cfg80211/nl80211: clarify TX queue API
[linux-3.10.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  */
6
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/slab.h>
11 #include <linux/list.h>
12 #include <linux/if_ether.h>
13 #include <linux/ieee80211.h>
14 #include <linux/nl80211.h>
15 #include <linux/rtnetlink.h>
16 #include <linux/netlink.h>
17 #include <linux/etherdevice.h>
18 #include <net/net_namespace.h>
19 #include <net/genetlink.h>
20 #include <net/cfg80211.h>
21 #include <net/sock.h>
22 #include "core.h"
23 #include "nl80211.h"
24 #include "reg.h"
25
26 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type);
27 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
28                                    struct genl_info *info,
29                                    struct cfg80211_crypto_settings *settings,
30                                    int cipher_limit);
31
32 static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
33                             struct genl_info *info);
34 static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
35                               struct genl_info *info);
36
37 /* the netlink family */
38 static struct genl_family nl80211_fam = {
39         .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
40         .name = "nl80211",      /* have users key off the name instead */
41         .hdrsize = 0,           /* no private header */
42         .version = 1,           /* no particular meaning now */
43         .maxattr = NL80211_ATTR_MAX,
44         .netnsok = true,
45         .pre_doit = nl80211_pre_doit,
46         .post_doit = nl80211_post_doit,
47 };
48
49 /* internal helper: get rdev and dev */
50 static int get_rdev_dev_by_ifindex(struct net *netns, struct nlattr **attrs,
51                                    struct cfg80211_registered_device **rdev,
52                                    struct net_device **dev)
53 {
54         int ifindex;
55
56         if (!attrs[NL80211_ATTR_IFINDEX])
57                 return -EINVAL;
58
59         ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
60         *dev = dev_get_by_index(netns, ifindex);
61         if (!*dev)
62                 return -ENODEV;
63
64         *rdev = cfg80211_get_dev_from_ifindex(netns, ifindex);
65         if (IS_ERR(*rdev)) {
66                 dev_put(*dev);
67                 return PTR_ERR(*rdev);
68         }
69
70         return 0;
71 }
72
73 /* policy for the attributes */
74 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
75         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
76         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
77                                       .len = 20-1 },
78         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
79         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
80         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
81         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
82         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
83         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
84         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
85         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
86
87         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
88         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
89         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
90
91         [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
92         [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
93
94         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
95         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
96                                     .len = WLAN_MAX_KEY_LEN },
97         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
98         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
99         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
100         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
101         [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
102
103         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
104         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
105         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
106                                        .len = IEEE80211_MAX_DATA_LEN },
107         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
108                                        .len = IEEE80211_MAX_DATA_LEN },
109         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
110         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
111         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
112         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
113                                                .len = NL80211_MAX_SUPP_RATES },
114         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
115         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
116         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
117         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
118                                 .len = IEEE80211_MAX_MESH_ID_LEN },
119         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
120
121         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
122         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
123
124         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
125         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
126         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
127         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
128                                            .len = NL80211_MAX_SUPP_RATES },
129         [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
130
131         [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
132         [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
133
134         [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
135
136         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
137         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
138                               .len = IEEE80211_MAX_DATA_LEN },
139         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
140         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
141
142         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
143                                 .len = IEEE80211_MAX_SSID_LEN },
144         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
145         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
146         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
147         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
148         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
149         [NL80211_ATTR_STA_FLAGS2] = {
150                 .len = sizeof(struct nl80211_sta_flag_update),
151         },
152         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
153         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
154         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
155         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
156         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
157         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
158         [NL80211_ATTR_PID] = { .type = NLA_U32 },
159         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
160         [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
161                                  .len = WLAN_PMKID_LEN },
162         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
163         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
164         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
165         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
166                                  .len = IEEE80211_MAX_DATA_LEN },
167         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
168         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
169         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
170         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
171         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
172         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
173         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
174         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
175         [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
176         [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
177         [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
178         [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
179         [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
180         [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
181         [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
182         [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
183         [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
184         [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
185         [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
186         [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
187                                          .len = IEEE80211_MAX_DATA_LEN },
188         [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
189                                          .len = IEEE80211_MAX_DATA_LEN },
190         [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
191         [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
192         [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
193         [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
194         [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
195         [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
196         [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
197         [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
198         [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
199         [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
200                                       .len = IEEE80211_MAX_DATA_LEN },
201         [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
202         [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
203         [NL80211_ATTR_HT_CAPABILITY_MASK] = {
204                 .len = NL80211_HT_CAPABILITY_LEN
205         },
206         [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
207         [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
208         [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
209 };
210
211 /* policy for the key attributes */
212 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
213         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
214         [NL80211_KEY_IDX] = { .type = NLA_U8 },
215         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
216         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
217         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
218         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
219         [NL80211_KEY_TYPE] = { .type = NLA_U32 },
220         [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
221 };
222
223 /* policy for the key default flags */
224 static const struct nla_policy
225 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
226         [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
227         [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
228 };
229
230 /* policy for WoWLAN attributes */
231 static const struct nla_policy
232 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
233         [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
234         [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
235         [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
236         [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
237         [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
238         [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
239         [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
240         [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
241 };
242
243 /* policy for GTK rekey offload attributes */
244 static const struct nla_policy
245 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
246         [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
247         [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
248         [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
249 };
250
251 static const struct nla_policy
252 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
253         [NL80211_ATTR_SCHED_SCAN_MATCH_SSID] = { .type = NLA_BINARY,
254                                                  .len = IEEE80211_MAX_SSID_LEN },
255 };
256
257 /* ifidx get helper */
258 static int nl80211_get_ifidx(struct netlink_callback *cb)
259 {
260         int res;
261
262         res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
263                           nl80211_fam.attrbuf, nl80211_fam.maxattr,
264                           nl80211_policy);
265         if (res)
266                 return res;
267
268         if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
269                 return -EINVAL;
270
271         res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
272         if (!res)
273                 return -EINVAL;
274         return res;
275 }
276
277 static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
278                                        struct netlink_callback *cb,
279                                        struct cfg80211_registered_device **rdev,
280                                        struct net_device **dev)
281 {
282         int ifidx = cb->args[0];
283         int err;
284
285         if (!ifidx)
286                 ifidx = nl80211_get_ifidx(cb);
287         if (ifidx < 0)
288                 return ifidx;
289
290         cb->args[0] = ifidx;
291
292         rtnl_lock();
293
294         *dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
295         if (!*dev) {
296                 err = -ENODEV;
297                 goto out_rtnl;
298         }
299
300         *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
301         if (IS_ERR(*rdev)) {
302                 err = PTR_ERR(*rdev);
303                 goto out_rtnl;
304         }
305
306         return 0;
307  out_rtnl:
308         rtnl_unlock();
309         return err;
310 }
311
312 static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
313 {
314         cfg80211_unlock_rdev(rdev);
315         rtnl_unlock();
316 }
317
318 /* IE validation */
319 static bool is_valid_ie_attr(const struct nlattr *attr)
320 {
321         const u8 *pos;
322         int len;
323
324         if (!attr)
325                 return true;
326
327         pos = nla_data(attr);
328         len = nla_len(attr);
329
330         while (len) {
331                 u8 elemlen;
332
333                 if (len < 2)
334                         return false;
335                 len -= 2;
336
337                 elemlen = pos[1];
338                 if (elemlen > len)
339                         return false;
340
341                 len -= elemlen;
342                 pos += 2 + elemlen;
343         }
344
345         return true;
346 }
347
348 /* message building helper */
349 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
350                                    int flags, u8 cmd)
351 {
352         /* since there is no private header just add the generic one */
353         return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
354 }
355
356 static int nl80211_msg_put_channel(struct sk_buff *msg,
357                                    struct ieee80211_channel *chan)
358 {
359         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
360                     chan->center_freq);
361
362         if (chan->flags & IEEE80211_CHAN_DISABLED)
363                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
364         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
365                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
366         if (chan->flags & IEEE80211_CHAN_NO_IBSS)
367                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
368         if (chan->flags & IEEE80211_CHAN_RADAR)
369                 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
370
371         NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
372                     DBM_TO_MBM(chan->max_power));
373
374         return 0;
375
376  nla_put_failure:
377         return -ENOBUFS;
378 }
379
380 /* netlink command implementations */
381
382 struct key_parse {
383         struct key_params p;
384         int idx;
385         int type;
386         bool def, defmgmt;
387         bool def_uni, def_multi;
388 };
389
390 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
391 {
392         struct nlattr *tb[NL80211_KEY_MAX + 1];
393         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
394                                    nl80211_key_policy);
395         if (err)
396                 return err;
397
398         k->def = !!tb[NL80211_KEY_DEFAULT];
399         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
400
401         if (k->def) {
402                 k->def_uni = true;
403                 k->def_multi = true;
404         }
405         if (k->defmgmt)
406                 k->def_multi = true;
407
408         if (tb[NL80211_KEY_IDX])
409                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
410
411         if (tb[NL80211_KEY_DATA]) {
412                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
413                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
414         }
415
416         if (tb[NL80211_KEY_SEQ]) {
417                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
418                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
419         }
420
421         if (tb[NL80211_KEY_CIPHER])
422                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
423
424         if (tb[NL80211_KEY_TYPE]) {
425                 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
426                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
427                         return -EINVAL;
428         }
429
430         if (tb[NL80211_KEY_DEFAULT_TYPES]) {
431                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
432                 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
433                                        tb[NL80211_KEY_DEFAULT_TYPES],
434                                        nl80211_key_default_policy);
435                 if (err)
436                         return err;
437
438                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
439                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
440         }
441
442         return 0;
443 }
444
445 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
446 {
447         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
448                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
449                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
450         }
451
452         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
453                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
454                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
455         }
456
457         if (info->attrs[NL80211_ATTR_KEY_IDX])
458                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
459
460         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
461                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
462
463         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
464         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
465
466         if (k->def) {
467                 k->def_uni = true;
468                 k->def_multi = true;
469         }
470         if (k->defmgmt)
471                 k->def_multi = true;
472
473         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
474                 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
475                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
476                         return -EINVAL;
477         }
478
479         if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
480                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
481                 int err = nla_parse_nested(
482                                 kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
483                                 info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
484                                 nl80211_key_default_policy);
485                 if (err)
486                         return err;
487
488                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
489                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
490         }
491
492         return 0;
493 }
494
495 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
496 {
497         int err;
498
499         memset(k, 0, sizeof(*k));
500         k->idx = -1;
501         k->type = -1;
502
503         if (info->attrs[NL80211_ATTR_KEY])
504                 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
505         else
506                 err = nl80211_parse_key_old(info, k);
507
508         if (err)
509                 return err;
510
511         if (k->def && k->defmgmt)
512                 return -EINVAL;
513
514         if (k->defmgmt) {
515                 if (k->def_uni || !k->def_multi)
516                         return -EINVAL;
517         }
518
519         if (k->idx != -1) {
520                 if (k->defmgmt) {
521                         if (k->idx < 4 || k->idx > 5)
522                                 return -EINVAL;
523                 } else if (k->def) {
524                         if (k->idx < 0 || k->idx > 3)
525                                 return -EINVAL;
526                 } else {
527                         if (k->idx < 0 || k->idx > 5)
528                                 return -EINVAL;
529                 }
530         }
531
532         return 0;
533 }
534
535 static struct cfg80211_cached_keys *
536 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
537                        struct nlattr *keys)
538 {
539         struct key_parse parse;
540         struct nlattr *key;
541         struct cfg80211_cached_keys *result;
542         int rem, err, def = 0;
543
544         result = kzalloc(sizeof(*result), GFP_KERNEL);
545         if (!result)
546                 return ERR_PTR(-ENOMEM);
547
548         result->def = -1;
549         result->defmgmt = -1;
550
551         nla_for_each_nested(key, keys, rem) {
552                 memset(&parse, 0, sizeof(parse));
553                 parse.idx = -1;
554
555                 err = nl80211_parse_key_new(key, &parse);
556                 if (err)
557                         goto error;
558                 err = -EINVAL;
559                 if (!parse.p.key)
560                         goto error;
561                 if (parse.idx < 0 || parse.idx > 4)
562                         goto error;
563                 if (parse.def) {
564                         if (def)
565                                 goto error;
566                         def = 1;
567                         result->def = parse.idx;
568                         if (!parse.def_uni || !parse.def_multi)
569                                 goto error;
570                 } else if (parse.defmgmt)
571                         goto error;
572                 err = cfg80211_validate_key_settings(rdev, &parse.p,
573                                                      parse.idx, false, NULL);
574                 if (err)
575                         goto error;
576                 result->params[parse.idx].cipher = parse.p.cipher;
577                 result->params[parse.idx].key_len = parse.p.key_len;
578                 result->params[parse.idx].key = result->data[parse.idx];
579                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
580         }
581
582         return result;
583  error:
584         kfree(result);
585         return ERR_PTR(err);
586 }
587
588 static int nl80211_key_allowed(struct wireless_dev *wdev)
589 {
590         ASSERT_WDEV_LOCK(wdev);
591
592         switch (wdev->iftype) {
593         case NL80211_IFTYPE_AP:
594         case NL80211_IFTYPE_AP_VLAN:
595         case NL80211_IFTYPE_P2P_GO:
596         case NL80211_IFTYPE_MESH_POINT:
597                 break;
598         case NL80211_IFTYPE_ADHOC:
599                 if (!wdev->current_bss)
600                         return -ENOLINK;
601                 break;
602         case NL80211_IFTYPE_STATION:
603         case NL80211_IFTYPE_P2P_CLIENT:
604                 if (wdev->sme_state != CFG80211_SME_CONNECTED)
605                         return -ENOLINK;
606                 break;
607         default:
608                 return -EINVAL;
609         }
610
611         return 0;
612 }
613
614 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
615 {
616         struct nlattr *nl_modes = nla_nest_start(msg, attr);
617         int i;
618
619         if (!nl_modes)
620                 goto nla_put_failure;
621
622         i = 0;
623         while (ifmodes) {
624                 if (ifmodes & 1)
625                         NLA_PUT_FLAG(msg, i);
626                 ifmodes >>= 1;
627                 i++;
628         }
629
630         nla_nest_end(msg, nl_modes);
631         return 0;
632
633 nla_put_failure:
634         return -ENOBUFS;
635 }
636
637 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
638                                           struct sk_buff *msg)
639 {
640         struct nlattr *nl_combis;
641         int i, j;
642
643         nl_combis = nla_nest_start(msg,
644                                 NL80211_ATTR_INTERFACE_COMBINATIONS);
645         if (!nl_combis)
646                 goto nla_put_failure;
647
648         for (i = 0; i < wiphy->n_iface_combinations; i++) {
649                 const struct ieee80211_iface_combination *c;
650                 struct nlattr *nl_combi, *nl_limits;
651
652                 c = &wiphy->iface_combinations[i];
653
654                 nl_combi = nla_nest_start(msg, i + 1);
655                 if (!nl_combi)
656                         goto nla_put_failure;
657
658                 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
659                 if (!nl_limits)
660                         goto nla_put_failure;
661
662                 for (j = 0; j < c->n_limits; j++) {
663                         struct nlattr *nl_limit;
664
665                         nl_limit = nla_nest_start(msg, j + 1);
666                         if (!nl_limit)
667                                 goto nla_put_failure;
668                         NLA_PUT_U32(msg, NL80211_IFACE_LIMIT_MAX,
669                                     c->limits[j].max);
670                         if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
671                                                 c->limits[j].types))
672                                 goto nla_put_failure;
673                         nla_nest_end(msg, nl_limit);
674                 }
675
676                 nla_nest_end(msg, nl_limits);
677
678                 if (c->beacon_int_infra_match)
679                         NLA_PUT_FLAG(msg,
680                                 NL80211_IFACE_COMB_STA_AP_BI_MATCH);
681                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
682                             c->num_different_channels);
683                 NLA_PUT_U32(msg, NL80211_IFACE_COMB_MAXNUM,
684                             c->max_interfaces);
685
686                 nla_nest_end(msg, nl_combi);
687         }
688
689         nla_nest_end(msg, nl_combis);
690
691         return 0;
692 nla_put_failure:
693         return -ENOBUFS;
694 }
695
696 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
697                               struct cfg80211_registered_device *dev)
698 {
699         void *hdr;
700         struct nlattr *nl_bands, *nl_band;
701         struct nlattr *nl_freqs, *nl_freq;
702         struct nlattr *nl_rates, *nl_rate;
703         struct nlattr *nl_cmds;
704         enum ieee80211_band band;
705         struct ieee80211_channel *chan;
706         struct ieee80211_rate *rate;
707         int i;
708         const struct ieee80211_txrx_stypes *mgmt_stypes =
709                                 dev->wiphy.mgmt_stypes;
710
711         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
712         if (!hdr)
713                 return -1;
714
715         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
716         NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
717
718         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
719                     cfg80211_rdev_list_generation);
720
721         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
722                    dev->wiphy.retry_short);
723         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
724                    dev->wiphy.retry_long);
725         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
726                     dev->wiphy.frag_threshold);
727         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
728                     dev->wiphy.rts_threshold);
729         NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
730                     dev->wiphy.coverage_class);
731         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
732                    dev->wiphy.max_scan_ssids);
733         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
734                    dev->wiphy.max_sched_scan_ssids);
735         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
736                     dev->wiphy.max_scan_ie_len);
737         NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
738                     dev->wiphy.max_sched_scan_ie_len);
739         NLA_PUT_U8(msg, NL80211_ATTR_MAX_MATCH_SETS,
740                    dev->wiphy.max_match_sets);
741
742         if (dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN)
743                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_IBSS_RSN);
744         if (dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH)
745                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_MESH_AUTH);
746         if (dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD)
747                 NLA_PUT_FLAG(msg, NL80211_ATTR_SUPPORT_AP_UAPSD);
748         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)
749                 NLA_PUT_FLAG(msg, NL80211_ATTR_ROAM_SUPPORT);
750         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS)
751                 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_SUPPORT);
752         if (dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP)
753                 NLA_PUT_FLAG(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP);
754
755         NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
756                 sizeof(u32) * dev->wiphy.n_cipher_suites,
757                 dev->wiphy.cipher_suites);
758
759         NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
760                    dev->wiphy.max_num_pmkids);
761
762         if (dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL)
763                 NLA_PUT_FLAG(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE);
764
765         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
766                     dev->wiphy.available_antennas_tx);
767         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
768                     dev->wiphy.available_antennas_rx);
769
770         if (dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD)
771                 NLA_PUT_U32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
772                             dev->wiphy.probe_resp_offload);
773
774         if ((dev->wiphy.available_antennas_tx ||
775              dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
776                 u32 tx_ant = 0, rx_ant = 0;
777                 int res;
778                 res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
779                 if (!res) {
780                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX, tx_ant);
781                         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX, rx_ant);
782                 }
783         }
784
785         if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
786                                 dev->wiphy.interface_modes))
787                 goto nla_put_failure;
788
789         nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
790         if (!nl_bands)
791                 goto nla_put_failure;
792
793         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
794                 if (!dev->wiphy.bands[band])
795                         continue;
796
797                 nl_band = nla_nest_start(msg, band);
798                 if (!nl_band)
799                         goto nla_put_failure;
800
801                 /* add HT info */
802                 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
803                         NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
804                                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
805                                 &dev->wiphy.bands[band]->ht_cap.mcs);
806                         NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
807                                 dev->wiphy.bands[band]->ht_cap.cap);
808                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
809                                 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
810                         NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
811                                 dev->wiphy.bands[band]->ht_cap.ampdu_density);
812                 }
813
814                 /* add frequencies */
815                 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
816                 if (!nl_freqs)
817                         goto nla_put_failure;
818
819                 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
820                         nl_freq = nla_nest_start(msg, i);
821                         if (!nl_freq)
822                                 goto nla_put_failure;
823
824                         chan = &dev->wiphy.bands[band]->channels[i];
825
826                         if (nl80211_msg_put_channel(msg, chan))
827                                 goto nla_put_failure;
828
829                         nla_nest_end(msg, nl_freq);
830                 }
831
832                 nla_nest_end(msg, nl_freqs);
833
834                 /* add bitrates */
835                 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
836                 if (!nl_rates)
837                         goto nla_put_failure;
838
839                 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
840                         nl_rate = nla_nest_start(msg, i);
841                         if (!nl_rate)
842                                 goto nla_put_failure;
843
844                         rate = &dev->wiphy.bands[band]->bitrates[i];
845                         NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
846                                     rate->bitrate);
847                         if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
848                                 NLA_PUT_FLAG(msg,
849                                         NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
850
851                         nla_nest_end(msg, nl_rate);
852                 }
853
854                 nla_nest_end(msg, nl_rates);
855
856                 nla_nest_end(msg, nl_band);
857         }
858         nla_nest_end(msg, nl_bands);
859
860         nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
861         if (!nl_cmds)
862                 goto nla_put_failure;
863
864         i = 0;
865 #define CMD(op, n)                                              \
866          do {                                                   \
867                 if (dev->ops->op) {                             \
868                         i++;                                    \
869                         NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
870                 }                                               \
871         } while (0)
872
873         CMD(add_virtual_intf, NEW_INTERFACE);
874         CMD(change_virtual_intf, SET_INTERFACE);
875         CMD(add_key, NEW_KEY);
876         CMD(start_ap, START_AP);
877         CMD(add_station, NEW_STATION);
878         CMD(add_mpath, NEW_MPATH);
879         CMD(update_mesh_config, SET_MESH_CONFIG);
880         CMD(change_bss, SET_BSS);
881         CMD(auth, AUTHENTICATE);
882         CMD(assoc, ASSOCIATE);
883         CMD(deauth, DEAUTHENTICATE);
884         CMD(disassoc, DISASSOCIATE);
885         CMD(join_ibss, JOIN_IBSS);
886         CMD(join_mesh, JOIN_MESH);
887         CMD(set_pmksa, SET_PMKSA);
888         CMD(del_pmksa, DEL_PMKSA);
889         CMD(flush_pmksa, FLUSH_PMKSA);
890         if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
891                 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
892         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
893         CMD(mgmt_tx, FRAME);
894         CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
895         if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
896                 i++;
897                 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
898         }
899         CMD(set_channel, SET_CHANNEL);
900         CMD(set_wds_peer, SET_WDS_PEER);
901         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
902                 CMD(tdls_mgmt, TDLS_MGMT);
903                 CMD(tdls_oper, TDLS_OPER);
904         }
905         if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
906                 CMD(sched_scan_start, START_SCHED_SCAN);
907         CMD(probe_client, PROBE_CLIENT);
908         CMD(set_noack_map, SET_NOACK_MAP);
909         if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
910                 i++;
911                 NLA_PUT_U32(msg, i, NL80211_CMD_REGISTER_BEACONS);
912         }
913
914 #ifdef CONFIG_NL80211_TESTMODE
915         CMD(testmode_cmd, TESTMODE);
916 #endif
917
918 #undef CMD
919
920         if (dev->ops->connect || dev->ops->auth) {
921                 i++;
922                 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
923         }
924
925         if (dev->ops->disconnect || dev->ops->deauth) {
926                 i++;
927                 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
928         }
929
930         nla_nest_end(msg, nl_cmds);
931
932         if (dev->ops->remain_on_channel &&
933             dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
934                 NLA_PUT_U32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
935                             dev->wiphy.max_remain_on_channel_duration);
936
937         if (dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX)
938                 NLA_PUT_FLAG(msg, NL80211_ATTR_OFFCHANNEL_TX_OK);
939
940         if (mgmt_stypes) {
941                 u16 stypes;
942                 struct nlattr *nl_ftypes, *nl_ifs;
943                 enum nl80211_iftype ift;
944
945                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
946                 if (!nl_ifs)
947                         goto nla_put_failure;
948
949                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
950                         nl_ftypes = nla_nest_start(msg, ift);
951                         if (!nl_ftypes)
952                                 goto nla_put_failure;
953                         i = 0;
954                         stypes = mgmt_stypes[ift].tx;
955                         while (stypes) {
956                                 if (stypes & 1)
957                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
958                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
959                                 stypes >>= 1;
960                                 i++;
961                         }
962                         nla_nest_end(msg, nl_ftypes);
963                 }
964
965                 nla_nest_end(msg, nl_ifs);
966
967                 nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
968                 if (!nl_ifs)
969                         goto nla_put_failure;
970
971                 for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
972                         nl_ftypes = nla_nest_start(msg, ift);
973                         if (!nl_ftypes)
974                                 goto nla_put_failure;
975                         i = 0;
976                         stypes = mgmt_stypes[ift].rx;
977                         while (stypes) {
978                                 if (stypes & 1)
979                                         NLA_PUT_U16(msg, NL80211_ATTR_FRAME_TYPE,
980                                                     (i << 4) | IEEE80211_FTYPE_MGMT);
981                                 stypes >>= 1;
982                                 i++;
983                         }
984                         nla_nest_end(msg, nl_ftypes);
985                 }
986                 nla_nest_end(msg, nl_ifs);
987         }
988
989         if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
990                 struct nlattr *nl_wowlan;
991
992                 nl_wowlan = nla_nest_start(msg,
993                                 NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
994                 if (!nl_wowlan)
995                         goto nla_put_failure;
996
997                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY)
998                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_ANY);
999                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT)
1000                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_DISCONNECT);
1001                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT)
1002                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT);
1003                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY)
1004                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED);
1005                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE)
1006                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE);
1007                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ)
1008                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST);
1009                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE)
1010                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE);
1011                 if (dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE)
1012                         NLA_PUT_FLAG(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE);
1013                 if (dev->wiphy.wowlan.n_patterns) {
1014                         struct nl80211_wowlan_pattern_support pat = {
1015                                 .max_patterns = dev->wiphy.wowlan.n_patterns,
1016                                 .min_pattern_len =
1017                                         dev->wiphy.wowlan.pattern_min_len,
1018                                 .max_pattern_len =
1019                                         dev->wiphy.wowlan.pattern_max_len,
1020                         };
1021                         NLA_PUT(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1022                                 sizeof(pat), &pat);
1023                 }
1024
1025                 nla_nest_end(msg, nl_wowlan);
1026         }
1027
1028         if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1029                                 dev->wiphy.software_iftypes))
1030                 goto nla_put_failure;
1031
1032         if (nl80211_put_iface_combinations(&dev->wiphy, msg))
1033                 goto nla_put_failure;
1034
1035         if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME)
1036                 NLA_PUT_U32(msg, NL80211_ATTR_DEVICE_AP_SME,
1037                             dev->wiphy.ap_sme_capa);
1038
1039         NLA_PUT_U32(msg, NL80211_ATTR_FEATURE_FLAGS, dev->wiphy.features);
1040
1041         if (dev->wiphy.ht_capa_mod_mask)
1042                 NLA_PUT(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1043                         sizeof(*dev->wiphy.ht_capa_mod_mask),
1044                         dev->wiphy.ht_capa_mod_mask);
1045
1046         return genlmsg_end(msg, hdr);
1047
1048  nla_put_failure:
1049         genlmsg_cancel(msg, hdr);
1050         return -EMSGSIZE;
1051 }
1052
1053 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
1054 {
1055         int idx = 0;
1056         int start = cb->args[0];
1057         struct cfg80211_registered_device *dev;
1058
1059         mutex_lock(&cfg80211_mutex);
1060         list_for_each_entry(dev, &cfg80211_rdev_list, list) {
1061                 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
1062                         continue;
1063                 if (++idx <= start)
1064                         continue;
1065                 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
1066                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
1067                                        dev) < 0) {
1068                         idx--;
1069                         break;
1070                 }
1071         }
1072         mutex_unlock(&cfg80211_mutex);
1073
1074         cb->args[0] = idx;
1075
1076         return skb->len;
1077 }
1078
1079 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
1080 {
1081         struct sk_buff *msg;
1082         struct cfg80211_registered_device *dev = info->user_ptr[0];
1083
1084         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1085         if (!msg)
1086                 return -ENOMEM;
1087
1088         if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) {
1089                 nlmsg_free(msg);
1090                 return -ENOBUFS;
1091         }
1092
1093         return genlmsg_reply(msg, info);
1094 }
1095
1096 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
1097         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
1098         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
1099         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
1100         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
1101         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
1102 };
1103
1104 static int parse_txq_params(struct nlattr *tb[],
1105                             struct ieee80211_txq_params *txq_params)
1106 {
1107         if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
1108             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
1109             !tb[NL80211_TXQ_ATTR_AIFS])
1110                 return -EINVAL;
1111
1112         txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
1113         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
1114         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
1115         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
1116         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
1117
1118         if (txq_params->ac >= NL80211_NUM_ACS)
1119                 return -EINVAL;
1120
1121         return 0;
1122 }
1123
1124 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
1125 {
1126         /*
1127          * You can only set the channel explicitly for AP, mesh
1128          * and WDS type interfaces; all others have their channel
1129          * managed via their respective "establish a connection"
1130          * command (connect, join, ...)
1131          *
1132          * Monitors are special as they are normally slaved to
1133          * whatever else is going on, so they behave as though
1134          * you tried setting the wiphy channel itself.
1135          */
1136         return !wdev ||
1137                 wdev->iftype == NL80211_IFTYPE_AP ||
1138                 wdev->iftype == NL80211_IFTYPE_WDS ||
1139                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
1140                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
1141                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
1142 }
1143
1144 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
1145                                  struct wireless_dev *wdev,
1146                                  struct genl_info *info)
1147 {
1148         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
1149         u32 freq;
1150         int result;
1151
1152         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
1153                 return -EINVAL;
1154
1155         if (!nl80211_can_set_dev_channel(wdev))
1156                 return -EOPNOTSUPP;
1157
1158         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1159                 channel_type = nla_get_u32(info->attrs[
1160                                    NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1161                 if (channel_type != NL80211_CHAN_NO_HT &&
1162                     channel_type != NL80211_CHAN_HT20 &&
1163                     channel_type != NL80211_CHAN_HT40PLUS &&
1164                     channel_type != NL80211_CHAN_HT40MINUS)
1165                         return -EINVAL;
1166         }
1167
1168         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
1169
1170         mutex_lock(&rdev->devlist_mtx);
1171         if (wdev) {
1172                 wdev_lock(wdev);
1173                 result = cfg80211_set_freq(rdev, wdev, freq, channel_type);
1174                 wdev_unlock(wdev);
1175         } else {
1176                 result = cfg80211_set_freq(rdev, NULL, freq, channel_type);
1177         }
1178         mutex_unlock(&rdev->devlist_mtx);
1179
1180         return result;
1181 }
1182
1183 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
1184 {
1185         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1186         struct net_device *netdev = info->user_ptr[1];
1187
1188         return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
1189 }
1190
1191 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
1192 {
1193         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1194         struct net_device *dev = info->user_ptr[1];
1195         struct wireless_dev *wdev = dev->ieee80211_ptr;
1196         const u8 *bssid;
1197
1198         if (!info->attrs[NL80211_ATTR_MAC])
1199                 return -EINVAL;
1200
1201         if (netif_running(dev))
1202                 return -EBUSY;
1203
1204         if (!rdev->ops->set_wds_peer)
1205                 return -EOPNOTSUPP;
1206
1207         if (wdev->iftype != NL80211_IFTYPE_WDS)
1208                 return -EOPNOTSUPP;
1209
1210         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
1211         return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
1212 }
1213
1214
1215 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
1216 {
1217         struct cfg80211_registered_device *rdev;
1218         struct net_device *netdev = NULL;
1219         struct wireless_dev *wdev;
1220         int result = 0, rem_txq_params = 0;
1221         struct nlattr *nl_txq_params;
1222         u32 changed;
1223         u8 retry_short = 0, retry_long = 0;
1224         u32 frag_threshold = 0, rts_threshold = 0;
1225         u8 coverage_class = 0;
1226
1227         /*
1228          * Try to find the wiphy and netdev. Normally this
1229          * function shouldn't need the netdev, but this is
1230          * done for backward compatibility -- previously
1231          * setting the channel was done per wiphy, but now
1232          * it is per netdev. Previous userland like hostapd
1233          * also passed a netdev to set_wiphy, so that it is
1234          * possible to let that go to the right netdev!
1235          */
1236         mutex_lock(&cfg80211_mutex);
1237
1238         if (info->attrs[NL80211_ATTR_IFINDEX]) {
1239                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
1240
1241                 netdev = dev_get_by_index(genl_info_net(info), ifindex);
1242                 if (netdev && netdev->ieee80211_ptr) {
1243                         rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
1244                         mutex_lock(&rdev->mtx);
1245                 } else
1246                         netdev = NULL;
1247         }
1248
1249         if (!netdev) {
1250                 rdev = __cfg80211_rdev_from_info(info);
1251                 if (IS_ERR(rdev)) {
1252                         mutex_unlock(&cfg80211_mutex);
1253                         return PTR_ERR(rdev);
1254                 }
1255                 wdev = NULL;
1256                 netdev = NULL;
1257                 result = 0;
1258
1259                 mutex_lock(&rdev->mtx);
1260         } else if (netif_running(netdev) &&
1261                    nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
1262                 wdev = netdev->ieee80211_ptr;
1263         else
1264                 wdev = NULL;
1265
1266         /*
1267          * end workaround code, by now the rdev is available
1268          * and locked, and wdev may or may not be NULL.
1269          */
1270
1271         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
1272                 result = cfg80211_dev_rename(
1273                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
1274
1275         mutex_unlock(&cfg80211_mutex);
1276
1277         if (result)
1278                 goto bad_res;
1279
1280         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
1281                 struct ieee80211_txq_params txq_params;
1282                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
1283
1284                 if (!rdev->ops->set_txq_params) {
1285                         result = -EOPNOTSUPP;
1286                         goto bad_res;
1287                 }
1288
1289                 if (!netdev) {
1290                         result = -EINVAL;
1291                         goto bad_res;
1292                 }
1293
1294                 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
1295                     netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
1296                         result = -EINVAL;
1297                         goto bad_res;
1298                 }
1299
1300                 nla_for_each_nested(nl_txq_params,
1301                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
1302                                     rem_txq_params) {
1303                         nla_parse(tb, NL80211_TXQ_ATTR_MAX,
1304                                   nla_data(nl_txq_params),
1305                                   nla_len(nl_txq_params),
1306                                   txq_params_policy);
1307                         result = parse_txq_params(tb, &txq_params);
1308                         if (result)
1309                                 goto bad_res;
1310
1311                         result = rdev->ops->set_txq_params(&rdev->wiphy,
1312                                                            netdev,
1313                                                            &txq_params);
1314                         if (result)
1315                                 goto bad_res;
1316                 }
1317         }
1318
1319         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
1320                 result = __nl80211_set_channel(rdev, wdev, info);
1321                 if (result)
1322                         goto bad_res;
1323         }
1324
1325         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
1326                 enum nl80211_tx_power_setting type;
1327                 int idx, mbm = 0;
1328
1329                 if (!rdev->ops->set_tx_power) {
1330                         result = -EOPNOTSUPP;
1331                         goto bad_res;
1332                 }
1333
1334                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
1335                 type = nla_get_u32(info->attrs[idx]);
1336
1337                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
1338                     (type != NL80211_TX_POWER_AUTOMATIC)) {
1339                         result = -EINVAL;
1340                         goto bad_res;
1341                 }
1342
1343                 if (type != NL80211_TX_POWER_AUTOMATIC) {
1344                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
1345                         mbm = nla_get_u32(info->attrs[idx]);
1346                 }
1347
1348                 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
1349                 if (result)
1350                         goto bad_res;
1351         }
1352
1353         if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
1354             info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
1355                 u32 tx_ant, rx_ant;
1356                 if ((!rdev->wiphy.available_antennas_tx &&
1357                      !rdev->wiphy.available_antennas_rx) ||
1358                     !rdev->ops->set_antenna) {
1359                         result = -EOPNOTSUPP;
1360                         goto bad_res;
1361                 }
1362
1363                 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
1364                 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
1365
1366                 /* reject antenna configurations which don't match the
1367                  * available antenna masks, except for the "all" mask */
1368                 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
1369                     (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
1370                         result = -EINVAL;
1371                         goto bad_res;
1372                 }
1373
1374                 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
1375                 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
1376
1377                 result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
1378                 if (result)
1379                         goto bad_res;
1380         }
1381
1382         changed = 0;
1383
1384         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
1385                 retry_short = nla_get_u8(
1386                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
1387                 if (retry_short == 0) {
1388                         result = -EINVAL;
1389                         goto bad_res;
1390                 }
1391                 changed |= WIPHY_PARAM_RETRY_SHORT;
1392         }
1393
1394         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
1395                 retry_long = nla_get_u8(
1396                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
1397                 if (retry_long == 0) {
1398                         result = -EINVAL;
1399                         goto bad_res;
1400                 }
1401                 changed |= WIPHY_PARAM_RETRY_LONG;
1402         }
1403
1404         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
1405                 frag_threshold = nla_get_u32(
1406                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
1407                 if (frag_threshold < 256) {
1408                         result = -EINVAL;
1409                         goto bad_res;
1410                 }
1411                 if (frag_threshold != (u32) -1) {
1412                         /*
1413                          * Fragments (apart from the last one) are required to
1414                          * have even length. Make the fragmentation code
1415                          * simpler by stripping LSB should someone try to use
1416                          * odd threshold value.
1417                          */
1418                         frag_threshold &= ~0x1;
1419                 }
1420                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
1421         }
1422
1423         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
1424                 rts_threshold = nla_get_u32(
1425                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
1426                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
1427         }
1428
1429         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
1430                 coverage_class = nla_get_u8(
1431                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
1432                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
1433         }
1434
1435         if (changed) {
1436                 u8 old_retry_short, old_retry_long;
1437                 u32 old_frag_threshold, old_rts_threshold;
1438                 u8 old_coverage_class;
1439
1440                 if (!rdev->ops->set_wiphy_params) {
1441                         result = -EOPNOTSUPP;
1442                         goto bad_res;
1443                 }
1444
1445                 old_retry_short = rdev->wiphy.retry_short;
1446                 old_retry_long = rdev->wiphy.retry_long;
1447                 old_frag_threshold = rdev->wiphy.frag_threshold;
1448                 old_rts_threshold = rdev->wiphy.rts_threshold;
1449                 old_coverage_class = rdev->wiphy.coverage_class;
1450
1451                 if (changed & WIPHY_PARAM_RETRY_SHORT)
1452                         rdev->wiphy.retry_short = retry_short;
1453                 if (changed & WIPHY_PARAM_RETRY_LONG)
1454                         rdev->wiphy.retry_long = retry_long;
1455                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
1456                         rdev->wiphy.frag_threshold = frag_threshold;
1457                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
1458                         rdev->wiphy.rts_threshold = rts_threshold;
1459                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
1460                         rdev->wiphy.coverage_class = coverage_class;
1461
1462                 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
1463                 if (result) {
1464                         rdev->wiphy.retry_short = old_retry_short;
1465                         rdev->wiphy.retry_long = old_retry_long;
1466                         rdev->wiphy.frag_threshold = old_frag_threshold;
1467                         rdev->wiphy.rts_threshold = old_rts_threshold;
1468                         rdev->wiphy.coverage_class = old_coverage_class;
1469                 }
1470         }
1471
1472  bad_res:
1473         mutex_unlock(&rdev->mtx);
1474         if (netdev)
1475                 dev_put(netdev);
1476         return result;
1477 }
1478
1479
1480 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
1481                               struct cfg80211_registered_device *rdev,
1482                               struct net_device *dev)
1483 {
1484         void *hdr;
1485
1486         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
1487         if (!hdr)
1488                 return -1;
1489
1490         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1491         NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
1492         NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
1493         NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
1494
1495         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
1496                     rdev->devlist_generation ^
1497                         (cfg80211_rdev_list_generation << 2));
1498
1499         return genlmsg_end(msg, hdr);
1500
1501  nla_put_failure:
1502         genlmsg_cancel(msg, hdr);
1503         return -EMSGSIZE;
1504 }
1505
1506 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
1507 {
1508         int wp_idx = 0;
1509         int if_idx = 0;
1510         int wp_start = cb->args[0];
1511         int if_start = cb->args[1];
1512         struct cfg80211_registered_device *rdev;
1513         struct wireless_dev *wdev;
1514
1515         mutex_lock(&cfg80211_mutex);
1516         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
1517                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
1518                         continue;
1519                 if (wp_idx < wp_start) {
1520                         wp_idx++;
1521                         continue;
1522                 }
1523                 if_idx = 0;
1524
1525                 mutex_lock(&rdev->devlist_mtx);
1526                 list_for_each_entry(wdev, &rdev->netdev_list, list) {
1527                         if (if_idx < if_start) {
1528                                 if_idx++;
1529                                 continue;
1530                         }
1531                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
1532                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
1533                                                rdev, wdev->netdev) < 0) {
1534                                 mutex_unlock(&rdev->devlist_mtx);
1535                                 goto out;
1536                         }
1537                         if_idx++;
1538                 }
1539                 mutex_unlock(&rdev->devlist_mtx);
1540
1541                 wp_idx++;
1542         }
1543  out:
1544         mutex_unlock(&cfg80211_mutex);
1545
1546         cb->args[0] = wp_idx;
1547         cb->args[1] = if_idx;
1548
1549         return skb->len;
1550 }
1551
1552 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
1553 {
1554         struct sk_buff *msg;
1555         struct cfg80211_registered_device *dev = info->user_ptr[0];
1556         struct net_device *netdev = info->user_ptr[1];
1557
1558         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1559         if (!msg)
1560                 return -ENOMEM;
1561
1562         if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
1563                                dev, netdev) < 0) {
1564                 nlmsg_free(msg);
1565                 return -ENOBUFS;
1566         }
1567
1568         return genlmsg_reply(msg, info);
1569 }
1570
1571 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
1572         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
1573         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
1574         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
1575         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
1576         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
1577 };
1578
1579 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
1580 {
1581         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
1582         int flag;
1583
1584         *mntrflags = 0;
1585
1586         if (!nla)
1587                 return -EINVAL;
1588
1589         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
1590                              nla, mntr_flags_policy))
1591                 return -EINVAL;
1592
1593         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
1594                 if (flags[flag])
1595                         *mntrflags |= (1<<flag);
1596
1597         return 0;
1598 }
1599
1600 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
1601                                struct net_device *netdev, u8 use_4addr,
1602                                enum nl80211_iftype iftype)
1603 {
1604         if (!use_4addr) {
1605                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
1606                         return -EBUSY;
1607                 return 0;
1608         }
1609
1610         switch (iftype) {
1611         case NL80211_IFTYPE_AP_VLAN:
1612                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
1613                         return 0;
1614                 break;
1615         case NL80211_IFTYPE_STATION:
1616                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
1617                         return 0;
1618                 break;
1619         default:
1620                 break;
1621         }
1622
1623         return -EOPNOTSUPP;
1624 }
1625
1626 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
1627 {
1628         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1629         struct vif_params params;
1630         int err;
1631         enum nl80211_iftype otype, ntype;
1632         struct net_device *dev = info->user_ptr[1];
1633         u32 _flags, *flags = NULL;
1634         bool change = false;
1635
1636         memset(&params, 0, sizeof(params));
1637
1638         otype = ntype = dev->ieee80211_ptr->iftype;
1639
1640         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1641                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1642                 if (otype != ntype)
1643                         change = true;
1644                 if (ntype > NL80211_IFTYPE_MAX)
1645                         return -EINVAL;
1646         }
1647
1648         if (info->attrs[NL80211_ATTR_MESH_ID]) {
1649                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1650
1651                 if (ntype != NL80211_IFTYPE_MESH_POINT)
1652                         return -EINVAL;
1653                 if (netif_running(dev))
1654                         return -EBUSY;
1655
1656                 wdev_lock(wdev);
1657                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1658                              IEEE80211_MAX_MESH_ID_LEN);
1659                 wdev->mesh_id_up_len =
1660                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1661                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1662                        wdev->mesh_id_up_len);
1663                 wdev_unlock(wdev);
1664         }
1665
1666         if (info->attrs[NL80211_ATTR_4ADDR]) {
1667                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1668                 change = true;
1669                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
1670                 if (err)
1671                         return err;
1672         } else {
1673                 params.use_4addr = -1;
1674         }
1675
1676         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
1677                 if (ntype != NL80211_IFTYPE_MONITOR)
1678                         return -EINVAL;
1679                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
1680                                           &_flags);
1681                 if (err)
1682                         return err;
1683
1684                 flags = &_flags;
1685                 change = true;
1686         }
1687
1688         if (change)
1689                 err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
1690         else
1691                 err = 0;
1692
1693         if (!err && params.use_4addr != -1)
1694                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
1695
1696         return err;
1697 }
1698
1699 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1700 {
1701         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1702         struct vif_params params;
1703         struct net_device *dev;
1704         int err;
1705         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1706         u32 flags;
1707
1708         memset(&params, 0, sizeof(params));
1709
1710         if (!info->attrs[NL80211_ATTR_IFNAME])
1711                 return -EINVAL;
1712
1713         if (info->attrs[NL80211_ATTR_IFTYPE]) {
1714                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1715                 if (type > NL80211_IFTYPE_MAX)
1716                         return -EINVAL;
1717         }
1718
1719         if (!rdev->ops->add_virtual_intf ||
1720             !(rdev->wiphy.interface_modes & (1 << type)))
1721                 return -EOPNOTSUPP;
1722
1723         if (info->attrs[NL80211_ATTR_4ADDR]) {
1724                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
1725                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
1726                 if (err)
1727                         return err;
1728         }
1729
1730         err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1731                                   info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1732                                   &flags);
1733         dev = rdev->ops->add_virtual_intf(&rdev->wiphy,
1734                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1735                 type, err ? NULL : &flags, &params);
1736         if (IS_ERR(dev))
1737                 return PTR_ERR(dev);
1738
1739         if (type == NL80211_IFTYPE_MESH_POINT &&
1740             info->attrs[NL80211_ATTR_MESH_ID]) {
1741                 struct wireless_dev *wdev = dev->ieee80211_ptr;
1742
1743                 wdev_lock(wdev);
1744                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
1745                              IEEE80211_MAX_MESH_ID_LEN);
1746                 wdev->mesh_id_up_len =
1747                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1748                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
1749                        wdev->mesh_id_up_len);
1750                 wdev_unlock(wdev);
1751         }
1752
1753         return 0;
1754 }
1755
1756 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1757 {
1758         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1759         struct net_device *dev = info->user_ptr[1];
1760
1761         if (!rdev->ops->del_virtual_intf)
1762                 return -EOPNOTSUPP;
1763
1764         return rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1765 }
1766
1767 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
1768 {
1769         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1770         struct net_device *dev = info->user_ptr[1];
1771         u16 noack_map;
1772
1773         if (!info->attrs[NL80211_ATTR_NOACK_MAP])
1774                 return -EINVAL;
1775
1776         if (!rdev->ops->set_noack_map)
1777                 return -EOPNOTSUPP;
1778
1779         noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
1780
1781         return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map);
1782 }
1783
1784 struct get_key_cookie {
1785         struct sk_buff *msg;
1786         int error;
1787         int idx;
1788 };
1789
1790 static void get_key_callback(void *c, struct key_params *params)
1791 {
1792         struct nlattr *key;
1793         struct get_key_cookie *cookie = c;
1794
1795         if (params->key)
1796                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1797                         params->key_len, params->key);
1798
1799         if (params->seq)
1800                 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1801                         params->seq_len, params->seq);
1802
1803         if (params->cipher)
1804                 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1805                             params->cipher);
1806
1807         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1808         if (!key)
1809                 goto nla_put_failure;
1810
1811         if (params->key)
1812                 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1813                         params->key_len, params->key);
1814
1815         if (params->seq)
1816                 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1817                         params->seq_len, params->seq);
1818
1819         if (params->cipher)
1820                 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1821                             params->cipher);
1822
1823         NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1824
1825         nla_nest_end(cookie->msg, key);
1826
1827         return;
1828  nla_put_failure:
1829         cookie->error = 1;
1830 }
1831
1832 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1833 {
1834         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1835         int err;
1836         struct net_device *dev = info->user_ptr[1];
1837         u8 key_idx = 0;
1838         const u8 *mac_addr = NULL;
1839         bool pairwise;
1840         struct get_key_cookie cookie = {
1841                 .error = 0,
1842         };
1843         void *hdr;
1844         struct sk_buff *msg;
1845
1846         if (info->attrs[NL80211_ATTR_KEY_IDX])
1847                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1848
1849         if (key_idx > 5)
1850                 return -EINVAL;
1851
1852         if (info->attrs[NL80211_ATTR_MAC])
1853                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1854
1855         pairwise = !!mac_addr;
1856         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
1857                 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
1858                 if (kt >= NUM_NL80211_KEYTYPES)
1859                         return -EINVAL;
1860                 if (kt != NL80211_KEYTYPE_GROUP &&
1861                     kt != NL80211_KEYTYPE_PAIRWISE)
1862                         return -EINVAL;
1863                 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
1864         }
1865
1866         if (!rdev->ops->get_key)
1867                 return -EOPNOTSUPP;
1868
1869         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1870         if (!msg)
1871                 return -ENOMEM;
1872
1873         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1874                              NL80211_CMD_NEW_KEY);
1875         if (IS_ERR(hdr))
1876                 return PTR_ERR(hdr);
1877
1878         cookie.msg = msg;
1879         cookie.idx = key_idx;
1880
1881         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1882         NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1883         if (mac_addr)
1884                 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1885
1886         if (pairwise && mac_addr &&
1887             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
1888                 return -ENOENT;
1889
1890         err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
1891                                  mac_addr, &cookie, get_key_callback);
1892
1893         if (err)
1894                 goto free_msg;
1895
1896         if (cookie.error)
1897                 goto nla_put_failure;
1898
1899         genlmsg_end(msg, hdr);
1900         return genlmsg_reply(msg, info);
1901
1902  nla_put_failure:
1903         err = -ENOBUFS;
1904  free_msg:
1905         nlmsg_free(msg);
1906         return err;
1907 }
1908
1909 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1910 {
1911         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1912         struct key_parse key;
1913         int err;
1914         struct net_device *dev = info->user_ptr[1];
1915
1916         err = nl80211_parse_key(info, &key);
1917         if (err)
1918                 return err;
1919
1920         if (key.idx < 0)
1921                 return -EINVAL;
1922
1923         /* only support setting default key */
1924         if (!key.def && !key.defmgmt)
1925                 return -EINVAL;
1926
1927         wdev_lock(dev->ieee80211_ptr);
1928
1929         if (key.def) {
1930                 if (!rdev->ops->set_default_key) {
1931                         err = -EOPNOTSUPP;
1932                         goto out;
1933                 }
1934
1935                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1936                 if (err)
1937                         goto out;
1938
1939                 err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
1940                                                  key.def_uni, key.def_multi);
1941
1942                 if (err)
1943                         goto out;
1944
1945 #ifdef CONFIG_CFG80211_WEXT
1946                 dev->ieee80211_ptr->wext.default_key = key.idx;
1947 #endif
1948         } else {
1949                 if (key.def_uni || !key.def_multi) {
1950                         err = -EINVAL;
1951                         goto out;
1952                 }
1953
1954                 if (!rdev->ops->set_default_mgmt_key) {
1955                         err = -EOPNOTSUPP;
1956                         goto out;
1957                 }
1958
1959                 err = nl80211_key_allowed(dev->ieee80211_ptr);
1960                 if (err)
1961                         goto out;
1962
1963                 err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
1964                                                       dev, key.idx);
1965                 if (err)
1966                         goto out;
1967
1968 #ifdef CONFIG_CFG80211_WEXT
1969                 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1970 #endif
1971         }
1972
1973  out:
1974         wdev_unlock(dev->ieee80211_ptr);
1975
1976         return err;
1977 }
1978
1979 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1980 {
1981         struct cfg80211_registered_device *rdev = info->user_ptr[0];
1982         int err;
1983         struct net_device *dev = info->user_ptr[1];
1984         struct key_parse key;
1985         const u8 *mac_addr = NULL;
1986
1987         err = nl80211_parse_key(info, &key);
1988         if (err)
1989                 return err;
1990
1991         if (!key.p.key)
1992                 return -EINVAL;
1993
1994         if (info->attrs[NL80211_ATTR_MAC])
1995                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1996
1997         if (key.type == -1) {
1998                 if (mac_addr)
1999                         key.type = NL80211_KEYTYPE_PAIRWISE;
2000                 else
2001                         key.type = NL80211_KEYTYPE_GROUP;
2002         }
2003
2004         /* for now */
2005         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2006             key.type != NL80211_KEYTYPE_GROUP)
2007                 return -EINVAL;
2008
2009         if (!rdev->ops->add_key)
2010                 return -EOPNOTSUPP;
2011
2012         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
2013                                            key.type == NL80211_KEYTYPE_PAIRWISE,
2014                                            mac_addr))
2015                 return -EINVAL;
2016
2017         wdev_lock(dev->ieee80211_ptr);
2018         err = nl80211_key_allowed(dev->ieee80211_ptr);
2019         if (!err)
2020                 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
2021                                          key.type == NL80211_KEYTYPE_PAIRWISE,
2022                                          mac_addr, &key.p);
2023         wdev_unlock(dev->ieee80211_ptr);
2024
2025         return err;
2026 }
2027
2028 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
2029 {
2030         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2031         int err;
2032         struct net_device *dev = info->user_ptr[1];
2033         u8 *mac_addr = NULL;
2034         struct key_parse key;
2035
2036         err = nl80211_parse_key(info, &key);
2037         if (err)
2038                 return err;
2039
2040         if (info->attrs[NL80211_ATTR_MAC])
2041                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2042
2043         if (key.type == -1) {
2044                 if (mac_addr)
2045                         key.type = NL80211_KEYTYPE_PAIRWISE;
2046                 else
2047                         key.type = NL80211_KEYTYPE_GROUP;
2048         }
2049
2050         /* for now */
2051         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
2052             key.type != NL80211_KEYTYPE_GROUP)
2053                 return -EINVAL;
2054
2055         if (!rdev->ops->del_key)
2056                 return -EOPNOTSUPP;
2057
2058         wdev_lock(dev->ieee80211_ptr);
2059         err = nl80211_key_allowed(dev->ieee80211_ptr);
2060
2061         if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
2062             !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
2063                 err = -ENOENT;
2064
2065         if (!err)
2066                 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
2067                                          key.type == NL80211_KEYTYPE_PAIRWISE,
2068                                          mac_addr);
2069
2070 #ifdef CONFIG_CFG80211_WEXT
2071         if (!err) {
2072                 if (key.idx == dev->ieee80211_ptr->wext.default_key)
2073                         dev->ieee80211_ptr->wext.default_key = -1;
2074                 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
2075                         dev->ieee80211_ptr->wext.default_mgmt_key = -1;
2076         }
2077 #endif
2078         wdev_unlock(dev->ieee80211_ptr);
2079
2080         return err;
2081 }
2082
2083 static int nl80211_parse_beacon(struct genl_info *info,
2084                                 struct cfg80211_beacon_data *bcn)
2085 {
2086         bool haveinfo = false;
2087
2088         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
2089             !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
2090             !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
2091             !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
2092                 return -EINVAL;
2093
2094         memset(bcn, 0, sizeof(*bcn));
2095
2096         if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
2097                 bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2098                 bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
2099                 if (!bcn->head_len)
2100                         return -EINVAL;
2101                 haveinfo = true;
2102         }
2103
2104         if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
2105                 bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2106                 bcn->tail_len =
2107                     nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
2108                 haveinfo = true;
2109         }
2110
2111         if (!haveinfo)
2112                 return -EINVAL;
2113
2114         if (info->attrs[NL80211_ATTR_IE]) {
2115                 bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
2116                 bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2117         }
2118
2119         if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
2120                 bcn->proberesp_ies =
2121                         nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2122                 bcn->proberesp_ies_len =
2123                         nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
2124         }
2125
2126         if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
2127                 bcn->assocresp_ies =
2128                         nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2129                 bcn->assocresp_ies_len =
2130                         nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
2131         }
2132
2133         if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
2134                 bcn->probe_resp =
2135                         nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
2136                 bcn->probe_resp_len =
2137                         nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
2138         }
2139
2140         return 0;
2141 }
2142
2143 static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
2144 {
2145         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2146         struct net_device *dev = info->user_ptr[1];
2147         struct wireless_dev *wdev = dev->ieee80211_ptr;
2148         struct cfg80211_ap_settings params;
2149         int err;
2150
2151         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2152             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2153                 return -EOPNOTSUPP;
2154
2155         if (!rdev->ops->start_ap)
2156                 return -EOPNOTSUPP;
2157
2158         if (wdev->beacon_interval)
2159                 return -EALREADY;
2160
2161         memset(&params, 0, sizeof(params));
2162
2163         /* these are required for START_AP */
2164         if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
2165             !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
2166             !info->attrs[NL80211_ATTR_BEACON_HEAD])
2167                 return -EINVAL;
2168
2169         err = nl80211_parse_beacon(info, &params.beacon);
2170         if (err)
2171                 return err;
2172
2173         params.beacon_interval =
2174                 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
2175         params.dtim_period =
2176                 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
2177
2178         err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
2179         if (err)
2180                 return err;
2181
2182         /*
2183          * In theory, some of these attributes should be required here
2184          * but since they were not used when the command was originally
2185          * added, keep them optional for old user space programs to let
2186          * them continue to work with drivers that do not need the
2187          * additional information -- drivers must check!
2188          */
2189         if (info->attrs[NL80211_ATTR_SSID]) {
2190                 params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2191                 params.ssid_len =
2192                         nla_len(info->attrs[NL80211_ATTR_SSID]);
2193                 if (params.ssid_len == 0 ||
2194                     params.ssid_len > IEEE80211_MAX_SSID_LEN)
2195                         return -EINVAL;
2196         }
2197
2198         if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
2199                 params.hidden_ssid = nla_get_u32(
2200                         info->attrs[NL80211_ATTR_HIDDEN_SSID]);
2201                 if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
2202                     params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
2203                     params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
2204                         return -EINVAL;
2205         }
2206
2207         params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
2208
2209         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2210                 params.auth_type = nla_get_u32(
2211                         info->attrs[NL80211_ATTR_AUTH_TYPE]);
2212                 if (!nl80211_valid_auth_type(params.auth_type))
2213                         return -EINVAL;
2214         } else
2215                 params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
2216
2217         err = nl80211_crypto_settings(rdev, info, &params.crypto,
2218                                       NL80211_MAX_NR_CIPHER_SUITES);
2219         if (err)
2220                 return err;
2221
2222         if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
2223                 if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
2224                         return -EOPNOTSUPP;
2225                 params.inactivity_timeout = nla_get_u16(
2226                         info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
2227         }
2228
2229         err = rdev->ops->start_ap(&rdev->wiphy, dev, &params);
2230         if (!err)
2231                 wdev->beacon_interval = params.beacon_interval;
2232         return err;
2233 }
2234
2235 static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
2236 {
2237         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2238         struct net_device *dev = info->user_ptr[1];
2239         struct wireless_dev *wdev = dev->ieee80211_ptr;
2240         struct cfg80211_beacon_data params;
2241         int err;
2242
2243         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2244             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2245                 return -EOPNOTSUPP;
2246
2247         if (!rdev->ops->change_beacon)
2248                 return -EOPNOTSUPP;
2249
2250         if (!wdev->beacon_interval)
2251                 return -EINVAL;
2252
2253         err = nl80211_parse_beacon(info, &params);
2254         if (err)
2255                 return err;
2256
2257         return rdev->ops->change_beacon(&rdev->wiphy, dev, &params);
2258 }
2259
2260 static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
2261 {
2262         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2263         struct net_device *dev = info->user_ptr[1];
2264         struct wireless_dev *wdev = dev->ieee80211_ptr;
2265         int err;
2266
2267         if (!rdev->ops->stop_ap)
2268                 return -EOPNOTSUPP;
2269
2270         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2271             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2272                 return -EOPNOTSUPP;
2273
2274         if (!wdev->beacon_interval)
2275                 return -ENOENT;
2276
2277         err = rdev->ops->stop_ap(&rdev->wiphy, dev);
2278         if (!err)
2279                 wdev->beacon_interval = 0;
2280         return err;
2281 }
2282
2283 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
2284         [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
2285         [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
2286         [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
2287         [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
2288         [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
2289         [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
2290 };
2291
2292 static int parse_station_flags(struct genl_info *info,
2293                                enum nl80211_iftype iftype,
2294                                struct station_parameters *params)
2295 {
2296         struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
2297         struct nlattr *nla;
2298         int flag;
2299
2300         /*
2301          * Try parsing the new attribute first so userspace
2302          * can specify both for older kernels.
2303          */
2304         nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
2305         if (nla) {
2306                 struct nl80211_sta_flag_update *sta_flags;
2307
2308                 sta_flags = nla_data(nla);
2309                 params->sta_flags_mask = sta_flags->mask;
2310                 params->sta_flags_set = sta_flags->set;
2311                 if ((params->sta_flags_mask |
2312                      params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
2313                         return -EINVAL;
2314                 return 0;
2315         }
2316
2317         /* if present, parse the old attribute */
2318
2319         nla = info->attrs[NL80211_ATTR_STA_FLAGS];
2320         if (!nla)
2321                 return 0;
2322
2323         if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
2324                              nla, sta_flags_policy))
2325                 return -EINVAL;
2326
2327         /*
2328          * Only allow certain flags for interface types so that
2329          * other attributes are silently ignored. Remember that
2330          * this is backward compatibility code with old userspace
2331          * and shouldn't be hit in other cases anyway.
2332          */
2333         switch (iftype) {
2334         case NL80211_IFTYPE_AP:
2335         case NL80211_IFTYPE_AP_VLAN:
2336         case NL80211_IFTYPE_P2P_GO:
2337                 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2338                                          BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2339                                          BIT(NL80211_STA_FLAG_WME) |
2340                                          BIT(NL80211_STA_FLAG_MFP);
2341                 break;
2342         case NL80211_IFTYPE_P2P_CLIENT:
2343         case NL80211_IFTYPE_STATION:
2344                 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2345                                          BIT(NL80211_STA_FLAG_TDLS_PEER);
2346                 break;
2347         case NL80211_IFTYPE_MESH_POINT:
2348                 params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2349                                          BIT(NL80211_STA_FLAG_MFP) |
2350                                          BIT(NL80211_STA_FLAG_AUTHORIZED);
2351         default:
2352                 return -EINVAL;
2353         }
2354
2355         for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
2356                 if (flags[flag])
2357                         params->sta_flags_set |= (1<<flag);
2358
2359         return 0;
2360 }
2361
2362 static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
2363                                  int attr)
2364 {
2365         struct nlattr *rate;
2366         u16 bitrate;
2367
2368         rate = nla_nest_start(msg, attr);
2369         if (!rate)
2370                 goto nla_put_failure;
2371
2372         /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
2373         bitrate = cfg80211_calculate_bitrate(info);
2374         if (bitrate > 0)
2375                 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
2376
2377         if (info->flags & RATE_INFO_FLAGS_MCS)
2378                 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, info->mcs);
2379         if (info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
2380                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
2381         if (info->flags & RATE_INFO_FLAGS_SHORT_GI)
2382                 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
2383
2384         nla_nest_end(msg, rate);
2385         return true;
2386
2387 nla_put_failure:
2388         return false;
2389 }
2390
2391 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
2392                                 int flags,
2393                                 struct cfg80211_registered_device *rdev,
2394                                 struct net_device *dev,
2395                                 const u8 *mac_addr, struct station_info *sinfo)
2396 {
2397         void *hdr;
2398         struct nlattr *sinfoattr, *bss_param;
2399
2400         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2401         if (!hdr)
2402                 return -1;
2403
2404         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2405         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
2406
2407         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
2408
2409         sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
2410         if (!sinfoattr)
2411                 goto nla_put_failure;
2412         if (sinfo->filled & STATION_INFO_CONNECTED_TIME)
2413                 NLA_PUT_U32(msg, NL80211_STA_INFO_CONNECTED_TIME,
2414                             sinfo->connected_time);
2415         if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
2416                 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
2417                             sinfo->inactive_time);
2418         if (sinfo->filled & STATION_INFO_RX_BYTES)
2419                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
2420                             sinfo->rx_bytes);
2421         if (sinfo->filled & STATION_INFO_TX_BYTES)
2422                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
2423                             sinfo->tx_bytes);
2424         if (sinfo->filled & STATION_INFO_LLID)
2425                 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
2426                             sinfo->llid);
2427         if (sinfo->filled & STATION_INFO_PLID)
2428                 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
2429                             sinfo->plid);
2430         if (sinfo->filled & STATION_INFO_PLINK_STATE)
2431                 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
2432                             sinfo->plink_state);
2433         switch (rdev->wiphy.signal_type) {
2434         case CFG80211_SIGNAL_TYPE_MBM:
2435                 if (sinfo->filled & STATION_INFO_SIGNAL)
2436                         NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
2437                                    sinfo->signal);
2438                 if (sinfo->filled & STATION_INFO_SIGNAL_AVG)
2439                         NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL_AVG,
2440                                    sinfo->signal_avg);
2441                 break;
2442         default:
2443                 break;
2444         }
2445         if (sinfo->filled & STATION_INFO_TX_BITRATE) {
2446                 if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
2447                                           NL80211_STA_INFO_TX_BITRATE))
2448                         goto nla_put_failure;
2449         }
2450         if (sinfo->filled & STATION_INFO_RX_BITRATE) {
2451                 if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
2452                                           NL80211_STA_INFO_RX_BITRATE))
2453                         goto nla_put_failure;
2454         }
2455         if (sinfo->filled & STATION_INFO_RX_PACKETS)
2456                 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
2457                             sinfo->rx_packets);
2458         if (sinfo->filled & STATION_INFO_TX_PACKETS)
2459                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
2460                             sinfo->tx_packets);
2461         if (sinfo->filled & STATION_INFO_TX_RETRIES)
2462                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_RETRIES,
2463                             sinfo->tx_retries);
2464         if (sinfo->filled & STATION_INFO_TX_FAILED)
2465                 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_FAILED,
2466                             sinfo->tx_failed);
2467         if (sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT)
2468                 NLA_PUT_U32(msg, NL80211_STA_INFO_BEACON_LOSS,
2469                             sinfo->beacon_loss_count);
2470         if (sinfo->filled & STATION_INFO_BSS_PARAM) {
2471                 bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
2472                 if (!bss_param)
2473                         goto nla_put_failure;
2474
2475                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT)
2476                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_CTS_PROT);
2477                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE)
2478                         NLA_PUT_FLAG(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE);
2479                 if (sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME)
2480                         NLA_PUT_FLAG(msg,
2481                                      NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME);
2482                 NLA_PUT_U8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
2483                            sinfo->bss_param.dtim_period);
2484                 NLA_PUT_U16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
2485                             sinfo->bss_param.beacon_interval);
2486
2487                 nla_nest_end(msg, bss_param);
2488         }
2489         if (sinfo->filled & STATION_INFO_STA_FLAGS)
2490                 NLA_PUT(msg, NL80211_STA_INFO_STA_FLAGS,
2491                         sizeof(struct nl80211_sta_flag_update),
2492                         &sinfo->sta_flags);
2493         nla_nest_end(msg, sinfoattr);
2494
2495         if (sinfo->filled & STATION_INFO_ASSOC_REQ_IES)
2496                 NLA_PUT(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
2497                         sinfo->assoc_req_ies);
2498
2499         return genlmsg_end(msg, hdr);
2500
2501  nla_put_failure:
2502         genlmsg_cancel(msg, hdr);
2503         return -EMSGSIZE;
2504 }
2505
2506 static int nl80211_dump_station(struct sk_buff *skb,
2507                                 struct netlink_callback *cb)
2508 {
2509         struct station_info sinfo;
2510         struct cfg80211_registered_device *dev;
2511         struct net_device *netdev;
2512         u8 mac_addr[ETH_ALEN];
2513         int sta_idx = cb->args[1];
2514         int err;
2515
2516         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2517         if (err)
2518                 return err;
2519
2520         if (!dev->ops->dump_station) {
2521                 err = -EOPNOTSUPP;
2522                 goto out_err;
2523         }
2524
2525         while (1) {
2526                 memset(&sinfo, 0, sizeof(sinfo));
2527                 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
2528                                              mac_addr, &sinfo);
2529                 if (err == -ENOENT)
2530                         break;
2531                 if (err)
2532                         goto out_err;
2533
2534                 if (nl80211_send_station(skb,
2535                                 NETLINK_CB(cb->skb).pid,
2536                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2537                                 dev, netdev, mac_addr,
2538                                 &sinfo) < 0)
2539                         goto out;
2540
2541                 sta_idx++;
2542         }
2543
2544
2545  out:
2546         cb->args[1] = sta_idx;
2547         err = skb->len;
2548  out_err:
2549         nl80211_finish_netdev_dump(dev);
2550
2551         return err;
2552 }
2553
2554 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
2555 {
2556         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2557         struct net_device *dev = info->user_ptr[1];
2558         struct station_info sinfo;
2559         struct sk_buff *msg;
2560         u8 *mac_addr = NULL;
2561         int err;
2562
2563         memset(&sinfo, 0, sizeof(sinfo));
2564
2565         if (!info->attrs[NL80211_ATTR_MAC])
2566                 return -EINVAL;
2567
2568         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2569
2570         if (!rdev->ops->get_station)
2571                 return -EOPNOTSUPP;
2572
2573         err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
2574         if (err)
2575                 return err;
2576
2577         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2578         if (!msg)
2579                 return -ENOMEM;
2580
2581         if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
2582                                  rdev, dev, mac_addr, &sinfo) < 0) {
2583                 nlmsg_free(msg);
2584                 return -ENOBUFS;
2585         }
2586
2587         return genlmsg_reply(msg, info);
2588 }
2589
2590 /*
2591  * Get vlan interface making sure it is running and on the right wiphy.
2592  */
2593 static struct net_device *get_vlan(struct genl_info *info,
2594                                    struct cfg80211_registered_device *rdev)
2595 {
2596         struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
2597         struct net_device *v;
2598         int ret;
2599
2600         if (!vlanattr)
2601                 return NULL;
2602
2603         v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
2604         if (!v)
2605                 return ERR_PTR(-ENODEV);
2606
2607         if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
2608                 ret = -EINVAL;
2609                 goto error;
2610         }
2611
2612         if (!netif_running(v)) {
2613                 ret = -ENETDOWN;
2614                 goto error;
2615         }
2616
2617         return v;
2618  error:
2619         dev_put(v);
2620         return ERR_PTR(ret);
2621 }
2622
2623 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
2624 {
2625         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2626         int err;
2627         struct net_device *dev = info->user_ptr[1];
2628         struct station_parameters params;
2629         u8 *mac_addr = NULL;
2630
2631         memset(&params, 0, sizeof(params));
2632
2633         params.listen_interval = -1;
2634         params.plink_state = -1;
2635
2636         if (info->attrs[NL80211_ATTR_STA_AID])
2637                 return -EINVAL;
2638
2639         if (!info->attrs[NL80211_ATTR_MAC])
2640                 return -EINVAL;
2641
2642         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2643
2644         if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
2645                 params.supported_rates =
2646                         nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2647                 params.supported_rates_len =
2648                         nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2649         }
2650
2651         if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2652                 params.listen_interval =
2653                     nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2654
2655         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2656                 params.ht_capa =
2657                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2658
2659         if (!rdev->ops->change_station)
2660                 return -EOPNOTSUPP;
2661
2662         if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2663                 return -EINVAL;
2664
2665         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2666                 params.plink_action =
2667                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2668
2669         if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
2670                 params.plink_state =
2671                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
2672
2673         switch (dev->ieee80211_ptr->iftype) {
2674         case NL80211_IFTYPE_AP:
2675         case NL80211_IFTYPE_AP_VLAN:
2676         case NL80211_IFTYPE_P2P_GO:
2677                 /* disallow mesh-specific things */
2678                 if (params.plink_action)
2679                         return -EINVAL;
2680
2681                 /* TDLS can't be set, ... */
2682                 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2683                         return -EINVAL;
2684                 /*
2685                  * ... but don't bother the driver with it. This works around
2686                  * a hostapd/wpa_supplicant issue -- it always includes the
2687                  * TLDS_PEER flag in the mask even for AP mode.
2688                  */
2689                 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2690
2691                 /* accept only the listed bits */
2692                 if (params.sta_flags_mask &
2693                                 ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
2694                                   BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2695                                   BIT(NL80211_STA_FLAG_WME) |
2696                                   BIT(NL80211_STA_FLAG_MFP)))
2697                         return -EINVAL;
2698
2699                 /* must be last in here for error handling */
2700                 params.vlan = get_vlan(info, rdev);
2701                 if (IS_ERR(params.vlan))
2702                         return PTR_ERR(params.vlan);
2703                 break;
2704         case NL80211_IFTYPE_P2P_CLIENT:
2705         case NL80211_IFTYPE_STATION:
2706                 /*
2707                  * Don't allow userspace to change the TDLS_PEER flag,
2708                  * but silently ignore attempts to change it since we
2709                  * don't have state here to verify that it doesn't try
2710                  * to change the flag.
2711                  */
2712                 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2713                 /* fall through */
2714         case NL80211_IFTYPE_ADHOC:
2715                 /* disallow things sta doesn't support */
2716                 if (params.plink_action)
2717                         return -EINVAL;
2718                 if (params.ht_capa)
2719                         return -EINVAL;
2720                 if (params.listen_interval >= 0)
2721                         return -EINVAL;
2722                 /* reject any changes other than AUTHORIZED */
2723                 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
2724                         return -EINVAL;
2725                 break;
2726         case NL80211_IFTYPE_MESH_POINT:
2727                 /* disallow things mesh doesn't support */
2728                 if (params.vlan)
2729                         return -EINVAL;
2730                 if (params.ht_capa)
2731                         return -EINVAL;
2732                 if (params.listen_interval >= 0)
2733                         return -EINVAL;
2734                 /*
2735                  * No special handling for TDLS here -- the userspace
2736                  * mesh code doesn't have this bug.
2737                  */
2738                 if (params.sta_flags_mask &
2739                                 ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2740                                   BIT(NL80211_STA_FLAG_MFP) |
2741                                   BIT(NL80211_STA_FLAG_AUTHORIZED)))
2742                         return -EINVAL;
2743                 break;
2744         default:
2745                 return -EOPNOTSUPP;
2746         }
2747
2748         /* be aware of params.vlan when changing code here */
2749
2750         err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);
2751
2752         if (params.vlan)
2753                 dev_put(params.vlan);
2754
2755         return err;
2756 }
2757
2758 static struct nla_policy
2759 nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
2760         [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
2761         [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
2762 };
2763
2764 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
2765 {
2766         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2767         int err;
2768         struct net_device *dev = info->user_ptr[1];
2769         struct station_parameters params;
2770         u8 *mac_addr = NULL;
2771
2772         memset(&params, 0, sizeof(params));
2773
2774         if (!info->attrs[NL80211_ATTR_MAC])
2775                 return -EINVAL;
2776
2777         if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
2778                 return -EINVAL;
2779
2780         if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
2781                 return -EINVAL;
2782
2783         if (!info->attrs[NL80211_ATTR_STA_AID])
2784                 return -EINVAL;
2785
2786         mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2787         params.supported_rates =
2788                 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2789         params.supported_rates_len =
2790                 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
2791         params.listen_interval =
2792                 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
2793
2794         params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
2795         if (!params.aid || params.aid > IEEE80211_MAX_AID)
2796                 return -EINVAL;
2797
2798         if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
2799                 params.ht_capa =
2800                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
2801
2802         if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
2803                 params.plink_action =
2804                     nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
2805
2806         if (!rdev->ops->add_station)
2807                 return -EOPNOTSUPP;
2808
2809         if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
2810                 return -EINVAL;
2811
2812         switch (dev->ieee80211_ptr->iftype) {
2813         case NL80211_IFTYPE_AP:
2814         case NL80211_IFTYPE_AP_VLAN:
2815         case NL80211_IFTYPE_P2P_GO:
2816                 /* parse WME attributes if sta is WME capable */
2817                 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
2818                     (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
2819                     info->attrs[NL80211_ATTR_STA_WME]) {
2820                         struct nlattr *tb[NL80211_STA_WME_MAX + 1];
2821                         struct nlattr *nla;
2822
2823                         nla = info->attrs[NL80211_ATTR_STA_WME];
2824                         err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
2825                                                nl80211_sta_wme_policy);
2826                         if (err)
2827                                 return err;
2828
2829                         if (tb[NL80211_STA_WME_UAPSD_QUEUES])
2830                                 params.uapsd_queues =
2831                                      nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
2832                         if (params.uapsd_queues &
2833                                         ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
2834                                 return -EINVAL;
2835
2836                         if (tb[NL80211_STA_WME_MAX_SP])
2837                                 params.max_sp =
2838                                      nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);
2839
2840                         if (params.max_sp &
2841                                         ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
2842                                 return -EINVAL;
2843
2844                         params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
2845                 }
2846                 /* TDLS peers cannot be added */
2847                 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2848                         return -EINVAL;
2849                 /* but don't bother the driver with it */
2850                 params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2851
2852                 /* must be last in here for error handling */
2853                 params.vlan = get_vlan(info, rdev);
2854                 if (IS_ERR(params.vlan))
2855                         return PTR_ERR(params.vlan);
2856                 break;
2857         case NL80211_IFTYPE_MESH_POINT:
2858                 /* TDLS peers cannot be added */
2859                 if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2860                         return -EINVAL;
2861                 break;
2862         case NL80211_IFTYPE_STATION:
2863                 /* Only TDLS peers can be added */
2864                 if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
2865                         return -EINVAL;
2866                 /* Can only add if TDLS ... */
2867                 if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
2868                         return -EOPNOTSUPP;
2869                 /* ... with external setup is supported */
2870                 if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
2871                         return -EOPNOTSUPP;
2872                 break;
2873         default:
2874                 return -EOPNOTSUPP;
2875         }
2876
2877         /* be aware of params.vlan when changing code here */
2878
2879         err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);
2880
2881         if (params.vlan)
2882                 dev_put(params.vlan);
2883         return err;
2884 }
2885
2886 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2887 {
2888         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2889         struct net_device *dev = info->user_ptr[1];
2890         u8 *mac_addr = NULL;
2891
2892         if (info->attrs[NL80211_ATTR_MAC])
2893                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2894
2895         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2896             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2897             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
2898             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2899                 return -EINVAL;
2900
2901         if (!rdev->ops->del_station)
2902                 return -EOPNOTSUPP;
2903
2904         return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2905 }
2906
2907 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2908                                 int flags, struct net_device *dev,
2909                                 u8 *dst, u8 *next_hop,
2910                                 struct mpath_info *pinfo)
2911 {
2912         void *hdr;
2913         struct nlattr *pinfoattr;
2914
2915         hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2916         if (!hdr)
2917                 return -1;
2918
2919         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2920         NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2921         NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2922
2923         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2924
2925         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2926         if (!pinfoattr)
2927                 goto nla_put_failure;
2928         if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2929                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2930                             pinfo->frame_qlen);
2931         if (pinfo->filled & MPATH_INFO_SN)
2932                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN,
2933                             pinfo->sn);
2934         if (pinfo->filled & MPATH_INFO_METRIC)
2935                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2936                             pinfo->metric);
2937         if (pinfo->filled & MPATH_INFO_EXPTIME)
2938                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2939                             pinfo->exptime);
2940         if (pinfo->filled & MPATH_INFO_FLAGS)
2941                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2942                             pinfo->flags);
2943         if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2944                 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2945                             pinfo->discovery_timeout);
2946         if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2947                 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2948                             pinfo->discovery_retries);
2949
2950         nla_nest_end(msg, pinfoattr);
2951
2952         return genlmsg_end(msg, hdr);
2953
2954  nla_put_failure:
2955         genlmsg_cancel(msg, hdr);
2956         return -EMSGSIZE;
2957 }
2958
2959 static int nl80211_dump_mpath(struct sk_buff *skb,
2960                               struct netlink_callback *cb)
2961 {
2962         struct mpath_info pinfo;
2963         struct cfg80211_registered_device *dev;
2964         struct net_device *netdev;
2965         u8 dst[ETH_ALEN];
2966         u8 next_hop[ETH_ALEN];
2967         int path_idx = cb->args[1];
2968         int err;
2969
2970         err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
2971         if (err)
2972                 return err;
2973
2974         if (!dev->ops->dump_mpath) {
2975                 err = -EOPNOTSUPP;
2976                 goto out_err;
2977         }
2978
2979         if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2980                 err = -EOPNOTSUPP;
2981                 goto out_err;
2982         }
2983
2984         while (1) {
2985                 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2986                                            dst, next_hop, &pinfo);
2987                 if (err == -ENOENT)
2988                         break;
2989                 if (err)
2990                         goto out_err;
2991
2992                 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2993                                        cb->nlh->nlmsg_seq, NLM_F_MULTI,
2994                                        netdev, dst, next_hop,
2995                                        &pinfo) < 0)
2996                         goto out;
2997
2998                 path_idx++;
2999         }
3000
3001
3002  out:
3003         cb->args[1] = path_idx;
3004         err = skb->len;
3005  out_err:
3006         nl80211_finish_netdev_dump(dev);
3007         return err;
3008 }
3009
3010 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
3011 {
3012         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3013         int err;
3014         struct net_device *dev = info->user_ptr[1];
3015         struct mpath_info pinfo;
3016         struct sk_buff *msg;
3017         u8 *dst = NULL;
3018         u8 next_hop[ETH_ALEN];
3019
3020         memset(&pinfo, 0, sizeof(pinfo));
3021
3022         if (!info->attrs[NL80211_ATTR_MAC])
3023                 return -EINVAL;
3024
3025         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3026
3027         if (!rdev->ops->get_mpath)
3028                 return -EOPNOTSUPP;
3029
3030         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3031                 return -EOPNOTSUPP;
3032
3033         err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
3034         if (err)
3035                 return err;
3036
3037         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3038         if (!msg)
3039                 return -ENOMEM;
3040
3041         if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
3042                                  dev, dst, next_hop, &pinfo) < 0) {
3043                 nlmsg_free(msg);
3044                 return -ENOBUFS;
3045         }
3046
3047         return genlmsg_reply(msg, info);
3048 }
3049
3050 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
3051 {
3052         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3053         struct net_device *dev = info->user_ptr[1];
3054         u8 *dst = NULL;
3055         u8 *next_hop = NULL;
3056
3057         if (!info->attrs[NL80211_ATTR_MAC])
3058                 return -EINVAL;
3059
3060         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3061                 return -EINVAL;
3062
3063         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3064         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3065
3066         if (!rdev->ops->change_mpath)
3067                 return -EOPNOTSUPP;
3068
3069         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3070                 return -EOPNOTSUPP;
3071
3072         return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
3073 }
3074
3075 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
3076 {
3077         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3078         struct net_device *dev = info->user_ptr[1];
3079         u8 *dst = NULL;
3080         u8 *next_hop = NULL;
3081
3082         if (!info->attrs[NL80211_ATTR_MAC])
3083                 return -EINVAL;
3084
3085         if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
3086                 return -EINVAL;
3087
3088         dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3089         next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
3090
3091         if (!rdev->ops->add_mpath)
3092                 return -EOPNOTSUPP;
3093
3094         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
3095                 return -EOPNOTSUPP;
3096
3097         return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
3098 }
3099
3100 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
3101 {
3102         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3103         struct net_device *dev = info->user_ptr[1];
3104         u8 *dst = NULL;
3105
3106         if (info->attrs[NL80211_ATTR_MAC])
3107                 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
3108
3109         if (!rdev->ops->del_mpath)
3110                 return -EOPNOTSUPP;
3111
3112         return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
3113 }
3114
3115 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
3116 {
3117         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3118         struct net_device *dev = info->user_ptr[1];
3119         struct bss_parameters params;
3120
3121         memset(&params, 0, sizeof(params));
3122         /* default to not changing parameters */
3123         params.use_cts_prot = -1;
3124         params.use_short_preamble = -1;
3125         params.use_short_slot_time = -1;
3126         params.ap_isolate = -1;
3127         params.ht_opmode = -1;
3128
3129         if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
3130                 params.use_cts_prot =
3131                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
3132         if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
3133                 params.use_short_preamble =
3134                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
3135         if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
3136                 params.use_short_slot_time =
3137                     nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
3138         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
3139                 params.basic_rates =
3140                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3141                 params.basic_rates_len =
3142                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
3143         }
3144         if (info->attrs[NL80211_ATTR_AP_ISOLATE])
3145                 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
3146         if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
3147                 params.ht_opmode =
3148                         nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);
3149
3150         if (!rdev->ops->change_bss)
3151                 return -EOPNOTSUPP;
3152
3153         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
3154             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
3155                 return -EOPNOTSUPP;
3156
3157         return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
3158 }
3159
3160 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
3161         [NL80211_ATTR_REG_RULE_FLAGS]           = { .type = NLA_U32 },
3162         [NL80211_ATTR_FREQ_RANGE_START]         = { .type = NLA_U32 },
3163         [NL80211_ATTR_FREQ_RANGE_END]           = { .type = NLA_U32 },
3164         [NL80211_ATTR_FREQ_RANGE_MAX_BW]        = { .type = NLA_U32 },
3165         [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
3166         [NL80211_ATTR_POWER_RULE_MAX_EIRP]      = { .type = NLA_U32 },
3167 };
3168
3169 static int parse_reg_rule(struct nlattr *tb[],
3170         struct ieee80211_reg_rule *reg_rule)
3171 {
3172         struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
3173         struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
3174
3175         if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
3176                 return -EINVAL;
3177         if (!tb[NL80211_ATTR_FREQ_RANGE_START])
3178                 return -EINVAL;
3179         if (!tb[NL80211_ATTR_FREQ_RANGE_END])
3180                 return -EINVAL;
3181         if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
3182                 return -EINVAL;
3183         if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
3184                 return -EINVAL;
3185
3186         reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
3187
3188         freq_range->start_freq_khz =
3189                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
3190         freq_range->end_freq_khz =
3191                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
3192         freq_range->max_bandwidth_khz =
3193                 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
3194
3195         power_rule->max_eirp =
3196                 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
3197
3198         if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
3199                 power_rule->max_antenna_gain =
3200                         nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
3201
3202         return 0;
3203 }
3204
3205 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
3206 {
3207         int r;
3208         char *data = NULL;
3209
3210         /*
3211          * You should only get this when cfg80211 hasn't yet initialized
3212          * completely when built-in to the kernel right between the time
3213          * window between nl80211_init() and regulatory_init(), if that is
3214          * even possible.
3215          */
3216         mutex_lock(&cfg80211_mutex);
3217         if (unlikely(!cfg80211_regdomain)) {
3218                 mutex_unlock(&cfg80211_mutex);
3219                 return -EINPROGRESS;
3220         }
3221         mutex_unlock(&cfg80211_mutex);
3222
3223         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3224                 return -EINVAL;
3225
3226         data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3227
3228         r = regulatory_hint_user(data);
3229
3230         return r;
3231 }
3232
3233 static int nl80211_get_mesh_config(struct sk_buff *skb,
3234                                    struct genl_info *info)
3235 {
3236         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3237         struct net_device *dev = info->user_ptr[1];
3238         struct wireless_dev *wdev = dev->ieee80211_ptr;
3239         struct mesh_config cur_params;
3240         int err = 0;
3241         void *hdr;
3242         struct nlattr *pinfoattr;
3243         struct sk_buff *msg;
3244
3245         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3246                 return -EOPNOTSUPP;
3247
3248         if (!rdev->ops->get_mesh_config)
3249                 return -EOPNOTSUPP;
3250
3251         wdev_lock(wdev);
3252         /* If not connected, get default parameters */
3253         if (!wdev->mesh_id_len)
3254                 memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
3255         else
3256                 err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
3257                                                  &cur_params);
3258         wdev_unlock(wdev);
3259
3260         if (err)
3261                 return err;
3262
3263         /* Draw up a netlink message to send back */
3264         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3265         if (!msg)
3266                 return -ENOMEM;
3267         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3268                              NL80211_CMD_GET_MESH_CONFIG);
3269         if (!hdr)
3270                 goto out;
3271         pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
3272         if (!pinfoattr)
3273                 goto nla_put_failure;
3274         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
3275         NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
3276                         cur_params.dot11MeshRetryTimeout);
3277         NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
3278                         cur_params.dot11MeshConfirmTimeout);
3279         NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
3280                         cur_params.dot11MeshHoldingTimeout);
3281         NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
3282                         cur_params.dot11MeshMaxPeerLinks);
3283         NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
3284                         cur_params.dot11MeshMaxRetries);
3285         NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
3286                         cur_params.dot11MeshTTL);
3287         NLA_PUT_U8(msg, NL80211_MESHCONF_ELEMENT_TTL,
3288                         cur_params.element_ttl);
3289         NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
3290                         cur_params.auto_open_plinks);
3291         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3292                         cur_params.dot11MeshHWMPmaxPREQretries);
3293         NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
3294                         cur_params.path_refresh_time);
3295         NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3296                         cur_params.min_discovery_timeout);
3297         NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3298                         cur_params.dot11MeshHWMPactivePathTimeout);
3299         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3300                         cur_params.dot11MeshHWMPpreqMinInterval);
3301         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3302                         cur_params.dot11MeshHWMPperrMinInterval);
3303         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3304                         cur_params.dot11MeshHWMPnetDiameterTraversalTime);
3305         NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
3306                         cur_params.dot11MeshHWMPRootMode);
3307         NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3308                         cur_params.dot11MeshHWMPRannInterval);
3309         NLA_PUT_U8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3310                         cur_params.dot11MeshGateAnnouncementProtocol);
3311         NLA_PUT_U8(msg, NL80211_MESHCONF_FORWARDING,
3312                         cur_params.dot11MeshForwarding);
3313         NLA_PUT_U32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
3314                         cur_params.rssi_threshold);
3315         nla_nest_end(msg, pinfoattr);
3316         genlmsg_end(msg, hdr);
3317         return genlmsg_reply(msg, info);
3318
3319  nla_put_failure:
3320         genlmsg_cancel(msg, hdr);
3321  out:
3322         nlmsg_free(msg);
3323         return -ENOBUFS;
3324 }
3325
3326 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
3327         [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
3328         [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
3329         [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
3330         [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
3331         [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
3332         [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
3333         [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
3334         [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
3335
3336         [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
3337         [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
3338         [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
3339         [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
3340         [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
3341         [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
3342         [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
3343         [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
3344         [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
3345         [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
3346         [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
3347         [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32},
3348 };
3349
3350 static const struct nla_policy
3351         nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
3352         [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
3353         [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
3354         [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
3355         [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
3356                 .len = IEEE80211_MAX_DATA_LEN },
3357         [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
3358 };
3359
3360 static int nl80211_parse_mesh_config(struct genl_info *info,
3361                                      struct mesh_config *cfg,
3362                                      u32 *mask_out)
3363 {
3364         struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
3365         u32 mask = 0;
3366
3367 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
3368 do {\
3369         if (table[attr_num]) {\
3370                 cfg->param = nla_fn(table[attr_num]); \
3371                 mask |= (1 << (attr_num - 1)); \
3372         } \
3373 } while (0);\
3374
3375
3376         if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
3377                 return -EINVAL;
3378         if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
3379                              info->attrs[NL80211_ATTR_MESH_CONFIG],
3380                              nl80211_meshconf_params_policy))
3381                 return -EINVAL;
3382
3383         /* This makes sure that there aren't more than 32 mesh config
3384          * parameters (otherwise our bitfield scheme would not work.) */
3385         BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
3386
3387         /* Fill in the params struct */
3388         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
3389                         mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
3390         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
3391                         mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
3392         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
3393                         mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
3394         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
3395                         mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
3396         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
3397                         mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
3398         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
3399                         mask, NL80211_MESHCONF_TTL, nla_get_u8);
3400         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
3401                         mask, NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
3402         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
3403                         mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
3404         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
3405                         mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
3406                         nla_get_u8);
3407         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
3408                         mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
3409         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
3410                         mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
3411                         nla_get_u16);
3412         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
3413                         mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
3414                         nla_get_u32);
3415         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
3416                         mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
3417                         nla_get_u16);
3418         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
3419                         mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
3420                         nla_get_u16);
3421         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3422                         dot11MeshHWMPnetDiameterTraversalTime,
3423                         mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
3424                         nla_get_u16);
3425         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3426                         dot11MeshHWMPRootMode, mask,
3427                         NL80211_MESHCONF_HWMP_ROOTMODE,
3428                         nla_get_u8);
3429         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3430                         dot11MeshHWMPRannInterval, mask,
3431                         NL80211_MESHCONF_HWMP_RANN_INTERVAL,
3432                         nla_get_u16);
3433         FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
3434                         dot11MeshGateAnnouncementProtocol, mask,
3435                         NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
3436                         nla_get_u8);
3437         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding,
3438                         mask, NL80211_MESHCONF_FORWARDING, nla_get_u8);
3439         FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold,
3440                         mask, NL80211_MESHCONF_RSSI_THRESHOLD, nla_get_u32);
3441         if (mask_out)
3442                 *mask_out = mask;
3443
3444         return 0;
3445
3446 #undef FILL_IN_MESH_PARAM_IF_SET
3447 }
3448
3449 static int nl80211_parse_mesh_setup(struct genl_info *info,
3450                                      struct mesh_setup *setup)
3451 {
3452         struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];
3453
3454         if (!info->attrs[NL80211_ATTR_MESH_SETUP])
3455                 return -EINVAL;
3456         if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
3457                              info->attrs[NL80211_ATTR_MESH_SETUP],
3458                              nl80211_mesh_setup_params_policy))
3459                 return -EINVAL;
3460
3461         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
3462                 setup->path_sel_proto =
3463                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
3464                  IEEE80211_PATH_PROTOCOL_VENDOR :
3465                  IEEE80211_PATH_PROTOCOL_HWMP;
3466
3467         if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
3468                 setup->path_metric =
3469                 (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
3470                  IEEE80211_PATH_METRIC_VENDOR :
3471                  IEEE80211_PATH_METRIC_AIRTIME;
3472
3473
3474         if (tb[NL80211_MESH_SETUP_IE]) {
3475                 struct nlattr *ieattr =
3476                         tb[NL80211_MESH_SETUP_IE];
3477                 if (!is_valid_ie_attr(ieattr))
3478                         return -EINVAL;
3479                 setup->ie = nla_data(ieattr);
3480                 setup->ie_len = nla_len(ieattr);
3481         }
3482         setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
3483         setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);
3484
3485         return 0;
3486 }
3487
3488 static int nl80211_update_mesh_config(struct sk_buff *skb,
3489                                       struct genl_info *info)
3490 {
3491         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3492         struct net_device *dev = info->user_ptr[1];
3493         struct wireless_dev *wdev = dev->ieee80211_ptr;
3494         struct mesh_config cfg;
3495         u32 mask;
3496         int err;
3497
3498         if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
3499                 return -EOPNOTSUPP;
3500
3501         if (!rdev->ops->update_mesh_config)
3502                 return -EOPNOTSUPP;
3503
3504         err = nl80211_parse_mesh_config(info, &cfg, &mask);
3505         if (err)
3506                 return err;
3507
3508         wdev_lock(wdev);
3509         if (!wdev->mesh_id_len)
3510                 err = -ENOLINK;
3511
3512         if (!err)
3513                 err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
3514                                                     mask, &cfg);
3515
3516         wdev_unlock(wdev);
3517
3518         return err;
3519 }
3520
3521 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
3522 {
3523         struct sk_buff *msg;
3524         void *hdr = NULL;
3525         struct nlattr *nl_reg_rules;
3526         unsigned int i;
3527         int err = -EINVAL;
3528
3529         mutex_lock(&cfg80211_mutex);
3530
3531         if (!cfg80211_regdomain)
3532                 goto out;
3533
3534         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3535         if (!msg) {
3536                 err = -ENOBUFS;
3537                 goto out;
3538         }
3539
3540         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
3541                              NL80211_CMD_GET_REG);
3542         if (!hdr)
3543                 goto put_failure;
3544
3545         NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
3546                 cfg80211_regdomain->alpha2);
3547         if (cfg80211_regdomain->dfs_region)
3548                 NLA_PUT_U8(msg, NL80211_ATTR_DFS_REGION,
3549                            cfg80211_regdomain->dfs_region);
3550
3551         nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
3552         if (!nl_reg_rules)
3553                 goto nla_put_failure;
3554
3555         for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
3556                 struct nlattr *nl_reg_rule;
3557                 const struct ieee80211_reg_rule *reg_rule;
3558                 const struct ieee80211_freq_range *freq_range;
3559                 const struct ieee80211_power_rule *power_rule;
3560
3561                 reg_rule = &cfg80211_regdomain->reg_rules[i];
3562                 freq_range = &reg_rule->freq_range;
3563                 power_rule = &reg_rule->power_rule;
3564
3565                 nl_reg_rule = nla_nest_start(msg, i);
3566                 if (!nl_reg_rule)
3567                         goto nla_put_failure;
3568
3569                 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
3570                         reg_rule->flags);
3571                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
3572                         freq_range->start_freq_khz);
3573                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
3574                         freq_range->end_freq_khz);
3575                 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
3576                         freq_range->max_bandwidth_khz);
3577                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
3578                         power_rule->max_antenna_gain);
3579                 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
3580                         power_rule->max_eirp);
3581
3582                 nla_nest_end(msg, nl_reg_rule);
3583         }
3584
3585         nla_nest_end(msg, nl_reg_rules);
3586
3587         genlmsg_end(msg, hdr);
3588         err = genlmsg_reply(msg, info);
3589         goto out;
3590
3591 nla_put_failure:
3592         genlmsg_cancel(msg, hdr);
3593 put_failure:
3594         nlmsg_free(msg);
3595         err = -EMSGSIZE;
3596 out:
3597         mutex_unlock(&cfg80211_mutex);
3598         return err;
3599 }
3600
3601 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
3602 {
3603         struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
3604         struct nlattr *nl_reg_rule;
3605         char *alpha2 = NULL;
3606         int rem_reg_rules = 0, r = 0;
3607         u32 num_rules = 0, rule_idx = 0, size_of_regd;
3608         u8 dfs_region = 0;
3609         struct ieee80211_regdomain *rd = NULL;
3610
3611         if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
3612                 return -EINVAL;
3613
3614         if (!info->attrs[NL80211_ATTR_REG_RULES])
3615                 return -EINVAL;
3616
3617         alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
3618
3619         if (info->attrs[NL80211_ATTR_DFS_REGION])
3620                 dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);
3621
3622         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3623                         rem_reg_rules) {
3624                 num_rules++;
3625                 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
3626                         return -EINVAL;
3627         }
3628
3629         mutex_lock(&cfg80211_mutex);
3630
3631         if (!reg_is_valid_request(alpha2)) {
3632                 r = -EINVAL;
3633                 goto bad_reg;
3634         }
3635
3636         size_of_regd = sizeof(struct ieee80211_regdomain) +
3637                 (num_rules * sizeof(struct ieee80211_reg_rule));
3638
3639         rd = kzalloc(size_of_regd, GFP_KERNEL);
3640         if (!rd) {
3641                 r = -ENOMEM;
3642                 goto bad_reg;
3643         }
3644
3645         rd->n_reg_rules = num_rules;
3646         rd->alpha2[0] = alpha2[0];
3647         rd->alpha2[1] = alpha2[1];
3648
3649         /*
3650          * Disable DFS master mode if the DFS region was
3651          * not supported or known on this kernel.
3652          */
3653         if (reg_supported_dfs_region(dfs_region))
3654                 rd->dfs_region = dfs_region;
3655
3656         nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
3657                         rem_reg_rules) {
3658                 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
3659                         nla_data(nl_reg_rule), nla_len(nl_reg_rule),
3660                         reg_rule_policy);
3661                 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
3662                 if (r)
3663                         goto bad_reg;
3664
3665                 rule_idx++;
3666
3667                 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
3668                         r = -EINVAL;
3669                         goto bad_reg;
3670                 }
3671         }
3672
3673         BUG_ON(rule_idx != num_rules);
3674
3675         r = set_regdom(rd);
3676
3677         mutex_unlock(&cfg80211_mutex);
3678
3679         return r;
3680
3681  bad_reg:
3682         mutex_unlock(&cfg80211_mutex);
3683         kfree(rd);
3684         return r;
3685 }
3686
3687 static int validate_scan_freqs(struct nlattr *freqs)
3688 {
3689         struct nlattr *attr1, *attr2;
3690         int n_channels = 0, tmp1, tmp2;
3691
3692         nla_for_each_nested(attr1, freqs, tmp1) {
3693                 n_channels++;
3694                 /*
3695                  * Some hardware has a limited channel list for
3696                  * scanning, and it is pretty much nonsensical
3697                  * to scan for a channel twice, so disallow that
3698                  * and don't require drivers to check that the
3699                  * channel list they get isn't longer than what
3700                  * they can scan, as long as they can scan all
3701                  * the channels they registered at once.
3702                  */
3703                 nla_for_each_nested(attr2, freqs, tmp2)
3704                         if (attr1 != attr2 &&
3705                             nla_get_u32(attr1) == nla_get_u32(attr2))
3706                                 return 0;
3707         }
3708
3709         return n_channels;
3710 }
3711
3712 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
3713 {
3714         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3715         struct net_device *dev = info->user_ptr[1];
3716         struct cfg80211_scan_request *request;
3717         struct nlattr *attr;
3718         struct wiphy *wiphy;
3719         int err, tmp, n_ssids = 0, n_channels, i;
3720         size_t ie_len;
3721
3722         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3723                 return -EINVAL;
3724
3725         wiphy = &rdev->wiphy;
3726
3727         if (!rdev->ops->scan)
3728                 return -EOPNOTSUPP;
3729
3730         if (rdev->scan_req)
3731                 return -EBUSY;
3732
3733         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3734                 n_channels = validate_scan_freqs(
3735                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3736                 if (!n_channels)
3737                         return -EINVAL;
3738         } else {
3739                 enum ieee80211_band band;
3740                 n_channels = 0;
3741
3742                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3743                         if (wiphy->bands[band])
3744                                 n_channels += wiphy->bands[band]->n_channels;
3745         }
3746
3747         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3748                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
3749                         n_ssids++;
3750
3751         if (n_ssids > wiphy->max_scan_ssids)
3752                 return -EINVAL;
3753
3754         if (info->attrs[NL80211_ATTR_IE])
3755                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3756         else
3757                 ie_len = 0;
3758
3759         if (ie_len > wiphy->max_scan_ie_len)
3760                 return -EINVAL;
3761
3762         request = kzalloc(sizeof(*request)
3763                         + sizeof(*request->ssids) * n_ssids
3764                         + sizeof(*request->channels) * n_channels
3765                         + ie_len, GFP_KERNEL);
3766         if (!request)
3767                 return -ENOMEM;
3768
3769         if (n_ssids)
3770                 request->ssids = (void *)&request->channels[n_channels];
3771         request->n_ssids = n_ssids;
3772         if (ie_len) {
3773                 if (request->ssids)
3774                         request->ie = (void *)(request->ssids + n_ssids);
3775                 else
3776                         request->ie = (void *)(request->channels + n_channels);
3777         }
3778
3779         i = 0;
3780         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3781                 /* user specified, bail out if channel not found */
3782                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3783                         struct ieee80211_channel *chan;
3784
3785                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3786
3787                         if (!chan) {
3788                                 err = -EINVAL;
3789                                 goto out_free;
3790                         }
3791
3792                         /* ignore disabled channels */
3793                         if (chan->flags & IEEE80211_CHAN_DISABLED)
3794                                 continue;
3795
3796                         request->channels[i] = chan;
3797                         i++;
3798                 }
3799         } else {
3800                 enum ieee80211_band band;
3801
3802                 /* all channels */
3803                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3804                         int j;
3805                         if (!wiphy->bands[band])
3806                                 continue;
3807                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3808                                 struct ieee80211_channel *chan;
3809
3810                                 chan = &wiphy->bands[band]->channels[j];
3811
3812                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
3813                                         continue;
3814
3815                                 request->channels[i] = chan;
3816                                 i++;
3817                         }
3818                 }
3819         }
3820
3821         if (!i) {
3822                 err = -EINVAL;
3823                 goto out_free;
3824         }
3825
3826         request->n_channels = i;
3827
3828         i = 0;
3829         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3830                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3831                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
3832                                 err = -EINVAL;
3833                                 goto out_free;
3834                         }
3835                         request->ssids[i].ssid_len = nla_len(attr);
3836                         memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3837                         i++;
3838                 }
3839         }
3840
3841         if (info->attrs[NL80211_ATTR_IE]) {
3842                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3843                 memcpy((void *)request->ie,
3844                        nla_data(info->attrs[NL80211_ATTR_IE]),
3845                        request->ie_len);
3846         }
3847
3848         for (i = 0; i < IEEE80211_NUM_BANDS; i++)
3849                 if (wiphy->bands[i])
3850                         request->rates[i] =
3851                                 (1 << wiphy->bands[i]->n_bitrates) - 1;
3852
3853         if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
3854                 nla_for_each_nested(attr,
3855                                     info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
3856                                     tmp) {
3857                         enum ieee80211_band band = nla_type(attr);
3858
3859                         if (band < 0 || band >= IEEE80211_NUM_BANDS) {
3860                                 err = -EINVAL;
3861                                 goto out_free;
3862                         }
3863                         err = ieee80211_get_ratemask(wiphy->bands[band],
3864                                                      nla_data(attr),
3865                                                      nla_len(attr),
3866                                                      &request->rates[band]);
3867                         if (err)
3868                                 goto out_free;
3869                 }
3870         }
3871
3872         request->no_cck =
3873                 nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
3874
3875         request->dev = dev;
3876         request->wiphy = &rdev->wiphy;
3877
3878         rdev->scan_req = request;
3879         err = rdev->ops->scan(&rdev->wiphy, dev, request);
3880
3881         if (!err) {
3882                 nl80211_send_scan_start(rdev, dev);
3883                 dev_hold(dev);
3884         } else {
3885  out_free:
3886                 rdev->scan_req = NULL;
3887                 kfree(request);
3888         }
3889
3890         return err;
3891 }
3892
3893 static int nl80211_start_sched_scan(struct sk_buff *skb,
3894                                     struct genl_info *info)
3895 {
3896         struct cfg80211_sched_scan_request *request;
3897         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3898         struct net_device *dev = info->user_ptr[1];
3899         struct nlattr *attr;
3900         struct wiphy *wiphy;
3901         int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
3902         u32 interval;
3903         enum ieee80211_band band;
3904         size_t ie_len;
3905         struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
3906
3907         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
3908             !rdev->ops->sched_scan_start)
3909                 return -EOPNOTSUPP;
3910
3911         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3912                 return -EINVAL;
3913
3914         if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
3915                 return -EINVAL;
3916
3917         interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
3918         if (interval == 0)
3919                 return -EINVAL;
3920
3921         wiphy = &rdev->wiphy;
3922
3923         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3924                 n_channels = validate_scan_freqs(
3925                                 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
3926                 if (!n_channels)
3927                         return -EINVAL;
3928         } else {
3929                 n_channels = 0;
3930
3931                 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
3932                         if (wiphy->bands[band])
3933                                 n_channels += wiphy->bands[band]->n_channels;
3934         }
3935
3936         if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
3937                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
3938                                     tmp)
3939                         n_ssids++;
3940
3941         if (n_ssids > wiphy->max_sched_scan_ssids)
3942                 return -EINVAL;
3943
3944         if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
3945                 nla_for_each_nested(attr,
3946                                     info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
3947                                     tmp)
3948                         n_match_sets++;
3949
3950         if (n_match_sets > wiphy->max_match_sets)
3951                 return -EINVAL;
3952
3953         if (info->attrs[NL80211_ATTR_IE])
3954                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3955         else
3956                 ie_len = 0;
3957
3958         if (ie_len > wiphy->max_sched_scan_ie_len)
3959                 return -EINVAL;
3960
3961         mutex_lock(&rdev->sched_scan_mtx);
3962
3963         if (rdev->sched_scan_req) {
3964                 err = -EINPROGRESS;
3965                 goto out;
3966         }
3967
3968         request = kzalloc(sizeof(*request)
3969                         + sizeof(*request->ssids) * n_ssids
3970                         + sizeof(*request->match_sets) * n_match_sets
3971                         + sizeof(*request->channels) * n_channels
3972                         + ie_len, GFP_KERNEL);
3973         if (!request) {
3974                 err = -ENOMEM;
3975                 goto out;
3976         }
3977
3978         if (n_ssids)
3979                 request->ssids = (void *)&request->channels[n_channels];
3980         request->n_ssids = n_ssids;
3981         if (ie_len) {
3982                 if (request->ssids)
3983                         request->ie = (void *)(request->ssids + n_ssids);
3984                 else
3985                         request->ie = (void *)(request->channels + n_channels);
3986         }
3987
3988         if (n_match_sets) {
3989                 if (request->ie)
3990                         request->match_sets = (void *)(request->ie + ie_len);
3991                 else if (request->ssids)
3992                         request->match_sets =
3993                                 (void *)(request->ssids + n_ssids);
3994                 else
3995                         request->match_sets =
3996                                 (void *)(request->channels + n_channels);
3997         }
3998         request->n_match_sets = n_match_sets;
3999
4000         i = 0;
4001         if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
4002                 /* user specified, bail out if channel not found */
4003                 nla_for_each_nested(attr,
4004                                     info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
4005                                     tmp) {
4006                         struct ieee80211_channel *chan;
4007
4008                         chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
4009
4010                         if (!chan) {
4011                                 err = -EINVAL;
4012                                 goto out_free;
4013                         }
4014
4015                         /* ignore disabled channels */
4016                         if (chan->flags & IEEE80211_CHAN_DISABLED)
4017                                 continue;
4018
4019                         request->channels[i] = chan;
4020                         i++;
4021                 }
4022         } else {
4023                 /* all channels */
4024                 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4025                         int j;
4026                         if (!wiphy->bands[band])
4027                                 continue;
4028                         for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
4029                                 struct ieee80211_channel *chan;
4030
4031                                 chan = &wiphy->bands[band]->channels[j];
4032
4033                                 if (chan->flags & IEEE80211_CHAN_DISABLED)
4034                                         continue;
4035
4036                                 request->channels[i] = chan;
4037                                 i++;
4038                         }
4039                 }
4040         }
4041
4042         if (!i) {
4043                 err = -EINVAL;
4044                 goto out_free;
4045         }
4046
4047         request->n_channels = i;
4048
4049         i = 0;
4050         if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
4051                 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
4052                                     tmp) {
4053                         if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
4054                                 err = -EINVAL;
4055                                 goto out_free;
4056                         }
4057                         request->ssids[i].ssid_len = nla_len(attr);
4058                         memcpy(request->ssids[i].ssid, nla_data(attr),
4059                                nla_len(attr));
4060                         i++;
4061                 }
4062         }
4063
4064         i = 0;
4065         if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
4066                 nla_for_each_nested(attr,
4067                                     info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
4068                                     tmp) {
4069                         struct nlattr *ssid;
4070
4071                         nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
4072                                   nla_data(attr), nla_len(attr),
4073                                   nl80211_match_policy);
4074                         ssid = tb[NL80211_ATTR_SCHED_SCAN_MATCH_SSID];
4075                         if (ssid) {
4076                                 if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
4077                                         err = -EINVAL;
4078                                         goto out_free;
4079                                 }
4080                                 memcpy(request->match_sets[i].ssid.ssid,
4081                                        nla_data(ssid), nla_len(ssid));
4082                                 request->match_sets[i].ssid.ssid_len =
4083                                         nla_len(ssid);
4084                         }
4085                         i++;
4086                 }
4087         }
4088
4089         if (info->attrs[NL80211_ATTR_IE]) {
4090                 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4091                 memcpy((void *)request->ie,
4092                        nla_data(info->attrs[NL80211_ATTR_IE]),
4093                        request->ie_len);
4094         }
4095
4096         request->dev = dev;
4097         request->wiphy = &rdev->wiphy;
4098         request->interval = interval;
4099
4100         err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
4101         if (!err) {
4102                 rdev->sched_scan_req = request;
4103                 nl80211_send_sched_scan(rdev, dev,
4104                                         NL80211_CMD_START_SCHED_SCAN);
4105                 goto out;
4106         }
4107
4108 out_free:
4109         kfree(request);
4110 out:
4111         mutex_unlock(&rdev->sched_scan_mtx);
4112         return err;
4113 }
4114
4115 static int nl80211_stop_sched_scan(struct sk_buff *skb,
4116                                    struct genl_info *info)
4117 {
4118         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4119         int err;
4120
4121         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
4122             !rdev->ops->sched_scan_stop)
4123                 return -EOPNOTSUPP;
4124
4125         mutex_lock(&rdev->sched_scan_mtx);
4126         err = __cfg80211_stop_sched_scan(rdev, false);
4127         mutex_unlock(&rdev->sched_scan_mtx);
4128
4129         return err;
4130 }
4131
4132 static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
4133                             u32 seq, int flags,
4134                             struct cfg80211_registered_device *rdev,
4135                             struct wireless_dev *wdev,
4136                             struct cfg80211_internal_bss *intbss)
4137 {
4138         struct cfg80211_bss *res = &intbss->pub;
4139         void *hdr;
4140         struct nlattr *bss;
4141
4142         ASSERT_WDEV_LOCK(wdev);
4143
4144         hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).pid, seq, flags,
4145                              NL80211_CMD_NEW_SCAN_RESULTS);
4146         if (!hdr)
4147                 return -1;
4148
4149         genl_dump_check_consistent(cb, hdr, &nl80211_fam);
4150
4151         NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
4152         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
4153
4154         bss = nla_nest_start(msg, NL80211_ATTR_BSS);
4155         if (!bss)
4156                 goto nla_put_failure;
4157         if (!is_zero_ether_addr(res->bssid))
4158                 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
4159         if (res->information_elements && res->len_information_elements)
4160                 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
4161                         res->len_information_elements,
4162                         res->information_elements);
4163         if (res->beacon_ies && res->len_beacon_ies &&
4164             res->beacon_ies != res->information_elements)
4165                 NLA_PUT(msg, NL80211_BSS_BEACON_IES,
4166                         res->len_beacon_ies, res->beacon_ies);
4167         if (res->tsf)
4168                 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
4169         if (res->beacon_interval)
4170                 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
4171         NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
4172         NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
4173         NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO,
4174                 jiffies_to_msecs(jiffies - intbss->ts));
4175
4176         switch (rdev->wiphy.signal_type) {
4177         case CFG80211_SIGNAL_TYPE_MBM:
4178                 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
4179                 break;
4180         case CFG80211_SIGNAL_TYPE_UNSPEC:
4181                 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
4182                 break;
4183         default:
4184                 break;
4185         }
4186
4187         switch (wdev->iftype) {
4188         case NL80211_IFTYPE_P2P_CLIENT:
4189         case NL80211_IFTYPE_STATION:
4190                 if (intbss == wdev->current_bss)
4191                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
4192                                     NL80211_BSS_STATUS_ASSOCIATED);
4193                 break;
4194         case NL80211_IFTYPE_ADHOC:
4195                 if (intbss == wdev->current_bss)
4196                         NLA_PUT_U32(msg, NL80211_BSS_STATUS,
4197                                     NL80211_BSS_STATUS_IBSS_JOINED);
4198                 break;
4199         default:
4200                 break;
4201         }
4202
4203         nla_nest_end(msg, bss);
4204
4205         return genlmsg_end(msg, hdr);
4206
4207  nla_put_failure:
4208         genlmsg_cancel(msg, hdr);
4209         return -EMSGSIZE;
4210 }
4211
4212 static int nl80211_dump_scan(struct sk_buff *skb,
4213                              struct netlink_callback *cb)
4214 {
4215         struct cfg80211_registered_device *rdev;
4216         struct net_device *dev;
4217         struct cfg80211_internal_bss *scan;
4218         struct wireless_dev *wdev;
4219         int start = cb->args[1], idx = 0;
4220         int err;
4221
4222         err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
4223         if (err)
4224                 return err;
4225
4226         wdev = dev->ieee80211_ptr;
4227
4228         wdev_lock(wdev);
4229         spin_lock_bh(&rdev->bss_lock);
4230         cfg80211_bss_expire(rdev);
4231
4232         cb->seq = rdev->bss_generation;
4233
4234         list_for_each_entry(scan, &rdev->bss_list, list) {
4235                 if (++idx <= start)
4236                         continue;
4237                 if (nl80211_send_bss(skb, cb,
4238                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4239                                 rdev, wdev, scan) < 0) {
4240                         idx--;
4241                         break;
4242                 }
4243         }
4244
4245         spin_unlock_bh(&rdev->bss_lock);
4246         wdev_unlock(wdev);
4247
4248         cb->args[1] = idx;
4249         nl80211_finish_netdev_dump(rdev);
4250
4251         return skb->len;
4252 }
4253
4254 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq,
4255                                 int flags, struct net_device *dev,
4256                                 struct survey_info *survey)
4257 {
4258         void *hdr;
4259         struct nlattr *infoattr;
4260
4261         hdr = nl80211hdr_put(msg, pid, seq, flags,
4262                              NL80211_CMD_NEW_SURVEY_RESULTS);
4263         if (!hdr)
4264                 return -ENOMEM;
4265
4266         NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
4267
4268         infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
4269         if (!infoattr)
4270                 goto nla_put_failure;
4271
4272         NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY,
4273                     survey->channel->center_freq);
4274         if (survey->filled & SURVEY_INFO_NOISE_DBM)
4275                 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE,
4276                             survey->noise);
4277         if (survey->filled & SURVEY_INFO_IN_USE)
4278                 NLA_PUT_FLAG(msg, NL80211_SURVEY_INFO_IN_USE);
4279         if (survey->filled & SURVEY_INFO_CHANNEL_TIME)
4280                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
4281                             survey->channel_time);
4282         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
4283                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
4284                             survey->channel_time_busy);
4285         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
4286                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
4287                             survey->channel_time_ext_busy);
4288         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_RX)
4289                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
4290                             survey->channel_time_rx);
4291         if (survey->filled & SURVEY_INFO_CHANNEL_TIME_TX)
4292                 NLA_PUT_U64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
4293                             survey->channel_time_tx);
4294
4295         nla_nest_end(msg, infoattr);
4296
4297         return genlmsg_end(msg, hdr);
4298
4299  nla_put_failure:
4300         genlmsg_cancel(msg, hdr);
4301         return -EMSGSIZE;
4302 }
4303
4304 static int nl80211_dump_survey(struct sk_buff *skb,
4305                         struct netlink_callback *cb)
4306 {
4307         struct survey_info survey;
4308         struct cfg80211_registered_device *dev;
4309         struct net_device *netdev;
4310         int survey_idx = cb->args[1];
4311         int res;
4312
4313         res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
4314         if (res)
4315                 return res;
4316
4317         if (!dev->ops->dump_survey) {
4318                 res = -EOPNOTSUPP;
4319                 goto out_err;
4320         }
4321
4322         while (1) {
4323                 struct ieee80211_channel *chan;
4324
4325                 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
4326                                             &survey);
4327                 if (res == -ENOENT)
4328                         break;
4329                 if (res)
4330                         goto out_err;
4331
4332                 /* Survey without a channel doesn't make sense */
4333                 if (!survey.channel) {
4334                         res = -EINVAL;
4335                         goto out;
4336                 }
4337
4338                 chan = ieee80211_get_channel(&dev->wiphy,
4339                                              survey.channel->center_freq);
4340                 if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
4341                         survey_idx++;
4342                         continue;
4343                 }
4344
4345                 if (nl80211_send_survey(skb,
4346                                 NETLINK_CB(cb->skb).pid,
4347                                 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4348                                 netdev,
4349                                 &survey) < 0)
4350                         goto out;
4351                 survey_idx++;
4352         }
4353
4354  out:
4355         cb->args[1] = survey_idx;
4356         res = skb->len;
4357  out_err:
4358         nl80211_finish_netdev_dump(dev);
4359         return res;
4360 }
4361
4362 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
4363 {
4364         return auth_type <= NL80211_AUTHTYPE_MAX;
4365 }
4366
4367 static bool nl80211_valid_wpa_versions(u32 wpa_versions)
4368 {
4369         return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
4370                                   NL80211_WPA_VERSION_2));
4371 }
4372
4373 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
4374 {
4375         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4376         struct net_device *dev = info->user_ptr[1];
4377         struct ieee80211_channel *chan;
4378         const u8 *bssid, *ssid, *ie = NULL;
4379         int err, ssid_len, ie_len = 0;
4380         enum nl80211_auth_type auth_type;
4381         struct key_parse key;
4382         bool local_state_change;
4383
4384         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4385                 return -EINVAL;
4386
4387         if (!info->attrs[NL80211_ATTR_MAC])
4388                 return -EINVAL;
4389
4390         if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
4391                 return -EINVAL;
4392
4393         if (!info->attrs[NL80211_ATTR_SSID])
4394                 return -EINVAL;
4395
4396         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
4397                 return -EINVAL;
4398
4399         err = nl80211_parse_key(info, &key);
4400         if (err)
4401                 return err;
4402
4403         if (key.idx >= 0) {
4404                 if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
4405                         return -EINVAL;
4406                 if (!key.p.key || !key.p.key_len)
4407                         return -EINVAL;
4408                 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
4409                      key.p.key_len != WLAN_KEY_LEN_WEP40) &&
4410                     (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
4411                      key.p.key_len != WLAN_KEY_LEN_WEP104))
4412                         return -EINVAL;
4413                 if (key.idx > 4)
4414                         return -EINVAL;
4415         } else {
4416                 key.p.key_len = 0;
4417                 key.p.key = NULL;
4418         }
4419
4420         if (key.idx >= 0) {
4421                 int i;
4422                 bool ok = false;
4423                 for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
4424                         if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
4425                                 ok = true;
4426                                 break;
4427                         }
4428                 }
4429                 if (!ok)
4430                         return -EINVAL;
4431         }
4432
4433         if (!rdev->ops->auth)
4434                 return -EOPNOTSUPP;
4435
4436         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4437             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4438                 return -EOPNOTSUPP;
4439
4440         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4441         chan = ieee80211_get_channel(&rdev->wiphy,
4442                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4443         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4444                 return -EINVAL;
4445
4446         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4447         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4448
4449         if (info->attrs[NL80211_ATTR_IE]) {
4450                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4451                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4452         }
4453
4454         auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
4455         if (!nl80211_valid_auth_type(auth_type))
4456                 return -EINVAL;
4457
4458         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4459
4460         /*
4461          * Since we no longer track auth state, ignore
4462          * requests to only change local state.
4463          */
4464         if (local_state_change)
4465                 return 0;
4466
4467         return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
4468                                   ssid, ssid_len, ie, ie_len,
4469                                   key.p.key, key.p.key_len, key.idx);
4470 }
4471
4472 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
4473                                    struct genl_info *info,
4474                                    struct cfg80211_crypto_settings *settings,
4475                                    int cipher_limit)
4476 {
4477         memset(settings, 0, sizeof(*settings));
4478
4479         settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
4480
4481         if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
4482                 u16 proto;
4483                 proto = nla_get_u16(
4484                         info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
4485                 settings->control_port_ethertype = cpu_to_be16(proto);
4486                 if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
4487                     proto != ETH_P_PAE)
4488                         return -EINVAL;
4489                 if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
4490                         settings->control_port_no_encrypt = true;
4491         } else
4492                 settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);
4493
4494         if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
4495                 void *data;
4496                 int len, i;
4497
4498                 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4499                 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
4500                 settings->n_ciphers_pairwise = len / sizeof(u32);
4501
4502                 if (len % sizeof(u32))
4503                         return -EINVAL;
4504
4505                 if (settings->n_ciphers_pairwise > cipher_limit)
4506                         return -EINVAL;
4507
4508                 memcpy(settings->ciphers_pairwise, data, len);
4509
4510                 for (i = 0; i < settings->n_ciphers_pairwise; i++)
4511                         if (!cfg80211_supported_cipher_suite(
4512                                         &rdev->wiphy,
4513                                         settings->ciphers_pairwise[i]))
4514                                 return -EINVAL;
4515         }
4516
4517         if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
4518                 settings->cipher_group =
4519                         nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
4520                 if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
4521                                                      settings->cipher_group))
4522                         return -EINVAL;
4523         }
4524
4525         if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
4526                 settings->wpa_versions =
4527                         nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
4528                 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
4529                         return -EINVAL;
4530         }
4531
4532         if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
4533                 void *data;
4534                 int len;
4535
4536                 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
4537                 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
4538                 settings->n_akm_suites = len / sizeof(u32);
4539
4540                 if (len % sizeof(u32))
4541                         return -EINVAL;
4542
4543                 if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
4544                         return -EINVAL;
4545
4546                 memcpy(settings->akm_suites, data, len);
4547         }
4548
4549         return 0;
4550 }
4551
4552 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
4553 {
4554         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4555         struct net_device *dev = info->user_ptr[1];
4556         struct cfg80211_crypto_settings crypto;
4557         struct ieee80211_channel *chan;
4558         const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
4559         int err, ssid_len, ie_len = 0;
4560         bool use_mfp = false;
4561         u32 flags = 0;
4562         struct ieee80211_ht_cap *ht_capa = NULL;
4563         struct ieee80211_ht_cap *ht_capa_mask = NULL;
4564
4565         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4566                 return -EINVAL;
4567
4568         if (!info->attrs[NL80211_ATTR_MAC] ||
4569             !info->attrs[NL80211_ATTR_SSID] ||
4570             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
4571                 return -EINVAL;
4572
4573         if (!rdev->ops->assoc)
4574                 return -EOPNOTSUPP;
4575
4576         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4577             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4578                 return -EOPNOTSUPP;
4579
4580         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4581
4582         chan = ieee80211_get_channel(&rdev->wiphy,
4583                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
4584         if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
4585                 return -EINVAL;
4586
4587         ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4588         ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4589
4590         if (info->attrs[NL80211_ATTR_IE]) {
4591                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4592                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4593         }
4594
4595         if (info->attrs[NL80211_ATTR_USE_MFP]) {
4596                 enum nl80211_mfp mfp =
4597                         nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
4598                 if (mfp == NL80211_MFP_REQUIRED)
4599                         use_mfp = true;
4600                 else if (mfp != NL80211_MFP_NO)
4601                         return -EINVAL;
4602         }
4603
4604         if (info->attrs[NL80211_ATTR_PREV_BSSID])
4605                 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
4606
4607         if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
4608                 flags |= ASSOC_REQ_DISABLE_HT;
4609
4610         if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
4611                 ht_capa_mask =
4612                         nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]);
4613
4614         if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
4615                 if (!ht_capa_mask)
4616                         return -EINVAL;
4617                 ht_capa = nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
4618         }
4619
4620         err = nl80211_crypto_settings(rdev, info, &crypto, 1);
4621         if (!err)
4622                 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
4623                                           ssid, ssid_len, ie, ie_len, use_mfp,
4624                                           &crypto, flags, ht_capa,
4625                                           ht_capa_mask);
4626
4627         return err;
4628 }
4629
4630 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
4631 {
4632         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4633         struct net_device *dev = info->user_ptr[1];
4634         const u8 *ie = NULL, *bssid;
4635         int ie_len = 0;
4636         u16 reason_code;
4637         bool local_state_change;
4638
4639         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4640                 return -EINVAL;
4641
4642         if (!info->attrs[NL80211_ATTR_MAC])
4643                 return -EINVAL;
4644
4645         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4646                 return -EINVAL;
4647
4648         if (!rdev->ops->deauth)
4649                 return -EOPNOTSUPP;
4650
4651         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4652             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4653                 return -EOPNOTSUPP;
4654
4655         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4656
4657         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4658         if (reason_code == 0) {
4659                 /* Reason Code 0 is reserved */
4660                 return -EINVAL;
4661         }
4662
4663         if (info->attrs[NL80211_ATTR_IE]) {
4664                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4665                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4666         }
4667
4668         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4669
4670         return cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code,
4671                                     local_state_change);
4672 }
4673
4674 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
4675 {
4676         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4677         struct net_device *dev = info->user_ptr[1];
4678         const u8 *ie = NULL, *bssid;
4679         int ie_len = 0;
4680         u16 reason_code;
4681         bool local_state_change;
4682
4683         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4684                 return -EINVAL;
4685
4686         if (!info->attrs[NL80211_ATTR_MAC])
4687                 return -EINVAL;
4688
4689         if (!info->attrs[NL80211_ATTR_REASON_CODE])
4690                 return -EINVAL;
4691
4692         if (!rdev->ops->disassoc)
4693                 return -EOPNOTSUPP;
4694
4695         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
4696             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
4697                 return -EOPNOTSUPP;
4698
4699         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4700
4701         reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
4702         if (reason_code == 0) {
4703                 /* Reason Code 0 is reserved */
4704                 return -EINVAL;
4705         }
4706
4707         if (info->attrs[NL80211_ATTR_IE]) {
4708                 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4709                 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4710         }
4711
4712         local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
4713
4714         return cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code,
4715                                       local_state_change);
4716 }
4717
4718 static bool
4719 nl80211_parse_mcast_rate(struct cfg80211_registered_device *rdev,
4720                          int mcast_rate[IEEE80211_NUM_BANDS],
4721                          int rateval)
4722 {
4723         struct wiphy *wiphy = &rdev->wiphy;
4724         bool found = false;
4725         int band, i;
4726
4727         for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
4728                 struct ieee80211_supported_band *sband;
4729
4730                 sband = wiphy->bands[band];
4731                 if (!sband)
4732                         continue;
4733
4734                 for (i = 0; i < sband->n_bitrates; i++) {
4735                         if (sband->bitrates[i].bitrate == rateval) {
4736                                 mcast_rate[band] = i + 1;
4737                                 found = true;
4738                                 break;
4739                         }
4740                 }
4741         }
4742
4743         return found;
4744 }
4745
4746 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
4747 {
4748         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4749         struct net_device *dev = info->user_ptr[1];
4750         struct cfg80211_ibss_params ibss;
4751         struct wiphy *wiphy;
4752         struct cfg80211_cached_keys *connkeys = NULL;
4753         int err;
4754
4755         memset(&ibss, 0, sizeof(ibss));
4756
4757         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
4758                 return -EINVAL;
4759
4760         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
4761             !info->attrs[NL80211_ATTR_SSID] ||
4762             !nla_len(info->attrs[NL80211_ATTR_SSID]))
4763                 return -EINVAL;
4764
4765         ibss.beacon_interval = 100;
4766
4767         if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
4768                 ibss.beacon_interval =
4769                         nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
4770                 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
4771                         return -EINVAL;
4772         }
4773
4774         if (!rdev->ops->join_ibss)
4775                 return -EOPNOTSUPP;
4776
4777         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4778                 return -EOPNOTSUPP;
4779
4780         wiphy = &rdev->wiphy;
4781
4782         if (info->attrs[NL80211_ATTR_MAC]) {
4783                 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
4784
4785                 if (!is_valid_ether_addr(ibss.bssid))
4786                         return -EINVAL;
4787         }
4788         ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4789         ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
4790
4791         if (info->attrs[NL80211_ATTR_IE]) {
4792                 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
4793                 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
4794         }
4795
4796         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
4797                 enum nl80211_channel_type channel_type;
4798
4799                 channel_type = nla_get_u32(
4800                                 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
4801                 if (channel_type != NL80211_CHAN_NO_HT &&
4802                     channel_type != NL80211_CHAN_HT20 &&
4803                     channel_type != NL80211_CHAN_HT40MINUS &&
4804                     channel_type != NL80211_CHAN_HT40PLUS)
4805                         return -EINVAL;
4806
4807                 if (channel_type != NL80211_CHAN_NO_HT &&
4808                     !(wiphy->features & NL80211_FEATURE_HT_IBSS))
4809                         return -EINVAL;
4810
4811                 ibss.channel_type = channel_type;
4812         } else {
4813                 ibss.channel_type = NL80211_CHAN_NO_HT;
4814         }
4815
4816         ibss.channel = rdev_freq_to_chan(rdev,
4817                 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]),
4818                 ibss.channel_type);
4819         if (!ibss.channel ||
4820             ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
4821             ibss.channel->flags & IEEE80211_CHAN_DISABLED)
4822                 return -EINVAL;
4823
4824         /* Both channels should be able to initiate communication */
4825         if ((ibss.channel_type == NL80211_CHAN_HT40PLUS ||
4826              ibss.channel_type == NL80211_CHAN_HT40MINUS) &&
4827             !cfg80211_can_beacon_sec_chan(&rdev->wiphy, ibss.channel,
4828                                           ibss.channel_type))
4829                 return -EINVAL;
4830
4831         ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
4832         ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4833
4834         if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
4835                 u8 *rates =
4836                         nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4837                 int n_rates =
4838                         nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
4839                 struct ieee80211_supported_band *sband =
4840                         wiphy->bands[ibss.channel->band];
4841
4842                 err = ieee80211_get_ratemask(sband, rates, n_rates,
4843                                              &ibss.basic_rates);
4844                 if (err)
4845                         return err;
4846         }
4847
4848         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
4849             !nl80211_parse_mcast_rate(rdev, ibss.mcast_rate,
4850                         nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
4851                 return -EINVAL;
4852
4853         if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
4854                 connkeys = nl80211_parse_connkeys(rdev,
4855                                         info->attrs[NL80211_ATTR_KEYS]);
4856                 if (IS_ERR(connkeys))
4857                         return PTR_ERR(connkeys);
4858         }
4859
4860         ibss.control_port =
4861                 nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT]);
4862
4863         err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
4864         if (err)
4865                 kfree(connkeys);
4866         return err;
4867 }
4868
4869 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
4870 {
4871         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4872         struct net_device *dev = info->user_ptr[1];
4873
4874         if (!rdev->ops->leave_ibss)
4875                 return -EOPNOTSUPP;
4876
4877         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC)
4878                 return -EOPNOTSUPP;
4879
4880         return cfg80211_leave_ibss(rdev, dev, false);
4881 }
4882
4883 #ifdef CONFIG_NL80211_TESTMODE
4884 static struct genl_multicast_group nl80211_testmode_mcgrp = {
4885         .name = "testmode",
4886 };
4887
4888 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
4889 {
4890         struct cfg80211_registered_device *rdev = info->user_ptr[0];
4891         int err;
4892
4893         if (!info->attrs[NL80211_ATTR_TESTDATA])
4894                 return -EINVAL;
4895
4896         err = -EOPNOTSUPP;
4897         if (rdev->ops->testmode_cmd) {
4898                 rdev->testmode_info = info;
4899                 err = rdev->ops->testmode_cmd(&rdev->wiphy,
4900                                 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
4901                                 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
4902                 rdev->testmode_info = NULL;
4903         }
4904
4905         return err;
4906 }
4907
4908 static int nl80211_testmode_dump(struct sk_buff *skb,
4909                                  struct netlink_callback *cb)
4910 {
4911         struct cfg80211_registered_device *rdev;
4912         int err;
4913         long phy_idx;
4914         void *data = NULL;
4915         int data_len = 0;
4916
4917         if (cb->args[0]) {
4918                 /*
4919                  * 0 is a valid index, but not valid for args[0],
4920                  * so we need to offset by 1.
4921                  */
4922                 phy_idx = cb->args[0] - 1;
4923         } else {
4924                 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
4925                                   nl80211_fam.attrbuf, nl80211_fam.maxattr,
4926                                   nl80211_policy);
4927                 if (err)
4928                         return err;
4929                 if (nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]) {
4930                         phy_idx = nla_get_u32(
4931                                 nl80211_fam.attrbuf[NL80211_ATTR_WIPHY]);
4932                 } else {
4933                         struct net_device *netdev;
4934
4935                         err = get_rdev_dev_by_ifindex(sock_net(skb->sk),
4936                                                       nl80211_fam.attrbuf,
4937                                                       &rdev, &netdev);
4938                         if (err)
4939                                 return err;
4940                         dev_put(netdev);
4941                         phy_idx = rdev->wiphy_idx;
4942                         cfg80211_unlock_rdev(rdev);
4943                 }
4944                 if (nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA])
4945                         cb->args[1] =
4946                                 (long)nl80211_fam.attrbuf[NL80211_ATTR_TESTDATA];
4947         }
4948
4949         if (cb->args[1]) {
4950                 data = nla_data((void *)cb->args[1]);
4951                 data_len = nla_len((void *)cb->args[1]);
4952         }
4953
4954         mutex_lock(&cfg80211_mutex);
4955         rdev = cfg80211_rdev_by_wiphy_idx(phy_idx);
4956         if (!rdev) {
4957                 mutex_unlock(&cfg80211_mutex);
4958                 return -ENOENT;
4959         }
4960         cfg80211_lock_rdev(rdev);
4961         mutex_unlock(&cfg80211_mutex);
4962
4963         if (!rdev->ops->testmode_dump) {
4964                 err = -EOPNOTSUPP;
4965                 goto out_err;
4966         }
4967
4968         while (1) {
4969                 void *hdr = nl80211hdr_put(skb, NETLINK_CB(cb->skb).pid,
4970                                            cb->nlh->nlmsg_seq, NLM_F_MULTI,
4971                                            NL80211_CMD_TESTMODE);
4972                 struct nlattr *tmdata;
4973
4974                 if (nla_put_u32(skb, NL80211_ATTR_WIPHY, phy_idx) < 0) {
4975                         genlmsg_cancel(skb, hdr);
4976                         break;
4977                 }
4978
4979                 tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
4980                 if (!tmdata) {
4981                         genlmsg_cancel(skb, hdr);
4982                         break;
4983                 }
4984                 err = rdev->ops->testmode_dump(&rdev->wiphy, skb, cb,
4985                                                data, data_len);
4986                 nla_nest_end(skb, tmdata);
4987
4988                 if (err == -ENOBUFS || err == -ENOENT) {
4989                         genlmsg_cancel(skb, hdr);
4990                         break;
4991                 } else if (err) {
4992                         genlmsg_cancel(skb, hdr);
4993                         goto out_err;
4994                 }
4995
4996                 genlmsg_end(skb, hdr);
4997         }
4998
4999         err = skb->len;
5000         /* see above */
5001         cb->args[0] = phy_idx + 1;
5002  out_err:
5003         cfg80211_unlock_rdev(rdev);
5004         return err;
5005 }
5006
5007 static struct sk_buff *
5008 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
5009                               int approxlen, u32 pid, u32 seq, gfp_t gfp)
5010 {
5011         struct sk_buff *skb;
5012         void *hdr;
5013         struct nlattr *data;
5014
5015         skb = nlmsg_new(approxlen + 100, gfp);
5016         if (!skb)
5017                 return NULL;
5018
5019         hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
5020         if (!hdr) {
5021                 kfree_skb(skb);
5022                 return NULL;
5023         }
5024
5025         NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
5026         data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
5027
5028         ((void **)skb->cb)[0] = rdev;
5029         ((void **)skb->cb)[1] = hdr;
5030         ((void **)skb->cb)[2] = data;
5031
5032         return skb;
5033
5034  nla_put_failure:
5035         kfree_skb(skb);
5036         return NULL;
5037 }
5038
5039 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
5040                                                   int approxlen)
5041 {
5042         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5043
5044         if (WARN_ON(!rdev->testmode_info))
5045                 return NULL;
5046
5047         return __cfg80211_testmode_alloc_skb(rdev, approxlen,
5048                                 rdev->testmode_info->snd_pid,
5049                                 rdev->testmode_info->snd_seq,
5050                                 GFP_KERNEL);
5051 }
5052 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
5053
5054 int cfg80211_testmode_reply(struct sk_buff *skb)
5055 {
5056         struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
5057         void *hdr = ((void **)skb->cb)[1];
5058         struct nlattr *data = ((void **)skb->cb)[2];
5059
5060         if (WARN_ON(!rdev->testmode_info)) {
5061                 kfree_skb(skb);
5062                 return -EINVAL;
5063         }
5064
5065         nla_nest_end(skb, data);
5066         genlmsg_end(skb, hdr);
5067         return genlmsg_reply(skb, rdev->testmode_info);
5068 }
5069 EXPORT_SYMBOL(cfg80211_testmode_reply);
5070
5071 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
5072                                                   int approxlen, gfp_t gfp)
5073 {
5074         struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
5075
5076         return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
5077 }
5078 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
5079
5080 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
5081 {
5082         void *hdr = ((void **)skb->cb)[1];
5083         struct nlattr *data = ((void **)skb->cb)[2];
5084
5085         nla_nest_end(skb, data);
5086         genlmsg_end(skb, hdr);
5087         genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
5088 }
5089 EXPORT_SYMBOL(cfg80211_testmode_event);
5090 #endif
5091
5092 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
5093 {
5094         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5095         struct net_device *dev = info->user_ptr[1];
5096         struct cfg80211_connect_params connect;
5097         struct wiphy *wiphy;
5098         struct cfg80211_cached_keys *connkeys = NULL;
5099         int err;
5100
5101         memset(&connect, 0, sizeof(connect));
5102
5103         if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
5104                 return -EINVAL;
5105
5106         if (!info->attrs[NL80211_ATTR_SSID] ||
5107             !nla_len(info->attrs[NL80211_ATTR_SSID]))
5108                 return -EINVAL;
5109
5110         if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
5111                 connect.auth_type =
5112                         nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
5113                 if (!nl80211_valid_auth_type(connect.auth_type))
5114                         return -EINVAL;
5115         } else
5116                 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
5117
5118         connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
5119
5120         err = nl80211_crypto_settings(rdev, info, &connect.crypto,
5121                                       NL80211_MAX_NR_CIPHER_SUITES);
5122         if (err)
5123                 return err;
5124
5125         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5126             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5127                 return -EOPNOTSUPP;
5128
5129         wiphy = &rdev->wiphy;
5130
5131         connect.bg_scan_period = -1;
5132         if (info->attrs[NL80211_ATTR_BG_SCAN_PERIOD] &&
5133                 (wiphy->flags & WIPHY_FLAG_SUPPORTS_FW_ROAM)) {
5134                 connect.bg_scan_period =
5135                         nla_get_u16(info->attrs[NL80211_ATTR_BG_SCAN_PERIOD]);
5136         }
5137
5138         if (info->attrs[NL80211_ATTR_MAC])
5139                 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5140         connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
5141         connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
5142
5143         if (info->attrs[NL80211_ATTR_IE]) {
5144                 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
5145                 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
5146         }
5147
5148         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
5149                 connect.channel =
5150                         ieee80211_get_channel(wiphy,
5151                             nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
5152                 if (!connect.channel ||
5153                     connect.channel->flags & IEEE80211_CHAN_DISABLED)
5154                         return -EINVAL;
5155         }
5156
5157         if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
5158                 connkeys = nl80211_parse_connkeys(rdev,
5159                                         info->attrs[NL80211_ATTR_KEYS]);
5160                 if (IS_ERR(connkeys))
5161                         return PTR_ERR(connkeys);
5162         }
5163
5164         if (nla_get_flag(info->attrs[NL80211_ATTR_DISABLE_HT]))
5165                 connect.flags |= ASSOC_REQ_DISABLE_HT;
5166
5167         if (info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5168                 memcpy(&connect.ht_capa_mask,
5169                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]),
5170                        sizeof(connect.ht_capa_mask));
5171
5172         if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
5173                 if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK])
5174                         return -EINVAL;
5175                 memcpy(&connect.ht_capa,
5176                        nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]),
5177                        sizeof(connect.ht_capa));
5178         }
5179
5180         err = cfg80211_connect(rdev, dev, &connect, connkeys);
5181         if (err)
5182                 kfree(connkeys);
5183         return err;
5184 }
5185
5186 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
5187 {
5188         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5189         struct net_device *dev = info->user_ptr[1];
5190         u16 reason;
5191
5192         if (!info->attrs[NL80211_ATTR_REASON_CODE])
5193                 reason = WLAN_REASON_DEAUTH_LEAVING;
5194         else
5195                 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
5196
5197         if (reason == 0)
5198                 return -EINVAL;
5199
5200         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5201             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5202                 return -EOPNOTSUPP;
5203
5204         return cfg80211_disconnect(rdev, dev, reason, true);
5205 }
5206
5207 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
5208 {
5209         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5210         struct net *net;
5211         int err;
5212         u32 pid;
5213
5214         if (!info->attrs[NL80211_ATTR_PID])
5215                 return -EINVAL;
5216
5217         pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
5218
5219         net = get_net_ns_by_pid(pid);
5220         if (IS_ERR(net))
5221                 return PTR_ERR(net);
5222
5223         err = 0;
5224
5225         /* check if anything to do */
5226         if (!net_eq(wiphy_net(&rdev->wiphy), net))
5227                 err = cfg80211_switch_netns(rdev, net);
5228
5229         put_net(net);
5230         return err;
5231 }
5232
5233 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info)
5234 {
5235         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5236         int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev,
5237                         struct cfg80211_pmksa *pmksa) = NULL;
5238         struct net_device *dev = info->user_ptr[1];
5239         struct cfg80211_pmksa pmksa;
5240
5241         memset(&pmksa, 0, sizeof(struct cfg80211_pmksa));
5242
5243         if (!info->attrs[NL80211_ATTR_MAC])
5244                 return -EINVAL;
5245
5246         if (!info->attrs[NL80211_ATTR_PMKID])
5247                 return -EINVAL;
5248
5249         pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]);
5250         pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
5251
5252         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5253             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5254                 return -EOPNOTSUPP;
5255
5256         switch (info->genlhdr->cmd) {
5257         case NL80211_CMD_SET_PMKSA:
5258                 rdev_ops = rdev->ops->set_pmksa;
5259                 break;
5260         case NL80211_CMD_DEL_PMKSA:
5261                 rdev_ops = rdev->ops->del_pmksa;
5262                 break;
5263         default:
5264                 WARN_ON(1);
5265                 break;
5266         }
5267
5268         if (!rdev_ops)
5269                 return -EOPNOTSUPP;
5270
5271         return rdev_ops(&rdev->wiphy, dev, &pmksa);
5272 }
5273
5274 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info)
5275 {
5276         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5277         struct net_device *dev = info->user_ptr[1];
5278
5279         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5280             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
5281                 return -EOPNOTSUPP;
5282
5283         if (!rdev->ops->flush_pmksa)
5284                 return -EOPNOTSUPP;
5285
5286         return rdev->ops->flush_pmksa(&rdev->wiphy, dev);
5287 }
5288
5289 static int nl80211_tdls_mgmt(struct sk_buff *skb, struct genl_info *info)
5290 {
5291         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5292         struct net_device *dev = info->user_ptr[1];
5293         u8 action_code, dialog_token;
5294         u16 status_code;
5295         u8 *peer;
5296
5297         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5298             !rdev->ops->tdls_mgmt)
5299                 return -EOPNOTSUPP;
5300
5301         if (!info->attrs[NL80211_ATTR_TDLS_ACTION] ||
5302             !info->attrs[NL80211_ATTR_STATUS_CODE] ||
5303             !info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN] ||
5304             !info->attrs[NL80211_ATTR_IE] ||
5305             !info->attrs[NL80211_ATTR_MAC])
5306                 return -EINVAL;
5307
5308         peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5309         action_code = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_ACTION]);
5310         status_code = nla_get_u16(info->attrs[NL80211_ATTR_STATUS_CODE]);
5311         dialog_token = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_DIALOG_TOKEN]);
5312
5313         return rdev->ops->tdls_mgmt(&rdev->wiphy, dev, peer, action_code,
5314                                     dialog_token, status_code,
5315                                     nla_data(info->attrs[NL80211_ATTR_IE]),
5316                                     nla_len(info->attrs[NL80211_ATTR_IE]));
5317 }
5318
5319 static int nl80211_tdls_oper(struct sk_buff *skb, struct genl_info *info)
5320 {
5321         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5322         struct net_device *dev = info->user_ptr[1];
5323         enum nl80211_tdls_operation operation;
5324         u8 *peer;
5325
5326         if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) ||
5327             !rdev->ops->tdls_oper)
5328                 return -EOPNOTSUPP;
5329
5330         if (!info->attrs[NL80211_ATTR_TDLS_OPERATION] ||
5331             !info->attrs[NL80211_ATTR_MAC])
5332                 return -EINVAL;
5333
5334         operation = nla_get_u8(info->attrs[NL80211_ATTR_TDLS_OPERATION]);
5335         peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
5336
5337         return rdev->ops->tdls_oper(&rdev->wiphy, dev, peer, operation);
5338 }
5339
5340 static int nl80211_remain_on_channel(struct sk_buff *skb,
5341                                      struct genl_info *info)
5342 {
5343         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5344         struct net_device *dev = info->user_ptr[1];
5345         struct ieee80211_channel *chan;
5346         struct sk_buff *msg;
5347         void *hdr;
5348         u64 cookie;
5349         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5350         u32 freq, duration;
5351         int err;
5352
5353         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
5354             !info->attrs[NL80211_ATTR_DURATION])
5355                 return -EINVAL;
5356
5357         duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5358
5359         /*
5360          * We should be on that channel for at least one jiffie,
5361          * and more than 5 seconds seems excessive.
5362          */
5363         if (!duration || !msecs_to_jiffies(duration) ||
5364             duration > rdev->wiphy.max_remain_on_channel_duration)
5365                 return -EINVAL;
5366
5367         if (!rdev->ops->remain_on_channel ||
5368             !(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL))
5369                 return -EOPNOTSUPP;
5370
5371         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5372                 channel_type = nla_get_u32(
5373                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
5374                 if (channel_type != NL80211_CHAN_NO_HT &&
5375                     channel_type != NL80211_CHAN_HT20 &&
5376                     channel_type != NL80211_CHAN_HT40PLUS &&
5377                     channel_type != NL80211_CHAN_HT40MINUS)
5378                         return -EINVAL;
5379         }
5380
5381         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5382         chan = rdev_freq_to_chan(rdev, freq, channel_type);
5383         if (chan == NULL)
5384                 return -EINVAL;
5385
5386         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5387         if (!msg)
5388                 return -ENOMEM;
5389
5390         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5391                              NL80211_CMD_REMAIN_ON_CHANNEL);
5392
5393         if (IS_ERR(hdr)) {
5394                 err = PTR_ERR(hdr);
5395                 goto free_msg;
5396         }
5397
5398         err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan,
5399                                            channel_type, duration, &cookie);
5400
5401         if (err)
5402                 goto free_msg;
5403
5404         NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5405
5406         genlmsg_end(msg, hdr);
5407
5408         return genlmsg_reply(msg, info);
5409
5410  nla_put_failure:
5411         err = -ENOBUFS;
5412  free_msg:
5413         nlmsg_free(msg);
5414         return err;
5415 }
5416
5417 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb,
5418                                             struct genl_info *info)
5419 {
5420         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5421         struct net_device *dev = info->user_ptr[1];
5422         u64 cookie;
5423
5424         if (!info->attrs[NL80211_ATTR_COOKIE])
5425                 return -EINVAL;
5426
5427         if (!rdev->ops->cancel_remain_on_channel)
5428                 return -EOPNOTSUPP;
5429
5430         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5431
5432         return rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie);
5433 }
5434
5435 static u32 rateset_to_mask(struct ieee80211_supported_band *sband,
5436                            u8 *rates, u8 rates_len)
5437 {
5438         u8 i;
5439         u32 mask = 0;
5440
5441         for (i = 0; i < rates_len; i++) {
5442                 int rate = (rates[i] & 0x7f) * 5;
5443                 int ridx;
5444                 for (ridx = 0; ridx < sband->n_bitrates; ridx++) {
5445                         struct ieee80211_rate *srate =
5446                                 &sband->bitrates[ridx];
5447                         if (rate == srate->bitrate) {
5448                                 mask |= 1 << ridx;
5449                                 break;
5450                         }
5451                 }
5452                 if (ridx == sband->n_bitrates)
5453                         return 0; /* rate not found */
5454         }
5455
5456         return mask;
5457 }
5458
5459 static bool ht_rateset_to_mask(struct ieee80211_supported_band *sband,
5460                                u8 *rates, u8 rates_len,
5461                                u8 mcs[IEEE80211_HT_MCS_MASK_LEN])
5462 {
5463         u8 i;
5464
5465         memset(mcs, 0, IEEE80211_HT_MCS_MASK_LEN);
5466
5467         for (i = 0; i < rates_len; i++) {
5468                 int ridx, rbit;
5469
5470                 ridx = rates[i] / 8;
5471                 rbit = BIT(rates[i] % 8);
5472
5473                 /* check validity */
5474                 if ((ridx < 0) || (ridx >= IEEE80211_HT_MCS_MASK_LEN))
5475                         return false;
5476
5477                 /* check availability */
5478                 if (sband->ht_cap.mcs.rx_mask[ridx] & rbit)
5479                         mcs[ridx] |= rbit;
5480                 else
5481                         return false;
5482         }
5483
5484         return true;
5485 }
5486
5487 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
5488         [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
5489                                     .len = NL80211_MAX_SUPP_RATES },
5490         [NL80211_TXRATE_MCS] = { .type = NLA_BINARY,
5491                                  .len = NL80211_MAX_SUPP_HT_RATES },
5492 };
5493
5494 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb,
5495                                        struct genl_info *info)
5496 {
5497         struct nlattr *tb[NL80211_TXRATE_MAX + 1];
5498         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5499         struct cfg80211_bitrate_mask mask;
5500         int rem, i;
5501         struct net_device *dev = info->user_ptr[1];
5502         struct nlattr *tx_rates;
5503         struct ieee80211_supported_band *sband;
5504
5505         if (info->attrs[NL80211_ATTR_TX_RATES] == NULL)
5506                 return -EINVAL;
5507
5508         if (!rdev->ops->set_bitrate_mask)
5509                 return -EOPNOTSUPP;
5510
5511         memset(&mask, 0, sizeof(mask));
5512         /* Default to all rates enabled */
5513         for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
5514                 sband = rdev->wiphy.bands[i];
5515                 mask.control[i].legacy =
5516                         sband ? (1 << sband->n_bitrates) - 1 : 0;
5517                 if (sband)
5518                         memcpy(mask.control[i].mcs,
5519                                sband->ht_cap.mcs.rx_mask,
5520                                sizeof(mask.control[i].mcs));
5521                 else
5522                         memset(mask.control[i].mcs, 0,
5523                                sizeof(mask.control[i].mcs));
5524         }
5525
5526         /*
5527          * The nested attribute uses enum nl80211_band as the index. This maps
5528          * directly to the enum ieee80211_band values used in cfg80211.
5529          */
5530         BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
5531         nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem)
5532         {
5533                 enum ieee80211_band band = nla_type(tx_rates);
5534                 if (band < 0 || band >= IEEE80211_NUM_BANDS)
5535                         return -EINVAL;
5536                 sband = rdev->wiphy.bands[band];
5537                 if (sband == NULL)
5538                         return -EINVAL;
5539                 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates),
5540                           nla_len(tx_rates), nl80211_txattr_policy);
5541                 if (tb[NL80211_TXRATE_LEGACY]) {
5542                         mask.control[band].legacy = rateset_to_mask(
5543                                 sband,
5544                                 nla_data(tb[NL80211_TXRATE_LEGACY]),
5545                                 nla_len(tb[NL80211_TXRATE_LEGACY]));
5546                 }
5547                 if (tb[NL80211_TXRATE_MCS]) {
5548                         if (!ht_rateset_to_mask(
5549                                         sband,
5550                                         nla_data(tb[NL80211_TXRATE_MCS]),
5551                                         nla_len(tb[NL80211_TXRATE_MCS]),
5552                                         mask.control[band].mcs))
5553                                 return -EINVAL;
5554                 }
5555
5556                 if (mask.control[band].legacy == 0) {
5557                         /* don't allow empty legacy rates if HT
5558                          * is not even supported. */
5559                         if (!rdev->wiphy.bands[band]->ht_cap.ht_supported)
5560                                 return -EINVAL;
5561
5562                         for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
5563                                 if (mask.control[band].mcs[i])
5564                                         break;
5565
5566                         /* legacy and mcs rates may not be both empty */
5567                         if (i == IEEE80211_HT_MCS_MASK_LEN)
5568                                 return -EINVAL;
5569                 }
5570         }
5571
5572         return rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask);
5573 }
5574
5575 static int nl80211_register_mgmt(struct sk_buff *skb, struct genl_info *info)
5576 {
5577         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5578         struct net_device *dev = info->user_ptr[1];
5579         u16 frame_type = IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_ACTION;
5580
5581         if (!info->attrs[NL80211_ATTR_FRAME_MATCH])
5582                 return -EINVAL;
5583
5584         if (info->attrs[NL80211_ATTR_FRAME_TYPE])
5585                 frame_type = nla_get_u16(info->attrs[NL80211_ATTR_FRAME_TYPE]);
5586
5587         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5588             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5589             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5590             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5591             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5592             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5593             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5594                 return -EOPNOTSUPP;
5595
5596         /* not much point in registering if we can't reply */
5597         if (!rdev->ops->mgmt_tx)
5598                 return -EOPNOTSUPP;
5599
5600         return cfg80211_mlme_register_mgmt(dev->ieee80211_ptr, info->snd_pid,
5601                         frame_type,
5602                         nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
5603                         nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
5604 }
5605
5606 static int nl80211_tx_mgmt(struct sk_buff *skb, struct genl_info *info)
5607 {
5608         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5609         struct net_device *dev = info->user_ptr[1];
5610         struct ieee80211_channel *chan;
5611         enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
5612         bool channel_type_valid = false;
5613         u32 freq;
5614         int err;
5615         void *hdr = NULL;
5616         u64 cookie;
5617         struct sk_buff *msg = NULL;
5618         unsigned int wait = 0;
5619         bool offchan, no_cck, dont_wait_for_ack;
5620
5621         dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
5622
5623         if (!info->attrs[NL80211_ATTR_FRAME] ||
5624             !info->attrs[NL80211_ATTR_WIPHY_FREQ])
5625                 return -EINVAL;
5626
5627         if (!rdev->ops->mgmt_tx)
5628                 return -EOPNOTSUPP;
5629
5630         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5631             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5632             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5633             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5634             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5635             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5636             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5637                 return -EOPNOTSUPP;
5638
5639         if (info->attrs[NL80211_ATTR_DURATION]) {
5640                 if (!(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5641                         return -EINVAL;
5642                 wait = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]);
5643         }
5644
5645         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
5646                 channel_type = nla_get_u32(
5647                         info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
5648                 if (channel_type != NL80211_CHAN_NO_HT &&
5649                     channel_type != NL80211_CHAN_HT20 &&
5650                     channel_type != NL80211_CHAN_HT40PLUS &&
5651                     channel_type != NL80211_CHAN_HT40MINUS)
5652                         return -EINVAL;
5653                 channel_type_valid = true;
5654         }
5655
5656         offchan = info->attrs[NL80211_ATTR_OFFCHANNEL_TX_OK];
5657
5658         if (offchan && !(rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX))
5659                 return -EINVAL;
5660
5661         no_cck = nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);
5662
5663         freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
5664         chan = rdev_freq_to_chan(rdev, freq, channel_type);
5665         if (chan == NULL)
5666                 return -EINVAL;
5667
5668         if (!dont_wait_for_ack) {
5669                 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5670                 if (!msg)
5671                         return -ENOMEM;
5672
5673                 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5674                                      NL80211_CMD_FRAME);
5675
5676                 if (IS_ERR(hdr)) {
5677                         err = PTR_ERR(hdr);
5678                         goto free_msg;
5679                 }
5680         }
5681
5682         err = cfg80211_mlme_mgmt_tx(rdev, dev, chan, offchan, channel_type,
5683                                     channel_type_valid, wait,
5684                                     nla_data(info->attrs[NL80211_ATTR_FRAME]),
5685                                     nla_len(info->attrs[NL80211_ATTR_FRAME]),
5686                                     no_cck, dont_wait_for_ack, &cookie);
5687         if (err)
5688                 goto free_msg;
5689
5690         if (msg) {
5691                 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie);
5692
5693                 genlmsg_end(msg, hdr);
5694                 return genlmsg_reply(msg, info);
5695         }
5696
5697         return 0;
5698
5699  nla_put_failure:
5700         err = -ENOBUFS;
5701  free_msg:
5702         nlmsg_free(msg);
5703         return err;
5704 }
5705
5706 static int nl80211_tx_mgmt_cancel_wait(struct sk_buff *skb, struct genl_info *info)
5707 {
5708         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5709         struct net_device *dev = info->user_ptr[1];
5710         u64 cookie;
5711
5712         if (!info->attrs[NL80211_ATTR_COOKIE])
5713                 return -EINVAL;
5714
5715         if (!rdev->ops->mgmt_tx_cancel_wait)
5716                 return -EOPNOTSUPP;
5717
5718         if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
5719             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC &&
5720             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
5721             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5722             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5723             dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
5724                 return -EOPNOTSUPP;
5725
5726         cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]);
5727
5728         return rdev->ops->mgmt_tx_cancel_wait(&rdev->wiphy, dev, cookie);
5729 }
5730
5731 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info)
5732 {
5733         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5734         struct wireless_dev *wdev;
5735         struct net_device *dev = info->user_ptr[1];
5736         u8 ps_state;
5737         bool state;
5738         int err;
5739
5740         if (!info->attrs[NL80211_ATTR_PS_STATE])
5741                 return -EINVAL;
5742
5743         ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
5744
5745         if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
5746                 return -EINVAL;
5747
5748         wdev = dev->ieee80211_ptr;
5749
5750         if (!rdev->ops->set_power_mgmt)
5751                 return -EOPNOTSUPP;
5752
5753         state = (ps_state == NL80211_PS_ENABLED) ? true : false;
5754
5755         if (state == wdev->ps)
5756                 return 0;
5757
5758         err = rdev->ops->set_power_mgmt(wdev->wiphy, dev, state,
5759                                         wdev->ps_timeout);
5760         if (!err)
5761                 wdev->ps = state;
5762         return err;
5763 }
5764
5765 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info)
5766 {
5767         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5768         enum nl80211_ps_state ps_state;
5769         struct wireless_dev *wdev;
5770         struct net_device *dev = info->user_ptr[1];
5771         struct sk_buff *msg;
5772         void *hdr;
5773         int err;
5774
5775         wdev = dev->ieee80211_ptr;
5776
5777         if (!rdev->ops->set_power_mgmt)
5778                 return -EOPNOTSUPP;
5779
5780         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5781         if (!msg)
5782                 return -ENOMEM;
5783
5784         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5785                              NL80211_CMD_GET_POWER_SAVE);
5786         if (!hdr) {
5787                 err = -ENOBUFS;
5788                 goto free_msg;
5789         }
5790
5791         if (wdev->ps)
5792                 ps_state = NL80211_PS_ENABLED;
5793         else
5794                 ps_state = NL80211_PS_DISABLED;
5795
5796         NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state);
5797
5798         genlmsg_end(msg, hdr);
5799         return genlmsg_reply(msg, info);
5800
5801  nla_put_failure:
5802         err = -ENOBUFS;
5803  free_msg:
5804         nlmsg_free(msg);
5805         return err;
5806 }
5807
5808 static struct nla_policy
5809 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = {
5810         [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 },
5811         [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 },
5812         [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 },
5813 };
5814
5815 static int nl80211_set_cqm_rssi(struct genl_info *info,
5816                                 s32 threshold, u32 hysteresis)
5817 {
5818         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5819         struct wireless_dev *wdev;
5820         struct net_device *dev = info->user_ptr[1];
5821
5822         if (threshold > 0)
5823                 return -EINVAL;
5824
5825         wdev = dev->ieee80211_ptr;
5826
5827         if (!rdev->ops->set_cqm_rssi_config)
5828                 return -EOPNOTSUPP;
5829
5830         if (wdev->iftype != NL80211_IFTYPE_STATION &&
5831             wdev->iftype != NL80211_IFTYPE_P2P_CLIENT)
5832                 return -EOPNOTSUPP;
5833
5834         return rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev,
5835                                               threshold, hysteresis);
5836 }
5837
5838 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info)
5839 {
5840         struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1];
5841         struct nlattr *cqm;
5842         int err;
5843
5844         cqm = info->attrs[NL80211_ATTR_CQM];
5845         if (!cqm) {
5846                 err = -EINVAL;
5847                 goto out;
5848         }
5849
5850         err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
5851                                nl80211_attr_cqm_policy);
5852         if (err)
5853                 goto out;
5854
5855         if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] &&
5856             attrs[NL80211_ATTR_CQM_RSSI_HYST]) {
5857                 s32 threshold;
5858                 u32 hysteresis;
5859                 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]);
5860                 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]);
5861                 err = nl80211_set_cqm_rssi(info, threshold, hysteresis);
5862         } else
5863                 err = -EINVAL;
5864
5865 out:
5866         return err;
5867 }
5868
5869 static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
5870 {
5871         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5872         struct net_device *dev = info->user_ptr[1];
5873         struct mesh_config cfg;
5874         struct mesh_setup setup;
5875         int err;
5876
5877         /* start with default */
5878         memcpy(&cfg, &default_mesh_config, sizeof(cfg));
5879         memcpy(&setup, &default_mesh_setup, sizeof(setup));
5880
5881         if (info->attrs[NL80211_ATTR_MESH_CONFIG]) {
5882                 /* and parse parameters if given */
5883                 err = nl80211_parse_mesh_config(info, &cfg, NULL);
5884                 if (err)
5885                         return err;
5886         }
5887
5888         if (!info->attrs[NL80211_ATTR_MESH_ID] ||
5889             !nla_len(info->attrs[NL80211_ATTR_MESH_ID]))
5890                 return -EINVAL;
5891
5892         setup.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
5893         setup.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
5894
5895         if (info->attrs[NL80211_ATTR_MCAST_RATE] &&
5896             !nl80211_parse_mcast_rate(rdev, setup.mcast_rate,
5897                             nla_get_u32(info->attrs[NL80211_ATTR_MCAST_RATE])))
5898                         return -EINVAL;
5899
5900         if (info->attrs[NL80211_ATTR_MESH_SETUP]) {
5901                 /* parse additional setup parameters if given */
5902                 err = nl80211_parse_mesh_setup(info, &setup);
5903                 if (err)
5904                         return err;
5905         }
5906
5907         return cfg80211_join_mesh(rdev, dev, &setup, &cfg);
5908 }
5909
5910 static int nl80211_leave_mesh(struct sk_buff *skb, struct genl_info *info)
5911 {
5912         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5913         struct net_device *dev = info->user_ptr[1];
5914
5915         return cfg80211_leave_mesh(rdev, dev);
5916 }
5917
5918 static int nl80211_get_wowlan(struct sk_buff *skb, struct genl_info *info)
5919 {
5920         struct cfg80211_registered_device *rdev = info->user_ptr[0];
5921         struct sk_buff *msg;
5922         void *hdr;
5923
5924         if (!rdev->wiphy.wowlan.flags && !rdev->wiphy.wowlan.n_patterns)
5925                 return -EOPNOTSUPP;
5926
5927         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
5928         if (!msg)
5929                 return -ENOMEM;
5930
5931         hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
5932                              NL80211_CMD_GET_WOWLAN);
5933         if (!hdr)
5934                 goto nla_put_failure;
5935
5936         if (rdev->wowlan) {
5937                 struct nlattr *nl_wowlan;
5938
5939                 nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
5940                 if (!nl_wowlan)
5941                         goto nla