tipc: correct spelling errors for tipc_topsrv_queue_evt() comments
[muen/linux.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  * Copyright 2013-2014  Intel Mobile Communications GmbH
6  * Copyright 2015-2017  Intel Deutschland GmbH
7  * Copyright (C) 2018 Intel Corporation
8  */
9
10 #include <linux/if.h>
11 #include <linux/module.h>
12 #include <linux/err.h>
13 #include <linux/slab.h>
14 #include <linux/list.h>
15 #include <linux/if_ether.h>
16 #include <linux/ieee80211.h>
17 #include <linux/nl80211.h>
18 #include <linux/rtnetlink.h>
19 #include <linux/netlink.h>
20 #include <linux/nospec.h>
21 #include <linux/etherdevice.h>
22 #include <net/net_namespace.h>
23 #include <net/genetlink.h>
24 #include <net/cfg80211.h>
25 #include <net/sock.h>
26 #include <net/inet_connection_sock.h>
27 #include "core.h"
28 #include "nl80211.h"
29 #include "reg.h"
30 #include "rdev-ops.h"
31
32 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
33                                    struct genl_info *info,
34                                    struct cfg80211_crypto_settings *settings,
35                                    int cipher_limit);
36
37 /* the netlink family */
38 static struct genl_family nl80211_fam;
39
40 /* multicast groups */
41 enum nl80211_multicast_groups {
42         NL80211_MCGRP_CONFIG,
43         NL80211_MCGRP_SCAN,
44         NL80211_MCGRP_REGULATORY,
45         NL80211_MCGRP_MLME,
46         NL80211_MCGRP_VENDOR,
47         NL80211_MCGRP_NAN,
48         NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
49 };
50
51 static const struct genl_multicast_group nl80211_mcgrps[] = {
52         [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
53         [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
54         [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
55         [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
56         [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
57         [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
58 #ifdef CONFIG_NL80211_TESTMODE
59         [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
60 #endif
61 };
62
63 /* returns ERR_PTR values */
64 static struct wireless_dev *
65 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
66 {
67         struct cfg80211_registered_device *rdev;
68         struct wireless_dev *result = NULL;
69         bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
70         bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
71         u64 wdev_id;
72         int wiphy_idx = -1;
73         int ifidx = -1;
74
75         ASSERT_RTNL();
76
77         if (!have_ifidx && !have_wdev_id)
78                 return ERR_PTR(-EINVAL);
79
80         if (have_ifidx)
81                 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82         if (have_wdev_id) {
83                 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84                 wiphy_idx = wdev_id >> 32;
85         }
86
87         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
88                 struct wireless_dev *wdev;
89
90                 if (wiphy_net(&rdev->wiphy) != netns)
91                         continue;
92
93                 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
94                         continue;
95
96                 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
97                         if (have_ifidx && wdev->netdev &&
98                             wdev->netdev->ifindex == ifidx) {
99                                 result = wdev;
100                                 break;
101                         }
102                         if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
103                                 result = wdev;
104                                 break;
105                         }
106                 }
107
108                 if (result)
109                         break;
110         }
111
112         if (result)
113                 return result;
114         return ERR_PTR(-ENODEV);
115 }
116
117 static struct cfg80211_registered_device *
118 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
119 {
120         struct cfg80211_registered_device *rdev = NULL, *tmp;
121         struct net_device *netdev;
122
123         ASSERT_RTNL();
124
125         if (!attrs[NL80211_ATTR_WIPHY] &&
126             !attrs[NL80211_ATTR_IFINDEX] &&
127             !attrs[NL80211_ATTR_WDEV])
128                 return ERR_PTR(-EINVAL);
129
130         if (attrs[NL80211_ATTR_WIPHY])
131                 rdev = cfg80211_rdev_by_wiphy_idx(
132                                 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
133
134         if (attrs[NL80211_ATTR_WDEV]) {
135                 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
136                 struct wireless_dev *wdev;
137                 bool found = false;
138
139                 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
140                 if (tmp) {
141                         /* make sure wdev exists */
142                         list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
143                                 if (wdev->identifier != (u32)wdev_id)
144                                         continue;
145                                 found = true;
146                                 break;
147                         }
148
149                         if (!found)
150                                 tmp = NULL;
151
152                         if (rdev && tmp != rdev)
153                                 return ERR_PTR(-EINVAL);
154                         rdev = tmp;
155                 }
156         }
157
158         if (attrs[NL80211_ATTR_IFINDEX]) {
159                 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
160
161                 netdev = __dev_get_by_index(netns, ifindex);
162                 if (netdev) {
163                         if (netdev->ieee80211_ptr)
164                                 tmp = wiphy_to_rdev(
165                                         netdev->ieee80211_ptr->wiphy);
166                         else
167                                 tmp = NULL;
168
169                         /* not wireless device -- return error */
170                         if (!tmp)
171                                 return ERR_PTR(-EINVAL);
172
173                         /* mismatch -- return error */
174                         if (rdev && tmp != rdev)
175                                 return ERR_PTR(-EINVAL);
176
177                         rdev = tmp;
178                 }
179         }
180
181         if (!rdev)
182                 return ERR_PTR(-ENODEV);
183
184         if (netns != wiphy_net(&rdev->wiphy))
185                 return ERR_PTR(-ENODEV);
186
187         return rdev;
188 }
189
190 /*
191  * This function returns a pointer to the driver
192  * that the genl_info item that is passed refers to.
193  *
194  * The result of this can be a PTR_ERR and hence must
195  * be checked with IS_ERR() for errors.
196  */
197 static struct cfg80211_registered_device *
198 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
199 {
200         return __cfg80211_rdev_from_attrs(netns, info->attrs);
201 }
202
203 /* policy for the attributes */
204 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
205         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
206         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
207                                       .len = 20-1 },
208         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
209
210         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
211         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
212         [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
213         [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
214         [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
215
216         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
217         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
218         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
219         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
220         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
221         [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
222
223         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
224         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
225         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
226
227         [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
228         [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
229
230         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
231         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
232                                     .len = WLAN_MAX_KEY_LEN },
233         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
234         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
235         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
236         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
237         [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
238
239         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
240         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
241         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
242                                        .len = IEEE80211_MAX_DATA_LEN },
243         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
244                                        .len = IEEE80211_MAX_DATA_LEN },
245         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
246         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
247         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
248         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
249                                                .len = NL80211_MAX_SUPP_RATES },
250         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
251         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
252         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
253         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
254                                    .len = IEEE80211_MAX_MESH_ID_LEN },
255         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
256
257         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
258         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
259
260         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
261         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
262         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
263         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
264                                            .len = NL80211_MAX_SUPP_RATES },
265         [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
266
267         [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
268         [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
269
270         [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
271
272         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
273         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
274                               .len = IEEE80211_MAX_DATA_LEN },
275         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
276         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
277
278         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
279                                 .len = IEEE80211_MAX_SSID_LEN },
280         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
281         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
282         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
283         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
284         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
285         [NL80211_ATTR_STA_FLAGS2] = {
286                 .len = sizeof(struct nl80211_sta_flag_update),
287         },
288         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
289         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
290         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
291         [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
292         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
293         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
294         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
295         [NL80211_ATTR_PID] = { .type = NLA_U32 },
296         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
297         [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
298         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
299         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
300         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
301         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
302                                  .len = IEEE80211_MAX_DATA_LEN },
303         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
304         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
305         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
306         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
307         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
308         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
309         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
310         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
311         [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
312         [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
313         [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
314         [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
315         [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
316         [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
317         [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
318         [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
319         [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
320         [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
321         [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
322         [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
323                                          .len = IEEE80211_MAX_DATA_LEN },
324         [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
325                                          .len = IEEE80211_MAX_DATA_LEN },
326         [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
327         [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
328         [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
329         [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
330         [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
331         [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
332         [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
333         [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
334         [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
335         [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
336         [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
337                                       .len = IEEE80211_MAX_DATA_LEN },
338         [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
339         [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
340         [NL80211_ATTR_HT_CAPABILITY_MASK] = {
341                 .len = NL80211_HT_CAPABILITY_LEN
342         },
343         [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
344         [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
345         [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
346         [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
347         [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
348         [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
349         [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
350         [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
351         [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
352         [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
353         [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
354         [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
355         [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
356         [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
357         [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
358         [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
359         [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
360         [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
361                 .len = NL80211_VHT_CAPABILITY_LEN,
362         },
363         [NL80211_ATTR_MDID] = { .type = NLA_U16 },
364         [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
365                                   .len = IEEE80211_MAX_DATA_LEN },
366         [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
367         [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
368         [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
369         [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
370         [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
371         [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
372         [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
373         [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
374         [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
375         [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
376         [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
377         [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
378         [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
379         [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
380                                    .len = IEEE80211_QOS_MAP_LEN_MAX },
381         [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
382         [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
383         [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
384         [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
385         [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
386         [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
387         [NL80211_ATTR_TSID] = { .type = NLA_U8 },
388         [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
389         [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
390         [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
391         [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
392         [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
393         [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
394         [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
395         [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
396         [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
397         [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
398         [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
399         [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
400                 .len = VHT_MUMIMO_GROUPS_DATA_LEN
401         },
402         [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
403         [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
404         [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
405         [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
406         [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
407                                     .len = FILS_MAX_KEK_LEN },
408         [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
409         [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
410         [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
411         [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
412         [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
413                 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
414         },
415         [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
416         [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
417                                              .len = FILS_ERP_MAX_USERNAME_LEN },
418         [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
419                                           .len = FILS_ERP_MAX_REALM_LEN },
420         [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
421         [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
422                                         .len = FILS_ERP_MAX_RRK_LEN },
423         [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
424         [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
425         [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
426         [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
427
428         [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
429         [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
430         [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
431         [NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
432                                          .len = NL80211_HE_MAX_CAPABILITY_LEN },
433 };
434
435 /* policy for the key attributes */
436 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
437         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
438         [NL80211_KEY_IDX] = { .type = NLA_U8 },
439         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
440         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
441         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
442         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
443         [NL80211_KEY_TYPE] = { .type = NLA_U32 },
444         [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
445 };
446
447 /* policy for the key default flags */
448 static const struct nla_policy
449 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
450         [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
451         [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
452 };
453
454 #ifdef CONFIG_PM
455 /* policy for WoWLAN attributes */
456 static const struct nla_policy
457 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
458         [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
459         [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
460         [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
461         [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
462         [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
463         [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
464         [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
465         [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
466         [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
467         [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
468 };
469
470 static const struct nla_policy
471 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
472         [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
473         [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
474         [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
475         [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
476         [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
477         [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
478         [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
479                 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
480         },
481         [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
482                 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
483         },
484         [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
485         [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
486         [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
487 };
488 #endif /* CONFIG_PM */
489
490 /* policy for coalesce rule attributes */
491 static const struct nla_policy
492 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
493         [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
494         [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
495         [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
496 };
497
498 /* policy for GTK rekey offload attributes */
499 static const struct nla_policy
500 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
501         [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
502         [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
503         [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
504 };
505
506 static const struct nla_policy
507 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
508         [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
509                                                  .len = IEEE80211_MAX_SSID_LEN },
510         [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
511         [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
512 };
513
514 static const struct nla_policy
515 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
516         [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
517         [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
518 };
519
520 static const struct nla_policy
521 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
522         [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
523         [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
524         [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
525                 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
526         },
527 };
528
529 /* policy for NAN function attributes */
530 static const struct nla_policy
531 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
532         [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
533         [NL80211_NAN_FUNC_SERVICE_ID] = {
534                                     .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
535         [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
536         [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
537         [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
538         [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
539         [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
540         [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
541         [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
542         [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
543         [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
544                         .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
545         [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
546         [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
547         [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
548         [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
549         [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
550 };
551
552 /* policy for Service Response Filter attributes */
553 static const struct nla_policy
554 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
555         [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
556         [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
557                                  .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
558         [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
559         [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
560 };
561
562 /* policy for packet pattern attributes */
563 static const struct nla_policy
564 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
565         [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
566         [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
567         [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
568 };
569
570 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
571                                      struct netlink_callback *cb,
572                                      struct cfg80211_registered_device **rdev,
573                                      struct wireless_dev **wdev)
574 {
575         int err;
576
577         if (!cb->args[0]) {
578                 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
579                                   genl_family_attrbuf(&nl80211_fam),
580                                   nl80211_fam.maxattr, nl80211_policy, NULL);
581                 if (err)
582                         return err;
583
584                 *wdev = __cfg80211_wdev_from_attrs(
585                                         sock_net(skb->sk),
586                                         genl_family_attrbuf(&nl80211_fam));
587                 if (IS_ERR(*wdev))
588                         return PTR_ERR(*wdev);
589                 *rdev = wiphy_to_rdev((*wdev)->wiphy);
590                 /* 0 is the first index - add 1 to parse only once */
591                 cb->args[0] = (*rdev)->wiphy_idx + 1;
592                 cb->args[1] = (*wdev)->identifier;
593         } else {
594                 /* subtract the 1 again here */
595                 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
596                 struct wireless_dev *tmp;
597
598                 if (!wiphy)
599                         return -ENODEV;
600                 *rdev = wiphy_to_rdev(wiphy);
601                 *wdev = NULL;
602
603                 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
604                         if (tmp->identifier == cb->args[1]) {
605                                 *wdev = tmp;
606                                 break;
607                         }
608                 }
609
610                 if (!*wdev)
611                         return -ENODEV;
612         }
613
614         return 0;
615 }
616
617 /* IE validation */
618 static bool is_valid_ie_attr(const struct nlattr *attr)
619 {
620         const u8 *pos;
621         int len;
622
623         if (!attr)
624                 return true;
625
626         pos = nla_data(attr);
627         len = nla_len(attr);
628
629         while (len) {
630                 u8 elemlen;
631
632                 if (len < 2)
633                         return false;
634                 len -= 2;
635
636                 elemlen = pos[1];
637                 if (elemlen > len)
638                         return false;
639
640                 len -= elemlen;
641                 pos += 2 + elemlen;
642         }
643
644         return true;
645 }
646
647 /* message building helper */
648 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
649                                    int flags, u8 cmd)
650 {
651         /* since there is no private header just add the generic one */
652         return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
653 }
654
655 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
656                                      const struct ieee80211_reg_rule *rule)
657 {
658         int j;
659         struct nlattr *nl_wmm_rules =
660                 nla_nest_start(msg, NL80211_FREQUENCY_ATTR_WMM);
661
662         if (!nl_wmm_rules)
663                 goto nla_put_failure;
664
665         for (j = 0; j < IEEE80211_NUM_ACS; j++) {
666                 struct nlattr *nl_wmm_rule = nla_nest_start(msg, j);
667
668                 if (!nl_wmm_rule)
669                         goto nla_put_failure;
670
671                 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
672                                 rule->wmm_rule->client[j].cw_min) ||
673                     nla_put_u16(msg, NL80211_WMMR_CW_MAX,
674                                 rule->wmm_rule->client[j].cw_max) ||
675                     nla_put_u8(msg, NL80211_WMMR_AIFSN,
676                                rule->wmm_rule->client[j].aifsn) ||
677                     nla_put_u8(msg, NL80211_WMMR_TXOP,
678                                rule->wmm_rule->client[j].cot))
679                         goto nla_put_failure;
680
681                 nla_nest_end(msg, nl_wmm_rule);
682         }
683         nla_nest_end(msg, nl_wmm_rules);
684
685         return 0;
686
687 nla_put_failure:
688         return -ENOBUFS;
689 }
690
691 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
692                                    struct ieee80211_channel *chan,
693                                    bool large)
694 {
695         /* Some channels must be completely excluded from the
696          * list to protect old user-space tools from breaking
697          */
698         if (!large && chan->flags &
699             (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
700                 return 0;
701
702         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
703                         chan->center_freq))
704                 goto nla_put_failure;
705
706         if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
707             nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
708                 goto nla_put_failure;
709         if (chan->flags & IEEE80211_CHAN_NO_IR) {
710                 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
711                         goto nla_put_failure;
712                 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
713                         goto nla_put_failure;
714         }
715         if (chan->flags & IEEE80211_CHAN_RADAR) {
716                 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
717                         goto nla_put_failure;
718                 if (large) {
719                         u32 time;
720
721                         time = elapsed_jiffies_msecs(chan->dfs_state_entered);
722
723                         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
724                                         chan->dfs_state))
725                                 goto nla_put_failure;
726                         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
727                                         time))
728                                 goto nla_put_failure;
729                         if (nla_put_u32(msg,
730                                         NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
731                                         chan->dfs_cac_ms))
732                                 goto nla_put_failure;
733                 }
734         }
735
736         if (large) {
737                 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
738                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
739                         goto nla_put_failure;
740                 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
741                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
742                         goto nla_put_failure;
743                 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
744                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
745                         goto nla_put_failure;
746                 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
747                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
748                         goto nla_put_failure;
749                 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
750                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
751                         goto nla_put_failure;
752                 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
753                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
754                         goto nla_put_failure;
755                 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
756                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
757                         goto nla_put_failure;
758                 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
759                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
760                         goto nla_put_failure;
761         }
762
763         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
764                         DBM_TO_MBM(chan->max_power)))
765                 goto nla_put_failure;
766
767         if (large) {
768                 const struct ieee80211_reg_rule *rule =
769                         freq_reg_info(wiphy, chan->center_freq);
770
771                 if (!IS_ERR(rule) && rule->wmm_rule) {
772                         if (nl80211_msg_put_wmm_rules(msg, rule))
773                                 goto nla_put_failure;
774                 }
775         }
776
777         return 0;
778
779  nla_put_failure:
780         return -ENOBUFS;
781 }
782
783 static bool nl80211_put_txq_stats(struct sk_buff *msg,
784                                   struct cfg80211_txq_stats *txqstats,
785                                   int attrtype)
786 {
787         struct nlattr *txqattr;
788
789 #define PUT_TXQVAL_U32(attr, memb) do {                                   \
790         if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&         \
791             nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
792                 return false;                                             \
793         } while (0)
794
795         txqattr = nla_nest_start(msg, attrtype);
796         if (!txqattr)
797                 return false;
798
799         PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
800         PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
801         PUT_TXQVAL_U32(FLOWS, flows);
802         PUT_TXQVAL_U32(DROPS, drops);
803         PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
804         PUT_TXQVAL_U32(OVERLIMIT, overlimit);
805         PUT_TXQVAL_U32(OVERMEMORY, overmemory);
806         PUT_TXQVAL_U32(COLLISIONS, collisions);
807         PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
808         PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
809         PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
810         nla_nest_end(msg, txqattr);
811
812 #undef PUT_TXQVAL_U32
813         return true;
814 }
815
816 /* netlink command implementations */
817
818 struct key_parse {
819         struct key_params p;
820         int idx;
821         int type;
822         bool def, defmgmt;
823         bool def_uni, def_multi;
824 };
825
826 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
827                                  struct key_parse *k)
828 {
829         struct nlattr *tb[NL80211_KEY_MAX + 1];
830         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
831                                    nl80211_key_policy, info->extack);
832         if (err)
833                 return err;
834
835         k->def = !!tb[NL80211_KEY_DEFAULT];
836         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
837
838         if (k->def) {
839                 k->def_uni = true;
840                 k->def_multi = true;
841         }
842         if (k->defmgmt)
843                 k->def_multi = true;
844
845         if (tb[NL80211_KEY_IDX])
846                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
847
848         if (tb[NL80211_KEY_DATA]) {
849                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
850                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
851         }
852
853         if (tb[NL80211_KEY_SEQ]) {
854                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
855                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
856         }
857
858         if (tb[NL80211_KEY_CIPHER])
859                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
860
861         if (tb[NL80211_KEY_TYPE]) {
862                 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
863                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
864                         return genl_err_attr(info, -EINVAL,
865                                              tb[NL80211_KEY_TYPE]);
866         }
867
868         if (tb[NL80211_KEY_DEFAULT_TYPES]) {
869                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
870
871                 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
872                                        tb[NL80211_KEY_DEFAULT_TYPES],
873                                        nl80211_key_default_policy,
874                                        info->extack);
875                 if (err)
876                         return err;
877
878                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
879                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
880         }
881
882         return 0;
883 }
884
885 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
886 {
887         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
888                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
889                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
890         }
891
892         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
893                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
894                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
895         }
896
897         if (info->attrs[NL80211_ATTR_KEY_IDX])
898                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
899
900         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
901                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
902
903         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
904         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
905
906         if (k->def) {
907                 k->def_uni = true;
908                 k->def_multi = true;
909         }
910         if (k->defmgmt)
911                 k->def_multi = true;
912
913         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
914                 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
915                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) {
916                         GENL_SET_ERR_MSG(info, "key type out of range");
917                         return -EINVAL;
918                 }
919         }
920
921         if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
922                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
923                 int err = nla_parse_nested(kdt,
924                                            NUM_NL80211_KEY_DEFAULT_TYPES - 1,
925                                            info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
926                                            nl80211_key_default_policy,
927                                            info->extack);
928                 if (err)
929                         return err;
930
931                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
932                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
933         }
934
935         return 0;
936 }
937
938 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
939 {
940         int err;
941
942         memset(k, 0, sizeof(*k));
943         k->idx = -1;
944         k->type = -1;
945
946         if (info->attrs[NL80211_ATTR_KEY])
947                 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
948         else
949                 err = nl80211_parse_key_old(info, k);
950
951         if (err)
952                 return err;
953
954         if (k->def && k->defmgmt) {
955                 GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
956                 return -EINVAL;
957         }
958
959         if (k->defmgmt) {
960                 if (k->def_uni || !k->def_multi) {
961                         GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
962                         return -EINVAL;
963                 }
964         }
965
966         if (k->idx != -1) {
967                 if (k->defmgmt) {
968                         if (k->idx < 4 || k->idx > 5) {
969                                 GENL_SET_ERR_MSG(info,
970                                                  "defmgmt key idx not 4 or 5");
971                                 return -EINVAL;
972                         }
973                 } else if (k->def) {
974                         if (k->idx < 0 || k->idx > 3) {
975                                 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
976                                 return -EINVAL;
977                         }
978                 } else {
979                         if (k->idx < 0 || k->idx > 5) {
980                                 GENL_SET_ERR_MSG(info, "key idx not 0-5");
981                                 return -EINVAL;
982                         }
983                 }
984         }
985
986         return 0;
987 }
988
989 static struct cfg80211_cached_keys *
990 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
991                        struct genl_info *info, bool *no_ht)
992 {
993         struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
994         struct key_parse parse;
995         struct nlattr *key;
996         struct cfg80211_cached_keys *result;
997         int rem, err, def = 0;
998         bool have_key = false;
999
1000         nla_for_each_nested(key, keys, rem) {
1001                 have_key = true;
1002                 break;
1003         }
1004
1005         if (!have_key)
1006                 return NULL;
1007
1008         result = kzalloc(sizeof(*result), GFP_KERNEL);
1009         if (!result)
1010                 return ERR_PTR(-ENOMEM);
1011
1012         result->def = -1;
1013
1014         nla_for_each_nested(key, keys, rem) {
1015                 memset(&parse, 0, sizeof(parse));
1016                 parse.idx = -1;
1017
1018                 err = nl80211_parse_key_new(info, key, &parse);
1019                 if (err)
1020                         goto error;
1021                 err = -EINVAL;
1022                 if (!parse.p.key)
1023                         goto error;
1024                 if (parse.idx < 0 || parse.idx > 3) {
1025                         GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1026                         goto error;
1027                 }
1028                 if (parse.def) {
1029                         if (def) {
1030                                 GENL_SET_ERR_MSG(info,
1031                                                  "only one key can be default");
1032                                 goto error;
1033                         }
1034                         def = 1;
1035                         result->def = parse.idx;
1036                         if (!parse.def_uni || !parse.def_multi)
1037                                 goto error;
1038                 } else if (parse.defmgmt)
1039                         goto error;
1040                 err = cfg80211_validate_key_settings(rdev, &parse.p,
1041                                                      parse.idx, false, NULL);
1042                 if (err)
1043                         goto error;
1044                 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1045                     parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1046                         GENL_SET_ERR_MSG(info, "connect key must be WEP");
1047                         err = -EINVAL;
1048                         goto error;
1049                 }
1050                 result->params[parse.idx].cipher = parse.p.cipher;
1051                 result->params[parse.idx].key_len = parse.p.key_len;
1052                 result->params[parse.idx].key = result->data[parse.idx];
1053                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1054
1055                 /* must be WEP key if we got here */
1056                 if (no_ht)
1057                         *no_ht = true;
1058         }
1059
1060         if (result->def < 0) {
1061                 err = -EINVAL;
1062                 GENL_SET_ERR_MSG(info, "need a default/TX key");
1063                 goto error;
1064         }
1065
1066         return result;
1067  error:
1068         kfree(result);
1069         return ERR_PTR(err);
1070 }
1071
1072 static int nl80211_key_allowed(struct wireless_dev *wdev)
1073 {
1074         ASSERT_WDEV_LOCK(wdev);
1075
1076         switch (wdev->iftype) {
1077         case NL80211_IFTYPE_AP:
1078         case NL80211_IFTYPE_AP_VLAN:
1079         case NL80211_IFTYPE_P2P_GO:
1080         case NL80211_IFTYPE_MESH_POINT:
1081                 break;
1082         case NL80211_IFTYPE_ADHOC:
1083         case NL80211_IFTYPE_STATION:
1084         case NL80211_IFTYPE_P2P_CLIENT:
1085                 if (!wdev->current_bss)
1086                         return -ENOLINK;
1087                 break;
1088         case NL80211_IFTYPE_UNSPECIFIED:
1089         case NL80211_IFTYPE_OCB:
1090         case NL80211_IFTYPE_MONITOR:
1091         case NL80211_IFTYPE_NAN:
1092         case NL80211_IFTYPE_P2P_DEVICE:
1093         case NL80211_IFTYPE_WDS:
1094         case NUM_NL80211_IFTYPES:
1095                 return -EINVAL;
1096         }
1097
1098         return 0;
1099 }
1100
1101 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1102                                                         struct nlattr *tb)
1103 {
1104         struct ieee80211_channel *chan;
1105
1106         if (tb == NULL)
1107                 return NULL;
1108         chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1109         if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1110                 return NULL;
1111         return chan;
1112 }
1113
1114 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1115 {
1116         struct nlattr *nl_modes = nla_nest_start(msg, attr);
1117         int i;
1118
1119         if (!nl_modes)
1120                 goto nla_put_failure;
1121
1122         i = 0;
1123         while (ifmodes) {
1124                 if ((ifmodes & 1) && nla_put_flag(msg, i))
1125                         goto nla_put_failure;
1126                 ifmodes >>= 1;
1127                 i++;
1128         }
1129
1130         nla_nest_end(msg, nl_modes);
1131         return 0;
1132
1133 nla_put_failure:
1134         return -ENOBUFS;
1135 }
1136
1137 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1138                                           struct sk_buff *msg,
1139                                           bool large)
1140 {
1141         struct nlattr *nl_combis;
1142         int i, j;
1143
1144         nl_combis = nla_nest_start(msg,
1145                                 NL80211_ATTR_INTERFACE_COMBINATIONS);
1146         if (!nl_combis)
1147                 goto nla_put_failure;
1148
1149         for (i = 0; i < wiphy->n_iface_combinations; i++) {
1150                 const struct ieee80211_iface_combination *c;
1151                 struct nlattr *nl_combi, *nl_limits;
1152
1153                 c = &wiphy->iface_combinations[i];
1154
1155                 nl_combi = nla_nest_start(msg, i + 1);
1156                 if (!nl_combi)
1157                         goto nla_put_failure;
1158
1159                 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1160                 if (!nl_limits)
1161                         goto nla_put_failure;
1162
1163                 for (j = 0; j < c->n_limits; j++) {
1164                         struct nlattr *nl_limit;
1165
1166                         nl_limit = nla_nest_start(msg, j + 1);
1167                         if (!nl_limit)
1168                                 goto nla_put_failure;
1169                         if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1170                                         c->limits[j].max))
1171                                 goto nla_put_failure;
1172                         if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1173                                                 c->limits[j].types))
1174                                 goto nla_put_failure;
1175                         nla_nest_end(msg, nl_limit);
1176                 }
1177
1178                 nla_nest_end(msg, nl_limits);
1179
1180                 if (c->beacon_int_infra_match &&
1181                     nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1182                         goto nla_put_failure;
1183                 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1184                                 c->num_different_channels) ||
1185                     nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1186                                 c->max_interfaces))
1187                         goto nla_put_failure;
1188                 if (large &&
1189                     (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1190                                 c->radar_detect_widths) ||
1191                      nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1192                                 c->radar_detect_regions)))
1193                         goto nla_put_failure;
1194                 if (c->beacon_int_min_gcd &&
1195                     nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1196                                 c->beacon_int_min_gcd))
1197                         goto nla_put_failure;
1198
1199                 nla_nest_end(msg, nl_combi);
1200         }
1201
1202         nla_nest_end(msg, nl_combis);
1203
1204         return 0;
1205 nla_put_failure:
1206         return -ENOBUFS;
1207 }
1208
1209 #ifdef CONFIG_PM
1210 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1211                                         struct sk_buff *msg)
1212 {
1213         const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1214         struct nlattr *nl_tcp;
1215
1216         if (!tcp)
1217                 return 0;
1218
1219         nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1220         if (!nl_tcp)
1221                 return -ENOBUFS;
1222
1223         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1224                         tcp->data_payload_max))
1225                 return -ENOBUFS;
1226
1227         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1228                         tcp->data_payload_max))
1229                 return -ENOBUFS;
1230
1231         if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1232                 return -ENOBUFS;
1233
1234         if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1235                                 sizeof(*tcp->tok), tcp->tok))
1236                 return -ENOBUFS;
1237
1238         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1239                         tcp->data_interval_max))
1240                 return -ENOBUFS;
1241
1242         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1243                         tcp->wake_payload_max))
1244                 return -ENOBUFS;
1245
1246         nla_nest_end(msg, nl_tcp);
1247         return 0;
1248 }
1249
1250 static int nl80211_send_wowlan(struct sk_buff *msg,
1251                                struct cfg80211_registered_device *rdev,
1252                                bool large)
1253 {
1254         struct nlattr *nl_wowlan;
1255
1256         if (!rdev->wiphy.wowlan)
1257                 return 0;
1258
1259         nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1260         if (!nl_wowlan)
1261                 return -ENOBUFS;
1262
1263         if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1264              nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1265             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1266              nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1267             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1268              nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1269             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1270              nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1271             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1272              nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1273             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1274              nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1275             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1276              nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1277             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1278              nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1279                 return -ENOBUFS;
1280
1281         if (rdev->wiphy.wowlan->n_patterns) {
1282                 struct nl80211_pattern_support pat = {
1283                         .max_patterns = rdev->wiphy.wowlan->n_patterns,
1284                         .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1285                         .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1286                         .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1287                 };
1288
1289                 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1290                             sizeof(pat), &pat))
1291                         return -ENOBUFS;
1292         }
1293
1294         if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1295             nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1296                         rdev->wiphy.wowlan->max_nd_match_sets))
1297                 return -ENOBUFS;
1298
1299         if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1300                 return -ENOBUFS;
1301
1302         nla_nest_end(msg, nl_wowlan);
1303
1304         return 0;
1305 }
1306 #endif
1307
1308 static int nl80211_send_coalesce(struct sk_buff *msg,
1309                                  struct cfg80211_registered_device *rdev)
1310 {
1311         struct nl80211_coalesce_rule_support rule;
1312
1313         if (!rdev->wiphy.coalesce)
1314                 return 0;
1315
1316         rule.max_rules = rdev->wiphy.coalesce->n_rules;
1317         rule.max_delay = rdev->wiphy.coalesce->max_delay;
1318         rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1319         rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1320         rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1321         rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1322
1323         if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1324                 return -ENOBUFS;
1325
1326         return 0;
1327 }
1328
1329 static int
1330 nl80211_send_iftype_data(struct sk_buff *msg,
1331                          const struct ieee80211_sband_iftype_data *iftdata)
1332 {
1333         const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
1334
1335         if (nl80211_put_iftypes(msg, NL80211_BAND_IFTYPE_ATTR_IFTYPES,
1336                                 iftdata->types_mask))
1337                 return -ENOBUFS;
1338
1339         if (he_cap->has_he) {
1340                 if (nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC,
1341                             sizeof(he_cap->he_cap_elem.mac_cap_info),
1342                             he_cap->he_cap_elem.mac_cap_info) ||
1343                     nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PHY,
1344                             sizeof(he_cap->he_cap_elem.phy_cap_info),
1345                             he_cap->he_cap_elem.phy_cap_info) ||
1346                     nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET,
1347                             sizeof(he_cap->he_mcs_nss_supp),
1348                             &he_cap->he_mcs_nss_supp) ||
1349                     nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE,
1350                             sizeof(he_cap->ppe_thres), he_cap->ppe_thres))
1351                         return -ENOBUFS;
1352         }
1353
1354         return 0;
1355 }
1356
1357 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1358                                       struct ieee80211_supported_band *sband)
1359 {
1360         struct nlattr *nl_rates, *nl_rate;
1361         struct ieee80211_rate *rate;
1362         int i;
1363
1364         /* add HT info */
1365         if (sband->ht_cap.ht_supported &&
1366             (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1367                      sizeof(sband->ht_cap.mcs),
1368                      &sband->ht_cap.mcs) ||
1369              nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1370                          sband->ht_cap.cap) ||
1371              nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1372                         sband->ht_cap.ampdu_factor) ||
1373              nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1374                         sband->ht_cap.ampdu_density)))
1375                 return -ENOBUFS;
1376
1377         /* add VHT info */
1378         if (sband->vht_cap.vht_supported &&
1379             (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1380                      sizeof(sband->vht_cap.vht_mcs),
1381                      &sband->vht_cap.vht_mcs) ||
1382              nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1383                          sband->vht_cap.cap)))
1384                 return -ENOBUFS;
1385
1386         if (sband->n_iftype_data) {
1387                 struct nlattr *nl_iftype_data =
1388                         nla_nest_start(msg, NL80211_BAND_ATTR_IFTYPE_DATA);
1389                 int err;
1390
1391                 if (!nl_iftype_data)
1392                         return -ENOBUFS;
1393
1394                 for (i = 0; i < sband->n_iftype_data; i++) {
1395                         struct nlattr *iftdata;
1396
1397                         iftdata = nla_nest_start(msg, i + 1);
1398                         if (!iftdata)
1399                                 return -ENOBUFS;
1400
1401                         err = nl80211_send_iftype_data(msg,
1402                                                        &sband->iftype_data[i]);
1403                         if (err)
1404                                 return err;
1405
1406                         nla_nest_end(msg, iftdata);
1407                 }
1408
1409                 nla_nest_end(msg, nl_iftype_data);
1410         }
1411
1412         /* add bitrates */
1413         nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1414         if (!nl_rates)
1415                 return -ENOBUFS;
1416
1417         for (i = 0; i < sband->n_bitrates; i++) {
1418                 nl_rate = nla_nest_start(msg, i);
1419                 if (!nl_rate)
1420                         return -ENOBUFS;
1421
1422                 rate = &sband->bitrates[i];
1423                 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1424                                 rate->bitrate))
1425                         return -ENOBUFS;
1426                 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1427                     nla_put_flag(msg,
1428                                  NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1429                         return -ENOBUFS;
1430
1431                 nla_nest_end(msg, nl_rate);
1432         }
1433
1434         nla_nest_end(msg, nl_rates);
1435
1436         return 0;
1437 }
1438
1439 static int
1440 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1441                          const struct ieee80211_txrx_stypes *mgmt_stypes)
1442 {
1443         u16 stypes;
1444         struct nlattr *nl_ftypes, *nl_ifs;
1445         enum nl80211_iftype ift;
1446         int i;
1447
1448         if (!mgmt_stypes)
1449                 return 0;
1450
1451         nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1452         if (!nl_ifs)
1453                 return -ENOBUFS;
1454
1455         for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1456                 nl_ftypes = nla_nest_start(msg, ift);
1457                 if (!nl_ftypes)
1458                         return -ENOBUFS;
1459                 i = 0;
1460                 stypes = mgmt_stypes[ift].tx;
1461                 while (stypes) {
1462                         if ((stypes & 1) &&
1463                             nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1464                                         (i << 4) | IEEE80211_FTYPE_MGMT))
1465                                 return -ENOBUFS;
1466                         stypes >>= 1;
1467                         i++;
1468                 }
1469                 nla_nest_end(msg, nl_ftypes);
1470         }
1471
1472         nla_nest_end(msg, nl_ifs);
1473
1474         nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1475         if (!nl_ifs)
1476                 return -ENOBUFS;
1477
1478         for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1479                 nl_ftypes = nla_nest_start(msg, ift);
1480                 if (!nl_ftypes)
1481                         return -ENOBUFS;
1482                 i = 0;
1483                 stypes = mgmt_stypes[ift].rx;
1484                 while (stypes) {
1485                         if ((stypes & 1) &&
1486                             nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1487                                         (i << 4) | IEEE80211_FTYPE_MGMT))
1488                                 return -ENOBUFS;
1489                         stypes >>= 1;
1490                         i++;
1491                 }
1492                 nla_nest_end(msg, nl_ftypes);
1493         }
1494         nla_nest_end(msg, nl_ifs);
1495
1496         return 0;
1497 }
1498
1499 #define CMD(op, n)                                                      \
1500          do {                                                           \
1501                 if (rdev->ops->op) {                                    \
1502                         i++;                                            \
1503                         if (nla_put_u32(msg, i, NL80211_CMD_ ## n))     \
1504                                 goto nla_put_failure;                   \
1505                 }                                                       \
1506         } while (0)
1507
1508 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1509                                         struct sk_buff *msg)
1510 {
1511         int i = 0;
1512
1513         /*
1514          * do *NOT* add anything into this function, new things need to be
1515          * advertised only to new versions of userspace that can deal with
1516          * the split (and they can't possibly care about new features...
1517          */
1518         CMD(add_virtual_intf, NEW_INTERFACE);
1519         CMD(change_virtual_intf, SET_INTERFACE);
1520         CMD(add_key, NEW_KEY);
1521         CMD(start_ap, START_AP);
1522         CMD(add_station, NEW_STATION);
1523         CMD(add_mpath, NEW_MPATH);
1524         CMD(update_mesh_config, SET_MESH_CONFIG);
1525         CMD(change_bss, SET_BSS);
1526         CMD(auth, AUTHENTICATE);
1527         CMD(assoc, ASSOCIATE);
1528         CMD(deauth, DEAUTHENTICATE);
1529         CMD(disassoc, DISASSOCIATE);
1530         CMD(join_ibss, JOIN_IBSS);
1531         CMD(join_mesh, JOIN_MESH);
1532         CMD(set_pmksa, SET_PMKSA);
1533         CMD(del_pmksa, DEL_PMKSA);
1534         CMD(flush_pmksa, FLUSH_PMKSA);
1535         if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1536                 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1537         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1538         CMD(mgmt_tx, FRAME);
1539         CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1540         if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1541                 i++;
1542                 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1543                         goto nla_put_failure;
1544         }
1545         if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1546             rdev->ops->join_mesh) {
1547                 i++;
1548                 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1549                         goto nla_put_failure;
1550         }
1551         CMD(set_wds_peer, SET_WDS_PEER);
1552         if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1553                 CMD(tdls_mgmt, TDLS_MGMT);
1554                 CMD(tdls_oper, TDLS_OPER);
1555         }
1556         if (rdev->wiphy.max_sched_scan_reqs)
1557                 CMD(sched_scan_start, START_SCHED_SCAN);
1558         CMD(probe_client, PROBE_CLIENT);
1559         CMD(set_noack_map, SET_NOACK_MAP);
1560         if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1561                 i++;
1562                 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1563                         goto nla_put_failure;
1564         }
1565         CMD(start_p2p_device, START_P2P_DEVICE);
1566         CMD(set_mcast_rate, SET_MCAST_RATE);
1567 #ifdef CONFIG_NL80211_TESTMODE
1568         CMD(testmode_cmd, TESTMODE);
1569 #endif
1570
1571         if (rdev->ops->connect || rdev->ops->auth) {
1572                 i++;
1573                 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1574                         goto nla_put_failure;
1575         }
1576
1577         if (rdev->ops->disconnect || rdev->ops->deauth) {
1578                 i++;
1579                 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1580                         goto nla_put_failure;
1581         }
1582
1583         return i;
1584  nla_put_failure:
1585         return -ENOBUFS;
1586 }
1587
1588 struct nl80211_dump_wiphy_state {
1589         s64 filter_wiphy;
1590         long start;
1591         long split_start, band_start, chan_start, capa_start;
1592         bool split;
1593 };
1594
1595 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1596                               enum nl80211_commands cmd,
1597                               struct sk_buff *msg, u32 portid, u32 seq,
1598                               int flags, struct nl80211_dump_wiphy_state *state)
1599 {
1600         void *hdr;
1601         struct nlattr *nl_bands, *nl_band;
1602         struct nlattr *nl_freqs, *nl_freq;
1603         struct nlattr *nl_cmds;
1604         enum nl80211_band band;
1605         struct ieee80211_channel *chan;
1606         int i;
1607         const struct ieee80211_txrx_stypes *mgmt_stypes =
1608                                 rdev->wiphy.mgmt_stypes;
1609         u32 features;
1610
1611         hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1612         if (!hdr)
1613                 return -ENOBUFS;
1614
1615         if (WARN_ON(!state))
1616                 return -EINVAL;
1617
1618         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1619             nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1620                            wiphy_name(&rdev->wiphy)) ||
1621             nla_put_u32(msg, NL80211_ATTR_GENERATION,
1622                         cfg80211_rdev_list_generation))
1623                 goto nla_put_failure;
1624
1625         if (cmd != NL80211_CMD_NEW_WIPHY)
1626                 goto finish;
1627
1628         switch (state->split_start) {
1629         case 0:
1630                 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1631                                rdev->wiphy.retry_short) ||
1632                     nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1633                                rdev->wiphy.retry_long) ||
1634                     nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1635                                 rdev->wiphy.frag_threshold) ||
1636                     nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1637                                 rdev->wiphy.rts_threshold) ||
1638                     nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1639                                rdev->wiphy.coverage_class) ||
1640                     nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1641                                rdev->wiphy.max_scan_ssids) ||
1642                     nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1643                                rdev->wiphy.max_sched_scan_ssids) ||
1644                     nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1645                                 rdev->wiphy.max_scan_ie_len) ||
1646                     nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1647                                 rdev->wiphy.max_sched_scan_ie_len) ||
1648                     nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1649                                rdev->wiphy.max_match_sets) ||
1650                     nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1651                                 rdev->wiphy.max_sched_scan_plans) ||
1652                     nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1653                                 rdev->wiphy.max_sched_scan_plan_interval) ||
1654                     nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1655                                 rdev->wiphy.max_sched_scan_plan_iterations))
1656                         goto nla_put_failure;
1657
1658                 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1659                     nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1660                         goto nla_put_failure;
1661                 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1662                     nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1663                         goto nla_put_failure;
1664                 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1665                     nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1666                         goto nla_put_failure;
1667                 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1668                     nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1669                         goto nla_put_failure;
1670                 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1671                     nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1672                         goto nla_put_failure;
1673                 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1674                     nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1675                         goto nla_put_failure;
1676                 state->split_start++;
1677                 if (state->split)
1678                         break;
1679         case 1:
1680                 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1681                             sizeof(u32) * rdev->wiphy.n_cipher_suites,
1682                             rdev->wiphy.cipher_suites))
1683                         goto nla_put_failure;
1684
1685                 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1686                                rdev->wiphy.max_num_pmkids))
1687                         goto nla_put_failure;
1688
1689                 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1690                     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1691                         goto nla_put_failure;
1692
1693                 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1694                                 rdev->wiphy.available_antennas_tx) ||
1695                     nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1696                                 rdev->wiphy.available_antennas_rx))
1697                         goto nla_put_failure;
1698
1699                 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1700                     nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1701                                 rdev->wiphy.probe_resp_offload))
1702                         goto nla_put_failure;
1703
1704                 if ((rdev->wiphy.available_antennas_tx ||
1705                      rdev->wiphy.available_antennas_rx) &&
1706                     rdev->ops->get_antenna) {
1707                         u32 tx_ant = 0, rx_ant = 0;
1708                         int res;
1709
1710                         res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1711                         if (!res) {
1712                                 if (nla_put_u32(msg,
1713                                                 NL80211_ATTR_WIPHY_ANTENNA_TX,
1714                                                 tx_ant) ||
1715                                     nla_put_u32(msg,
1716                                                 NL80211_ATTR_WIPHY_ANTENNA_RX,
1717                                                 rx_ant))
1718                                         goto nla_put_failure;
1719                         }
1720                 }
1721
1722                 state->split_start++;
1723                 if (state->split)
1724                         break;
1725         case 2:
1726                 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1727                                         rdev->wiphy.interface_modes))
1728                                 goto nla_put_failure;
1729                 state->split_start++;
1730                 if (state->split)
1731                         break;
1732         case 3:
1733                 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1734                 if (!nl_bands)
1735                         goto nla_put_failure;
1736
1737                 for (band = state->band_start;
1738                      band < NUM_NL80211_BANDS; band++) {
1739                         struct ieee80211_supported_band *sband;
1740
1741                         sband = rdev->wiphy.bands[band];
1742
1743                         if (!sband)
1744                                 continue;
1745
1746                         nl_band = nla_nest_start(msg, band);
1747                         if (!nl_band)
1748                                 goto nla_put_failure;
1749
1750                         switch (state->chan_start) {
1751                         case 0:
1752                                 if (nl80211_send_band_rateinfo(msg, sband))
1753                                         goto nla_put_failure;
1754                                 state->chan_start++;
1755                                 if (state->split)
1756                                         break;
1757                         default:
1758                                 /* add frequencies */
1759                                 nl_freqs = nla_nest_start(
1760                                         msg, NL80211_BAND_ATTR_FREQS);
1761                                 if (!nl_freqs)
1762                                         goto nla_put_failure;
1763
1764                                 for (i = state->chan_start - 1;
1765                                      i < sband->n_channels;
1766                                      i++) {
1767                                         nl_freq = nla_nest_start(msg, i);
1768                                         if (!nl_freq)
1769                                                 goto nla_put_failure;
1770
1771                                         chan = &sband->channels[i];
1772
1773                                         if (nl80211_msg_put_channel(
1774                                                         msg, &rdev->wiphy, chan,
1775                                                         state->split))
1776                                                 goto nla_put_failure;
1777
1778                                         nla_nest_end(msg, nl_freq);
1779                                         if (state->split)
1780                                                 break;
1781                                 }
1782                                 if (i < sband->n_channels)
1783                                         state->chan_start = i + 2;
1784                                 else
1785                                         state->chan_start = 0;
1786                                 nla_nest_end(msg, nl_freqs);
1787                         }
1788
1789                         nla_nest_end(msg, nl_band);
1790
1791                         if (state->split) {
1792                                 /* start again here */
1793                                 if (state->chan_start)
1794                                         band--;
1795                                 break;
1796                         }
1797                 }
1798                 nla_nest_end(msg, nl_bands);
1799
1800                 if (band < NUM_NL80211_BANDS)
1801                         state->band_start = band + 1;
1802                 else
1803                         state->band_start = 0;
1804
1805                 /* if bands & channels are done, continue outside */
1806                 if (state->band_start == 0 && state->chan_start == 0)
1807                         state->split_start++;
1808                 if (state->split)
1809                         break;
1810         case 4:
1811                 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1812                 if (!nl_cmds)
1813                         goto nla_put_failure;
1814
1815                 i = nl80211_add_commands_unsplit(rdev, msg);
1816                 if (i < 0)
1817                         goto nla_put_failure;
1818                 if (state->split) {
1819                         CMD(crit_proto_start, CRIT_PROTOCOL_START);
1820                         CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1821                         if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1822                                 CMD(channel_switch, CHANNEL_SWITCH);
1823                         CMD(set_qos_map, SET_QOS_MAP);
1824                         if (rdev->wiphy.features &
1825                                         NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1826                                 CMD(add_tx_ts, ADD_TX_TS);
1827                         CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1828                         CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1829                 }
1830 #undef CMD
1831
1832                 nla_nest_end(msg, nl_cmds);
1833                 state->split_start++;
1834                 if (state->split)
1835                         break;
1836         case 5:
1837                 if (rdev->ops->remain_on_channel &&
1838                     (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1839                     nla_put_u32(msg,
1840                                 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1841                                 rdev->wiphy.max_remain_on_channel_duration))
1842                         goto nla_put_failure;
1843
1844                 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1845                     nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1846                         goto nla_put_failure;
1847
1848                 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1849                         goto nla_put_failure;
1850                 state->split_start++;
1851                 if (state->split)
1852                         break;
1853         case 6:
1854 #ifdef CONFIG_PM
1855                 if (nl80211_send_wowlan(msg, rdev, state->split))
1856                         goto nla_put_failure;
1857                 state->split_start++;
1858                 if (state->split)
1859                         break;
1860 #else
1861                 state->split_start++;
1862 #endif
1863         case 7:
1864                 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1865                                         rdev->wiphy.software_iftypes))
1866                         goto nla_put_failure;
1867
1868                 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1869                                                    state->split))
1870                         goto nla_put_failure;
1871
1872                 state->split_start++;
1873                 if (state->split)
1874                         break;
1875         case 8:
1876                 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1877                     nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1878                                 rdev->wiphy.ap_sme_capa))
1879                         goto nla_put_failure;
1880
1881                 features = rdev->wiphy.features;
1882                 /*
1883                  * We can only add the per-channel limit information if the
1884                  * dump is split, otherwise it makes it too big. Therefore
1885                  * only advertise it in that case.
1886                  */
1887                 if (state->split)
1888                         features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1889                 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1890                         goto nla_put_failure;
1891
1892                 if (rdev->wiphy.ht_capa_mod_mask &&
1893                     nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1894                             sizeof(*rdev->wiphy.ht_capa_mod_mask),
1895                             rdev->wiphy.ht_capa_mod_mask))
1896                         goto nla_put_failure;
1897
1898                 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1899                     rdev->wiphy.max_acl_mac_addrs &&
1900                     nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1901                                 rdev->wiphy.max_acl_mac_addrs))
1902                         goto nla_put_failure;
1903
1904                 /*
1905                  * Any information below this point is only available to
1906                  * applications that can deal with it being split. This
1907                  * helps ensure that newly added capabilities don't break
1908                  * older tools by overrunning their buffers.
1909                  *
1910                  * We still increment split_start so that in the split
1911                  * case we'll continue with more data in the next round,
1912                  * but break unconditionally so unsplit data stops here.
1913                  */
1914                 state->split_start++;
1915                 break;
1916         case 9:
1917                 if (rdev->wiphy.extended_capabilities &&
1918                     (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1919                              rdev->wiphy.extended_capabilities_len,
1920                              rdev->wiphy.extended_capabilities) ||
1921                      nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1922                              rdev->wiphy.extended_capabilities_len,
1923                              rdev->wiphy.extended_capabilities_mask)))
1924                         goto nla_put_failure;
1925
1926                 if (rdev->wiphy.vht_capa_mod_mask &&
1927                     nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1928                             sizeof(*rdev->wiphy.vht_capa_mod_mask),
1929                             rdev->wiphy.vht_capa_mod_mask))
1930                         goto nla_put_failure;
1931
1932                 state->split_start++;
1933                 break;
1934         case 10:
1935                 if (nl80211_send_coalesce(msg, rdev))
1936                         goto nla_put_failure;
1937
1938                 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1939                     (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1940                      nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1941                         goto nla_put_failure;
1942
1943                 if (rdev->wiphy.max_ap_assoc_sta &&
1944                     nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1945                                 rdev->wiphy.max_ap_assoc_sta))
1946                         goto nla_put_failure;
1947
1948                 state->split_start++;
1949                 break;
1950         case 11:
1951                 if (rdev->wiphy.n_vendor_commands) {
1952                         const struct nl80211_vendor_cmd_info *info;
1953                         struct nlattr *nested;
1954
1955                         nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1956                         if (!nested)
1957                                 goto nla_put_failure;
1958
1959                         for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1960                                 info = &rdev->wiphy.vendor_commands[i].info;
1961                                 if (nla_put(msg, i + 1, sizeof(*info), info))
1962                                         goto nla_put_failure;
1963                         }
1964                         nla_nest_end(msg, nested);
1965                 }
1966
1967                 if (rdev->wiphy.n_vendor_events) {
1968                         const struct nl80211_vendor_cmd_info *info;
1969                         struct nlattr *nested;
1970
1971                         nested = nla_nest_start(msg,
1972                                                 NL80211_ATTR_VENDOR_EVENTS);
1973                         if (!nested)
1974                                 goto nla_put_failure;
1975
1976                         for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1977                                 info = &rdev->wiphy.vendor_events[i];
1978                                 if (nla_put(msg, i + 1, sizeof(*info), info))
1979                                         goto nla_put_failure;
1980                         }
1981                         nla_nest_end(msg, nested);
1982                 }
1983                 state->split_start++;
1984                 break;
1985         case 12:
1986                 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1987                     nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1988                                rdev->wiphy.max_num_csa_counters))
1989                         goto nla_put_failure;
1990
1991                 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1992                     nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1993                         goto nla_put_failure;
1994
1995                 if (rdev->wiphy.max_sched_scan_reqs &&
1996                     nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
1997                                 rdev->wiphy.max_sched_scan_reqs))
1998                         goto nla_put_failure;
1999
2000                 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
2001                             sizeof(rdev->wiphy.ext_features),
2002                             rdev->wiphy.ext_features))
2003                         goto nla_put_failure;
2004
2005                 if (rdev->wiphy.bss_select_support) {
2006                         struct nlattr *nested;
2007                         u32 bss_select_support = rdev->wiphy.bss_select_support;
2008
2009                         nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
2010                         if (!nested)
2011                                 goto nla_put_failure;
2012
2013                         i = 0;
2014                         while (bss_select_support) {
2015                                 if ((bss_select_support & 1) &&
2016                                     nla_put_flag(msg, i))
2017                                         goto nla_put_failure;
2018                                 i++;
2019                                 bss_select_support >>= 1;
2020                         }
2021                         nla_nest_end(msg, nested);
2022                 }
2023
2024                 state->split_start++;
2025                 break;
2026         case 13:
2027                 if (rdev->wiphy.num_iftype_ext_capab &&
2028                     rdev->wiphy.iftype_ext_capab) {
2029                         struct nlattr *nested_ext_capab, *nested;
2030
2031                         nested = nla_nest_start(msg,
2032                                                 NL80211_ATTR_IFTYPE_EXT_CAPA);
2033                         if (!nested)
2034                                 goto nla_put_failure;
2035
2036                         for (i = state->capa_start;
2037                              i < rdev->wiphy.num_iftype_ext_capab; i++) {
2038                                 const struct wiphy_iftype_ext_capab *capab;
2039
2040                                 capab = &rdev->wiphy.iftype_ext_capab[i];
2041
2042                                 nested_ext_capab = nla_nest_start(msg, i);
2043                                 if (!nested_ext_capab ||
2044                                     nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2045                                                 capab->iftype) ||
2046                                     nla_put(msg, NL80211_ATTR_EXT_CAPA,
2047                                             capab->extended_capabilities_len,
2048                                             capab->extended_capabilities) ||
2049                                     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
2050                                             capab->extended_capabilities_len,
2051                                             capab->extended_capabilities_mask))
2052                                         goto nla_put_failure;
2053
2054                                 nla_nest_end(msg, nested_ext_capab);
2055                                 if (state->split)
2056                                         break;
2057                         }
2058                         nla_nest_end(msg, nested);
2059                         if (i < rdev->wiphy.num_iftype_ext_capab) {
2060                                 state->capa_start = i + 1;
2061                                 break;
2062                         }
2063                 }
2064
2065                 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2066                                 rdev->wiphy.nan_supported_bands))
2067                         goto nla_put_failure;
2068
2069                 if (wiphy_ext_feature_isset(&rdev->wiphy,
2070                                             NL80211_EXT_FEATURE_TXQS)) {
2071                         struct cfg80211_txq_stats txqstats = {};
2072                         int res;
2073
2074                         res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2075                         if (!res &&
2076                             !nl80211_put_txq_stats(msg, &txqstats,
2077                                                    NL80211_ATTR_TXQ_STATS))
2078                                 goto nla_put_failure;
2079
2080                         if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2081                                         rdev->wiphy.txq_limit))
2082                                 goto nla_put_failure;
2083                         if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2084                                         rdev->wiphy.txq_memory_limit))
2085                                 goto nla_put_failure;
2086                         if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2087                                         rdev->wiphy.txq_quantum))
2088                                 goto nla_put_failure;
2089                 }
2090
2091                 /* done */
2092                 state->split_start = 0;
2093                 break;
2094         }
2095  finish:
2096         genlmsg_end(msg, hdr);
2097         return 0;
2098
2099  nla_put_failure:
2100         genlmsg_cancel(msg, hdr);
2101         return -EMSGSIZE;
2102 }
2103
2104 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2105                                     struct netlink_callback *cb,
2106                                     struct nl80211_dump_wiphy_state *state)
2107 {
2108         struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
2109         int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
2110                               nl80211_fam.maxattr, nl80211_policy, NULL);
2111         /* ignore parse errors for backward compatibility */
2112         if (ret)
2113                 return 0;
2114
2115         state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2116         if (tb[NL80211_ATTR_WIPHY])
2117                 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2118         if (tb[NL80211_ATTR_WDEV])
2119                 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2120         if (tb[NL80211_ATTR_IFINDEX]) {
2121                 struct net_device *netdev;
2122                 struct cfg80211_registered_device *rdev;
2123                 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2124
2125                 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2126                 if (!netdev)
2127                         return -ENODEV;
2128                 if (netdev->ieee80211_ptr) {
2129                         rdev = wiphy_to_rdev(
2130                                 netdev->ieee80211_ptr->wiphy);
2131                         state->filter_wiphy = rdev->wiphy_idx;
2132                 }
2133         }
2134
2135         return 0;
2136 }
2137
2138 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2139 {
2140         int idx = 0, ret;
2141         struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2142         struct cfg80211_registered_device *rdev;
2143
2144         rtnl_lock();
2145         if (!state) {
2146                 state = kzalloc(sizeof(*state), GFP_KERNEL);
2147                 if (!state) {
2148                         rtnl_unlock();
2149                         return -ENOMEM;
2150                 }
2151                 state->filter_wiphy = -1;
2152                 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2153                 if (ret) {
2154                         kfree(state);
2155                         rtnl_unlock();
2156                         return ret;
2157                 }
2158                 cb->args[0] = (long)state;
2159         }
2160
2161         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2162                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2163                         continue;
2164                 if (++idx <= state->start)
2165                         continue;
2166                 if (state->filter_wiphy != -1 &&
2167                     state->filter_wiphy != rdev->wiphy_idx)
2168                         continue;
2169                 /* attempt to fit multiple wiphy data chunks into the skb */
2170                 do {
2171                         ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2172                                                  skb,
2173                                                  NETLINK_CB(cb->skb).portid,
2174                                                  cb->nlh->nlmsg_seq,
2175                                                  NLM_F_MULTI, state);
2176                         if (ret < 0) {
2177                                 /*
2178                                  * If sending the wiphy data didn't fit (ENOBUFS
2179                                  * or EMSGSIZE returned), this SKB is still
2180                                  * empty (so it's not too big because another
2181                                  * wiphy dataset is already in the skb) and
2182                                  * we've not tried to adjust the dump allocation
2183                                  * yet ... then adjust the alloc size to be
2184                                  * bigger, and return 1 but with the empty skb.
2185                                  * This results in an empty message being RX'ed
2186                                  * in userspace, but that is ignored.
2187                                  *
2188                                  * We can then retry with the larger buffer.
2189                                  */
2190                                 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2191                                     !skb->len && !state->split &&
2192                                     cb->min_dump_alloc < 4096) {
2193                                         cb->min_dump_alloc = 4096;
2194                                         state->split_start = 0;
2195                                         rtnl_unlock();
2196                                         return 1;
2197                                 }
2198                                 idx--;
2199                                 break;
2200                         }
2201                 } while (state->split_start > 0);
2202                 break;
2203         }
2204         rtnl_unlock();
2205
2206         state->start = idx;
2207
2208         return skb->len;
2209 }
2210
2211 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2212 {
2213         kfree((void *)cb->args[0]);
2214         return 0;
2215 }
2216
2217 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2218 {
2219         struct sk_buff *msg;
2220         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2221         struct nl80211_dump_wiphy_state state = {};
2222
2223         msg = nlmsg_new(4096, GFP_KERNEL);
2224         if (!msg)
2225                 return -ENOMEM;
2226
2227         if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2228                                info->snd_portid, info->snd_seq, 0,
2229                                &state) < 0) {
2230                 nlmsg_free(msg);
2231                 return -ENOBUFS;
2232         }
2233
2234         return genlmsg_reply(msg, info);
2235 }
2236
2237 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2238         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
2239         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
2240         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
2241         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
2242         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
2243 };
2244
2245 static int parse_txq_params(struct nlattr *tb[],
2246                             struct ieee80211_txq_params *txq_params)
2247 {
2248         u8 ac;
2249
2250         if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2251             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2252             !tb[NL80211_TXQ_ATTR_AIFS])
2253                 return -EINVAL;
2254
2255         ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2256         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2257         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2258         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2259         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2260
2261         if (ac >= NL80211_NUM_ACS)
2262                 return -EINVAL;
2263         txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2264         return 0;
2265 }
2266
2267 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2268 {
2269         /*
2270          * You can only set the channel explicitly for WDS interfaces,
2271          * all others have their channel managed via their respective
2272          * "establish a connection" command (connect, join, ...)
2273          *
2274          * For AP/GO and mesh mode, the channel can be set with the
2275          * channel userspace API, but is only stored and passed to the
2276          * low-level driver when the AP starts or the mesh is joined.
2277          * This is for backward compatibility, userspace can also give
2278          * the channel in the start-ap or join-mesh commands instead.
2279          *
2280          * Monitors are special as they are normally slaved to
2281          * whatever else is going on, so they have their own special
2282          * operation to set the monitor channel if possible.
2283          */
2284         return !wdev ||
2285                 wdev->iftype == NL80211_IFTYPE_AP ||
2286                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2287                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2288                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2289 }
2290
2291 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2292                                  struct genl_info *info,
2293                                  struct cfg80211_chan_def *chandef)
2294 {
2295         u32 control_freq;
2296
2297         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2298                 return -EINVAL;
2299
2300         control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2301
2302         chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2303         chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2304         chandef->center_freq1 = control_freq;
2305         chandef->center_freq2 = 0;
2306
2307         /* Primary channel not allowed */
2308         if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2309                 return -EINVAL;
2310
2311         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2312                 enum nl80211_channel_type chantype;
2313
2314                 chantype = nla_get_u32(
2315                                 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2316
2317                 switch (chantype) {
2318                 case NL80211_CHAN_NO_HT:
2319                 case NL80211_CHAN_HT20:
2320                 case NL80211_CHAN_HT40PLUS:
2321                 case NL80211_CHAN_HT40MINUS:
2322                         cfg80211_chandef_create(chandef, chandef->chan,
2323                                                 chantype);
2324                         /* user input for center_freq is incorrect */
2325                         if (info->attrs[NL80211_ATTR_CENTER_FREQ1] &&
2326                             chandef->center_freq1 != nla_get_u32(
2327                                         info->attrs[NL80211_ATTR_CENTER_FREQ1]))
2328                                 return -EINVAL;
2329                         /* center_freq2 must be zero */
2330                         if (info->attrs[NL80211_ATTR_CENTER_FREQ2] &&
2331                             nla_get_u32(info->attrs[NL80211_ATTR_CENTER_FREQ2]))
2332                                 return -EINVAL;
2333                         break;
2334                 default:
2335                         return -EINVAL;
2336                 }
2337         } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2338                 chandef->width =
2339                         nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2340                 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2341                         chandef->center_freq1 =
2342                                 nla_get_u32(
2343                                         info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2344                 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2345                         chandef->center_freq2 =
2346                                 nla_get_u32(
2347                                         info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2348         }
2349
2350         if (!cfg80211_chandef_valid(chandef))
2351                 return -EINVAL;
2352
2353         if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2354                                      IEEE80211_CHAN_DISABLED))
2355                 return -EINVAL;
2356
2357         if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2358              chandef->width == NL80211_CHAN_WIDTH_10) &&
2359             !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2360                 return -EINVAL;
2361
2362         return 0;
2363 }
2364
2365 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2366                                  struct net_device *dev,
2367                                  struct genl_info *info)
2368 {
2369         struct cfg80211_chan_def chandef;
2370         int result;
2371         enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2372         struct wireless_dev *wdev = NULL;
2373
2374         if (dev)
2375                 wdev = dev->ieee80211_ptr;
2376         if (!nl80211_can_set_dev_channel(wdev))
2377                 return -EOPNOTSUPP;
2378         if (wdev)
2379                 iftype = wdev->iftype;
2380
2381         result = nl80211_parse_chandef(rdev, info, &chandef);
2382         if (result)
2383                 return result;
2384
2385         switch (iftype) {
2386         case NL80211_IFTYPE_AP:
2387         case NL80211_IFTYPE_P2P_GO:
2388                 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2389                                                    iftype)) {
2390                         result = -EINVAL;
2391                         break;
2392                 }
2393                 if (wdev->beacon_interval) {
2394                         if (!dev || !rdev->ops->set_ap_chanwidth ||
2395                             !(rdev->wiphy.features &
2396                               NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2397                                 result = -EBUSY;
2398                                 break;
2399                         }
2400
2401                         /* Only allow dynamic channel width changes */
2402                         if (chandef.chan != wdev->preset_chandef.chan) {
2403                                 result = -EBUSY;
2404                                 break;
2405                         }
2406                         result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2407                         if (result)
2408                                 break;
2409                 }
2410                 wdev->preset_chandef = chandef;
2411                 result = 0;
2412                 break;
2413         case NL80211_IFTYPE_MESH_POINT:
2414                 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2415                 break;
2416         case NL80211_IFTYPE_MONITOR:
2417                 result = cfg80211_set_monitor_channel(rdev, &chandef);
2418                 break;
2419         default:
2420                 result = -EINVAL;
2421         }
2422
2423         return result;
2424 }
2425
2426 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2427 {
2428         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2429         struct net_device *netdev = info->user_ptr[1];
2430
2431         return __nl80211_set_channel(rdev, netdev, info);
2432 }
2433
2434 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2435 {
2436         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2437         struct net_device *dev = info->user_ptr[1];
2438         struct wireless_dev *wdev = dev->ieee80211_ptr;
2439         const u8 *bssid;
2440
2441         if (!info->attrs[NL80211_ATTR_MAC])
2442                 return -EINVAL;
2443
2444         if (netif_running(dev))
2445                 return -EBUSY;
2446
2447         if (!rdev->ops->set_wds_peer)
2448                 return -EOPNOTSUPP;
2449
2450         if (wdev->iftype != NL80211_IFTYPE_WDS)
2451                 return -EOPNOTSUPP;
2452
2453         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2454         return rdev_set_wds_peer(rdev, dev, bssid);
2455 }
2456
2457 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2458 {
2459         struct cfg80211_registered_device *rdev;
2460         struct net_device *netdev = NULL;
2461         struct wireless_dev *wdev;
2462         int result = 0, rem_txq_params = 0;
2463         struct nlattr *nl_txq_params;
2464         u32 changed;
2465         u8 retry_short = 0, retry_long = 0;
2466         u32 frag_threshold = 0, rts_threshold = 0;
2467         u8 coverage_class = 0;
2468         u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2469
2470         ASSERT_RTNL();
2471
2472         /*
2473          * Try to find the wiphy and netdev. Normally this
2474          * function shouldn't need the netdev, but this is
2475          * done for backward compatibility -- previously
2476          * setting the channel was done per wiphy, but now
2477          * it is per netdev. Previous userland like hostapd
2478          * also passed a netdev to set_wiphy, so that it is
2479          * possible to let that go to the right netdev!
2480          */
2481
2482         if (info->attrs[NL80211_ATTR_IFINDEX]) {
2483                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2484
2485                 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2486                 if (netdev && netdev->ieee80211_ptr)
2487                         rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2488                 else
2489                         netdev = NULL;
2490         }
2491
2492         if (!netdev) {
2493                 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2494                                                   info->attrs);
2495                 if (IS_ERR(rdev))
2496                         return PTR_ERR(rdev);
2497                 wdev = NULL;
2498                 netdev = NULL;
2499                 result = 0;
2500         } else
2501                 wdev = netdev->ieee80211_ptr;
2502
2503         /*
2504          * end workaround code, by now the rdev is available
2505          * and locked, and wdev may or may not be NULL.
2506          */
2507
2508         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2509                 result = cfg80211_dev_rename(
2510                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2511
2512         if (result)
2513                 return result;
2514
2515         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2516                 struct ieee80211_txq_params txq_params;
2517                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2518
2519                 if (!rdev->ops->set_txq_params)
2520                         return -EOPNOTSUPP;
2521
2522                 if (!netdev)
2523                         return -EINVAL;
2524
2525                 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2526                     netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2527                         return -EINVAL;
2528
2529                 if (!netif_running(netdev))
2530                         return -ENETDOWN;
2531
2532                 nla_for_each_nested(nl_txq_params,
2533                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2534                                     rem_txq_params) {
2535                         result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2536                                                   nl_txq_params,
2537                                                   txq_params_policy,
2538                                                   info->extack);
2539                         if (result)
2540                                 return result;
2541                         result = parse_txq_params(tb, &txq_params);
2542                         if (result)
2543                                 return result;
2544
2545                         result = rdev_set_txq_params(rdev, netdev,
2546                                                      &txq_params);
2547                         if (result)
2548                                 return result;
2549                 }
2550         }
2551
2552         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2553                 result = __nl80211_set_channel(
2554                         rdev,
2555                         nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2556                         info);
2557                 if (result)
2558                         return result;
2559         }
2560
2561         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2562                 struct wireless_dev *txp_wdev = wdev;
2563                 enum nl80211_tx_power_setting type;
2564                 int idx, mbm = 0;
2565
2566                 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2567                         txp_wdev = NULL;
2568
2569                 if (!rdev->ops->set_tx_power)
2570                         return -EOPNOTSUPP;
2571
2572                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2573                 type = nla_get_u32(info->attrs[idx]);
2574
2575                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2576                     (type != NL80211_TX_POWER_AUTOMATIC))
2577                         return -EINVAL;
2578
2579                 if (type != NL80211_TX_POWER_AUTOMATIC) {
2580                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2581                         mbm = nla_get_u32(info->attrs[idx]);
2582                 }
2583
2584                 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2585                 if (result)
2586                         return result;
2587         }
2588
2589         if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2590             info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2591                 u32 tx_ant, rx_ant;
2592
2593                 if ((!rdev->wiphy.available_antennas_tx &&
2594                      !rdev->wiphy.available_antennas_rx) ||
2595                     !rdev->ops->set_antenna)
2596                         return -EOPNOTSUPP;
2597
2598                 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2599                 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2600
2601                 /* reject antenna configurations which don't match the
2602                  * available antenna masks, except for the "all" mask */
2603                 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2604                     (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2605                         return -EINVAL;
2606
2607                 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2608                 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2609
2610                 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2611                 if (result)
2612                         return result;
2613         }
2614
2615         changed = 0;
2616
2617         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2618                 retry_short = nla_get_u8(
2619                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2620                 if (retry_short == 0)
2621                         return -EINVAL;
2622
2623                 changed |= WIPHY_PARAM_RETRY_SHORT;
2624         }
2625
2626         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2627                 retry_long = nla_get_u8(
2628                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2629                 if (retry_long == 0)
2630                         return -EINVAL;
2631
2632                 changed |= WIPHY_PARAM_RETRY_LONG;
2633         }
2634
2635         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2636                 frag_threshold = nla_get_u32(
2637                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2638                 if (frag_threshold < 256)
2639                         return -EINVAL;
2640
2641                 if (frag_threshold != (u32) -1) {
2642                         /*
2643                          * Fragments (apart from the last one) are required to
2644                          * have even length. Make the fragmentation code
2645                          * simpler by stripping LSB should someone try to use
2646                          * odd threshold value.
2647                          */
2648                         frag_threshold &= ~0x1;
2649                 }
2650                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2651         }
2652
2653         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2654                 rts_threshold = nla_get_u32(
2655                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2656                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2657         }
2658
2659         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2660                 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2661                         return -EINVAL;
2662
2663                 coverage_class = nla_get_u8(
2664                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2665                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2666         }
2667
2668         if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2669                 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2670                         return -EOPNOTSUPP;
2671
2672                 changed |= WIPHY_PARAM_DYN_ACK;
2673         }
2674
2675         if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
2676                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2677                                              NL80211_EXT_FEATURE_TXQS))
2678                         return -EOPNOTSUPP;
2679                 txq_limit = nla_get_u32(
2680                         info->attrs[NL80211_ATTR_TXQ_LIMIT]);
2681                 changed |= WIPHY_PARAM_TXQ_LIMIT;
2682         }
2683
2684         if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
2685                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2686                                              NL80211_EXT_FEATURE_TXQS))
2687                         return -EOPNOTSUPP;
2688                 txq_memory_limit = nla_get_u32(
2689                         info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
2690                 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
2691         }
2692
2693         if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
2694                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2695                                              NL80211_EXT_FEATURE_TXQS))
2696                         return -EOPNOTSUPP;
2697                 txq_quantum = nla_get_u32(
2698                         info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
2699                 changed |= WIPHY_PARAM_TXQ_QUANTUM;
2700         }
2701
2702         if (changed) {
2703                 u8 old_retry_short, old_retry_long;
2704                 u32 old_frag_threshold, old_rts_threshold;
2705                 u8 old_coverage_class;
2706                 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
2707
2708                 if (!rdev->ops->set_wiphy_params)
2709                         return -EOPNOTSUPP;
2710
2711                 old_retry_short = rdev->wiphy.retry_short;
2712                 old_retry_long = rdev->wiphy.retry_long;
2713                 old_frag_threshold = rdev->wiphy.frag_threshold;
2714                 old_rts_threshold = rdev->wiphy.rts_threshold;
2715                 old_coverage_class = rdev->wiphy.coverage_class;
2716                 old_txq_limit = rdev->wiphy.txq_limit;
2717                 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
2718                 old_txq_quantum = rdev->wiphy.txq_quantum;
2719
2720                 if (changed & WIPHY_PARAM_RETRY_SHORT)
2721                         rdev->wiphy.retry_short = retry_short;
2722                 if (changed & WIPHY_PARAM_RETRY_LONG)
2723                         rdev->wiphy.retry_long = retry_long;
2724                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2725                         rdev->wiphy.frag_threshold = frag_threshold;
2726                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2727                         rdev->wiphy.rts_threshold = rts_threshold;
2728                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2729                         rdev->wiphy.coverage_class = coverage_class;
2730                 if (changed & WIPHY_PARAM_TXQ_LIMIT)
2731                         rdev->wiphy.txq_limit = txq_limit;
2732                 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
2733                         rdev->wiphy.txq_memory_limit = txq_memory_limit;
2734                 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
2735                         rdev->wiphy.txq_quantum = txq_quantum;
2736
2737                 result = rdev_set_wiphy_params(rdev, changed);
2738                 if (result) {
2739                         rdev->wiphy.retry_short = old_retry_short;
2740                         rdev->wiphy.retry_long = old_retry_long;
2741                         rdev->wiphy.frag_threshold = old_frag_threshold;
2742                         rdev->wiphy.rts_threshold = old_rts_threshold;
2743                         rdev->wiphy.coverage_class = old_coverage_class;
2744                         rdev->wiphy.txq_limit = old_txq_limit;
2745                         rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
2746                         rdev->wiphy.txq_quantum = old_txq_quantum;
2747                         return result;
2748                 }
2749         }
2750         return 0;
2751 }
2752
2753 static inline u64 wdev_id(struct wireless_dev *wdev)
2754 {
2755         return (u64)wdev->identifier |
2756                ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2757 }
2758
2759 static int nl80211_send_chandef(struct sk_buff *msg,
2760                                 const struct cfg80211_chan_def *chandef)
2761 {
2762         if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2763                 return -EINVAL;
2764
2765         if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2766                         chandef->chan->center_freq))
2767                 return -ENOBUFS;
2768         switch (chandef->width) {
2769         case NL80211_CHAN_WIDTH_20_NOHT:
2770         case NL80211_CHAN_WIDTH_20:
2771         case NL80211_CHAN_WIDTH_40:
2772                 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2773                                 cfg80211_get_chandef_type(chandef)))
2774                         return -ENOBUFS;
2775                 break;
2776         default:
2777                 break;
2778         }
2779         if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2780                 return -ENOBUFS;
2781         if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2782                 return -ENOBUFS;
2783         if (chandef->center_freq2 &&
2784             nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2785                 return -ENOBUFS;
2786         return 0;
2787 }
2788
2789 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2790                               struct cfg80211_registered_device *rdev,
2791                               struct wireless_dev *wdev, bool removal)
2792 {
2793         struct net_device *dev = wdev->netdev;
2794         u8 cmd = NL80211_CMD_NEW_INTERFACE;
2795         void *hdr;
2796
2797         if (removal)
2798                 cmd = NL80211_CMD_DEL_INTERFACE;
2799
2800         hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2801         if (!hdr)
2802                 return -1;
2803
2804         if (dev &&
2805             (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2806              nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2807                 goto nla_put_failure;
2808
2809         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2810             nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2811             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2812                               NL80211_ATTR_PAD) ||
2813             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2814             nla_put_u32(msg, NL80211_ATTR_GENERATION,
2815                         rdev->devlist_generation ^
2816                         (cfg80211_rdev_list_generation << 2)) ||
2817             nla_put_u8(msg, NL80211_ATTR_4ADDR, wdev->use_4addr))
2818                 goto nla_put_failure;
2819
2820         if (rdev->ops->get_channel) {
2821                 int ret;
2822                 struct cfg80211_chan_def chandef;
2823
2824                 ret = rdev_get_channel(rdev, wdev, &chandef);
2825                 if (ret == 0) {
2826                         if (nl80211_send_chandef(msg, &chandef))
2827                                 goto nla_put_failure;
2828                 }
2829         }
2830
2831         if (rdev->ops->get_tx_power) {
2832                 int dbm, ret;
2833
2834                 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2835                 if (ret == 0 &&
2836                     nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2837                                 DBM_TO_MBM(dbm)))
2838                         goto nla_put_failure;
2839         }
2840
2841         wdev_lock(wdev);
2842         switch (wdev->iftype) {
2843         case NL80211_IFTYPE_AP:
2844                 if (wdev->ssid_len &&
2845                     nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2846                         goto nla_put_failure_locked;
2847                 break;
2848         case NL80211_IFTYPE_STATION:
2849         case NL80211_IFTYPE_P2P_CLIENT:
2850         case NL80211_IFTYPE_ADHOC: {
2851                 const u8 *ssid_ie;
2852                 if (!wdev->current_bss)
2853                         break;
2854                 rcu_read_lock();
2855                 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
2856                                                WLAN_EID_SSID);
2857                 if (ssid_ie &&
2858                     nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
2859                         goto nla_put_failure_rcu_locked;
2860                 rcu_read_unlock();
2861                 break;
2862                 }
2863         default:
2864                 /* nothing */
2865                 break;
2866         }
2867         wdev_unlock(wdev);
2868
2869         if (rdev->ops->get_txq_stats) {
2870                 struct cfg80211_txq_stats txqstats = {};
2871                 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
2872
2873                 if (ret == 0 &&
2874                     !nl80211_put_txq_stats(msg, &txqstats,
2875                                            NL80211_ATTR_TXQ_STATS))
2876                         goto nla_put_failure;
2877         }
2878
2879         genlmsg_end(msg, hdr);
2880         return 0;
2881
2882  nla_put_failure_rcu_locked:
2883         rcu_read_unlock();
2884  nla_put_failure_locked:
2885         wdev_unlock(wdev);
2886  nla_put_failure:
2887         genlmsg_cancel(msg, hdr);
2888         return -EMSGSIZE;
2889 }
2890
2891 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2892 {
2893         int wp_idx = 0;
2894         int if_idx = 0;
2895         int wp_start = cb->args[0];
2896         int if_start = cb->args[1];
2897         int filter_wiphy = -1;
2898         struct cfg80211_registered_device *rdev;
2899         struct wireless_dev *wdev;
2900         int ret;
2901
2902         rtnl_lock();
2903         if (!cb->args[2]) {
2904                 struct nl80211_dump_wiphy_state state = {
2905                         .filter_wiphy = -1,
2906                 };
2907
2908                 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
2909                 if (ret)
2910                         goto out_unlock;
2911
2912                 filter_wiphy = state.filter_wiphy;
2913
2914                 /*
2915                  * if filtering, set cb->args[2] to +1 since 0 is the default
2916                  * value needed to determine that parsing is necessary.
2917                  */
2918                 if (filter_wiphy >= 0)
2919                         cb->args[2] = filter_wiphy + 1;
2920                 else
2921                         cb->args[2] = -1;
2922         } else if (cb->args[2] > 0) {
2923                 filter_wiphy = cb->args[2] - 1;
2924         }
2925
2926         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2927                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2928                         continue;
2929                 if (wp_idx < wp_start) {
2930                         wp_idx++;
2931                         continue;
2932                 }
2933
2934                 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
2935                         continue;
2936
2937                 if_idx = 0;
2938
2939                 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2940                         if (if_idx < if_start) {
2941                                 if_idx++;
2942                                 continue;
2943                         }
2944                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2945                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
2946                                                rdev, wdev, false) < 0) {
2947                                 goto out;
2948                         }
2949                         if_idx++;
2950                 }
2951
2952                 wp_idx++;
2953         }
2954  out:
2955         cb->args[0] = wp_idx;
2956         cb->args[1] = if_idx;
2957
2958         ret = skb->len;
2959  out_unlock:
2960         rtnl_unlock();
2961
2962         return ret;
2963 }
2964
2965 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2966 {
2967         struct sk_buff *msg;
2968         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2969         struct wireless_dev *wdev = info->user_ptr[1];
2970
2971         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2972         if (!msg)
2973                 return -ENOMEM;
2974
2975         if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2976                                rdev, wdev, false) < 0) {
2977                 nlmsg_free(msg);
2978                 return -ENOBUFS;
2979         }
2980
2981         return genlmsg_reply(msg, info);
2982 }
2983
2984 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2985         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2986         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2987         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2988         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2989         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2990         [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2991 };
2992
2993 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2994 {
2995         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2996         int flag;
2997
2998         *mntrflags = 0;
2999
3000         if (!nla)
3001                 return -EINVAL;
3002
3003         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
3004                              mntr_flags_policy, NULL))
3005                 return -EINVAL;
3006
3007         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
3008                 if (flags[flag])
3009                         *mntrflags |= (1<<flag);
3010
3011         *mntrflags |= MONITOR_FLAG_CHANGED;
3012
3013         return 0;
3014 }
3015
3016 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
3017                                      enum nl80211_iftype type,
3018                                      struct genl_info *info,
3019                                      struct vif_params *params)
3020 {
3021         bool change = false;
3022         int err;
3023
3024         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
3025                 if (type != NL80211_IFTYPE_MONITOR)
3026                         return -EINVAL;
3027
3028                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
3029                                           &params->flags);
3030                 if (err)
3031                         return err;
3032
3033                 change = true;
3034         }
3035
3036         if (params->flags & MONITOR_FLAG_ACTIVE &&
3037             !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
3038                 return -EOPNOTSUPP;
3039
3040         if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
3041                 const u8 *mumimo_groups;
3042                 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3043
3044                 if (type != NL80211_IFTYPE_MONITOR)
3045                         return -EINVAL;
3046
3047                 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3048                         return -EOPNOTSUPP;
3049
3050                 mumimo_groups =
3051                         nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
3052
3053                 /* bits 0 and 63 are reserved and must be zero */
3054                 if ((mumimo_groups[0] & BIT(0)) ||
3055                     (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
3056                         return -EINVAL;
3057
3058                 params->vht_mumimo_groups = mumimo_groups;
3059                 change = true;
3060         }
3061
3062         if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3063                 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3064
3065                 if (type != NL80211_IFTYPE_MONITOR)
3066                         return -EINVAL;
3067
3068                 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3069                         return -EOPNOTSUPP;
3070
3071                 params->vht_mumimo_follow_addr =
3072                         nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3073                 change = true;
3074         }
3075
3076         return change ? 1 : 0;
3077 }
3078
3079 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3080                                struct net_device *netdev, u8 use_4addr,
3081                                enum nl80211_iftype iftype)
3082 {
3083         if (!use_4addr) {
3084                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3085                         return -EBUSY;
3086                 return 0;
3087         }
3088
3089         switch (iftype) {
3090         case NL80211_IFTYPE_AP_VLAN:
3091                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3092                         return 0;
3093                 break;
3094         case NL80211_IFTYPE_STATION:
3095                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3096                         return 0;
3097                 break;
3098         default:
3099                 break;
3100         }
3101
3102         return -EOPNOTSUPP;
3103 }
3104
3105 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3106 {
3107         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3108         struct vif_params params;
3109         int err;
3110         enum nl80211_iftype otype, ntype;
3111         struct net_device *dev = info->user_ptr[1];
3112         bool change = false;
3113
3114         memset(&params, 0, sizeof(params));
3115
3116         otype = ntype = dev->ieee80211_ptr->iftype;
3117
3118         if (info->attrs[NL80211_ATTR_IFTYPE]) {
3119                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3120                 if (otype != ntype)
3121                         change = true;
3122                 if (ntype > NL80211_IFTYPE_MAX)
3123                         return -EINVAL;
3124         }
3125
3126         if (info->attrs[NL80211_ATTR_MESH_ID]) {
3127                 struct wireless_dev *wdev = dev->ieee80211_ptr;
3128
3129                 if (ntype != NL80211_IFTYPE_MESH_POINT)
3130                         return -EINVAL;
3131                 if (netif_running(dev))
3132                         return -EBUSY;
3133
3134                 wdev_lock(wdev);
3135                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3136                              IEEE80211_MAX_MESH_ID_LEN);
3137                 wdev->mesh_id_up_len =
3138                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3139                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3140                        wdev->mesh_id_up_len);
3141                 wdev_unlock(wdev);
3142         }
3143
3144         if (info->attrs[NL80211_ATTR_4ADDR]) {
3145                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3146                 change = true;
3147                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3148                 if (err)
3149                         return err;
3150         } else {
3151                 params.use_4addr = -1;
3152         }
3153
3154         err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3155         if (err < 0)
3156                 return err;
3157         if (err > 0)
3158                 change = true;
3159
3160         if (change)
3161                 err = cfg80211_change_iface(rdev, dev, ntype, &params);
3162         else
3163                 err = 0;
3164
3165         if (!err && params.use_4addr != -1)
3166                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3167
3168         return err;