 }
4733
4734 static bool
4735 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
4736                          int mcast_rate[IEEE80211_NUM_BANDS],
4737                          int rateval)
4738 {
4739         struct wiphy *wiphy = &rdev->wiphy;
4740         bool found = false;
4741         int band, i;
4742
4743         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4744                 struct ieee80211_supported_band *sband;
4745
4746                 sband = wiphy->bands[band];
4747                 if (!sband)
4748                         continue;
4749
4750                 for (i = 0; i < sband->n_bitrates; i++) {
4751                         if (sband->bitrates[i].bitrate == rateval) {
4752                                 mcast_rate[band] = i + 1;
4753                                 found = true;
4754                                 break;
4755                         }
4756                 }
4757         }
4758
4759         return found;
4760 }
4761
4762 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
4763 {
4764         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4765         struct net_device *dev = info->user_ptr[1];
4766         struct cfg80211_ibss_params ibss;
4767         struct wiphy *wiphy;
4768         struct cfg80211_cached_keys *connkeys = NULL;
4769         int err;
4770
4771         memset(&ibss, 0, sizeof(ibss));
4772
4773         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4774                 return -EINVAL;
4775
4776         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4777             !info->attrs[NL80211_ATTR_SSID] ||
4778             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4779                 return -EINVAL;
4780
4781         ibss.beacon_interval = 100;
4782
4783         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
4784                 ibss.beacon_interval =
4785                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4786                 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
4787                         return -EINVAL;
4788         }
4789
4790         if (!rdev->ops->join_ibss)
4791                 return -EOPNOTSUPP;
4792
4793         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4794                 return -EOPNOTSUPP;
4795
4796         wiphy = &rdev->wiphy;
4797
4798         if (info->attrs[NL80211_ATTR_MAC]) {
4799                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4800
4801                 if (!is_valid_ether_addr(ibss.bssid))
4802                         return -EINVAL;
4803         }
4804         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4805         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4806
4807         if (info->attrs[NL80211_ATTR_IE]) {
4808                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4809                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4810         }
4811
4812         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4813                 enum nl80211_channel_type channel_type;
4814
4815                 channel_type = nla_get_u32(
4816                                 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4817                 if (channel_type != NL80211_CHAN_NO_HT &&
4818                     channel_type != NL80211_CHAN_HT20 &&
4819                     channel_type != NL80211_CHAN_HT40MINUS &&
4820                     channel_type != NL80211_CHAN_HT40PLUS)
4821                         return -EINVAL;
4822
4823                 if (channel_type != NL80211_CHAN_NO_HT &&
4824                     !(wiphy->features & NL80211_FEATURE_HT_IBSS))
4825                         return -EINVAL;
4826
4827                 ibss.channel_type = channel_type;
4828         } else {
4829                 ibss.channel_type = NL80211_CHAN_NO_HT;
4830         }
4831
4832         ibss.channel = rdev_freq_to_chan(rdev,
4833                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]),
4834                 ibss.channel_type);
4835         if (!ibss.channel ||
4836             ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4837             ibss.channel->flags & IEEE80211_CHAN_DISABLED)
4838                 return -EINVAL;
4839
4840         /* Both channels should be able to initiate communication */
4841         if ((ibss.channel_type == NL80211_CHAN_HT40PLUS ||
4842              ibss.channel_type == NL80211_CHAN_HT40MINUS) &&
4843             !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel,
4844                                           ibss.channel_type))
4845                 return -EINVAL;
4846
4847         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4848         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4849
4850         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4851                 u8 *rates =
4852                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4853                 int n_rates =
4854                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4855                 struct ieee80211_supported_band *sband =
4856                         wiphy->bands[ibss.channel->band];
4857
4858                 err = ieee80211_get_ratemask(sband, rates, n_rates,
4859                                              &ibss.basic_rates);
4860                 if (err)
4861                         return err;
4862         }
4863
4864         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
4865             !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
4866                         nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
4867                 return -EINVAL;
4868
4869         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4870                 connkeys = nl80211_parse_connkeys(rdev,
4871                                         info->attrs[NL80211_ATTR_KEYS]);
4872                 if (IS_ERR(connkeys))
4873                         return PTR_ERR(connkeys);
4874         }
4875
4876         ibss.control_port =
4877                 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
4878
4879         err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4880         if (err)
4881                 kfree(connkeys);
4882         return err;
4883 }
4884
4885 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4886 {
4887         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4888         struct net_device *dev = info->user_ptr[1];
4889
4890         if (!rdev->ops->leave_ibss)
4891                 return -EOPNOTSUPP;
4892
4893         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4894                 return -EOPNOTSUPP;
4895
4896         return cfg80211_leave_ibss(rdev, dev, false);
4897 }
4898
4899 #ifdef CONFIG_NL80211_TESTMODE
4900 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4901         .name = "testmode",
4902 };
4903
4904 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4905 {
4906         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4907         int err;
4908
4909         if (!info->attrs[NL80211_ATTR_TESTDATA])
4910                 return -EINVAL;
4911
4912         err = -EOPNOTSUPP;
4913         if (rdev->ops->testmode_cmd) {
4914                 rdev->testmode_info = info;
4915                 err = rdev->ops->testmode_cmd(&rdev->wiphy,
4916                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4917                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4918                 rdev->testmode_info = NULL;
4919         }
4920
4921         return err;
4922 }
4923
4924 static int nl80211_testmode_dump(struct sk_buff *skb,
4925                                  struct netlink_callback *cb)
4926 {
4927         struct cfg80211_registered_device *rdev;
4928         int err;
4929         long phy_idx;
4930         void *data = NULL;
4931         int data_len = 0;
4932
4933         if (cb->args[0]) {
4934                 /*
4935                  * 0 is a valid index, but not valid for args[0],
4936                  * so we need to offset by 1.
4937                  */
4938                 phy_idx = cb->args[0] - 1;
4939         } else {
4940                 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
4941                                   nl80211_fam.attrbuf, nl80211_fam.maxattr,
4942                                   nl80211_policy);
4943                 if (err)
4944                         return err;
4945                 if (nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) {
4946                         phy_idx = nla_get_u32(
4947                                 nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]);
4948                 } else {
4949                         struct net_device *netdev;
4950
4951                         err = get_rdev_dev_by_ifindex(sock_net(skb->sk),
4952                                                       nl80211_fam.attrbuf,
4953                                                       &rdev, &netdev);
4954                         if (err)
4955                                 return err;
4956                         dev_put(netdev);
4957                         phy_idx = rdev->wiphy_idx;
4958                         cfg80211_unlock_rdev(rdev);
4959                 }
4960                 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
4961                         cb->args[1] =
4962                                 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
4963         }
4964
4965         if (cb->args[1]) {
4966                 data = nla_data((void *)cb->args[1]);
4967                 data_len = nla_len((void *)cb->args[1]);
4968         }
4969
4970         mutex_lock(&cfg80211_mutex);
4971         rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
4972         if (!rdev) {
4973                 mutex_unlock(&cfg80211_mutex);
4974                 return -ENOENT;
4975         }
4976         cfg80211_lock_rdev(rdev);
4977         mutex_unlock(&cfg80211_mutex);
4978
4979         if (!rdev->ops->testmode_dump) {
4980                 err = -EOPNOTSUPP;
4981                 goto out_err;
4982         }
4983
4984         while (1) {
4985                 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid,
4986                                            cb->nlh->nlmsg_seq, NLM_F_MULTI,
4987                                            NL80211_CMD_TESTMODE);
4988                 struct nlattr *tmdata;
4989
4990                 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx) < 0) {
4991                         genlmsg_cancel(skb, hdr);
4992                         break;
4993                 }
4994
4995                 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4996                 if (!tmdata) {
4997                         genlmsg_cancel(skb, hdr);
4998                         break;
4999                 }
5000                 err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb,
5001                                                data, data_len);
5002                 nla_nest_end(skb, tmdata);
5003
5004                 if (err == -ENOBUFS || err == -ENOENT) {
5005                         genlmsg_cancel(skb, hdr);
5006                         break;
5007                 } else if (err) {
5008                         genlmsg_cancel(skb, hdr);
5009                         goto out_err;
5010                 }
5011
5012                 genlmsg_end(skb, hdr);
5013         }
5014
5015         err = skb->len;
5016         /* see above */
5017         cb->args[0] = phy_idx + 1;
5018  out_err:
5019         cfg80211_unlock_rdev(rdev);
5020         return err;
5021 }
5022
5023 static struct sk_buff *
5024 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
5025                               int approxlen, u32 pid, u32 seq, gfp_t gfp)
5026 {
5027         struct sk_buff *skb;
5028         void *hdr;
5029         struct nlattr *data;
5030
5031         skb = nlmsg_new(approxlen + 100, gfp);
5032         if (!skb)
5033                 return NULL;
5034
5035         hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
5036         if (!hdr) {
5037                 kfree_skb(skb);
5038                 return NULL;
5039         }
5040
5041         NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5042         data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
5043
5044         ((void **)skb->cb)[0] = rdev;
5045         ((void **)skb->cb)[1] = hdr;
5046         ((void **)skb->cb)[2] = data;
5047
5048         return skb;
5049
5050  nla_put_failure:
5051         kfree_skb(skb);
5052         return NULL;
5053 }
5054
5055 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
5056                                                   int approxlen)
5057 {
5058         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5059
5060         if (WARN_ON(!rdev->testmode_info))
5061                 return NULL;
5062
5063         return __cfg80211_testmode_alloc_skb(rdev, approxlen,
5064                                 rdev->testmode_info->snd_pid,
5065                                 rdev->testmode_info->snd_seq,
5066                                 GFP_KERNEL);
5067 }
5068 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
5069
5070 int cfg80211_testmode_reply(struct sk_buff *skb)
5071 {
5072         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
5073         void *hdr = ((void **)skb->cb)[1];
5074         struct nlattr *data = ((void **)skb->cb)[2];
5075
5076         if (WARN_ON(!rdev->testmode_info)) {
5077                 kfree_skb(skb);
5078                 return -EINVAL;
5079         }
5080
5081         nla_nest_end(skb, data);
5082         genlmsg_end(skb, hdr);
5083         return genlmsg_reply(skb, rdev->testmode_info);
5084 }
5085 EXPORT_SYMBOL(cfg80211_testmode_reply);
5086
5087 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
5088                                                   int approxlen, gfp_t gfp)
5089 {
5090         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5091
5092         return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
5093 }
5094 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
5095
5096 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
5097 {
5098         void *hdr = ((void **)skb->cb)[1];
5099         struct nlattr *data = ((void **)skb->cb)[2];
5100
5101         nla_nest_end(skb, data);
5102         genlmsg_end(skb, hdr);
5103         genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
5104 }
5105 EXPORT_SYMBOL(cfg80211_testmode_event);
5106 #endif
5107
5108 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
5109 {
5110         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5111         struct net_device *dev = info->user_ptr[1];
5112         struct cfg80211_connect_params connect;
5113         struct wiphy *wiphy;
5114         struct cfg80211_cached_keys *connkeys = NULL;
5115         int err;
5116
5117         memset(&connect, 0, sizeof(connect));
5118
5119         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5120                 return -EINVAL;
5121
5122         if (!info->attrs[NL80211_ATTR_SSID] ||
5123             !nla_len(info->attrs[NL80211_ATTR_SSID]))
5124                 return -EINVAL;
5125
5126         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5127                 connect.auth_type =
5128                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
5129                 if (!nl80211_valid_auth_type(connect.auth_type))
5130                         return -EINVAL;
5131         } else
5132                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5133
5134         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
5135
5136         err = nl80211_crypto_settings(rdev, info, &connect.crypto,
5137                                       NL80211_MAX_NR_CIPHER_SUITES);
5138         if (err)
5139                 return err;
5140
5141         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5142             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5143                 return -EOPNOTSUPP;
5144
5145         wiphy = &rdev->wiphy;
5146
5147         connect.bg_scan_period = -1;
5148         if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
5149                 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
5150                 connect.bg_scan_period =
5151                         nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
5152         }
5153
5154         if (info->attrs[NL80211_ATTR_MAC])
5155                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5156         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5157         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5158
5159         if (info->attrs[NL80211_ATTR_IE]) {
5160                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5161                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5162         }
5163
5164         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5165                 connect.channel =
5166                         ieee80211_get_channel(wiphy,
5167                             nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5168                 if (!connect.channel ||
5169                     connect.channel->flags & IEEE80211_CHAN_DISABLED)
5170                         return -EINVAL;
5171         }
5172
5173         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
5174                 connkeys = nl80211_parse_connkeys(rdev,
5175                                         info->attrs[NL80211_ATTR_KEYS]);
5176                 if (IS_ERR(connkeys))
5177                         return PTR_ERR(connkeys);
5178         }
5179
5180         if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
5181                 connect.flags |= ASSOC_REQ_DISABLE_HT;
5182
5183         if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5184                 memcpy(&connect.ht_capa_mask,
5185                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
5186                        sizeof(connect.ht_capa_mask));
5187
5188         if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
5189                 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5190                         return -EINVAL;
5191                 memcpy(&connect.ht_capa,
5192                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
5193                        sizeof(connect.ht_capa));
5194         }
5195
5196         err = cfg80211_connect(rdev, dev, &connect, connkeys);
5197         if (err)
5198                 kfree(connkeys);
5199         return err;
5200 }
5201
5202 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
5203 {
5204         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5205         struct net_device *dev = info->user_ptr[1];
5206         u16 reason;
5207
5208         if (!info->attrs[NL80211_ATTR_REASON_CODE])
5209                 reason = WLAN_REASON_DEAUTH_LEAVING;
5210         else
5211                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5212
5213         if (reason == 0)
5214                 return -EINVAL;
5215
5216         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5217             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5218                 return -EOPNOTSUPP;
5219
5220         return cfg80211_disconnect(rdev, dev, reason, true);
5221 }
5222
5223 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
5224 {
5225         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5226         struct net *net;
5227         int err;
5228         u32 pid;
5229
5230         if (!info->attrs[NL80211_ATTR_PID])
5231                 return -EINVAL;
5232
5233         pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
5234
5235         net = get_net_ns_by_pid(pid);
5236         if (IS_ERR(net))
5237                 return PTR_ERR(net);
5238
5239         err = 0;
5240
5241         /* check if anything to do */
5242         if (!net_eq(wiphy_net(&rdev->wiphy), net))
5243                 err = cfg80211_switch_netns(rdev, net);
5244
5245         put_net(net);
5246         return err;
5247 }
5248
5249 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
5250 {
5251         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5252         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
5253                         struct cfg80211_pmksa *pmksa) = NULL;
5254         struct net_device *dev = info->user_ptr[1];
5255         struct cfg80211_pmksa pmksa;
5256
5257         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
5258
5259         if (!info->attrs[NL80211_ATTR_MAC])
5260                 return -EINVAL;
5261
5262         if (!info->attrs[NL80211_ATTR_PMKID])
5263                 return -EINVAL;
5264
5265         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
5266         pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5267
5268         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5269             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5270                 return -EOPNOTSUPP;
5271
5272         switch (info->genlhdr->cmd) {
5273         case NL80211_CMD_SET_PMKSA:
5274                 rdev_ops = rdev->ops->set_pmksa;
5275                 break;
5276         case NL80211_CMD_DEL_PMKSA:
5277                 rdev_ops = rdev->ops->del_pmksa;
5278                 break;
5279         default:
5280                 WARN_ON(1);
5281                 break;
5282         }
5283
5284         if (!rdev_ops)
5285                 return -EOPNOTSUPP;
5286
5287         return rdev_ops(&rdev->wiphy, dev, &pmksa);
5288 }
5289
5290 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
5291 {
5292         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5293         struct net_device *dev = info->user_ptr[1];
5294
5295         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5296             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5297                 return -EOPNOTSUPP;
5298
5299         if (!rdev->ops->flush_pmksa)
5300                 return -EOPNOTSUPP;
5301
5302         return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
5303 }
5304
5305 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
5306 {
5307         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5308         struct net_device *dev = info->user_ptr[1];
5309         u8 action_code, dialog_token;
5310         u16 status_code;
5311         u8 *peer;
5312
5313         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5314             !rdev->ops->tdls_mgmt)
5315                 return -EOPNOTSUPP;
5316
5317         if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
5318             !info->attrs[NL80211_ATTR_STATUS_CODE] ||
5319             !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
5320             !info->attrs[NL80211_ATTR_IE] ||
5321             !info->attrs[NL80211_ATTR_MAC])
5322                 return -EINVAL;
5323
5324         peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5325         action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
5326         status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
5327         dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
5328
5329         return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code,
5330                                     dialog_token, status_code,
5331                                     nla_data(info->attrs[NL80211_ATTR_IE]),
5332                                     nla_len(info->attrs[NL80211_ATTR_IE]));
5333 }
5334
5335 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
5336 {
5337         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5338         struct net_device *dev = info->user_ptr[1];
5339         enum nl80211_tdls_operation operation;
5340         u8 *peer;
5341
5342         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5343             !rdev->ops->tdls_oper)
5344                 return -EOPNOTSUPP;
5345
5346         if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
5347             !info->attrs[NL80211_ATTR_MAC])
5348                 return -EINVAL;
5349
5350         operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
5351         peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5352
5353         return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation);
5354 }
5355
5356 static int nl80211_remain_on_channel(struct sk_buff *skb,
5357                                      struct genl_info *info)
5358 {
5359         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5360         struct net_device *dev = info->user_ptr[1];
5361         struct ieee80211_channel *chan;
5362         struct sk_buff *msg;
5363         void *hdr;
5364         u64 cookie;
5365         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5366         u32 freq, duration;
5367         int err;
5368
5369         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5370             !info->attrs[NL80211_ATTR_DURATION])
5371                 return -EINVAL;
5372
5373         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5374
5375         /*
5376          * We should be on that channel for at least one jiffie,
5377          * and more than 5 seconds seems excessive.
5378          */
5379         if (!duration || !msecs_to_jiffies(duration) ||
5380             duration > rdev->wiphy.max_remain_on_channel_duration)
5381                 return -EINVAL;
5382
5383         if (!rdev->ops->remain_on_channel ||
5384             !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
5385                 return -EOPNOTSUPP;
5386
5387         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5388                 channel_type = nla_get_u32(
5389                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
5390                 if (channel_type != NL80211_CHAN_NO_HT &&
5391                     channel_type != NL80211_CHAN_HT20 &&
5392                     channel_type != NL80211_CHAN_HT40PLUS &&
5393                     channel_type != NL80211_CHAN_HT40MINUS)
5394                         return -EINVAL;
5395         }
5396
5397         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5398         chan = rdev_freq_to_chan(rdev, freq, channel_type);
5399         if (chan == NULL)
5400                 return -EINVAL;
5401
5402         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5403         if (!msg)
5404                 return -ENOMEM;
5405
5406         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5407                              NL80211_CMD_REMAIN_ON_CHANNEL);
5408
5409         if (IS_ERR(hdr)) {
5410                 err = PTR_ERR(hdr);
5411                 goto free_msg;
5412         }
5413
5414         err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
5415                                            channel_type, duration, &cookie);
5416
5417         if (err)
5418                 goto free_msg;
5419
5420         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5421
5422         genlmsg_end(msg, hdr);
5423
5424         return genlmsg_reply(msg, info);
5425
5426  nla_put_failure:
5427         err = -ENOBUFS;
5428  free_msg:
5429         nlmsg_free(msg);
5430         return err;
5431 }
5432
5433 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
5434                                             struct genl_info *info)
5435 {
5436         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5437         struct net_device *dev = info->user_ptr[1];
5438         u64 cookie;
5439
5440         if (!info->attrs[NL80211_ATTR_COOKIE])
5441                 return -EINVAL;
5442
5443         if (!rdev->ops->cancel_remain_on_channel)
5444                 return -EOPNOTSUPP;
5445
5446         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5447
5448         return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
5449 }
5450
5451 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5452                            u8 *rates, u8 rates_len)
5453 {
5454         u8 i;
5455         u32 mask = 0;
5456
5457         for (i = 0; i < rates_len; i++) {
5458                 int rate = (rates[i] & 0x7f) * 5;
5459                 int ridx;
5460                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5461                         struct ieee80211_rate *srate =
5462                                 &sband->bitrates[ridx];
5463                         if (rate == srate->bitrate) {
5464                                 mask |= 1 << ridx;
5465                                 break;
5466                         }
5467                 }
5468                 if (ridx == sband->n_bitrates)
5469                         return 0; /* rate not found */
5470         }
5471
5472         return mask;
5473 }
5474
5475 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5476                                u8 *rates, u8 rates_len,
5477                                u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5478 {
5479         u8 i;
5480
5481         memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5482
5483         for (i = 0; i < rates_len; i++) {
5484                 int ridx, rbit;
5485
5486                 ridx = rates[i] / 8;
5487                 rbit = BIT(rates[i] % 8);
5488
5489                 /* check validity */
5490                 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5491                         return false;
5492
5493                 /* check availability */
5494                 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5495                         mcs[ridx] |= rbit;
5496                 else
5497                         return false;
5498         }
5499
5500         return true;
5501 }
5502
5503 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
5504         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
5505                                     .len = NL80211_MAX_SUPP_RATES },
5506         [NL80211_TXRATE_MCS] = { .type = NLA_BINARY,
5507                                  .len = NL80211_MAX_SUPP_HT_RATES },
5508 };
5509
5510 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
5511                                        struct genl_info *info)
5512 {
5513         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5514         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5515         struct cfg80211_bitrate_mask mask;
5516         int rem, i;
5517         struct net_device *dev = info->user_ptr[1];
5518         struct nlattr *tx_rates;
5519         struct ieee80211_supported_band *sband;
5520
5521         if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
5522                 return -EINVAL;
5523
5524         if (!rdev->ops->set_bitrate_mask)
5525                 return -EOPNOTSUPP;
5526
5527         memset(&mask, 0, sizeof(mask));
5528         /* Default to all rates enabled */
5529         for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
5530                 sband = rdev->wiphy.bands[i];
5531                 mask.control[i].legacy =
5532                         sband ? (1 << sband->n_bitrates) - 1 : 0;
5533                 if (sband)
5534                         memcpy(mask.control[i].mcs,
5535                                sband->ht_cap.mcs.rx_mask,
5536                                sizeof(mask.control[i].mcs));
5537                 else
5538                         memset(mask.control[i].mcs, 0,
5539                                sizeof(mask.control[i].mcs));
5540         }
5541
5542         /*
5543          * The nested attribute uses enum nl80211_band as the index. This maps
5544          * directly to the enum ieee80211_band values used in cfg80211.
5545          */
5546         BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5547         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
5548         {
5549                 enum ieee80211_band band = nla_type(tx_rates);
5550                 if (band < 0 || band >= IEEE80211_NUM_BANDS)
5551                         return -EINVAL;
5552                 sband = rdev->wiphy.bands[band];
5553                 if (sband == NULL)
5554                         return -EINVAL;
5555                 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
5556                           nla_len(tx_rates), nl80211_txattr_policy);
5557                 if (tb[NL80211_TXRATE_LEGACY]) {
5558                         mask.control[band].legacy = rateset_to_mask(
5559                                 sband,
5560                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
5561                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
5562                 }
5563                 if (tb[NL80211_TXRATE_MCS]) {
5564                         if (!ht_rateset_to_mask(
5565                                         sband,
5566                                         nla_data(tb[NL80211_TXRATE_MCS]),
5567                                         nla_len(tb[NL80211_TXRATE_MCS]),
5568                                         mask.control[band].mcs))
5569                                 return -EINVAL;
5570                 }
5571
5572                 if (mask.control[band].legacy == 0) {
5573                         /* don't allow empty legacy rates if HT
5574                          * is not even supported. */
5575                         if (!rdev->wiphy.bands[band]->ht_cap.ht_supported)
5576                                 return -EINVAL;
5577
5578                         for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5579                                 if (mask.control[band].mcs[i])
5580                                         break;
5581
5582                         /* legacy and mcs rates may not be both empty */
5583                         if (i == IEEE80211_HT_MCS_MASK_LEN)
5584                                 return -EINVAL;
5585                 }
5586         }
5587
5588         return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
5589 }
5590
5591 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
5592 {
5593         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5594         struct net_device *dev = info->user_ptr[1];
5595         u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
5596
5597         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
5598                 return -EINVAL;
5599
5600         if (info->attrs[NL80211_ATTR_FRAME_TYPE])
5601                 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
5602
5603         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5604             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5605             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5606             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5607             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5608             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5609             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5610                 return -EOPNOTSUPP;
5611
5612         /* not much point in registering if we can't reply */
5613         if (!rdev->ops->mgmt_tx)
5614                 return -EOPNOTSUPP;
5615
5616         return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
5617                         frame_type,
5618                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
5619                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
5620 }
5621
5622 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5623 {
5624         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5625         struct net_device *dev = info->user_ptr[1];
5626         struct ieee80211_channel *chan;
5627         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5628         bool channel_type_valid = false;
5629         u32 freq;
5630         int err;
5631         void *hdr = NULL;
5632         u64 cookie;
5633         struct sk_buff *msg = NULL;
5634         unsigned int wait = 0;
5635         bool offchan, no_cck, dont_wait_for_ack;
5636
5637         dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
5638
5639         if (!info->attrs[NL80211_ATTR_FRAME] ||
5640             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
5641                 return -EINVAL;
5642
5643         if (!rdev->ops->mgmt_tx)
5644                 return -EOPNOTSUPP;
5645
5646         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5647             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5648             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5649             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5650             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5651             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5652             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5653                 return -EOPNOTSUPP;
5654
5655         if (info->attrs[NL80211_ATTR_DURATION]) {
5656                 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5657                         return -EINVAL;
5658                 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5659         }
5660
5661         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5662                 channel_type = nla_get_u32(
5663                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
5664                 if (channel_type != NL80211_CHAN_NO_HT &&
5665                     channel_type != NL80211_CHAN_HT20 &&
5666                     channel_type != NL80211_CHAN_HT40PLUS &&
5667                     channel_type != NL80211_CHAN_HT40MINUS)
5668                         return -EINVAL;
5669                 channel_type_valid = true;
5670         }
5671
5672         offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
5673
5674         if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5675                 return -EINVAL;
5676
5677         no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5678
5679         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5680         chan = rdev_freq_to_chan(rdev, freq, channel_type);
5681         if (chan == NULL)
5682                 return -EINVAL;
5683
5684         if (!dont_wait_for_ack) {
5685                 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5686                 if (!msg)
5687                         return -ENOMEM;
5688
5689                 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5690                                      NL80211_CMD_FRAME);
5691
5692                 if (IS_ERR(hdr)) {
5693                         err = PTR_ERR(hdr);
5694                         goto free_msg;
5695                 }
5696         }
5697
5698         err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type,
5699                                     channel_type_valid, wait,
5700                                     nla_data(info->attrs[NL80211_ATTR_FRAME]),
5701                                     nla_len(info->attrs[NL80211_ATTR_FRAME]),
5702                                     no_cck, dont_wait_for_ack, &cookie);
5703         if (err)
5704                 goto free_msg;
5705
5706         if (msg) {
5707                 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5708
5709                 genlmsg_end(msg, hdr);
5710                 return genlmsg_reply(msg, info);
5711         }
5712
5713         return 0;
5714
5715  nla_put_failure:
5716         err = -ENOBUFS;
5717  free_msg:
5718         nlmsg_free(msg);
5719         return err;
5720 }
5721
5722 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
5723 {
5724         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5725         struct net_device *dev = info->user_ptr[1];
5726         u64 cookie;
5727
5728         if (!info->attrs[NL80211_ATTR_COOKIE])
5729                 return -EINVAL;
5730
5731         if (!rdev->ops->mgmt_tx_cancel_wait)
5732                 return -EOPNOTSUPP;
5733
5734         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5735             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5736             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5737             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5738             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5739             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5740                 return -EOPNOTSUPP;
5741
5742         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5743
5744         return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie);
5745 }
5746
5747 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
5748 {
5749         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5750         struct wireless_dev *wdev;
5751         struct net_device *dev = info->user_ptr[1];
5752         u8 ps_state;
5753         bool state;
5754         int err;
5755
5756         if (!info->attrs[NL80211_ATTR_PS_STATE])
5757                 return -EINVAL;
5758
5759         ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
5760
5761         if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
5762                 return -EINVAL;
5763
5764         wdev = dev->ieee80211_ptr;
5765
5766         if (!rdev->ops->set_power_mgmt)
5767                 return -EOPNOTSUPP;
5768
5769         state = (ps_state == NL80211_PS_ENABLED) ? true : false;
5770
5771         if (state == wdev->ps)
5772                 return 0;
5773
5774         err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state,
5775                                         wdev->ps_timeout);
5776         if (!err)
5777                 wdev->ps = state;
5778         return err;
5779 }
5780
5781 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5782 {
5783         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5784         enum nl80211_ps_state ps_state;
5785         struct wireless_dev *wdev;
5786         struct net_device *dev = info->user_ptr[1];
5787         struct sk_buff *msg;
5788         void *hdr;
5789         int err;
5790
5791         wdev = dev->ieee80211_ptr;
5792
5793         if (!rdev->ops->set_power_mgmt)
5794                 return -EOPNOTSUPP;
5795
5796         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5797         if (!msg)
5798                 return -ENOMEM;
5799
5800         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5801                              NL80211_CMD_GET_POWER_SAVE);
5802         if (!hdr) {
5803                 err = -ENOBUFS;
5804                 goto free_msg;
5805         }
5806
5807         if (wdev->ps)
5808                 ps_state = NL80211_PS_ENABLED;
5809         else
5810                 ps_state = NL80211_PS_DISABLED;
5811
5812         NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
5813
5814         genlmsg_end(msg, hdr);
5815         return genlmsg_reply(msg, info);
5816
5817  nla_put_failure:
5818         err = -ENOBUFS;
5819  free_msg:
5820         nlmsg_free(msg);
5821         return err;
5822 }
5823
5824 static struct nla_policy
5825 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5826         [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5827         [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5828         [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5829 };
5830
5831 static int nl80211_set_cqm_rssi(struct genl_info *info,
5832                                 s32 threshold, u32 hysteresis)
5833 {
5834         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5835         struct wireless_dev *wdev;
5836         struct net_device *dev = info->user_ptr[1];
5837
5838         if (threshold > 0)
5839                 return -EINVAL;
5840
5841         wdev = dev->ieee80211_ptr;
5842
5843         if (!rdev->ops->set_cqm_rssi_config)
5844                 return -EOPNOTSUPP;
5845
5846         if (wdev->iftype != NL80211_IFTYPE_STATION &&
5847             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
5848                 return -EOPNOTSUPP;
5849
5850         return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5851                                               threshold, hysteresis);
5852 }
5853
5854 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5855 {
5856         struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5857         struct nlattr *cqm;
5858         int err;
5859
5860         cqm = info->attrs[NL80211_ATTR_CQM];
5861         if (!cqm) {
5862                 err = -EINVAL;
5863                 goto out;
5864         }
5865
5866         err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5867                                nl80211_attr_cqm_policy);
5868         if (err)
5869                 goto out;
5870
5871         if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5872             attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5873                 s32 threshold;
5874                 u32 hysteresis;
5875                 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5876                 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5877                 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5878         } else
5879                 err = -EINVAL;
5880
5881 out:
5882         return err;
5883 }
5884
5885 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
5886 {
5887         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5888         struct net_device *dev = info->user_ptr[1];
5889         struct mesh_config cfg;
5890         struct mesh_setup setup;
5891         int err;
5892
5893         /* start with default */
5894         memcpy(&cfg, &default_mesh_config, sizeof(cfg));
5895         memcpy(&setup, &default_mesh_setup, sizeof(setup));
5896
5897         if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
5898                 /* and parse parameters if given */
5899                 err = nl80211_parse_mesh_config(info, &cfg, NULL);
5900                 if (err)
5901                         return err;
5902         }
5903
5904         if (!info->attrs[NL80211_ATTR_MESH_ID] ||
5905             !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
5906                 return -EINVAL;
5907
5908         setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
5909         setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5910
5911         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
5912             !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
5913                             nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
5914                         return -EINVAL;
5915
5916         if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
5917                 /* parse additional setup parameters if given */
5918                 err = nl80211_parse_mesh_setup(info, &setup);
5919                 if (err)
5920                         return err;
5921         }
5922
5923         return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
5924 }
5925
5926 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
5927 {
5928         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5929         struct net_device *dev = info->user_ptr[1];
5930
5931         return cfg80211_leave_mesh(rdev, dev);
5932 }
5933
5934 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
5935 {
5936         struct cfg80211_registered_device *rdev = info->user_ptr[0];